1. Ntice is committed to protecting the personal information and privacy of the candidates we represent and the clients for whom we work.
  2. Our legal obligations in respect of data retention depend on the particular nature of the personal data. Some types of personal data can and should be deleted within a relatively short timeframe, whilst others must be retained for a certain time either to comply with legal obligations or for some other legitimate reason.
  3. Article 5(1)(e) of the General Data Protection Regulation (GDPR) also imposes an obligation on organisations that process personal data for a particular purpose, to keep that personal data for no longer than is necessary for the relevant purpose.
  4. This Data Retention Policy (the Policy), together with any other documents referred to in it, sets out our arrangements for the retention and deletion of personal data that we collect from or about individuals (data subjects) It is intended to ensure that we adopt a consistent approach in respect of the main categories of personal data that we are likely to process, and that we can if necessary explain the rationale for our approach to the relevant authorities and the data subjects themselves.
  5. This Policy applies to all copies of personal data that are held by us, or by our employees, whether held on our own systems or on laptops, USB sticks or other storage devices in the possession of staff.
  6. This Policy is the responsibility of Bronwyn Thorpe who is responsible for ensuring that it is enforced, and that the Policy itself is reviewed and updated at least once per year.
  1. It is not practical or cost-effective for us to retain all personal data in perpetuity. Even if it were, it would not be permissible because of the GDPR principle that personal data should where possible be minimised. However, it is necessary to retain some data in order to protect our interests as a business, including for the purposes of meeting our own legal obligations with regard to record-keeping, where this is necessary in connection with potential litigation or for compliance with regulatory requirements, and otherwise for the purposes of good business and security practices.
  2. The principal categories of personal data that we hold are outlined in the Appendix to this Policy. The Appendix also sets out, in respect of each category of personal data, how long we hold it for, and the rationale for that time limit. Where personal data is encrypted, we must also make arrangements for the encryption keys to be retained for the corresponding period, in order that the relevant data can be accessed if necessary
  1. Once the retention period has elapsed for a given set of personal data, we will arrange for destruction of the data UNLESS we have received a request from the data subject to retain the relevant data for any reason (which requests must be referred to the person responsible for data protection in our company) or there is a compelling justification for continuing to hold the data (such as in connection with litigation).
Destruction of data will be carried out by one of the following means:
  • Records held in hard copy form must be destroyed by crosscut-shredding, pulped or burnt; and
  • Records held in electronic form must be permanently deleted (i.e. rendered non-recoverable by normal search processes) from our systems.
  • Destruction of the data may be outsourced to a reputable data destruction company, in which case we will require production of a written certificate of destruction.

Type of Personal Data Description and/or examples Retention Period
Candidate information Name and contact details Education and qualifications Career history Current and previous employers and job titles Current compensation package Career objectives References CV’s Right to work in the UK evidence 6 years from the last contact with the relevant candidate, unless (a) the candidate has specifically consented to the data being retained for a further 12 months, and (b) that consent has been recorded in writing (including by email)
Client information Name and contact details Current employer and job title Contact numbers and email address Client contracts Client job profiles & salary and benefits 6 years from the last contact with the client contact, unless (a) the contact has specifically consented to the data being retained for a further 12 months, and (b) that consent has been recorded in writing, including by email.
Employee information Name and contact details Terms and conditions of employment/contractor agreement Employee files Payroll records (including salary, bonuses, overtime and expenses, and any other remuneration) Income tax and tax details Statutory maternity pay records Statutory sick pay records Accident records and reports 6 years from the end of employment (for employees).