top of page

Data Retention Policy.

Purpose
This Data Retention Policy outlines how Astreo HR retains, reviews, and securely disposes of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The purpose of this policy is to ensure that personal data is not kept longer than necessary and is handled in a secure and compliant manner throughout its lifecycle.


Scope
This policy applies to all personal data processed by Astreo HR, including data relating to:

- Clients and prospective clients

- Employees, contractors, and associates
- Candidates and HR-related data processed on behalf of clients
- Website users and enquiries


Principles of Data Retention
We follow these key principles:

- Personal data is retained only for as long as necessary for its purpose
- Retention periods are based on legal, regulatory, and business requirements
- Data is securely deleted or anonymised when no longer required
- Regular reviews are conducted to ensure compliance


Retention Periods

Enquiries / Consultation Requestions

Purpose: Responding to initial enquiries

Retention Period: Up to 12 months from last contact

 

Client Contact Details

Purpose: Managing client relationships

Retention Period: Duration of contract +6 years

 

Client HR Data (processed on behalf of clients)

Purpose: Delivery of HR services

Retention Period: As agreed in client contract (typically duration of contract +6 years)

Contracts and Agreements

Purpose: Legal and financial record-keeping

Retention Period: 6 years after contract ends

Financial Records (invoices, payments)

Purpose: Tax and accounting obligations

Retention Period: 6 years (as required by law)

Marketing Data

Purpose: Sending communications (with consent)

Retention Period: Until consent is withdrawn or after 24 months of inactivity

Recruitment Data (unsuccessful candidates)

Purpose: Recruitment processes

Retention Period: Up to 12 months after recruitment ends

Employee Records

Purpose: Employment administration

Retention Period: Duration of employment +6 years

Sub-contractor / interim consultant data

Purpose: Administration of subcontractors and interims

Retention Period: Duration of contract +6 years

Website analytics

Purpose: Improving website performance

Retention Period: Up to 26 months

Special Category Data
Where we process sensitive personal data (e.g. health, disciplinary, or diversity data), we will:

- Apply stricter retention controls
- Retain only for as long as strictly necessary
- Ensure enhanced security measures are in place


Data Review
We conduct periodic reviews of stored data to:

- Identify data that is no longer required
- Ensure retention periods are being followed
- Maintain data accuracy and relevance


Data Disposal
When data reaches the end of its retention period, it will be:

- Securely deleted from electronic systems
- Permanently erased from backups where feasible
- Shredded if in physical format

We ensure that disposal methods prevent unauthorised access or recovery.


Legal and Regulatory Requirements
In some cases, we may retain data longer than stated if required to:

- Comply with legal obligations
- Resolve disputes
- Enforce agreements


Responsibilities
Astreo HR is responsible for implementing and maintaining this policy.
All staff and contractors must:

- Follow retention guidelines
- Ensure data is not kept unnecessarily
- Report any concerns regarding data handling


Third-Party Data Processing
Where third parties process data on our behalf, we ensure:

- Retention periods are defined in contracts
- Data is returned or deleted upon termination of services


Policy Review
This policy will be reviewed regularly and updated to reflect legal, regulatory, or operational changes.

Contact

For questions about thie policy or data retention practices, please contact:

Marcelle Stewart, Managing Director

Astreo HR Limited, Unit 1, The Cam Centre, Wilbury Way, Hitchin, SG4 0TW

bottom of page