The Data Protection Officer for Out Now is Ian Johnson. You can contact him at this link.
Should you wish to add yourself to the Out Now mailing list, we ask you to please click-on this consent form in line with EU GDPR rules. To complete the form takes only around 2 minutes or less.
Should you wish to remove your data from all records controlled by Out Now, please contact our Data Protection Officer, Ian Johnson. You can contact him at this link.
Acceptable Use Policy (AUP)
Please read this acceptable use policy ("policy", "AUP") carefully before using any website hosted by Out Now or any survey using any third-party software platform ("website", "service") undertaken by Out Now ("us", 'we", "our").
Services provided by us may only be used for lawful purposes. You agree to comply with all applicable laws, rules, and regulations in connection with your use of the services. Any material or conduct that in our judgment violates this policy in any manner may result in suspension or termination of the services or removal of the user's access to any service or other online asset undertaken by Out Now with or without notice.
You may not use the services to publish content or engage in activity that is illegal under applicable law, that is harmful to others, or that would subject us to liability, including, without limitation, in connection with any of the following, each of which is prohibited under this AUP:
Phishing or engaging in identity theft
Distributing computer viruses, worms, trojan horses or other malicious code
Distributing pornography or adult related content or offering any escort services
Promoting or facilitating violence or terrorist activities
Infringing the intellectual property or other proprietary rights of others
Your services / access to our website/s may be suspended or terminated with or without notice upon any violation of this policy. Any violations may result in the immediate suspension or termination of your access to the fullest extent we can restrict your access.
To report a violation of this policy, please contact us .
We reserve the right to change this policy at any given time, of which you will be promptly updated on this page. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.
Out Now Terms and Principles Statement
These are the standard terms of business for the provision of Consultancy Services by Out Now ("ON"), an EI registered business incorporated in France (registered SIRET number 84276138900019 with head office in Paris).
1.1 "Business Day" means a day (not being a Saturday or Sunday) on which banks are open for general banking business in Paris;
"Client" means the organisation contracting with ON for the provision of consultancy services;
"Contract" means the contract formed by the Agreement of the Client to work with ON;
"Deliverables" means those items identified as such in the Terms of Engagement (if any) to be provided by ON to the Client in the course of delivering the Services;
"ON" means Out Now;
"ON Terms" means these standard terms of business;
"Services" means the work to be undertaken by ON for the Client as described in any Terms of Engagement and, where reasonably forming part of the agreement, communications specifically relating to Services to be provided by ON (such as email, email attachments, costed proposals);
"Terms of Engagement" means written materials provided to the Client by ON, incorporating these ON Terms, which outlines the nature of the Services, the deliverables to be provided, the fees payable and the timeframe for completion of the Services, where such communication can include emails clearly specifying Work to be undertaken and related contents of any referred-to documents created by ON for the purposes of engaging with Client in the provision of ON services;
"Work" means any activity performed by ON in relation to the Services;
"Working Days" means Monday to Friday excluding bank or public holidays.
2. The Services
2.1 ON will provide the Services to the Client on, and subject to, the ON Terms and any Terms of Engagement. ON will not start providing the Services until ON has received written acceptance of the Terms of Engagement by an authorised representative of the Client. By accepting the Terms of Engagement, the Client also agrees to be bound by these ON Terms to the exclusion of all other terms and conditions (including any terms or conditions which the Client purports to apply under any purchase order, confirmation of order, specification or other document). The Terms of Engagement, once signed and returned by the Client, shall, together with these ON Terms, form the contract between ON and the Client.
2.2 In accepting the Terms of Engagement, the Client authorises ON to proceed with all relevant preparations for providing the Services, including but not limited to purchase of materials and booking venues (if required).
2.3 ON shall provide the Services using reasonable skill and care.
2.4 In providing the Services, ON shall use its reasonable endeavours to give sound advice based on the information available, but the Client will remain wholly responsible for determining matters of policy or action related to that advice.
2.5 The Client acknowledges and agrees that, in order for its personnel to derive benefits from the Services, such personnel will be required to make such commitment as is appropriate to the Services being provided.
