Data Retention


Overview

Introduction

This sets out how Manchester Luncheon Club will approach data retention and establishes processes to ensure we do not hold data for longer than is necessary.

It forms part of Manchester Luncheon Club’s Data Protection and Retention Policy.

Roles and responsibilities

Manchester Luncheon Club is the Data Controller and will determine what data is collected, retained and how it is used. The Data Protection Officer for Manchester Luncheon Club is the Honorary Secretary, along with the Committee of the Manchester Luncheon Club, is responsible for the secure and fair retention and use of data by Manchester Luncheon Club. Any questions relating to data retention or use of data should be directed to the Data Protection Officer.

Regular data review

A regular review of all data will take place to establish if Manchester Luncheon Club still has good reason to keep and use the data held at the time of the review. A data review will be held every 2 years and no more than twenty-seven calendar months after the last review. The first review will take place in March 2025.

Data to be reviewed.

  • Manchester Luncheon Club stores data on digital documents (e.g., Spreadsheets) stored on personal devices held by the Administrator, Honorary Secretary, Honorary Treasurer and Publicity Secretary
  • Physical data stored at the home of the Administrator, Honorary Secretary, Honorary Treasurer and Publicity Secretary

The review will be conducted by the Data Protection Officer with other Manchester Luncheon Club Officers and or Committee Members to be decided on at the time of the review.

How data will be deleted

  • Physical data will be destroyed safely and securely, including
  • All reasonable and practical efforts will be made to remove data stored
  • Priority will be given to any instances where data is stored in active lists (e.g., where it could be used) and to sensitive data.
  • Where deleting the data would mean deleting other data that we have a valid lawful reason to keep (e.g., On old emails) then the data may be retained safely and securely but not

Criteria

The following criteria will be used to make a decision about what data to keep and what to delete.

Question Action
Yes No
Is the data stored securely? No action necessary Update storage protocol in

line with Data Protection policy

Does the original reason for having the data still apply? Continue to use Delete or remove data
Is the data being used for its original intention? Continue to use Either delete/remove or record lawful basis for use and get consent if

necessary

Is there a statutory requirement to keep the data? Keep the data at least until the statutory minimum no longer applies Delete or remove the data unless we have reason to keep the data under other

criteria.

Is the data accurate? Continue to use Ask the subject to confirm/update details
Where appropriate do we have consent to use the data. This consent could be implied by previous use.

and engagement by the individual

Continue to use Get consent
Can the data be anonymised Anonymise data Continue to use

 

Statutory requirements

Data stored by Manchester Luncheon Club may be retained based on statutory requirements for storing data other than data protection regulations. This might include but is not limited to:

  • Details of payments made and received (e.g., in bank statements and accounting records)
  • Committee meeting minutes
  • Contracts and agreements with suppliers e.g., Hotels
  • Insurance details

Other data retention procedures

Member data

When a member leaves Manchester Luncheon Club and all administrative tasks relating to their membership have been completed any potentially sensitive data held on them will be deleted – this might include bank details.

Unless consent has been given data will be removed from all email mailing lists.

All other data will be stored safely and securely and reviewed as part of the next two- year review.

Non-member data

After the Event they have booked for has taken place, their data will be removed as soon as is practically possible.

All other data will be stored safely and securely and reviewed as part of the next    two-year review.

Mailing list data

If an individual opts out of a mailing list their data will be removed as soon as is practically possible.

All other data will be stored safely and securely and reviewed as part of the next two-year review.

Other data

All other data will be included in a regular two-year review.