2. Retention Period
Following a data landscaping exercise by MDIA to understand precisely what Personal Data it retains, MDIA listed such Personal Data in its Data Protection Policy available in the above-mentioned link.
MDIA shall not retain any Personal Data for any longer than is necessary in light of the purpose/s for which that data is collected, held and processed, subject to statutory periods of limitation.
When establishing the below retention periods, MDIA took into consideration, the objectives and requirements of its business, the type of Personal Data in question, the purpose and legal basis for which the Personal Data is collected, held and processed, as well as the category of Data Subjects.
CATEGORY OF DATA | RETENTION PERIOD | MANUAL / ELECTRONIC |
Personal Information | | |
MDIA Employees Personal Files | 10 years | Both |
Application forms for calls for positions | 10 years | Both |
CVs | 10 years | Both |
Attendance Sheets | 10 years | Both |
Vacation Leave Application Forms | 10 years | Both |
Yearly Leave Balances | 10 years | Both |
Sick Leave Certificates / Records | 10 years | Both |
Medical History | 10 years | Both |
Disciplinary Records | 10 years | Both |
Disciplinary Charges | 10 years | Both |
Financial Information | | |
Tax and National Insurance Records | 10 years | Both |
Accounting Records | 10 years | Both |
Annual Financial Statements | 10 years | Both |
Details of Applicants’ Financial Data, including bank account details, VAT numbers | 3 years | Both |
Funding Programmes / Applications | | |
Documentation relating to applications | 3 years from termination of programme | Both |
Other | | |
Minutes of Meetings | 10 years | Both |
CCTV | Routine footage is deleted after 15 days; If requested to retain specific footage due to ongoing legal proceedings, footage will be retained for a period of one (1) year or for any such period as requested by the MDIA requesting the footage. | Electronic |
Notwithstanding the above defined retention periods, certain Personal Data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within MDIA to do so, whether in response to a request by a Data Subject as mentioned in the Data Protection Policy of MDIA, or otherwise.
On the other hand, in special circumstances, such as, in cases where the Personal Data is relevant to current or contemplated litigation, government or regulatory investigation or audit, that Personal Data must be retained until the Data Protection Officer determines that that Personal Data is no longer required.
MDIA also ensures that it conducts periodical reviews of the Personal Data retained.
If Personal Data is not listed in the above table, it is likely that it should be classified as disposable information. Disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record.
Examples include duplicates of originals that have not been annotated, preliminary drafts of letters, reports, worksheets and informal notes that do not represent significant steps or decisions in the preparation of an official record, materials obtained for reference purposes, spam and junk mail.
Nonetheless, if a Data Subject considers that there is an omission in the above table, or would like to request further clarifications, please do contact the Data Protection Officer whose details are indicated below as well as in the Data Protection Policy of MDIA.