3.Terms of Engagement and fees
3.1 The Terms of Engagement will, unless otherwise stated, remain capable of acceptance by the Client for a period of 90 days from the date thereof. The rates for fees and materials are subject to review from time to time, but ON will give one month's notice of its intention to change the charging basis for current and continuing projects.
3.2 The fees set out in the Terms of Engagement are based on ON's understanding of the Client's requirements as set out in the Terms of Engagement. ON reserves the right to make additional charges for:
3.2.1 staff time spent in excess of those estimated in the Terms of Engagement as a result of any delays caused in delivery of the Services due to any act or omission of the Client;
3.2.2 staff time spent travelling to the venue in excess of two hours in either direction;
3.2.3 staff time for planning or other meetings requested by the Client in addition to those allowed for in the Terms of Engagement;
3.2.4 any services or materials requested in writing by the Client that ON agrees in writing to provide and that are additional to those allowed for in the Terms of Engagement, which shall then become part of the Services.
3.3 ON may also charge the Client for reasonable expenses incurred by ON in the provision of the Services including, where necessary:
3.3.1 travel, accommodation and subsistence (mileage to be charged at 50 eurocents per kilometre);
3.3.2 all bought-in goods, services and sub-contracted items referred to in the Terms of Engagement as being necessary and charged for separately from the fees quoted in the Terms of Engagement.
3.4 Value Added Tax ("BTW" in France), where applicable, will be payable by the Client on all fees and expenses at the rate in force at the date of invoicing. All prices are quoted exclusive of Value Added Tax.
3.5 ON will issue invoices in accordance with the terms stated in the Terms of Engagement. If not otherwise specified, invoices will be issued for payment within 21 days of date of invoice by which time cleared funds must be received into the ON bank account in France. Late payment penalties may apply. Depending on the nature of the work, ON may issue invoices at the beginning of a piece of work, on a progress basis, at the end of each discrete piece of work or at the end of each month. If the Client delays planned progress on provision of the Services, ON reserves the right to submit interim invoices. ON will also submit invoices in respect of any additional work carried out as referred to in Clause 3.2.
3.6 All invoices will be paid by the Client within 21 days of date of invoice. ON reserves the right to charge the Client interest and costs of recovery.
3.7 Where a refund is due to a Client and such is caused at the fault of the Client, ON reserves the right to deduct any administrative bank/ credit card charges from such refund. Where the refund is necessitated at the fault of ON, no such deductions shall be made.
4. Cancellation and postponement
4.1 ON reserves the right to charge project work cancellation fees it considers reasonable in the circumstances. Unless otherwise specified in the Terms of Engagement, ON reserves the right to charge for events (including but not limited to courses, workshops, presentations or seminars) cancelled or postponed by the Client. Such charges will be in accordance with the following schedule (percentages refer to percent of fees relating to the relevant event) to be paid as a cancellation or postponement charge:
Number of Working Days before the work commences
29 or more 28 or fewer 5 or fewer
One-day event (or shorter) 25% 50% 100%
Two or more days 40% 80% 100%
4.1.1 Regard must also be made to the specific terms of 9.7, 9.8. 9.9 and 9.10 - which cover credit notes for pre-paid consideration and standard payment terms for project and retainer work.
4.2 In addition, the Client will bear the full cost of any fees or expenses incurred by ON for cancellation of venues and, except in cases where the Client has paid a 100% cancellation or postponement charge, for non-returnable goods and services bought or contracted for the event or events.
4.3 Where an event is postponed, the Client will be liable for the full fee for that event quoted in the Terms of Engagement when eventually held, in addition to the postponement charge set out in clause 4.1.
4.4 For the avoidance of doubt, the start date of the Work is not the start of the event but the start of when the Work commences and will be set out in the Terms of Engagement.
5.1 Other than in respect of information that the Client has supplied to ON, ON shall, as between ON and the Client, own all copyright and any other intellectual property rights throughout the world subsisting in the contents of the Terms of Engagement and in all work produced by ON in the course of provision of the Services in whatever form or media (including, without limitation, the Deliverables) ("Work") unless otherwise indicated in the Terms of Engagement as "Client Materials".
