Introduction
Data protection laws have existed for years with the aim to protect personal information and control how it is used. The advance in technology and business environments has resulted in update and amendment of this legislation, with GDPR being the most recent example.
The General Data Protection Regulation (GDPR) is a new law that will supersede all previous data protection legislation. The GDPR will apply to TXM Recruit and will mark a significant shift in the way our organisation must protect personal data that is collected, stored or processed.
Purpose
This retention schedule outlines the different categories of data held by TXM Recruit and details the retention period for each set of data, the purpose of the retention and the location the data is held. This retention schedule is designed to help organise and manage TXM Recruit’s information and provides the basis for processing and managing TXM Recruit records.
The retention period detailed applies to all records in that category by default and will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require certain documents to be held for either shorter or longer periods. Retention periods apply to all formats of records unless specifically stated otherwise.
TXM Recruit has used the below primary factors to inform the decisions made on retention periods:
Business needs and legitimate interests
Legislative compliance and requirements, i.e. social security and safeguarding laws
Regulatory requirements
The retention schedule will be kept up to date with the assistance of the appointed Data Protection Officer, the TXM Recruit Management team and the GDPR committee team, to reflect changing business needs, new legislation and the changing perceptions of risk management as guided by the ICO.
TXM Recruit notes that not all electronic documents may be declared as formal records within the business although every consideration and care will be taken to ensure that undeclared documents are not retained indefinitely. Any undeclared documents are to be treated as temporary and need to be deleted as soon as there is no further requirement for the data to be used or retained.
Continuous Development
This retention schedule will be maintained, updated and amended with the assistance of the appointed Data Protection Officer, the TXM Recruit Management team and the GDPR committee team, to ensure full compliance especially to evolving GDPR obligations as outlined by the ICO. Change control procedures will apply to this document once approved by the management team and the appointed Data Protection Officer. This retention schedule may be updated periodically to reflect changes in our personal information practices. For significant changes, we will notify you by posting a prominent notice on our websites indicating at the top of the document when it was most recently updated.
Data Protection Officer
TXM Recruit has outsourced its Data Protection Officer (DPO) responsibilities to Ametros Group, a consultancy that provides practitioner led GDPR advisory services to UK based organisations. Contact details for our DPO are as follows:
Mr J. Richards @ Ametros Group Ltd
Lakeside Offices
Thorn Business Park
Hereford
HR2 6JT
Email: dpo@ametrosgroup.com
Tel: 0330 223 2246
Contact Us
If you have any questions or comments about this Data Retention Schedule, or you would like to exercise your rights or update the information we have about you or your preferences, please contact TXM Recruit directly at gdpr@txmgroup.com. We endeavour to respond to queries and requests within two working days.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
TXM Recruit - Recruitment Services | |
Data | Client / hirer records including contact details, terms of business, assignment or vacancy details |
Format | Electronic |
Purpose | Contractual purposes and legal obligations |
Retention Period | 4 years |
Authority | Managing Director |
Location Held | Secure Bullhorn CRM system |
Sensitive Personal Data | No |
Data | Terms of engagement with temporary workers and terms of business with clients |
Format | Electronic |
Purpose | Contractual purposes and legal obligations |
Retention Period | 4 years |
Authority | Managing Director |
Location Held | Secure Bullhorn CRM system |
Sensitive Personal Data | No |
Data | Records of candidates who have never been placed, including personal data, application form and CV, ID checks, interview notes and other documentation obtained during application |
Format | Electronic |
Purpose | Legitimate interest and consent |
Retention Period | 4 years (unless consent to renew retention period is obtained) |
Authority | Managing Director |
Location Held | Secure Bullhorn CRM system |
Sensitive Personal Data | Yes |
Data | Records of candidates who have never been placed, including personal data and CV, that have been obtained via Job Boards or social networking sites |
Format | Electronic |
Purpose | Legitimate interest with purpose to provide employment solution (DP5B) |
Retention Period | 4 years (unless consent to renew retention period is obtained) |
Authority | Managing Director |
Location Held | Secure Bullhorn CRM system |
Sensitive Personal Data | Yes |
Data | Records of candidates who have been placed, including personal data, application form and CV, ID checks, interview notes, contracts of engagement, working time regulation opt-outs and details obtained during assignments |
Format | Electronic |
Purpose | Contractual purposes and legal obligations |
Retention Period | 7 years |
Authority | Managing Director |
Location Held | Secure Bullhorn CRM system |
Sensitive Personal Data | Yes |
Internal Human Resources | |
Data | Unsuccessful candidate records, including personal data as set out in the CV and application form |
Format | Electronic |
Purpose | Legitimate interest |
Retention Period | 4 years |
Authority | Managing Director / Internal Recruiter |
Location Held | Internal Recruiter's secure personal V:Drive |
Sensitive Personal Data | No |
Data | Employee records, including personal data, application form and CV, interview notes, contracts of engagement, details of assignments |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | Yes |
Data | Working time records including 48 hour opt outs and annual leave records |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | No |
Data | Employee references |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | No |
Data | Appraisal, assessment and training records |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | No |
Data | Eligibility to work records |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | Yes |
Data | Criminal record checks and disclosure barring checks |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | Yes |
Data | Employee equal opportunities response (voluntary) |
Format | Electronic |
Purpose | Legitimate interest |
Retention Period | 1 month |
Authority | Managing Director / Human Resources Department |
Location Held | Secure HR Drive |
Sensitive Personal Data | Yes |
Payroll Information, Finance Data and Company Accounts | |
Data | Sickness records including details of statutory sick pay |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems |
Sensitive Personal Data | Yes |
Data | Records relating to statutory maternity, paternity and adoption pay |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems |
Sensitive Personal Data | Yes |
Data | Pensions auto-enrolment (including auto-enrolment date, joining date, opt in and opt out notices, contributions paid) |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Tempest and Sage software |
Sensitive Personal Data | Yes |
Data | Payroll information and CIS records |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems |
Sensitive Personal Data | Yes |
Data | Company financial records in relation to VAT |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems |
Sensitive Personal Data | Yes |
Data | Company accounts |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Sage and SAFE Financials software |
Sensitive Personal Data | Yes |
Data | ITEPA (the intermediaries legislation) records |
Format | Electronic |
Purpose | Contractual and legal obligations |
Retention Period | 7 years |
Authority | Chief Finance Officer / Finance Director |
Location Held | Secure Accounts X:Drive; secure Tempest software |
Sensitive Personal Data | No |
