Personal Data Retention Policy
We recognise that personal data should be retained for no longer than is necessary for the
purpose it was obtained. By disposing of data when it is no longer needed we are reducing
the risk that it will become inaccurate, out of date, irrelevant or misappropriated.
There is no specific minimum or maximum period for retaining personal data instead the
Data Protection Act / GDPR states that:
Personal data shall not be kept for longer than is necessary for that purpose or those
purposes. This means each department needs to:-
I. Review for how long you keep personal data.
II. Consider the purpose or purposes for which you hold information in deciding whether
and for how long to retain it.
III. Securely delete information that is no longer needed and
IV. Update, archive, destroy or securely delete information if it goes out of date.
Concerns about holding personal data
It is recognised that keeping personal data too long can cause the following problems:-
o An increased risk that the information will go out of date and that outdated
information will be used in error to the detriment of all concerned.
o The data is likely to become inaccurate
o Even though no longer needed the personal data must still be held securely.
o Responding to subject access requests for any personal data you hold may be more
difficult and time consuming if you are holding more data than you need.
Approach to deciding about retention of data
At regular intervals we are responsible for reviewing the personal data held and deleting
anything no longer needed. Information that does not need to be accessed regularly but
which still needs to be retained must be safely archived or put offline.
Retention periods have been established for different categories of information. The
retention periods take into account any professional rules or regulatory requirements that
We will ensure that we keep to these retention periods in practice and that there is a
documented policy relating to retention periods that is reviewed regularly and updated as
What determines how long we hold data for?
Personal data will need to be retained for longer in some cases than in others. The length
of time personal data is retained for must be based on business needs. A judgement must
be made about:
• What the information is used for
• Surrounding Circumstances
• Legal or regulatory requirements
• Industry practices
In respect of the personal data that we retain in respect of our work as Chartered
Surveyors, Project Managers, Development Consultants and Registered Valuers we will keep that personal data on file during our contracted relationship with you and for three years
At the end of the retention period.
Our Privacy Notice makes it clear to people what will happen to their information when they no longer have a relationship with us.
We advise individuals that the data will be deleted irretrievably or simply deactivated or
archived. It is noted that the rules around Data Protection apply to data that is archived.
The DPA / GDPR does not provide a definition of delete or deletion. However, plain English
interpretation implies destruction. With paper records this is easy to comply with through
shredding however, with data that is held electronically it is much harder. It is noted that
some data that is held electronically may be deleted but still exist in some format within our
systems. As a firm we need to be absolutely clear about what we mean by deletion and
what actually happens to personal data once deleted. This information is included in our
The ICO under the GDPR will adopt a realistic approach in terms of recognising that deleting information is not always a straight forward matter and that it is possible to put data beyond use.
No information is archived.
Personal information is not shared elsewhere.