5.2 If the Client requires ON to incorporate any material into the Work and supplies ON with such material, the Client warrants that:
5.2.1 the proposed use or incorporation of such material will not infringe any third party's intellectual property rights;
5.2.2 where the Client is not the owner of all copyright or other intellectual property rights in such material, the Client has received all necessary consents and licences for the proposed use by ON of such material; and
the Client will indemnify and keep ON fully and effectively indemnified against all costs, claims, demands, expenses and liabilities of any nature arising out of or in connection with any breach of the warranty in this clause.
5.3 Subject to Clause 5.4, the Client agrees that it shall not copy or amend the Work or do or authorise any other act that may infringe or devalue ON's copyright or other intellectual property rights.
5.4 The Client may, subject to the last sentence of this clause, make a reasonable amount of copies of the Work (or part of the Work) for distribution to its own personnel and strictly for internal business purposes only. The Client shall ensure that each such copy of the Work (or part thereof) shall bear a statement acknowledging its source. The Client shall have no right to make any copies of any Deliverables on which ON does not own the copyright.
6.1 ON shall be entitled, in its absolute discretion, to appoint sub-contractors to provide all or part of the Services.
6.2 If the Client nominates sub-contractors to work with ON in the provision of the Services, the Client shall be responsible for such nominated sub-contractors. ON reserves the right to withdraw co-operation from any nominated sub-contractors if the performance or actions of such persons or organisations prevents ON fulfilling its obligations under the Terms of Engagement and these ON Terms.
7. Client's obligations
7.1 The Client will ensure that its staff, contractors and other suppliers co-operate fully with ON and cause no delay.
7.2 Whilst ON's employees or sub-contractors are working on the Client's premises, the Client will ensure the health and safety of those people. The Client will indemnify ON and keep ON indemnified against all losses, damages and expenses incurred or suffered by ON in connection with any and all claims made in respect of any injury, death or loss suffered by those employees or sub-contractors as a result of working at the Client's premises.
7.3 Clients will not, either during the provision of the Services or thereafter for a period of one year, directly or indirectly, offer employment or assignments to any of ON's employees or sub-contractors or solicit or procure their employment by any other company, organisation or individual with which the Client is connected.
8. Confidentiality and data protection
8.1 Both during and after the provision of the Services, both parties shall keep confidential any information of the other party that is obtained in connection with the provision of the Services and that is clearly designated as 'confidential' or that is by its nature clearly confidential. Neither party shall use such information except in connection with the Services nor divulge it to any third party without the prior written permission of the other party.
8.2 The provisions of this clause 8 shall not apply to any information disclosed by a party ("Disclosing Party") that:
8.2.1 is in, or comes into, the public domain (except as a result of a breach of these ON Terms);
8.2.2 was already in the possession of the Disclosing Party at the time of its receipt from the other party;
8.2.3 is received by the Disclosing Party from a third party who was not under a legal obligation of confidentiality with respect to it;
8.2.4 is required by law to be disclosed by the Disclosing Party.
8.3 The Client and ON shall observe the requirements of any applicable data privacy legislation in relation to information regarding identifiable living individuals ("Personal Data").
8.4 Where ON discloses to the Client any Personal Data, the Client acknowledges that, for the purposes of data privacy legislation, it is the "Data Controller" in relation to those Personal Data and the Client will:
8.4.1 not keep such Personal Data longer than is necessary to fulfil the purpose for which it was collected;
8.4.2 take all reasonable steps to safeguard the security of such Personal Data;
8.4.3 exercise discretion over the access given to such Personal Data within the Client organisation;
8.4.4 take all reasonable steps to ensure that those given access to such Personal Data understand and respect the need for confidentiality regarding the Personal Data;
8.4.5 and the Client shall indemnify and keep ON fully indemnified against all costs, claims, demands, expenses and liabilities of any nature arising out of or in connection with any breach of this clause 8.
8.5 The Terms of Engagement shall be treated as confidential information for the purposes of this clause 8.
8.6 Data protection and GDPR compliance:
8.6.1 All respondents in Out Now's global LGBT Research Panel are double opted-in volunteers who indicated at the time of (double) opting-in that they wished to join the Panel to contribute for research projects, such as the one being discussed in this proposal. Since being established in 1992, ON has always placed the highest priority on protecting the data of our research participants. This is undertaken in a range of ways, including never sharing any personally identifying data with outside organisations. ON makes clear to all opted-in respondents that their personal details are not shared with any other organisations. Individual data responses do not leave ON controlled systems and all findings are reported in the aggregate.
