Document Retention Periods
Pursuant to GDPR rules which come into force on 25th May 2018 Medicolegal Associates Limited must have a system in place which ensures documents are kept safely and which can be monitored. It is also a data protection principle that personal data must be kept for no longer than necessary and that we inform individuals as to how long we intend to keep their personal data and when it will be destroyed.
This document sets out the length of time we keep data and documents or explains how that period will be determined.
Client and Claimant Files
Clients will be told in our terms of business when the documents on the matter they are instructing us on will be destroyed. This will be set out in the engagement letter and will be informed by the company’s policy on destruction dates. This will be not less than 5 years from the date the matter is closed.
The company will only retain relevant files as e-documents for example on cloud based storage systems.
All closed matters and other documents (hard copy papers and e–documents) have a destruction date allocated to them i.e. we ask clients whether they wish us to return hard copy papers within 14 days of receipt or securely dispose of them ourselves. Documents are destroyed confidentially. If we do not receive a response paper documents are scanned on to our secure cloud base systems and destroyed confidentiality.
Certain items of information about client matters are retained for longer periods of time for legal and regulatory reasons e.g. as part of our accounting records or for conflict checking purposes etc
If a prospective client contacts the company and is given advice in an initial telephone call or email or meeting but the matter is not taken further and no matter file is opened, the matter is treated as a closed client matter and any written or electronic records of the advice given will be deleted no later than 7 years after initial contact.
Marketing and Business Development (Medicolegal)
Medicolegal client and contact data that is kept in the company’s Client Relationship Management (CRM) system for marketing purposes and which has been added to the system because we are entitled to within our legitimate interests e.g. where the individual is employed by a corporate client of the company, or because data has been added via the soft opt-in consent permission i.e. where an individual has instructed us and clearly chosen not to object to receiving marketing materials when we collected their data, will be retained for 5 years. At that point, we will then review our current relationship with the individual and remove details for any inactive clients or contacts e.g. where an individual has not attended an event or clicked on a link in any email or instructed us for a number of years.
Medicolegal client and contact data that is kept in the company’s CRM system because we have that individual’s express consent for the company to keep their data for marketing purposes, we will aim to re-confirm consent every 2 years (e.g. asking the individual to confirm which areas of the business they want to continue to receive information or newsletters about) or delete the data.
Clients or contacts whose details are kept in the company’s CRM system can unsubscribe or ask for their details to be removed from the system at any time if they wish.
Event feedback forms are kept for 18 months then deleted.
Event data (e.g. dietary requirements) will be deleted after an event.
For individuals who have asked to unsubscribe from marketing communications, the ‘unsubscribe’ list will be kept indefinitely with minimal information to ensure no marketing is sent to those individuals.
All applications for vacancies or speculative applications (along with related correspondence) sent to the company are kept for 6 months after receipt of the application or, where the company has first secured consent to retain, for a longer period. Any such consent will be re-confirmed every 6 months thereafter and, if not received, the record is destroyed. Records relating to individuals taken on by the company as employees or contractors are retained in line with the company’s employment policies.
Records relating to individuals taken on by the company as employees or contractors are retained in line with the company’s training / employment policies.