The purpose of this policy is to set out the period of time that data should be retained by Focus Micro Systems and the processes for disposing of that data at the end of the retention period.
Who are we?
Focus Micro Systems has continually been dedicated to providing specialist property software solutions for over 30 years. Founded in 1981 we are proud of our position as market leaders in the property management software sector.
The policy covers data created or held including:
- Paper records
- electronic files (including database, Word documents, spreadsheets, webpages and e-mails);
- photographs, scanned images, CD-ROMs and video tapes.
Focus Micro Systems will ensure that information is not kept longer than is necessary and will retain the minimum amount of information that it requires to carry out its’ statutory functions and the provision of services.
This policy does not form part of the formal contract of employment, but it is a condition of employment that staff will abide by the rules and policies. Any failures to follow the policy can therefore result in disciplinary proceedings. Any member of staff, who considers that the policy has not been followed in respect of personal data about themselves, should raise the matter with the Data Protection Officer.
Retention, Deletion and Archiving Policy
In circumstances where a retention period of specific data or a document has expired, a review should always be carried out prior to a decision being made to dispose of it. This review should not be particularly time consuming and should be straightforward. If the decision to dispose of data or a document is taken, then consideration should be given to the method of disposal to be used.
Archiving is defined as the process of moving data that is no longer actively used to a separate storage device for long-term retention. Archive data consists of older data that is still important to Focus Micro Systems and may be needed for future reference, as well as data that must be retained for regulatory compliance.
Paper records shall be archived in secured storage onsite, clearly labelled in archived boxes
Electronic data and records shall be archived in a format which is appropriate to secure the confidentiality, integrity and accessibility of the data.
Notification of Data Held and Processed
All customers and staff are entitled to:
- know what information Focus Micro Systems holds and processes about them and why.
- know how to gain access to it.
- know how to keep it up to date.
- know what Focus Micro Systems are doing to comply with its obligations under the GDPR.
Personal data of any staff member or customer shall not be kept for longer than necessary for the purposes for which it is processed.
Backups for support purposes shall not be kept for longer than the job requires. Once the support job has been completed, any backups used should be removed in accordance with this policy on the destruction of electronic records.
The archiving period of data shall be seven years unless an exception has been obtained permitting a longer or shorter active use period.
The destruction of obsolete or superseded data is an essential step in running a credible, reliable, and effective software company. Keeping out-of-date records only creates confusion, making it difficult for personnel to know which records are authoritative and which records are no longer needed for business. Obsolete or superseded data must to be destroyed in order to:
- ensure current data is reliable and efficient.
- reduce maintenance and storage costs.
- demonstrate accountability and consistency in implementing destruction decisions.
- improve the efficiency of paper and electronic records systems by removing unwanted records.
- reduce the risk that sensitive or personal information will fall into the wrong hands.
No destruction of data should take place without assurance that:
- the record is no longer required by any part of the business.
- no work is outstanding by any part of the business.
- no litigation or investigation is current or pending which affects the record.
- there are no current or pending access requests which affect the record.
The process of destroying records must be irreversible, so that there is no reasonable risk that the information may be recovered. The more sensitive the records, the more certain you must be of the irreversibility of the destruction process. Failure to ensure total destruction may lead to the unauthorized release of sensitive information.
Destruction of Paper Records
Destruction should be carried out in a way that preserves the confidentiality of the record. Confidential records with personal data relating to any customer or staff member must be shredded once no longer required. All copies including security copies, preservation copies and backup copies should be destroyed at the same time in the same manner.
Destruction of Electronic Records
All electronic data must be destroyed in a manner in which the data cannot be ‘un-deleted’ or restored from backups.
Backups used for support purposes must be removed from all places it has been stored. This includes
- desktops of any PC
- backup folder on fmssql001
- SQL Management Studio on fmsts002
Right to Erasure
Customers and staff have the right to obtain erasure from the Focus Micro Systems, without undue delay, if one of the following applies:
- Focus Micro Systems doesn’t need the data anymore for the purpose which it was originally collected or processed.
- Focus Micro Systems are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent.
- Focus Micro Systems are processing the personal data for direct marketing purposes and the individual objects to that processing.
- The subject uses their right to object to the data processing.
- The controller and/or its processor is processing the data unlawfully.
- There is a legal requirement for the data to be erased.
Changes to our privacy notice
Focus Micro Systems will not pass the personal data of any of our data subjects to third parties without first obtaining consent.