8.6.2 ON protects and retains at all times rights over individual respondent data, including:
- the right for individual respondents to opt-in / opt-out of the ON LGBT Research Panel database
- the right for individual respondents to request a complete record of all data ON holds on any individually identifiable respondents
- the right for individual respondents to request full deletion of all their supplied data in all ON systems.
8.6.3 ON always uses encrypted connections when undertaking all actions online. Since the 2003 introduction of the CAN-SPAM legislation in the US market, all emails sent by ON as part of our Panel work have always included easy one-click opt-outs.
8.6.4 In early May 2018, Out Now introduced new GDPR information, this link for which is shared with all members on our Panel to be contacted to invite them to request a full report of any information we hold on them. This link also is to provide an additional simple opt-out from our database, including removing all data we hold on them, as part of meeting our compliance requirements under EU GDPR legislation.
9. Term and termination
9.1 The Contract will commence on the date that ON receives written notice accepting Terms of Engagement from the Client and shall continue in full force and effect until the Services have been completed, subject to earlier termination pursuant to Clauses 9.2 and 9.3.
9.2 Either party may terminate provision of the Services immediately by notice in writing to the breaching party if the breaching party:
9.2.1 is in irremediable breach of its obligations or, in the case of a remediable breach, such breach has not been remedied within 14 days of receipt by the breaching party of a notice from the other party specifying the breach and requiring its remedy; or
9.2.2 enters into voluntary or compulsory liquidation, or compounds with or convenes a meeting of its creditors, or has a receiver or manager or an administrator appointed over any part of its assets, or ceases for any reason to carry on business, or takes or suffers any analogous action which in the opinion of ON means that the Client may not be able to pay its debts.
9.3 ON may terminate provision of the Services at any time if:
9.3.1 it has given the Client three months' notice in writing; or
9.3.2 the Client attempts substantially to alter the scope or definition of the Services without ON's prior written agreement.
9.4 On termination, ON will be entitled to be paid all fees and expenses incurred or accrued and payable by the Client as at the date of termination or cancellation of the Services. In the case of termination by ON pursuant to Clause 9.2, the Client will be deemed to have cancelled the Services and will be liable to pay a cancellation charge as specified in Clause 4.1, if applicable.
9.5 On termination, each party shall immediately return to the other party all property of the other party in its custody, possession or control.
9.6 Clauses 1, 4, 5, 7.3, 8, 9, 10, and 14 shall survive expiry or termination of this Agreement howsoever caused and shall remain thereafter in full force and effect after termination.
9.7 Payment terms: Standard terms are 21 days for payment (nett) of invoice. This period shall be measured from the date of invoice and payment should be in ON's bank as cleared funds not later than 21 days from this date. These terms can be varied in writing between ON and the client. Late payments may be subject to a 7% late payment fee to be levied per month (or part-month) on the total amount owing for any invoice where payment is not received within the agreed period.
9.8 Project pre-payments and payments-in-advance are consideration for entering into a project.
9.9 Material changes and cancellations: Should a client later cancel a project, or should an agreed project become unable to proceed for any reason, then any pre-paid amounts for the project, or relevant part thereof, will be allocated a credit note from ON, for the client involved, to use as credit on a similar value of ON services in the future. Third party project pre-payments not yet expended can be refunded, less any related expenses and also less an administration fee of 5.5%.
9.10 Where circumstances change or information not previously known to ON becomes known which in the opinion of ON changes the basis on which the project was intended to proceed, ON reserves the right to not proceed further with the agreement or to treat an agreement as not having existed. Any monies pre-paid will be credited to client as a credit note on future work.
10. Warranty and liability
10.1 Nothing in these ON Terms shall exclude or limit ON's liability for any liability that cannot be excluded by law.
10.2 Subject to Clauses 10.1 and 10.3, ON's liability arising under or as a result of the provision of the Services whether in contract, tort, breach of statutory duty or otherwise is limited to the fees actually paid by the Client to ON for such Services.
