Skip to content

Record Retention


Policy and Procedure



The Lucketts Group* (‘the Group", ‘we’, ‘us’, and ‘our’) is committed to:


  1. Fully complying with all the requirements of the General Data Protection Regulation (GDPR).

  2. The efficient management of its records for the effective delivery of our services.


The Lucketts Group* comprises:

  • H Luckett & Co Limited

  • Lucketts Holdings Limited

  • Lucketts Travel

  • Worthing Coaches

  • Mortons Travel

  • Coliseum Coaches

  • Solent Coaches




This policy explains how we will comply with its responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.


This policy gives guidance about disposing, deleting and retaining the personal data for which we have a responsibility and/or obligation under the GDPR.


This policy applies to:


  • All personal data that is stored by us whether kept on paper, electronically and/or digitally.

  • All staff of the Group


This policy should be read and used in conjunction with our other following policies:


  • Data protection

  • Privacy




The objectives of this policy are to:


  • Ensure we follow the GDPR and its principles relating to the storage, disposal and destruction of personal data

  • Ensure we comply with all applicable legal and regulatory requirements

  • Ensue personal data is stored securely

  • Ensure that personal data is not out of date

  • Keep personal data accurate

  • Assist with responding to subject access requests

  • Ensure personal data that has been placed in storage can be found and retrieved quickly and efficiently

  • Ensure the storage, disposal and destruction of personal data is carried out in a consistent and controlled manner.

  • Assist with audits

  • Minimise storage requirements and costs

  • Assist in the identification of the location of personal data

  • Clarify responsibilities for implementing, complying and monitoring this policy





Personal data means any information relating to an identified or identifiable person ('data subject') such as a name, postal/email address, telephone number or identification number.


Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences


Data subject means any individual whose personal data is processed by the Group


Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction. (This means that virtually anything the Group does with personal data will be processing).


Data controller means the organisation which decides the purposes and means of the processing of personal data

NB: The data controller for the purposes of this policy is the Lucketts Group


Data processor means an individual or organisation that processes personal data on behalf of a data controller


Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.


Staff means anyone working at or for us on a permanent or temporary basis, including, Directors and permanent, interim and temporary employees.




The relevant data protection principles for the purposes of this policy are that personal data must be:


  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

  • Kept in a form which permits identification of data subjects for no longer than is necessary

    for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)

  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).


NB: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.




The Lucketts Directors Group have ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy;


  • The Managing Director has overall responsibility for ensuring the Group’s compliance with the GDPR, the data protection principles.

  • The HR Director has responsibility for the HR Department ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of staff held by the HR Department. The HR Director contact details on located on the company communications list.

  • The Operations Director has responsibility for Operations ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and operations staff held by the Operations Department. The Operations Director contact details on located on the company communications list.

  • The Sales and Marketing Director has operational responsibility for Sales and Marketing ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and sales & marketing staff held by the Sales and Marketing department. The Operations Director contact details on located on the company communications list.

  • The Engineering Director has operational responsibility for Engineering ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and engineering staff held by the Engineering Department. The Engineering Director contact details on located on the company communication list

  • The Finance Controller has operational responsibility for Finance ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and staff held by the Finance department. The Finance Controller contact details on located on the company communications list


Data Protection Officer (DPO)

The Data Protection Officer (DPO) has responsibility to remind the Directors Group of their responsibility for ensuring compliance with the GDPR, the principles of data protection and this policy. The DPO can be contacted via the Human Resources department


Management and Staff

Line managers are responsible for operational day to day adhering to the GDPR requirements and the Group’s requirements, and ensuring staff’s adherence with this policy.


All staff have a responsibility to comply with the GDPR, the data protection principles, the requirements of the Lucketts Group and this policy when carrying out their duties.


Important - Failure to comply with this policy may result in legal and/or disciplinary action.


Staff Training

All staff are required to attend/undertake training and failure to do so could result in disciplinary action



Record Retention Schedule


Appendix A sets out the periods of how long personal data will be kept.



When the retention periods expire we must dispose of and destroy all personal data unless either the Managing Director, HR Director or the Operations Director authorises that such data should be retained.


Any decision to retain personal data passed the expiry date must be logged and recorded on the Personal Data Retention Register held centrally.


IMPORTANT: Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and lead to dismissal.


Destruction and Deletion Process


Paper Records

Paper Records/personal data must be shredded, and the shredding placed in the confidential waste bags, immediately tied with secure tags, and taken to the secure storage with limited authorised access. A third party confidential waste provider is contracted by the Group to securely shred the confidential information on site, and then remove the shredded material for secure disposal.


Electronic Records

The Group’s IT provider will delete all electronic records.




The Lucketts Group policies and procedures aim to ensure that employees are aware of, and confident that, the employer is complying with current legislation and is protecting the interests of both the needs of the business and the employee. In this respect, it may be appropriate to modify existing policies and/or procedures from time to time to reflect changes as appropriate, and this policy will be reviewed as necessary by designated Group Directors, and/or by personnel as delegated by the Directors Group.





Equality Impact Assessment – initial screening




Relevant Equality Area:

Does the Policy or its implementation?

Does the Company need to proceed to full EIA if in doubt then progress to full screening)

Breach Equalities


Affect different

groups in different ways (both positive and negative)

Promote equality/good relations?



















Sexual Orientation






Religion and Beliefs









Record Retention Schedule


NB. Records are kept for at least 6 years in accordance with the UK Limitation Act 1980



Retention Period

Images including video, CCTV, photographs



CCTV will not be retained for longer than 30 days unless images are to be held for evidential purposes, and will then be kept in a secure place with limited access to authorised personnel only and kept for the period which is deemed necessary to achieve the evidential purposes.


