Purpose
This policy outlines how long Hendra Holiday Park retains personal data and the procedures for securely disposing of it. It ensures compliance with the UK General Data Protection Regulation (UK GDPR) and supports the responsible management of customer, employee, and partner data.
This policy applies to:
- All staff, seasonal workers, and contractors
- All personal data processed by Hendra Holiday Park including digital and paper records
- All systems, platforms, and third-party services where personal data is held
Legal Basis and Principles
Under GDPR, personal data must be:
- Kept only as long as necessary for its original purpose
- Deleted or anonymised when no longer required
- Retained longer only if required by law or for legitimate business reasons
Roles and Responsibilities
- Data Protection Officer (DPO): Ensures compliance and responds to deletion and access requests.
- Department Managers: Maintain retention schedules for their areas and ensure secure disposal.
- All Staff: Follow the data retention policy and report any non-compliance.
Retention Schedule
The following retention periods apply to commonly processed data types at Hendra Holiday Park.
Data Disposal Procedures
- Digital files: Permanently deleted using secure deletion software
- Paper records: Cross-cut shredded or collected by a certified disposal provider
- Data held by third-party systems: Removed in accordance with service agreements and DPAs
Data Subject Rights
Guests, employees, or partners may request the deletion or review of their data under GDPR. Such requests will be reviewed by the DPO and responded to within 30 days.
Policy Review
This policy will be reviewed annually or as needed based on regulatory or operational changes.
