1: Introduction

1.1 Policy Overview
Redcone Recruitment Limited recognises the importance of retaining and managing company records and documentation effectively to ensure compliance with legal, regulatory, and business requirements. This Retention of Documentation Policy establishes a framework for retaining, storing, and disposing of documentation in line with statutory regulations and best practices. Proper retention of documentation ensures that Redcone Recruitment Limited can meet legal obligations, support audits, maintain data integrity, and safeguard business interests.

The company is committed to retaining necessary documentation for an appropriate period, protecting sensitive information, and securely disposing of records when they are no longer required. This policy applies to both physical and digital records.

1.2 Purpose of the Policy
The purpose of this policy is to:

• Establish clear guidelines for the retention and disposal of documentation, ensuring compliance with applicable laws and regulations.
• Ensure that records are accessible and available when needed, particularly for legal, regulatory, or business audits.
• Protect confidential and sensitive information through appropriate storage and secure disposal practices.
• Minimise the risk of retaining unnecessary or outdated documentation, which can lead to inefficiencies or non-compliance with data protection laws.
• Define the responsibilities of employees, managers, and departments in managing documentation.

1.3 Legal and Regulatory Framework
This policy is compliant with the following UK laws and regulations:

• Data Protection Act 2018 and UK GDPR: Governs the retention and secure processing of personal data and ensures that personal data is not kept longer than necessary.
• Companies Act 2006: Sets out legal requirements for the retention of company records, such as accounting records and financial statements.
• Health and Safety at Work Act 1974 and Health and Safety Regulations: Require the retention of certain health and safety records, such as incident reports and training records.
• HMRC Regulations: Establish specific retention periods for tax records, payroll, and other financial documents.
• Limitation Act 1980: Sets out statutory time limits for keeping records to defend against potential legal claims.

2: Scope

2.1 Applicability
This policy applies to all employees of Redcone Recruitment Limited, including full-time, part-time, temporary, and contract staff. It also applies to third-party service providers and contractors who manage documentation on behalf of the company. The policy covers all forms of documentation, including but not limited to:

• Physical documents: Paper records, files, contracts, reports, and printed materials.
• Digital records: Emails, electronic files, databases, scanned documents, and records stored in cloud-based systems.

2.2 Types of Documentation
The types of documentation covered by this policy include, but are not limited to:

• Corporate Records: Company formation documents, board minutes, policies, and governance records.
• Financial Records: Invoices, tax returns, payroll records, and financial statements.
• Human Resources Records: Employee contracts, performance reviews, disciplinary records, and health and safety training.
• Legal Records: Contracts, agreements, litigation files, and insurance documents.
• Operational Records: Client contracts, project documentation, and procurement records.
• Health and Safety Records: Incident reports, risk assessments, and safety inspections.
• Marketing and Communications: Marketing strategies, client communications, and promotional materials.

3: Policy Details

3.1 Retention Periods
Redcone Recruitment Limited will retain documentation for the following periods based on legal requirements, operational needs, and best practices. The specific retention periods for different categories of records are outlined below:

• Corporate Records:
  • Articles of incorporation, company constitution, and governance documents: Permanently.
  • Board minutes and resolutions: 10 years.
• Financial Records:
  • Accounting records and financial statements: 6 years after the end of the financial year.
  • VAT and tax records: 6 years after the end of the tax year.
  • Payroll records and payslips: 6 years after the end of the tax year.
• Human Resources Records:
  • Employee contracts and personnel files: 6 years after termination of employment.
  • Recruitment records (CVs, interview notes): 1 year after the recruitment process.
  • Health and safety training records: 3 years.
  • Disciplinary and grievance records: 6 years after resolution or termination of employment.
• Legal Records:
  • Contracts and agreements: 6 years after the end of the contract.
  • Litigation files: 6 years after resolution of the case.
  • Insurance policies and claims: 6 years after the policy expires or the claim is settled.
• Operational Records:
  • Client contracts: 6 years after the end of the contract.
  • Project documentation: 6 years after project completion.
  • Procurement and supplier records: 6 years after the contract or transaction.
• Health and Safety Records:
  • Accident and incident reports: 3 years after the date of the incident.
  • Risk assessments and safety inspections: 5 years.

3.2 Storage and Security of Documentation

3.2.1 Physical Documentation

• Secure Storage: All physical records must be stored in secure locations, such as locked filing cabinets or restricted-access rooms. Access to sensitive or confidential documents should be limited to authorised personnel only.
• Filing Systems: Departments must maintain organised and easily accessible filing systems to ensure that documentation can be retrieved quickly when required.

3.2.2 Digital Documentation

• Cloud and Digital Storage: Digital records will be stored on secure, company-approved servers or cloud-based platforms that are protected by encryption and access controls. All access to digital records must be password-protected, and sensitive information should be further encrypted.
• Data Backup: Regular backups of important digital documents will be performed to prevent data loss. Backup data must also be stored securely and follow the same access control guidelines as primary records.