10.3 ON will not be liable for any indirect or consequential loss, loss of business, profit, revenue, data or goodwill, nor for lost or wasted management time or employee time of the Client.
10.4 Any condition, representation or warranty that might otherwise be implied or incorporated within these Terms by reason of statute or common law or otherwise is hereby expressly excluded.
11. Force majeure
ON has no liability to the Client if ON is unable to provide all or a part of the Services in accordance with the Terms of Engagement or otherwise as a result of circumstances beyond ON's reasonable control, including without limitation, war, strike, lockout, industrial disputes, riot, civil commotion, acts of Government, fire, blockade, accident, natural catastrophe, disaster.
No delay, neglect or forbearance by either party in enforcing any provision of the Terms of Engagement or these ON Terms shall be deemed to be a waiver or in any way prejudice any rights of that party.
13. Rights of third parties
Nothing in these ON Terms or the Terms of Engagement confers or purports to confer on any third party any right to enforce any of the Terms of Engagement or these ON Terms.
14. Governing law and jurisdiction
These Terms and the Terms of Engagement are governed by and construed in accordance with the laws of the UK, and are subject to the exclusive jurisdiction of the UK courts.
15. Entire agreement
15.1 These ON Terms together with defined Terms of Engagement materials constitute the entire agreement between ON and the Client in relation to the Services, and supersede all earlier communications. Each party acknowledges that it has not relied on any commitment, representation or warranty in entering into the Contract, other than those expressly set out in the Contract. No amendment or other variation to these ON Terms by the Client will be effective unless it is in writing, is dated and is signed by a duly authorised representative of ON and the Client.
15.2 If there is any conflict between these ON Terms and the Terms of Engagement, these ON Terms will prevail.
16.1 Any notice permitted or required under these ON Terms will be given in writing and shall be effectively served if delivered by hand or sent by first-class or airmail post to ON at its usual address and, in the case of the Client, to the last known or usual address. Any notice personally delivered shall be deemed to have been received at the time of delivery. Any notice sent by post shall be deemed to have been delivered five Business Days after posting.
16.2 In cases where the Terms of Engagement specify nominated representatives of the parties, all notices shall be addressed to such representatives.
17.1 Discrimination - As an LGBT-owned business, ON is strongly committed to non-discrimination and diversity, both in our own teams as well as in those firms we may engage with. This includes without limitation the following: skin colour, ethnic background/race, age, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, social or marital status and union membership.
17.2 Health & Safety - We believe that a healthy and safe working environment for employees, consultants or others who might be affected by our activities is a vital output of our work and we pursue and operate in accordance with relevant international standards and national laws.
17.3 Environment - ON is passionately committed to furthering the sustainability of a healthy environment. As well as complying with all relevant legislation and international standards, we seek to leave the environment in the best conditions possible and we endeavour consistently to ensure our work does not cause directly identifiable negative outcomes for the environment to the fullest extent we are able to. We apply tools where available such as air and/or water filtration systems to ensure the immediate working environment experienced by our team members is as healthy as we can make it.
17.4 Child Labour - ON has a strict policy against the employment of persons under the age of 18.
17.5 Forced Labour - ON uses only fair labour principles in all our dealings with employees and contractors. We never use any form of forced, bonded, compulsory labour, slavery or human trafficking. Our employees and suppliers are always free to end their relationship with us with reasonable notice.
17.6 Working Conditions - ON works mainly with consultants who are encouraged to set their own working hours as they work with us to deliver the work we have contracted to deliver for our clients. No consultant working for or with ON is required to work at times they choose not to. Full-time employees are always free to take vacations no less than 3 weeks per year fully paid each year or longer by mutual agreement. Every employee and consultant is encouraged to have at least one day off per week free of working for ON projects/tasks. ON adheres to all local working condition legal requirements in the places we deliver our services and we consistently seek to achieve the highest possible standards of respect for all those who are part of the ON team.
17.7 Anti-bribery, Corruption and Individual Conduct
ON does not tolerate nor ever enter into any bribery discussion, transaction or offers to or from employees, customers, suppliers, organisations or individuals. Our anti-bribery policy is encapsulated in our commitment to the principle of zero tolerance to any form of bribery or corruption within our organisation, including facilitation payments. Our employees, consultant and suppliers are aware of our anti-bribery policy and the need for them not to breach this policy. Failure to do so would result in termination of the relationship. We act in compliance with all applicable international standards and laws on fraud and money laundering and closely monitor all transactions with which our business is part of to monitor compliance by all parties involved.
