Record retention policy

This policy sets out how long contact details are normally held by us and when that information will be removed from our databases.

1 Introduction

1.1 This policy sets out how long contact details are normally held by us and when that information will be removed from our databases.

2 Responsibility

2.1 The General Secretary of ISC is responsible for implementing and monitoring compliance with this policy.

2.2 They will undertake an annual review of this policy to verify that it is in effective operation.

3 Retention schedule

3.1 Contact details are held in an active status for as long as users are subscribed. Once a user notifies ISC that they no longer wish to be subscribed, their details will be removed from all databases (except to the extent that ISC need to keep them in a suppression list to prevent users from being emailed in the future). This applies to:
3.1.1 Contact details of those users signed up to member zone, e-mail alerts and newsletters.
3.1.2 Contact details for those users signed up to the Daily News summary.

3.2 Heads’ contact details are displayed on ISC’s main website and the Schools Together website as are Board members, association leaders and ISC staff members ISC will keep these details on the websites for as long as we are aware that the individual is employed at the school (or association) or until asked to remove these details by the individual.

3.3 Images of individuals:
3.3.1 Will be deleted on request from the individual at any time. ISC will annually remind schools to refresh images of individuals that they have uploaded to ISC’s websites.
3.3.2 Cannot be deleted from print publications.
3.3.3 Will be removed from ISC’s social media account on request from the individual, but ISC has no control over those images that might have been republished.

3.4 Parental enquiry data automatically deletes after two months, although it can be deleted at any time on request. During those two months the schools which parents have selected will be able to access the data from a secure area of the ISC website. Once the school downloads or stores the data, they become the data controller and parents will need to contact them if they want their details to be removed.

3.5 Names and any other personal data, including images of individuals, used in press releases and blogs will be held indefinitely for archiving purposes. Any individuals whose personal data is included in these press releases can request this be deleted at any time.

3.6 All information must be reviewed before destruction to determine whether there are special factors that mean destruction should be delayed, such as potential litigation, complaints or grievances.

4 Storage format and security

ISC uses the following third party applications to hold person data. They will retain data in accordance with their own policies as described here:

  1. Campaign Monitor will maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of personal data uploaded to the Campaign Monitor Services, as described on Campaign Monitor’s Security Page: https://www.campaignmonitor.com/trust/security/

  2. The Security Measures applicable to the MailChimp Services are described here: https://mailchimp.com/about/security/. These may be updated from time to time in accordance with their Data Processing Addendum.

  3. Crumpled Dog shall ensure that the following measures are taken with respect to IT and information security:

All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols. All software used by Crumpled Dog is designed to require such passwords;

Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of Crumpled Dog, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords;

All software (including, but not limited to, applications and operating systems) shall be kept up-to-date. Crumpled Dog’s IT staff shall be responsible for installing any and all security-related updates as soon as reasonably and practically possible, unless there are valid technical reasons not to do so; and

No software may be installed on any Crumpled Dog-owned computer or device without the prior approval of the Crumpled Dog’s Data Protection Officer.