IPS Retention Policy

Why do you need a retention policy?

The purpose of a retention policy is to establish and describe how an organisation expects to manage personal information (whether in electronic files, emails, hard copies, or other formats) from creation or collection through to destruction or erasure. A retention policy is one part of an organisations overall document management program.

No single policy is adequate for all organisations and you will need to tailor one or more data retention policies to reflect the unique needs of your organisation. In this context it makes sense to have data retention policies that cover different categories of personal data. For example, it may seem overly complicated and confusing to visitors to the organisation’s website to also be exposed to a data retention policy that would only apply to staff.

A data retention policy serves many important functions. For example, it:

  • Establishes that the organisation is committed to complying with the GDPR;
  • Describes the purpose for which personal information is collected;
  • Describes the period of retention of personal data or the rules/procedures applied to retain that personal data for a longer period of time (for example, where you are unsure if the information may still be necessary);
  • Identifies who is in charge of data protection at the organisation, and explains how to get in touch with the appropriate representative; and
  • Encourages disposal of unnecessary files before they become a liability.

Please ensure that you have the appropriate technical and organisational means in place to adhere with the data retention policy. It is one thing to claim that you retain personal information for a specified period of time and another to have the underlying mechanisms, systems, and procedures in place to ensure that destruction or erasure is followed through and recorded.

At the time of destruction or erasure of personal information it may be helpful to retain a record of what destruction occurred, when, and by whom. As part of the GDPR’s emphasis on data minimisation it may be necessary in these circumstances to retain some, minimal, information to confirm that such destruction took place but, in such cases, it may just be that you retain a record of an e-mail address or postal address – only retain what is absolutely necessary and the less you retain the better.

Please ensure that you have filled in and/or completed the elements in square brackets and highlighted for your attention. You will also find several footnotes throughout the retention policy that may provide further details.

This is an organic document and may be updated from time to time to reflect changes or developments in data protection legislation, case law, and guidance from the Information Commissioner’s Office.

RETENTION POLICY

Last Updated: 20th August 2024

Thank you for visiting the Infection Prevention Society.

Your privacy is important to us. This Retention Policy is where we explain to you how long we may retain personal information that is collected when you visit our site, www.ips.uk.net, when you become a member of our association, or when you communicate with us.

 

This policy should be read together with our Privacy Policy and Cookie Policy which together with this Retention Policy describe the manner in which we handle your personal information when you visit our site.

For convenience, we have divided our data protection policies into three separate pages:

  1. Our Privacy Policy

You can find our Privacy Policy [HERE] which explains generally how we collect, use, store, and protect your personal information.

  1. Our Cookie Policy

Our Cookie Policy is available [HERE] and explains more about how we may collect personal information about you via cookies (it also explains what cookies are).

  1. Our Retention Policy

Our retention policy, which is this document, explains how long we may hold onto personal information collected or processed by us.

If you have any questions please do not hesitate to contact our Governance and Engagement Manager at lynne.duncan@ips.uk.net.

 

WHO WE ARE

We are the Infection Prevention Society. We are registered in England as a limited liability company. Our registered number is 0627384 and our registered office is at c/o Saffery Champness, 71 Queen Victoria Street, London, EC4V 4BE.

But, for the purposes of this Privacy Policy, it’s just easier if we refer to ourselves as “we”.

PURPOSE OF THIS DOCUMENT

The purpose of the Retention Policy is to explain what personal information we may collect about you when you visit our site, become a member of our association, communicate with us, or interact with our online services including the purpose of that collection, and how long we store that personal information for.

Our Retention Policy is broadly divided into four (4) sections:

  • Our website;
  • Our members details;
  • Our events database; and
  • Our marketing database

Depending on how you interact with us and our services we may collect different types of personal information about you. The duration that we retain that personal information will vary depending on how you interact with us. For example, we may retain information about you for a longer period of time if you have asked us to keep you updated about developments in the association or if you become a member.

The types of personal information that we collect, its purpose, and retention period is detailed in the tables below.

OUR WEBSITE

This table details the personal information and we may collect about you on our site located at www.ips.uk.net.

Type of Personal Information

Purpose

Retention Period

First Name

If you get in touch with us via our site then we will ask you for your first name. We collect this information to help us to get to know you better and to provide a personable service

Duration of inquiry* 

Last Name

E-Mail Address

Telephone Number

*If you become a member of IPS then we will retain personal information about you in accordance with our contract which we will provide to

MEMBERS DETAILS

This table details the personal information that we may collect about you when you register to become a member of our association.

Type of Personal Information

Purpose

Retention Period

First Name

To ensure we deliver membership services to you and to match your requirements

For the duration of your membership.  Lapsed members will be retained for three years.

Last Name

E-Mail Address

Telephone Number

Mailing Address

Professional Interests

Work Address

 

EVENTS DATABASE


This table details the personal information that we may collect about when you attend one of our events or seminars. The main purpose for this information is to help us get in touch with you and help answer any queries you may have about our association, our membership services, and any other events we may run in the future.

Type of Personal Information

Purpose

Retention Period

First Name

To ensure we can communicate with you about the event for which you have registered.  If you would like to receive information about our future events you will be asked to opt in.