3.2.3 Security Measures

• Confidentiality: Redcone Recruitment Limited will ensure that confidential or sensitive documentation is protected by appropriate security measures, including restricted access, encryption, and password protection.
• Access Control: Only authorised employees will have access to specific categories of documentation based on their roles and responsibilities. Access controls will be regularly reviewed to ensure compliance with this policy.

3.3 Disposal of Documentation

3.3.1 Physical Document Disposal
When documentation has reached the end of its retention period, it must be securely disposed of to prevent unauthorised access. For physical records:

• Shredding: Confidential paper documents must be shredded or otherwise destroyed to protect sensitive information.
• Waste Disposal: Shredded documents should be disposed of in accordance with the company’s environmental and waste disposal policies.

3.3.2 Digital Document Disposal
For digital records:

• Permanent Deletion: Electronic records must be securely deleted from all company systems, including backups, using methods that ensure the data cannot be recovered.
• Third-Party Disposal: If external contractors or cloud service providers are used to store or manage data, Redcone Recruitment Limited will ensure they have procedures in place for the secure disposal of digital records.

4: Responsibilities

4.1 Employee Responsibilities
All employees are responsible for:

• Complying with this policy and ensuring that documentation is retained and disposed of in accordance with the defined retention periods.
• Maintaining accurate records and ensuring that documents are filed, stored, and disposed of securely.
• Reporting any incidents involving the loss, theft, or unauthorised access to company documentation to the Data Protection Officer or Compliance Officer.

4.2 Departmental Responsibilities
Each department is responsible for:

• Implementing this policy within their areas of operation, ensuring that records are properly managed and retained.
• Conducting regular reviews of documentation to ensure that obsolete records are securely disposed of.
• Providing guidance and training to employees on the proper handling, retention, and disposal of documentation.

4.3 Data Protection Officer (DPO) Responsibilities
The Data Protection Officer is responsible for:

• Overseeing compliance with data protection laws, including the retention and secure disposal of personal data in accordance with the UK GDPR and Data Protection Act 2018.
• Providing advice and guidance to employees and departments on the proper management of documentation.
• Investigating any breaches of this policy, such as the loss or misuse of documentation.

5: Compliance and Audit

5.1 Internal Audits
Redcone Recruitment Limited will conduct regular internal audits of its document retention practices to ensure compliance with this policy. These audits will:

• Review departmental compliance with the retention periods and storage procedures outlined in this policy.
• Identify any gaps in documentation management and provide recommendations for improvement.

5.2 External Audits
Where applicable, external auditors may be engaged to review the company’s compliance with regulatory requirements related to documentation retention. This may include audits conducted by tax authorities, health and safety regulators, or data protection agencies.

6: Training and Awareness

6.1 Employee Training
All employees will receive training on the Retention of Documentation Policy as part of their onboarding process and through regular refresher courses. Training will cover:

• The importance of document retention and the legal requirements involved.
• Procedures for storing, securing, and disposing of physical and digital records.
• How to handle confidential or sensitive documentation securely.

6.2 Manager and Departmental Training
Managers and department heads will receive additional training on their responsibilities under this policy, including:

• Implementing retention schedules within their teams or departments.
• Conducting regular reviews of records to ensure compliance with retention periods.
• Ensuring that all team members are aware of the procedures for secure disposal of documentation.

7: Monitoring and Review

7.1 Monitoring Compliance
The Compliance Officer and Data Protection Officer will be responsible for monitoring adherence to this policy. This will include:

• Regular reviews of documentation retention practices across the organisation.
• Investigating any incidents of non-compliance or data breaches related to document retention or disposal.

7.2 Policy Review
This policy will be reviewed annually or in response to significant changes in legal requirements, business operations, or technological developments. Any updates to the policy will be communicated to all employees, and training materials will be updated accordingly.

8: Consequences of Non-Compliance

8.1 Employee Consequences
Employees who fail to comply with the Retention of Documentation Policy may be subject to disciplinary action, up to and including termination of employment. Non-compliance includes:

• Failure to retain documents for the required period.
• Inappropriate access to or sharing of confidential or sensitive information.
• Failure to securely dispose of documentation.

8.2 Organisational Consequences
Failure to comply with legal requirements for documentation retention can result in:

• Legal Penalties: Redcone Recruitment Limited may face fines or legal action for failing to retain records for the required period or for mishandling confidential information.
• Reputational Damage: Non-compliance with document retention laws can harm the company’s reputation, especially in relation to data protection.

9: Conclusion

Redcone Recruitment Limited is committed to maintaining effective and compliant documentation retention practices that meet legal and business requirements. By adhering to this Retention of Documentation Policy, the company ensures that records are managed in a secure, organised, and legally compliant manner. All employees, managers, and stakeholders are expected to comply with this policy, contributing to a transparent, efficient, and compliant working environment.