Contact

Telephone: Men -     07395 600 636   

                 Women - 07395 600 639

Email:        info@parentstobe.net

SCHEDULE 2 - DATA PROTECTION POLICY 

ABOUT THIS POLICY
The corporate information, records and data of our company is important to how we
conduct business and manage employees. There are legal and regulatory requirements for
us to retain certain data, usually for a specified amount of time. We also retain data to help
our business operate and to have information available when we need it. However, we do
not need to retain all data indefinitely, and retaining data can expose us to risk as well as be
a cost to our business.
This Data Retention Policy explains our requirements to retain data and to dispose of data
and provides guidance on appropriate data handling and disposal. Failure to comply with
this policy can expose us to fines and penalties, adverse publicity, difficulties in providing
evidence when we need it and in running our business. This policy does not form part of any
employee's contract of employment and we may amend it at any time.


SCOPE OF POLICY
This policy covers all data that we hold or have control over in all areas of our business. This
includes physical data such as hard copy documents, contracts, notebooks, letters and
invoices. It also includes electronic data such as emails, electronic documents, audio and
video recordings and CCTV recordings. It applies to both personal data and non-personal
data. In this policy we refer to this information and these records collectively as "data";.
This policy covers data that is held by third parties on our behalf, for example cloud storage
providers or offsite records storage. It also covers data that belongs to us but is held by
employees on personal devices.
This policy explains the differences between our formal or official records, disposable
information, confidential information belonging to others, personal data and non-personal
data. It also gives guidance on how we classify our data.


GUIDING PRINCIPLES
Through this policy, and our data retention practices, we aim to meet the following
commitments:
We comply with legal and regulatory requirements to retain data.
We comply with our data protection obligations, in particular to keep personal data no
longer than is necessary for the purposes for which it is processed (storage limitation
principle).
We handle, store and dispose of data responsibly and securely.
We create and retain data where we need this to operate our business effectively, but we
do not create or retain data without good business reason.
We allocate appropriate resources, roles and responsibilities to data retention.
We regularly remind employees of their data retention responsibilities.

We regularly monitor and audit compliance with this policy and update this policy when
required.


ROLES AND RESPONSIBILITIES
Responsibility of all employees. We aim to comply with the laws, rules, and regulations that
govern our organisation and with recognised compliance good practices. All employees
must comply with this policy, the Record Retention Schedule and any communications
suspending data disposal and any other specific instructions. Failure to do so may subject
us, our employees, and contractors to serious civil and/or criminal liability. An employee's
failure to comply with this policy may result in disciplinary sanctions, including suspension
or termination. It is therefore the responsibility of everyone to understand and comply with
this policy.


Data Protection Officer. Our Data Protection Officer (DPO) is responsible for advising on
and monitoring our compliance with data protection laws which regulate personal data. Our
DPO works on the retention requirements for personal data and on monitoring compliance
with this policy in relation to personal data.


TYPES OF DATA AND DATA CLASSIFICATIONS
Disposable information. Disposable information consists of data that may be discarded or
deleted at the discretion of the user once it has served its temporary useful purpose and/or
data that may be safely destroyed because it is not a formal or official record as defined by
this policy and the Record Retention Schedule. Examples may include:
Duplicates of originals that have not been annotated.
Preliminary drafts of letters, memoranda, reports, worksheets, and informal notes that do
not represent significant steps or decisions in the preparation of an official record.
Books, periodicals, manuals, training binders, and other printed materials obtained from
sources outside of our company and retained primarily for reference purposes.
Spam and junk mail.
Please see below for more information on how to determine retention periods for this type
of data.
Personal data. Both formal or official records and disposable information may contain
personal data; that is, data that identifies living individuals. Data protection laws require us
to retain personal data for no longer than is necessary for the purposes for which it is
processed (principle of storage limitation). See below for more information on this.
Confidential information belonging to others. Any confidential information that an
employee may have obtained from a source outside of our company such as a previous
employer, must not, so long as such information remains confidential, be disclosed to or
used by us. Unsolicited confidential information submitted to us should be refused,
returned to the sender where possible, and deleted, if received via the internet.
Data classifications. Some of our data is more confidential than other data and should only
be retained in accordance with our relevant privacy notices (including contributor privacy
notice).


RETENTION PERIODS
Formal or official records. Any data that is part of any of the categories listed in the Record
Retention Schedule contained in the Annex to this policy, must be retained for the amount
of time indicated in the Record Retention Schedule. A record must not be retained beyond
the period indicated in the Record Retention Schedule, unless a valid business reason (or
notice to preserve documents for contemplated litigation or other special situation) calls for

its continued retention. If you are unsure whether to retain a certain record, contact the
DPO.
Disposable information. The Record Retention Schedule will not set out retention periods
for disposable information. This type of data should only be retained as long as it is needed
for business purposes. Once it no longer has any business purpose or value it should be
securely disposed of.
Personal data. As explained above, data protection laws require us to retain personal data
for no longer than is necessary for the purposes for which it is processed (principle of
storage limitation). Where data is listed in the Record Retention Schedule, we have taken
into account the principle of storage limitation and balanced this against our requirements
to retain the data. Where data is disposable information, you must take into account the
principle of storage limitation when deciding whether to retain this data in accordance with
any applicable Privacy Policy.
What to do if data is not listed in the Record Retention Schedule. If data is not listed in the
Record Retention Schedule, it is likely that it should be classed as disposable information.


