Data retention policy ZIMMERs (GDPR and DPA 2018)

      

1.  ABOUT THIS POLICY

 

2.  SCOPE OF POLICY

 

3.  GUIDING PRINCIPLES

 

4.  ROLES AND RESPONSIBILITIES

 

5.  TYPES OF DATA AND DATA CLASSIFICATIONS

 

6.  RETENTION PERIODS

 

7.  STORAGE, BACK-UP AND DISPOSAL OF DATA

 

8.  SPECIAL CIRCUMSTANCES

 


 

1.  ABOUT THIS POLICY 

 

1.1  The corporate information, records and data of ZIMMERs is important to how we conduct business and manage employees.

 

1.2  There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our business operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our business.
 
1.3  This Data Retention Policy explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.
 
1.4  Failure to comply with this policy can expose us to fines and penalties, adverse publicity, difficulties in providing evidence when we need it and in running our business.
 
1.5  This policy does not form part of any employee’s contract of employment and we may amend it at any time.


 

2.  SCOPE OF POLICY 

 

2.1  This policy covers all data that we hold or have control over. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings. It applies to both personal data and non-personal data. In this policy, we refer to this information and these records collectively as “data”.

 

2.2  This policy covers data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage. If employees use their personal devices working for ZIMMERs, they only work on the terminal server where the data is saved and which is only accessible by employees or ZIMMERs external IT department. Therefore, the data they access is covered by this Data Retention Policy. The IT Department is a Third Party. The handling of data by the Third Parties we exchange data with is regulated in our Data Processing Agreement.
 
2.3  This policy explains the differences between our formal or official records, disposable information, confidential information belonging to others, personal data and non-personal data. It also gives guidance on how we classify our data.
 
2.4  This policy applies to all Solicitors and other employees of ZIMMERs as well as the Third Parties storing, exchanging or providing data with and for ZIMMERs. All Third Party relationships are covered by the Data Processing Agreement.
 


 

3.  GUIDING PRINCIPLES 

 

3.1  Through this policy, and our data retention practices, we aim to meet the following commitments:

  • We comply with legal and regulatory requirements to retain data.
  • We comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed (storage limitation principle).
  • We handle, store and dispose of data responsibly and securely.
  • We create and retain data where we need this to operate our business effectively, but we do not create or retain data without good business reason.
  • We allocate appropriate resources, roles and responsibilities to data retention.
  • We regularly remind employees of their data retention responsibilities.
  • We regularly monitor and audit compliance with this policy and update this policy when required.

 

4.  ROLES AND RESPONSIBILITIES 

 

4.1  Responsibility of all employees. We aim to comply with the laws, rules, and regulations that govern our organisation and with recognised compliance good practices. All employees must comply with this policy, the Record Retention Schedule, any communications suspending data disposal and any specific instructions from Gunter Zimmer and Katharina Liebe. Failure to do so may subject employees, our contractors, and us to serious civil and/or criminal liability. An employee’s failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. It is therefore the responsibility of everyone to understand and comply with this policy.

 

4.2  Gunter Zimmer is responsible for identifying the data that we must or should retain, and determining the proper period of retention. Gunter Zimmer also is responsible for the proper storage and retrieval of data, co-ordinating with outside vendors where appropriate,  as well as the coordination of the destruction of [some] records whose retention period has expired. The destruction of records is done with an external company, that is also subject to our Data Processing Agreement.
 
4.3  Gunter Zimmer and Katharina Liebe are responsible for:

  • Planning, developing, and prescribing data disposal policies, systems, standards, and procedures; and
  • Providing guidance, training, monitoring and updating in relation to this policy.

 


 

5.  TYPES OF DATA AND DATA CLASSIFICATIONS 

 

5.1 Highly confidential records. Certain data is classified as highly confidential. This includes records such as medical documents, police documents or identity documents. Highly confidential documents will, if they need to be sent to another employer of ZIMMERs, a party involved in the case or a third party, be encrypted with a password.

 

5.2  Highly confidential correspondence. Highly confidential correspondence consists of written (for instance correspondence via e-mail and messenger services, online platforms, postal correspondence) correspondence as well as memos of correspondence held on the telephone. This includes, for instance, correspondence with the police or medical experts.
 
5.3  Personal data. Both formal or official records and disposable information may contain personal data; that is, data that identifies living individuals. Data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). See 6.2 below for more information on this.
 
5.4  Original Court documents. Official documents issued by a Court for instance include sealed orders or judgments and deeds.

5.5 Non-confidential documents. This includes all documents not included in 5.1.
 
5.6  Non-confidential communication. This includes all written correspondence as well as memos of correspondence held on the telephone not included in 5.2.

5.7 Records exchanged with third parties. This includes case-related records exchanged with third parties, such as Legal Agents and Enforcement Bureaus.


 

6.  RETENTION PERIODS 

 

6.1  Formal or official records. Any data that is part of any of the categories listed in the Record Retention Schedule contained in the Annex to this policy must be retained for the amount of time indicated in the Record Retention Schedule. A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention. If you are unsure whether to retain a certain record, contact Gunter Zimmer.

