Last modified: 1st May, 2018
Effective: 24th May 2018
As part of our GDPR readiness, we are looking at our data retention policy. Data that SchemeServe holds falls into 2 categories; that which it holds about our customers, and that which is our customers data.
In this context, ‘data’ includes personal data collected and/or generated by SchemeServe while providing you with the communication services, including call detail records, etc. Our goal is to ensure that we only retain data long enough to enable customers to have access to enable business activities, but not for longer when it doesn’t serve any purpose.
As data we hold about our customers is not ‘personal’ it falls outside the scope of GDPR. Nevertheless, SchemeServe will retain this data for 7 years following the termination of service by a customer and amounts due to us being settled. This is to allow us to complete year end accounts for the period in which invoices and payments have been made and allow us to comply with HMRC regulations on the keeping of records for taxation purposes.
Data held on the SchemeServe platform belongs to our customers. As we cannot determine or control the type of information stored there, we will act as data processors. Being mindful of our customers legal obligation to provide ‘an effective search mechanism’ for policies and because some policy types require data to be stored for indeterminate lengths (Employer Liability policies since November 1999 are required to be stored for many years, according to the FCA handbook -ICOBS 8.4) SchemeServe has decided it will keep data indefinitely for closed customer sites. However, as the data processor, we will take instructions to destroy data from the recognised data controller.