17.8 Notification of these policies and conditions - ON makes this document available to all team members, new clients, suppliers or employees to advise them of the standards we require in the conduct of ON operations.
18. Data Retention Policy
Out Now (hereinafter referred to as the "Company") recognises that the efficient management of its data and records is necessary to support its core business functions, to comply with its legal, statutory and regulatory obligations, to ensure the protection of personal information and to enable the effective management of the organisation.
This policy and related documents meet the standards and expectations set out by contractual and legal requirements and has been developed to meet the best practices of business records management, with the aim of ensuring a structured approach to document control.
18.1 Effective and adequate records and data management is necessary to: -
Ensure that the business conducts itself in a structured, efficient and accountable manner
Ensure that the business realises best value through improvements in the quality and flow of information and greater coordination of records and storage systems
Support core business functions and provide evidence of conduct and the appropriate maintenance of systems, tools, resources and processes
Meet legislative, statutory and regulatory requirements
Deliver services to, and protect the interests of, employees, clients and stakeholders in a consistent and equitable manner
Assist in document policy formation and managerial decision making
Provide continuity in the event of a disaster or security breach
Protection personal information and data subject rights
Avoid inaccurate or misleading data and minimise risks to personal information
Erase data in accordance with the legislative and regulatory requirements
Information held for longer than is necessary carries additional risk and cost and can breach data protection rules and principles. The Company only ever retains records and information for legitimate or legal business reasons and always comply fully with the data protection laws, guidance and best practice.
The purpose of this document is to provide the Company's statement of intent on how it provides a structured and compliant data and records management system. We define 'records' as all documents, regardless of the format, which facilitate business activities, and are thereafter retained to provide evidence of transactions and functions.
Such records may be created, received or maintained in hard copy or in an electronic format with the overall definition of records management being a field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, distribution, storage and disposal of records.
This policy applies to all staff within the Company (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company. Adherence to this policy is mandatory and non-compliance could lead to disciplinary action.
18.4 Personal Information and Data Protection
The Company needs to collect personal information about the people we employ, serve or have a business relationship with to effectively and compliantly carry out our everyday business functions and activities, and to provide the products and services defined by our business type. This information can include (but is not limited to): -
Data of birth
Private and confidential information
In addition, we may occasionally be required to collect and use certain types of personal information to comply with the requirements of the law and/or regulations, however we are committed to collecting, processing, storing and destroying all information in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA18) and any other associated legal or regulatory body rules or codes of conduct that apply to our business and/or the information we process and store.
Our Data Retention Policy and processes comply fully with the GDPR's fifth Article 5 principle: -
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ('storage limitation').
A record is information, regardless of media; created, received, and maintained which evidences the development of, and compliance with, regulatory requirements, business practices, legal policies, financial transactions, administrative activities, business decisions or agreed actions. It is the Company's objective to implement the necessary records management procedures and systems which assess and manage the following processes: -
The creation and capture of records
Compliance with legal, regulatory and contractual requirements
The storage of records
The protection of record integrity and authenticity
The use of records and the information contained therein
The security of records
Access to and disposal of records
Records contain information that are a unique and invaluable resource to the Company and are an important operational asset. A systematic approach to the management of our records is essential to protect and preserve the information contained in them, as well as the individuals such information refers to. Records are also pivotal in the documentation and evidence of all business functions and activities.
The Company's objectives and principles in relation to Data Retention are to: -
Ensure that the Company conducts itself in an orderly, efficient and accountable manner
Support core business functions and providing evidence of compliant retention, erasure and destruction
To develop and maintain an effective and adequate records management program to ensure effective archiving, review and destruction of information
To only retain personal information for as long as is necessary
Comply with the relevant data protection regulation, legislation and any contractual obligations
Ensure the safe and secure disposal of confidential data and information assets
Ensure that records and documents are retained for the legal, contractual and regulatory period stated in accordance with each body's rules or terms.