STORAGE, BACK-UP AND DISPOSAL OF DATA
Storage. Our data must be stored in a safe, secure, and accessible manner. Any documents
and financial files that are essential to our business operations during an emergency must
be duplicated and/or backed up at least once per week and maintained off site.
Destruction. Our DPO is responsible for the continuing process of identifying the data that
has met its required retention period and supervising its destruction. The destruction of
confidential, financial, and employee-related hard copy data must be conducted by
shredding if possible. Non-confidential data may be destroyed by recycling. The destruction
of electronic data must be co-ordinated with the DPO.


SPECIAL CIRCUMSTANCES
Preservation of documents for contemplated litigation and other special situations. We
require all employees to comply fully with our Record Retention Schedule and procedures
as provided in this policy. All employees should note the following general exception to any
stated destruction schedule: If you believe, or DPO informs you, that certain records are
relevant to current litigation or contemplated litigation (that is, a dispute that could result in
litigation), government investigation, audit, or other event, you must preserve and not
delete, dispose, destroy, or change those records, including emails and other electronic
documents, until the DPO determines those records are no longer needed. Preserving
documents includes suspending any requirements in the Record Retention Schedule and
preserving the integrity of the electronic files or other format in which the records are kept.


WHERE TO GO FOR ADVICE AND QUESTIONS
Questions about the policy. Any questions about this policy should be referred to the DPO,
who is in charge of administering, enforcing, and updating this policy.


BREACH REPORTING AND AUDIT
Reporting policy breaches. We are committed to enforcing this policy as it applies to all
forms of data. The effectiveness of our efforts, however, depend largely on employees. 

No one will be subject to and we do not allow, any form of discipline, reprisal, intimidation,
or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any
record destruction claim, or co-operating in related investigations.
Audits. Our DPO periodically review this policy and its procedures (including where
appropriate by taking outside legal or auditor advice) to ensure we are in compliance with
relevant new or amended laws, regulations or guidance. Additionally, we will regularly
monitor compliance with this policy, including by carrying out audits.


OTHER RELEVANT POLICIES
This policy supplements and should be read in conjunction with our other policies and
procedures in force from time to time, including without limitation our Contributor Privacy
Notice.


DEFINITIONS
Data: all data that we hold or have control over and therefore to which this policy applies.
This includes physical data such as hard copy documents, contracts, notebooks, letters and
invoices. It also includes electronic data such as emails, electronic documents, audio and
video recordings and CCTV recordings. It applies to both personal data and non-personal
data. In this policy we refer to this information and these records collectively as "data".
Data Protection Officer: our Data Protection Officer who is responsible for advising on and
monitoring compliance with data protection laws.
Data Retention Policy: this policy, which explains our requirements to retain data and to
dispose of data and provides guidance on appropriate data handling and disposal.
Disposable information: disposable information consists of data that may be discarded or
deleted at the discretion of the user once it has served its temporary useful purpose and/or
data that may be safely destroyed because it is not a formal or official record as defined by
this policy and the Record Retention Schedule.
Formal or official record: certain data is more important to us and is therefore listed in the
Record Retention Schedule. This may be because we have a legal requirement to retain it, or
because we may need it as evidence of our transactions, or because it is important to the
running of our business. We refer to this as formal or official records or data.
Non-personal data: data which does not identify living individuals, either because it is not
about living individuals (for example financial records) or because it has been fully
anonymised.
Personal data: any information identifying a living individual or information relating to a
living individual that we can identify (directly or indirectly) from that data alone or in
combination with other identifiers we possess or can reasonably access. This includes
special categories of personal data such as health data and pseudonymised personal data
but excludes anonymous data or data that has had the identity of an individual permanently
removed. Personal data can be factual (for example, a name, email address, location or date
of birth) or an opinion about that person's actions or behaviour.
Record Retention Schedule: the schedule attached to this policy which sets out retention
periods for our formal or official records.
Storage limitation principle: data protection laws require us to retain personal data for no
longer than is necessary for the purposes for which it is processed. This is referred to in the
GDPR as the principle of storage limitation.


RECORD RETENTION SCHEDULE

The Producer establishes retention or destruction schedules or procedures for specific
categories of data. This is done to ensure legal compliance (for example with our data
protection obligations) and accomplish other objectives, such as protecting intellectual
property and controlling costs.
Employees should comply with the retention periods listed in the record retention schedule
below, in accordance with the Producer’s Data Retention Policy.

Records of contributors, cast or crew not engaged in a production should be destroyed once the showhas delivered unless consent has been given to your retaining that information for the stated purposes.