DATA RETENTION POLICY

Definitions
Introduction
Contact details
Aims, objectives, and scope
Erasure and restriction of processing rights
Data disposal
Data retention
Implementation

Definitions

Business relationship means the period during which TR is engaged in the performance or administration of services for a person
Client means any person who has signed up to TR’s services, regardless of whether TR submits a claim to His Majesty’s Revenue and Customs (HMRC) on their behalf.
Data in this Policy refers to personal data, which means any information relating to a person.
Delete means the removal of all or part of a client file (including data) from TR’s databases and records and those of its relevant third-party processors.
Person is what the UK GDPR calls a “data subject”. The UK GDPR defines a data subject as “an identifiable natural person” or someone who can be identified, directly or indirectly.
People means more than one Person.
TR means Tax Returned Limited, a company registered in England, number 08828062, whose registered office is 207 Regent Street, 3rd Floor, London, England, W1B 3HH.

Introduction

This Policy sets out TR’s data retention obligations and policies. This Policy applies to all data (except for employee, applicant, or service provider data) dealt with by TR (and by third-parties processing data on TR’s behalf).

TR must keep data in a form which permits the identification of people for no longer than is necessary for the purposes for which TR processes the data. In certain cases, controllers of personal data may store data for longer periods (although those cases do not apply to TR).

People also have the ‘right to erasure’, also known as ‘the right to be forgotten’. People have the right to have their data erased (and to prevent the processing of that data) in the following circumstances:

Where the data is no longer required for the purpose for which they were originally collected or processed.
When the person withdraws their consent (if the data is held based on that person’s consent).
When the person objects to the processing of their data and TR has no overriding legitimate interest or legal obligation.
When the data has been processed unlawfully
When TR must erase the data to comply with a legal obligation.
Where the data has been processed for the provision of information society services to a child (which is not applicable to what TR does).

This Policy sets out the types of data held by TR for delivery of TR’s services, the periods for which that data is retained by TR, the criteria for establishing and reviewing such periods, and when and how data are to be deleted or otherwise disposed of.

Aims, objectives, and scope

The primary aim of this Policy is to set out clearly TR’s data retention limits so that TR is accountable and transparent. TR stores data in the following ways:

On servers belonging to TR (or its third-party data processors).
On computers (including phones) belonging to TR (or its third-party data processors).

Erasure and restriction of processing rights

TR holds all data in accordance with the requirements and rights set out by the Data Protection Act 2018, as detailed in TR’s Privacy Policy. TR keeps people fully informed of their rights, the data TR holds about them, how TR uses that data, and how long TR will hold that data. People have the right:

to request that TR delete their data (notwithstanding the retention periods otherwise set out in this Policy); and
to restrict TR’s use of their data.

TR will comply with erasure requests where it does not have an overriding reason, listed in this Policy, to retain the person’s data. Please note that:

TR has a legal obligation to retain client records for five years after the end of the business relationship with a person under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
TR will retain data for six years from the end of the business relationship for the establishment, exercise, or defence of legal claims related to TR’s performance of its contractual obligations. The six-year period is based on Sections 2 and 5 of the Limitation Act 1980. TR will erase the data as soon as reasonably practicable after the expiration of the six-year period.

Please consult the relevant section of the ICO’s website (linked here) if you wish to verify our position.

Data disposal

At the end of the data retention periods set out in this Policy, TR will fully anonymise a person’s data unless that person has requested erasure or restriction of processing. If a person requests erasure or exercises their right to restrict TR’s processing of their data, TR will delete, destroy, or otherwise dispose of the data (subject to any legal obligations).

TR will securely delete electronic data (including any backups) from TR’s servers, mobile phones, and computers.
TR will securely shred any data stored in a physical format.

Where a person provides to TR an original document (such as a passport or driver’s licence), TR will store a digital copy of this document on its servers in accordance with this Policy. In this case, TR may return the original document to the person who provided it.

TR does not retain physical copies of documents from HMRC. TR scans documents from HMRC and stores the documents electronically. TR cannot provide original copies of documents from HMRC because TR shreds any physical documents received from HMRC within one month of receipt.

TR’s Data Protection Manager is responsible for processing all ‘right to erasure’ requests in accordance with this Policy and the data retention periods set out below.

Data retention

TR shall not retain any data for longer than is necessary considering the purposes for which it collected, held, and processed that data.

TR considers the following factors when establishing and/or reviewing retention periods:

TR’s objectives and requirements.
The type of data in question.
The purposes for which it collected, held, and processed the data.
The lawful basis for which it collected, held, and processed that data.
The category or categories of person to whom the data relates.

TR considers carefully the criteria by which it determines data retention periods. TR periodically assesses the suitability of these criteria. TR uses distinct data for different purposes and therefore retention periods vary accordingly.

Notwithstanding the following defined retention periods, TR may erase or destroy certain data before expiry of the defined retention period where it is legally permitted to do so.

Type of Data	Purpose of Data	Review Period	Retention Period or Criteria
Analytics data: · Cookies · User identifiers · Advertising identifiers	o To track website usage o To track advertising campaigns	Annually	26 months
Contact data: · Postal address · Email address · Telephone number	o To enter and fulfil a contract o Business analytics and development	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Employment data: · Employment history · Sector · Job title	o To fulfil a contract o Business analytics and development	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Financial data: · Bank details · Transaction data	o To fulfil a contract	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Identity data: · First name · Former names · Last name · Marital status · Title · Date of birth · National Insurance number · Unique Tax Reference number · Customer reference number · IP address	o To enter and fulfil a contract o Business analytics and development o Security measures	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Identity verification data: · Nationality · Place of birth · Sex · Passport number · Driver’s licence number · Photo · Next of kin · Relatives · Spouse · Civil partner · Place of birth · Place of death · Nature of death · Time of death · Officiating persons · Witnesses · Contact details of mentioned persons	o To perform identity verification checks o To verify any name changes o To verify the relevant person to receive funds in the event of a customer’s death.	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Preferences data: · Marketing preferences · Prize draw preferences · Communication preferences	o To correctly manage your communication and marketing preferences o To manage prize draws	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Tax data: · Income (taxable or untaxable) · Tax paid · Taxable expenses (received and claimed) · Tax account balance (overpaid or underpaid) · Source of income (if pension fund) · Pension contributions · Student Loan Repayments	o To fulfil a contract o Business analytics and development	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.
Technical data: · Login details	o Security and Identification measures	Annually	The earlier of the time of deletion or for the duration required to perform the contract to which the data relates.
Trade union data: · Name of union · Membership fees	o To fulfil a contract o Business analytics and development	Annually	The earlier of the time of deletion or 6 years from the end of the contract to which the data relates.

Contact details

TR has a privacy manager called the Data Protection Manager. For further information on TR and other aspects of our data protection and compliance policies, please contact the Data Protection Manager at: dataprotection@taxreturned.co.uk

Implementation

This Policy is effective as of 12 January 2021 and applies to all data collected before, on or after this date.