RECORD RETENTION AND PROTECTION POLICY
FOR CLIENTS OF WORDBANK MARKETING LTD

Last updated: 24/05/2018

1. INTRODUCTION

Wordbank Marketing Ltd (“the Company”) collects and processes a great deal of data in order to conduct everyday operations.

When it comes to retaining and protecting data relating to individuals, there are some key legal requirements with which the Company needs to comply. The purpose of this statement is to set out how the Company meets these requirements and to ensure that every individual who provides data to the Company understands how it is stored, protected and for how long it is retained.

This policy should be viewed alongside the:

o Privacy Statement
o Data Breach Notification Procedure
o Data Subject Access Request Procedure

The Record Retention and Protection Policy is one element of how the Company fulfils the obligations under the General Data Protection Regulation 2016 (“GDPR”).

2. GENERAL PRINCIPLES

The Company has some clear requirements when it comes to the protection and retention of personal data. These are:

o The Company must retain the data that is needed in order to comply with legal, regulatory and contractual requirements
o The Company must not hold data for longer than is necessary
o The Company must ensure that only people who have a genuine need to see the data are able to access it
o The Company must protect the data held so as to ensure it remains confidential and that the treatment of the data does not breach the privacy rights of individuals
o The Company must be able to retrieve data in line with business requirements and in line with the requirements of the Data Subject Access Request Procedure

3. RECORD TYPES AND GUIDELINES

Below you will find details of the Company’s approach to record retention and protection in relation to the data held.

We store your data in a variety of ways. Below you can find out how we ensure all these methods are protected.

STORAGE METHOD
HOW IS IT PROTECTED
New client form Stored on Wordbank’s secure network
Source files provided by client Credential-only access to proprietary workflow system, only accessible inside Wordbank’s secure network.
Localized files Credential-only access to proprietary workflow system, only accessible inside Wordbank’s secure network.
Prospect log Stored on Wordbank’s secure network
Financial management software Credential-only access from Wordbank-specific internal systems
Mailing list and survey software Credential-only access
Proprietary workflow system Credential-only access to proprietary workflow system, only accessible inside Wordbank’s secure network.

In the table below, you can see the data we hold, which of the above methods we use to store it, the retention period and the reason for this.

DATA ITEM
HOW IS IT STORED?
RETENTION PERIOD
REASON FOR RETENTION PERIOD
Name and company address o   New client form

o   Proprietary workflow system

o   Financial management software

Indefinitely We will always need to have a history of our clients and completed project metadata for strategy, reporting and analysis.
Telephone number o   New client form

o   Proprietary workflow system

Indefinitely
Company email address o   New client form

o   Proprietary workflow system

o   Financial management software

Content including personally identifiable information contained in text for localization o   Source and final files We do not destroy completed projects. They are put on a secure archive server after 1 year and only deleted by request of our clients.
Prospect client name & email address o   Prospect log Duration of campaign – e.g. 4  months/3-mail sequence. Once we establish if there is a business requirement for Wordbank’s services, we convert prospect data to client data (see above) or delete it.

4. RECORD DESTRUCTION

Once records have reached the end of their life in accordance with the Record Retention Policy, the Company will securely destroy them. Paper records will be shredded and electronic records will be deleted from all media (servers, hard drives, cloud-based systems etc.).

5. RECORD REVIEW

The Company will review the approach taken to record retention and protection on a regular basis with the aim of the review being to:

o Ensure that the retention periods continue to balance the Company’s legal obligations with the rights of data subjects
o That the Company is adhering to the agreed approach to record retention and destruction
o That the way in which data is stored allows it to be retrieved in a timely fashion

6. CONCERNS AND QUESTIONS

GDPR is new legislation and its interpretation will evolve over time. The Company will continue to adopt best endeavours to ensure ongoing compliance. However, if you have concerns about any of the actions that are being taken, or are unclear as to how the Company is complying with specific elements of the legislation, please contact the COO via data_support@wordbank.com. We will then investigate the matter and respond to you within 28 days.