Data retention policy

DATA RETENTION POLICY WITH SCHEDULE for QUAL ACADEMY

Introduction

As part of the day-to-day running of our business, we collect and process personal data from

a variety of sources. This personal information is collated in several different formats

including emails and workshop records. The personal data is in electronic form.

Aims of the policy

Our business will ensure that the personal data that we hold is kept secure and that it is held

for no longer than is necessary for the purposes for which it is being processed. In addition,

we will retain the minimum amount of information to fulfil our statutory obligations and the

provision of goods or/and services – as required by data protection legislation, including the

General Data Protection Regulation (GDPR).

Retention

This retention policy (along with its schedule), is a tool used to assist us in making decisions

on whether a particular document should be retained or disposed of. In addition, it takes

account of the context within which the personal data is being processed and our business

practices.

Decisions around retention and disposal are to be taken in accordance with this policy.

As and when the retention period for a specific document has expired, a review is always to

be carried out prior to the disposal of the document. This does not have to be time-

consuming or complex. If a decision is reached to dispose of a document, careful

consideration is to be given to the method of disposal.

Responsibility

Fiona Holland and Elly Phillips are responsible for:

a)      keeping this retention schedule up to date to reflect changing business needs, new

legislation, changing perceptions of risk management and new priorities for our

business.

b)      determining (in accordance with this Policy) whether to retain or dispose of specific

documents.

Disposal

Our business must ensure that personal data is securely disposed of when it is no longer

needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.

The methods of disposal are deletion of computer records

The table below contains the retention period that we have assigned to each type of record.

This will be adhered to wherever possible, although it is recognised that there may be

exceptional circumstances which require documents to be kept for either shorter or longer

periods.

Date created: 22 March 2025 (reviewed at least annually)

Revised: 4 March 2026 (specifying where you might submit information via third parties and how to contact them to remove your details if you wish)

Type or Record

Website and email communications

• Retention period: Max 3 years from submission. For questions that can be answered immediately, we delete your enquiry once we have responded. If you have asked to be kept updated about upcoming workshops or other offerings, we keep your response until we have addressed your request up to a maximum of 3 years)

• Where stored: Google Workspace

• Reason: Respond to enquiries

• Method of deletion: record deleted

• Email correspondence is stored in Google Workspace. If you ask us to delete your email address, we will do so. We delete emails once we have responded to them.

• 
  

Purchase Records

• We access purchase records via Eventbrite for workshops; Eventbrite data retention and privacy policies are available here, along with instructions to delete or remove your personal information.

• For payments made via Square, you can view their privacy and data policies here. We receive your name and email address in payment confirmations, which we keep long enough to comply with tax and reporting requirements.