DATA RETENTION POLICY
1. POLICY STATEMENT:
The Healing Link (the “COMPANY”) is committed to retaining personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.
2. PURPOSE:
This policy ensures compliance with UK GDPR “storage limitation” principles, reducing the risk of data breaches and managing storage costs.
3. SCOPE:
This policy applies to all personal data held in any format (paper, electronic, emails, databases) by the COMPANY.
4. DATA RETENTION PRINCIPLES:
- Data is stored securely.
- Data is destroyed or anonymised when no longer required.
- Retention periods are determined based on legal requirements or business needs.
5. RETENTION SCHEDULE:
- Enquiries: 12 months
- Financial/Tax Records: 6 years + current financial year.
- Practitioner data: 12 months after the end of contract
- Referrals: 6 months after final referral
- Health Statements: 6 months after final referral
6. SECURE DISPOSAL:
When data reaches its retention limit, it will be:
- Destroyed: Shredding paper, permanent deletion of digital files
- Anonymised: Removing identifying details to use for research or statistics
7. RESPONSIBILITY:
Shelley James is responsible for reviewing this policy and ensuring data is disposed of securely. Kelly White and Shelley James are responsible for overall GDPR and Data Protection compliance.
8. CHANGES TO POLICY:
We reserve the right to change this policy to meet new legal or business requirements.
LAST UPDATED: 11th May 2026