All event data will be retained for CPD purposes for 6 years.  All mailing lists will be retained for 3 years.

Last Name

E-Mail Address

Telephone Number

Address

Dietary requirements

Access requirements

Biography (speakers only)

 

COOKIES

You can find more information about the types of cookies that we use and their purpose by visiting our Cookie Policy [HERE].

Google Analytics Cookies:

  • utma - Used to distinguish users and sessions when they connect to our site
    Type:Analytics/performance cookie Content: Randomly generated number
    Provider: Google Analytics Duration: 2 years
  • utmb - Used to determine new sessions/visits
    Type: Analytics/performance cookie Content: Randomly generated number
    Provider: Google Analytics Duration: 30 mins
  • utmc - This cookie is set for interoperability data analytics software. This cookie operates in conjunction with the _utmb cookie to determine whether the user was in a new session/visit
    Type: Analytics/performance cookie Content: Randomly generated number
    Provider: Google Analytics Duration: duration of visit / 1 year
  • utmz - Stores the traffic source or campaign that explains how you reached our site
    Type: Analytics/performance cookie Content: Randomly generated number + information on how our site was reached (e.g. directly or via a link, organic search or paid search)
    Provider: Google Analytics Duration: 6 months
  • utmt - This cookie is used to limit the amount of data that is collected on sites with a lot of traffic
    Type: Analytics/performance cookie 
    Provider: Google Analytics Duration: The duration of your visit to our site
     

AddThis Cookies:

AddThis is a third-party service used on this site to help you easily share our web page content using social media channels such as Facebook, Twitter etc, and to connect to our social media channels.

  • atuvc- This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. It stores an updated page share count.
    Type: Social sharing/analytical/functional cookie Provider: AddThis Duration: One month
  • atuvs- This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. This is believed to be a new cookie from AddThis which is not yet documented, but has been categorised on the assumption it serves a similar purpose to other cookies set by the service.
    Type: Social sharing/analytical/functional cookie Provider: AddThis Duration: 30mins
  • atrfs- This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. Make sure the users sees the updated count if they share a page with AddThis social sharing.
    Type: Social sharing/analytical/functional cookie Provider: AddThis Duration: The duration of your visit to our site 

Functional Cookies:

  • Not at this time

Essential Cookies:

  • PHPSESSID- Cookie generated by applications based on the PHP language. This is a general-purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. The main purpose of this cookie is: Strictly Necessary
    Type: Essential Content: text string Provider: CMS Duration: 24 hours
  • ccm-sitemap-selector-tab – how the sitemap is rendered
    Type:Essential Content: text string Sitemap Provider: CMS Duration: 1 Year
  • Concrete5– Cookie set by the website content management system (CMS) to check if the user is logged into an account or not when visiting the website.
    Type: Essential Content: text string Provider: CMS Duration: 1 Year
  • Concrete5_Login– Cookie set by the website content management system (CMS) to check if the user is logged into an account or not when visiting the website.
    Type: Essential Content: text string Provider: CMS Duration: 1 Year
  • IncludeSystemPages – 
    Type:Essential Content: text string Provider: CMS Duration: Length of visit
  • am_adv_fieldset– tbc
    Type: Essential Content: text string token Provider: CMS Duration: 1 Year
  • am_menu– tbc
    Type: Essential Content: text string Product related  Provider: CMS Duration: 4 Months

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. You may also delete any cookies stored on your computer at any time.

You can find out more about changing cookie settings on your computer by visiting http://www.allaboutcookies.org/manage-cookies/.

Different cookies may be stored for different periods of time. In many cases these cookies are updated automatically each time you visit our site or may expire and be deleted by your device automatically. Each time you visit our site you start a new “session”. When you leave our site the session ends. The expiry period of a cookie will usually run from the date of the most recent session. This means that, each time you visit our site, the expiry period for those cookies may reset.

It is important to understand that when a cookie is placed on your device it will reside on your hard drive until it expires and is deleted or it may reside on your hard drive until you manually delete it – this entirely depends on your individual browser settings and we do not have control over this.

CHANGES TO OUR RETENTION POLICY

We may need to change this Retention Policy if it’s necessary for legal reasons or to reflect changes to our site and services or the purposes for which we may wish to collect and process your personal information. In any case, the provisions of this Retention Policy may be changed without prejudice to your rights. When we change our Retention Policy we will make the updated Retention Policy available on our site and we will also update the “Last Updated” date.

Once we change our Retention Policy, we will use our reasonable efforts to inform you. This may include asking you to agree to the updated Retention Policy before we process further information about you or it may require us to suspend access to parts of our site until you agree to the updated Retention Policy – we will only restrict access to parts of our site where we deem it is necessary for us to collect or process personal information about you. If you have an account on our site then we may reset your login and seek new consent if there is a change in the purpose or duration that we retain your personal information.

You’re welcome to contact us if you have questions about the changes.

CONTACT US

This Retention Policy was prepared with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our retention of your personal information. However, we are happy to provide additional information or explanation needed.

If you have any questions, comments or requests regarding our Retention Policy then please do not hesitate to get in touch with us. All queries should be addressed to:

Lynne Duncan
IPS Governance and Engagement Manager
lynne.duncan@ips.uk.net