6.2  Personal data. As explained above, data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). Where data is listed in the Record Retention Schedule, we have taken into account the principle of storage limitation and balanced this against our requirements to retain the data. Where data is disposable information, you must take into account the principle of storage limitation when deciding whether to retain this data. More information can be found in in our Transparency Notice.
 
6.3  What to do if data is not listed in the Record Retention Schedule. If data is not listed in the Record Retention Schedule, it is likely that it should be classed as 5.5 or 5.6. However, if you consider that there is an omission in the Record Retention Schedule, or if you are unsure, please contact the Gunter Zimmer.


 

7.  STORAGE, BACK-UP AND DISPOSAL OF DATA 

 

7.1  Storage. Our data must be stored in a safe, secure, and accessible manner. We store records in paper form and electronic form on the Terminal Server. However, our client files are mainly and only stored as electronic version. Only documents which need to exist as a paper hard copy (like judgments or deeds) will be stored if not send back to the client as hard copy.


Before 1st March 2018 ZIMMERs used to work with paper files. So for every case that was opened before 1st March 2018, the paper files are being stored for 6 months and then scanned, archived on CDs and destroyed. Those CDs are being stored for 7 years and then destroyed.

 

The Record Retention Schedule contained in the Annex to this policy indicates how long we keep the records from the files that were opened after … as well as non-case-related records.

7.2  Destruction. Gunter Zimmer is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible. Non-confidential data may be destroyed by recycling. The destruction of electronic data must be co-ordinated with the external company (see 4.2).
 
7.3  The destruction of data must stop immediately upon written notification to ZIMMERs that preservation of documents for contemplated litigation is required (sometimes referred to as a litigation hold). This is because we may be involved in a legal claim or an official investigation (see next paragraph). Destruction may begin again once Gunter Zimmer or Katharina Liebe lifts the requirement for preservation.


 

8.  SPECIAL CIRCUMSTANCES 

 

8.1  Preservation of documents for contemplated litigation and other special situations. We require all employees to comply fully with our Record Retention Schedule and procedures as provided in this policy. All employees should note the following general exception to any stated destruction schedule: If you believe, or Gunter Zimmer informs you, that certain records are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event, you must preserve and not delete, dispose, destroy, or change those records, including emails and other electronic documents, until Gunter Zimmer determines those records are no longer needed. Preserving documents includes suspending any requirements in the Record Retention Schedule and preserving the integrity of the electronic files or other format in which the records are kept.

 

8.2  If you believe this exception may apply, or have any questions regarding whether it may apply, please contact Gunter Zimmer or Katharina Liebe.
 
8.3  In addition, you may be asked to suspend any routine data disposal procedures in connection with certain other types of events, such as our merger with another organisation or the replacement of our information technology systems.


 

ANNEX A
DEFINITIONS
 

Data: all data that we hold or have control over and therefore to which this policy applies. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings and CCTV recordings. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as “data”.
 
Data Retention Policy: this policy, which explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.
 
Record Retention Schedule: the schedule attached to this policy which sets out retention periods for our formal or official records.
 
Storage limitation principle: data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed. This is referred to in the GDPR as the principle of storage limitation.


 

ANNEX B
RECORD RETENTION SCHEDULE
 

ZIMMERs establishes retention or destruction schedules or procedures for specific categories of data. This is done to ensure legal compliance (for example with our data protection obligations) and accomplish other objectives, such as protecting intellectual property and controlling costs.
 
Employees should comply with the retention periods listed in the record retention schedule below, in accordance with ZIMMERs’ Data Retention Policy.
 
If you hold data not listed below, please refer to ZIMMERs’ Data Retention Policy . If you still consider your data should be listed, if you become aware of any changes that may affect the periods listed below or if you have any other questions about this record retention schedule, please contact Gunter Zimmer.
 


Type of records Examples Retention
5.1 Highly confidential records  Proof of identity, medical documents, police documents Civil matters: 6.5-7 Years

Criminal matters:
7-8 Years
5.2 Highly confidential correspondence Correspondence with medical experts/ police Civil matters: 6.5-7 Years

Criminal matters:
7-8 Years

E-Mail Correspondence: 10 Years
5.3 Personal Data    
5.4 Original court documents Sealed orders or judgments, deeds, Civil matters: 6.5-7 Years

Criminal matters:
7-8 Years
5.5 Non-confidential documents   Civil matters: 6.5-7 Years

Criminal matters:
7-8 Years
5.6 Non-confidential communication Communication with German lawyers,… Civil matters: 6.5-7 Years

Criminal matters:
7-8 Years
5.7 Records exchanged with Third Parties that are case-related Legal Agents, Enforcement Bureau,… Civil matters: 6.5-7 Years

Criminal matters:
7-8 Years

HR-reated records

 

Type of records Examples Retention
 Highly confidential records Employment contracts, Documents filled out by employees (emergency contacts, contact details) …  7-8 years
     
Other details Log-in details for server/outlook,… 4-5 years
     

 

Contractors/ Third Parties

 

With all Contractors/ Third Parties, we have a signed Data Protection Agreement that determines how both ZIMMERs and the all Contractors/ Third Parties handle data that is exchanged.


We will review regularly and at least every calendar year the periods named above. As soon as the retention period is expired, the records are destroyed.

 

 


Download
ZIMMERs Transparency Notice May 2018.pdf
Adobe Acrobat Dokument 180.6 KB