Staff photographs are taken for identification purposes e.g. personnel record and organisation structure charts. The images will be kept only for the duration of their employment. Staff photographic images will be kept securely electronically on the HR personnel software for the individual’s personnel record. Photographs may also be used for security passes and identification uses to deliver customer services and to meet MOD security requirements.


Marketing images will only be used with express written consent from the individual. Images will only be kept for the period of time necessary to achieve the purposes of use.

Audio recording

Audio recording is not undertaken by the Lucketts Group.


Regarding voicemail messages left on employee company telephones and mobiles these will be deleted immediately once recording has been listened to.




  • Company House records

  • Governance documentation

  • Board documentation; Meeting Meetings Resolutions


Director information;







6 years – consideration must be given to the storing of sensitive data in line with GDPR requirements

Registration and Statutory Returns


Annual Returns to a regulator as applicable


Audited Company Returns and financial statements


Declarations of Interest


Registers of directors and secretaries


Register of Seals


Register of Shareholding Members as applicable


Register of share certificates


5 years




6 years









Strategic Management


Business Strategy & Plans, and Support documentation e.g. organisation structures, aims, objectives

5 years after plan completion



Current and former policies


Annual Insurance Schedule


Claims and related correspondence


Indemnities and Guarantees


Group Health policies


Employer’s liability Insurance Certificate




6 years


3 years after settlement


6 years after expiry


12 years after cessation of benefit


40 years

Finance Accounting, Tax Records, Bank Records


Accounting Records;

Balance sheets and supporting documents


Loan account control reports


Budgets and Financial reports


Tax Returns and records


VAT Records as applicable


Order and delivery notes


Copy invoices

Credit and debit notes

Cash records


Journal Transfer documents

Creditors, debtors and cash income control documents.


VAT related correspondence as applicable



Paying in counterfoils

Bank statements and reconciliations

Instructions to bank


6 years



6 to 10 years




10 years


10 years


10 years


6 years

6 years

6 years


6 years

6 years



6 years



6 years

6 years

6 years


Contracts and Agreements


Planning consents and permissions


Property maintenance records


Professional opinions


Contracts under seal and/or executed as a Deed


Contracts for supply of goods/services including professional services


Documentation relating to one off purchases


Loan agreements


Licensing agreements


Rental and hire purchase agreements

Indemnities and guarantees


Documents relating to successful tenders


Documents relating to unsuccessful tenders


Forms of tender as applicable


12 years after interest ceases


6 years


6 years


12 years after complication including any defects liability period

6 years after completion including any defects liability period


3 years


12 years after last payment


6 years after expiry


6 years after expiry

6 years after expiry


6 years after contract ends


2 years after notification


6 years


Subject to the Transport Commission and vehicle safety requirements

Mileage records

Maintenance records including MOT tests

Copy registrations

2 years after disposal

2 years after disposal


2 years after disposal

Capital Assets


Fixed Asset Register



Income Tax and Social Security


Record of taxable payments

Record of tax deducted or refunded

Record of earnings on which NI contributions payable

Record of employers and employees NI contributions

NIC contracted out agreements

Copies of notices to employees i.e. P45 and P60

Inland revenue notice of code changes

Expenses claims

Record of sickness payments

Record of maternity payments

Income TAX PAYE and NI Returns

Redundancy payment details

Inland Revenue Approvals

Annual earnings summary


Employee Pension Schemes;

Actuarial Valuation Reports

Detailed return of pension fund contributions


Annual conciliation of fund contributions

Money purchase details

Qualifying service details


Investment policies


Pension records


Records relating to retirement benefits


6 years

6 years

6 years


6 years


6 years

6 years




6 years






12 years


12 years






6 years after transfer or value taken


12 years from end of benefits payable under policy

6 years after year of retirement

Employee Records


Application Forms and Interview notes for unsuccessful candidates

At least 6 months and not more than 1 year – consideration for the varying time limits of discrimination claims and time limits.

Salary and Wages records including overtime, bonus, expenses


Income tax, and NI returns and correspondence with HMRC

6 years



Not less than years after the end of the financial year to which they relate

National Minimum Wage records

3 years after the end of the pay reference period following the one that the records cover

Personal records and training records – including disciplinary and working time records

6 years after employment ceases

Statutory sick pay records, calculations, certificates self-certificates

6 years after employment ceases – consideration for sensitive date under the GDPR requirements

Parental Leave

5 years from birth/adoption of the child or 18 years if child receives a disability allowance

Retirement Benefits

6 years from the end of the scheme year in which event took place

Redundancy details, calculations of payment, refunds, notification to the Secretary of State

6 years from the date of redundancy

Time sheets

2 years after audit

Trade Union Agreements

10 years after ceasing to be effective.

Staff Works Council Minutes


Health and Safety


Medical Records relating to: *

Control of asbestos

Control of substances hazardous to health

Under the Ionising Radiations

Biological tests under the control of lead

Accident books, Accident records and reporting including RIDDOR



40 years from the last date of last entry



3 years from the date of the last entry – (if accident involving a child then until that person reaches age 21)

Subject to incidents involving hazardous substances. *

National Express Leisure Limited is an appointed representative of Wrightsure Services (Hampshire) Ltd which is authorised and regulated by the Financial Conduct Authority (their registration number is 311394) and which is permitted to advise on and arrange general insurance contracts.

This website uses cookies to store information. By continuing to browse the website you are agreeing to their use. For more information view our cookie policy.