Table of Contents

  1. Purpose of the Policy
  2. Who we are
  3. Document retention procedure
  4. Types of documents
  5. Storage
  6. Confidential Information of Others
  7. Questions about this policy

1. Purpose of the Policy

This notice sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be retained by Us, where ‘Us, We, Our’ means the Secretariat and HRCDC either separately or together. Any reference to ‘Data Controller’, ‘Data Processor’, ‘Personal Data’ and ‘Data Subject’ shall have the meaning ascribed to in the General Data Protection Regulations (the ‘GDPR’).

Examples of Personal Data that we may collect, process and retain include names and addresses, email addresses, CVs, details of previous employment, medical records and references and financial details.

The Data Protection Acts 1988 and 2003 (as amended) (the “DPA”) and, from 25 May 2018, the GDPR impose obligations on us, as a Data Controller, to retain the data for no longer than is necessary. We are obliged to provide individuals with information on our retention periods or criteria used to determine the retention periods.

The time periods for which we retain your information depends on the type of information and the purposes for which We use it. We will keep your information for no longer than is required or permitted. We do not transfer your data outside of the EU.

2. Who we are

Please review the HRCDC Privacy Notice for further details on the HRCDC and/or Secretariat and role of Health Research Board (“HRB”) in providing the Secretariat support to the HRCDC.

3. Document Retention Procedure

We must retain certain records because they contain information that must be kept in order to satisfy statutory, legal, accounting or other regulatory requirements. We must balance these requirements with Our statutory obligation to only keep records for the period required and to comply with data minimisation principles. The retention schedule below sets out the relevant periods for the retention of various HRCDC documents.

Categories of Personal Data Internal Retention Period Justification for Timeframe
Invalid application 6 months For future validation and follow on submission queries
Unsuccessful applications 2 years after the date of submission For future validation and follow on submission queries
Successful applications 5 years after the expiration or termination of a declaration For HRCDC memory and reporting purposes
HRCDC member contact details 3 years after expiration of membership For follow up queries by the Secretariat or
HRCDC member financial details 7 years after expiration of membership Revenue Requirements
HRCDC expense receipts 7 years Revenue Requirements
Prospective HRCDC members: CVs 1 year For future HRCDC opportunities
Letters of Offer for HRCDC membership 2 years after expiration of membership For HRCDC records
Categories of Personal Data Retention period when made public Justification for Timeframe
HRCDC member Bios & Photos Will be removed immediately once membership has expired No legal basis for retaining in public view
Minutes of HRCDC meeting Permanent Statutory obligations of the Regulations
Decisions of HRCDC meetings Permanent Statutory obligations of the Regulations

Any remaining historic paper files will be retained until these are scanned. Where applications recorded are destroyed in line with this policy they will be shredded and disposed of as confidential waste.

Please see the HRCDC Standard Operating Procedures for more information on the application
submission process.

4. Types of documents

A record is any type of information created, received or transmitted in the transaction of the HRCDC’s business, regardless of physical format. Examples of where the various types of information are located are; calendars, emails, handwritten notes, invoices, voicemails.

5. Storage

All Personal Data retained by Us is stored in a secure online drive hosted on a server within the Health Research Board (HRB). The online secure drive can only be accessed by authorised members of the Secretariat and the ICT support team of the HRB. All paper copies are stored securely in Secretariat office. Personal Data will not be shared with other third-parties who are not outlined in this privacy notice.

Confidential Information of Others

Unsolicited confidential information submitted to Us shall be refused, returned to the sender where possible and deleted, if received electronically.

Questions about the policy

Any questions about this policy should be referred to the Secretariat:

Skip to content