Ensure that no document is retained for longer than is legally or contractually allowed
Mitigate against risks or breaches in relation to confidential information
18.6 Guidelines & Procedures
The Company manage records efficiently and systematically, in a manner consistent with relevant legal requirements including GDPR and others.
Records will be created, maintained and retained to provide information about, and evidence of the Company's transactions, customers, employment and activities. Retention requirements govern the period that records will be retained.
It is our intention to ensure that all records and the information contained therein are: -
Accurate - records are always reviewed to ensure that they are a full and accurate representation of the transactions, activities and/or practices that they document
Accessible - records are always made available and accessible when required (with additional security permissions for select staff where applicable to the document content)
Complete - records have the content, context and structure required to allow the reconstruction of the activities, practices and transactions that they document
Compliant - records always comply with any record keeping legal and/or regulatory requirements
Monitored - staff, company and system compliance with this Data Retention Policy is regularly monitored to ensure that the objectives and principles are complied with at all times and that all legal and regulatory requirements are being adhered to
18.6.1 Retention Period Protocols
Records retained during required periods are retrievable. All company and employee information are retained, stored and destroyed in line with legislative and regulatory guidelines.
For all data and records obtained, used and stored within the Company, we: -
Carry out periodical reviews of the data retained with specific checks on purpose, continued validity, accuracy and requirement to retain
Establish periodical reviews of data retained
Establish and verify retention periods for the data, with special consideration given in the below areas: -
the requirements of the Company
the type of personal data
the purpose of processing
lawful basis for processing
the categories of data subjects
Where it is not possible to define a statutory or legal retention period, as per the GDPR requirement, the Company will identify the criteria by which the period can be determined and provide this to the data subject on request and as part of our standard information disclosures and privacy notices
Have processes in place to ensure that records pending audit, litigation or investigation are not destroyed or altered
Transfer paper-based records and data to an alternative media format in instances of long retention periods (with the lifespan of the media and the ability to migrate data where necessary always being considered)
18.6.2 Designated Owner/s
All systems and records have designated owners throughout their lifecycle to ensure accountability and a tiered approach to data retention and destruction. Owners are assigned based on role, business area and level of access to the data required. The designated owner is Ian Johnson of Out Now. Data and records are never reviewed, removed, accessed or destroyed with the prior authorisation and knowledge of the designated owner.
18.6.3 Document Classification
We carry out regular Information Audits which enable us to identify, categorise and record all personal information obtained, processed and shared by our company in our capacity as a controller and processor and has been compiled on a central register which includes: -
What personal data we hold
Where it came from
Who we share it with?
Legal basis for processing it
What format(s) is it in
Who is responsible for it?
Access level (e. full, partial, restricted etc)
Our information audits and registers enable us to assign classifications to all records and data, thus ensuring that we are aware of the purpose, risks, regulations and requirements for all data types.
We utilise 5 main classification types: -
Unclassified - information not of value and/or retained for a limited period where classification is not required or necessary
Public - information that is freely obtained from the public and as such, is not classified as being personal or confidential
Internal - information that is solely for internal use and does not process external information or permit external access
Personal - information or a system that processes information that belongs to an individual and is classed as personal under the data protection laws
Confidential - private information or systems that must be secured at the highest level and are afforded access restrictions and high user authentication
The classification is used to decide what access restriction needs to be applied and the level of protection afforded to the record or data. The classification along with the asset type, content and description are then used to assess the risk level associated with the information and mitigating action can then be applied.
18.6.4 Suspension of Record Disposal for Litigation or Claims
If the Company is served with any legal request for records or information, any employee becomes the subject of an audit or investigation or we are notified of the commencement of any litigation against our firm, we will suspend the disposal of any scheduled records until we are able to determine the requirement for any such records as part of a legal requirement.
18.6.5 Storage & Access of Records and Data
Documents are grouped together by category and then in clear date order when stored and/or archived. Documents are always retained in a secure location, with authorised personnel being the only ones to have access. Once the retention period has elapsed, the documents are either reviewed, archived or confidentially destroyed dependant on their purpose, classification and action type.
18.7 Expiration of Retention Period
Once a record or data has reached its designated retention period date, the designated owner should refer to the retention register for the action to be taken. Not all data or records are expected to be deleted upon expiration; sometimes it is sufficient to anonymise the data in accordance with the GDPR requirements or to archive records for a further period.
18.7.1 Destruction and Disposal of Records & Data
All information of a confidential or sensitive nature on paper, card, microfiche or electronic media must be securely destroyed when it is no longer required. This ensures compliance with the Data Protection laws and the duty of confidentiality we owe to our employees, clients and customers.
The Company is committed to the secure and safe disposal of any confidential waste and information assets in accordance with our contractual and legal obligations and that we do so in an ethical and compliant manner. We confirm that our approach and procedures comply with the laws and provisions made in the General Data Protection Regulation (GDPR) and that staff are trained and advised accordingly on the procedures and controls in place.
220.127.116.11 Paper Records
Where applicable, the Company retains paper based personal information and as such, has a duty to ensure that it is disposed of in a secure, confidential and compliant manner.
18.104.22.168 Electronic & IT Records and Systems
The Company uses systems, computers and technology equipment in the running of our business. From time to time, such assets must be disposed of and due to the information held on these whilst they are active, this disposal is handled in an ethical and secure manner.
22.214.171.124 Internal Correspondence and General Memoranda
Unless otherwise stated in this policy or the retention periods register, correspondence and internal memoranda should be retained for the same period as the document to which they pertain or support (i.e. where a memo pertains to a contract or personal file, the relevant retention period and filing should be observed).
Where correspondence or memoranda that do not pertain to any documents having already be assigned a retention period, they should be deleted or shredded once the purpose and usefulness of the content ceases or at a maximum, 2 years.
Examples of correspondence and routine memoranda include (but are not limited to): -
Meeting notes and agendas
General inquiries and replies
Letter, notes or emails of inconsequential subject matter
In specific circumstances, data subjects' have the right to request that their personal data is erased. Data subjects only have a right to have personal data erased and to prevent processing if one of the below conditions applies: -
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
When the individual withdraws consent
When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing
The personal data was unlawfully processed
The personal data must be erased in order to comply with a legal obligation
The personal data is processed in relation to the offer of information society services to a child
Where one of the above conditions applies and the Company received a request to erase data, we first ensure that no other legal obligation or legitimate interest applies. If we are confident that the data subject has the right to have their data erased, this is carried out by the Data Protection Officer in conjunction with any department manager and the IT team to ensure that all data relating to that individual has been erased.
These measures enable us to comply with a data subjects right to erasure, whereby an individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing. Whilst our standard procedures already remove data that is no longer necessary, we still follow a dedicated process for erasure requests to ensure that all rights are complied with and that no data has been retained for longer than is needed.
Where we receive a request to erase and/or remove personal information from a data subject, the below process is followed: -
The request is allocated to the Data Protection Officer and recorded on the Erasure Request Register
The DPO locates all personal information relating to the data subject and reviews it to see if it is still being processed and is still necessary for the legal basis and purpose it was originally intended
The request is reviewed to ensure it complies with one or more of the grounds for erasure: -
a. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
b. the data subject has withdrawn consent on which the processing is based and where there is no other legal ground for the processing
c. the data subject objects to the processing and there are no overriding legitimate grounds for the processing
d. the personal data has been unlawfully processed
e. the personal data must be erased for compliance with a legal obligation
f. the personal data has been collected in relation to the offer of information society services to a child
If the erasure request complies with one of the above grounds, it is erased within 30 days of the request being received
The DPO writes to the data subject and notifies them in writing that the right to erasure has been granted and provides details of the information erased and the date of erasure
18.8.1 Special Category Data
In accordance with GDPR requirements, we maintain appropriate policy documents and safeguarding measures for the retention and erasure of special categories of personal data and criminal convictions etc.
Our methods and measures for destroying and erasing data are noted in this policy and apply to all forms of records and personal data.
18.9 Compliance and Monitoring
The Company are committed to ensuring the continued compliance with this policy and any associated legislation and undertake regular audits and monitoring of our records, their management, archiving and retention. Information asset owners are tasked with ensuring the continued compliance and review of records and data within their remit.
Ian Johnson as DPO for Out Now has been designated for any data retention processes and records or all archiving and destructions must be retained.