Data Management

Data Retention Policy

Last updated: 16 November 2025

1. Introduction

This Data Retention Policy outlines how long Skyie Global Financial Advisors Ltd ("we", "us", or "our") retains different types of personal data and the criteria we use to determine retention periods. This policy is designed to ensure compliance with UK GDPR, Data Protection Act 2018, HMRC requirements, and other applicable legal obligations.

2. Purpose of Data Retention

We retain personal data for legitimate business purposes and legal compliance, including:

  • Providing ongoing tax and financial advisory services
  • Meeting legal and regulatory obligations (e.g., HMRC record-keeping requirements)
  • Defending or pursuing legal claims
  • Maintaining business continuity and historical records
  • Improving our services and customer experience

3. General Retention Principles

We apply the following principles when determining how long to retain personal data:

  • Legal compliance: We retain data for as long as required by applicable laws and regulations
  • Business necessity: We keep data only for as long as necessary to fulfill the purposes for which it was collected
  • Data minimization: We regularly review and delete data that is no longer needed
  • Security: Data is securely deleted or anonymized when no longer required

4. Specific Retention Periods

4.1 Tax Records and Financial Documents

In accordance with HMRC requirements, we retain tax-related records for the following periods:

  • Self Assessment tax returns: Minimum 6 years from the end of the tax year they relate to (HMRC requirement: at least 5 years plus the current year)
  • PAYE records: Minimum 6 years from the end of the tax year they relate to
  • CIS records: 6 years from the end of the tax year they relate to
  • VAT records: 6 years from the end of the accounting period (if applicable)
  • Corporation Tax records: 6 years from the end of the accounting period (if applicable)
  • Supporting documents (invoices, receipts, bank statements): 6 years

4.2 Client Account Information

  • Active client accounts: Retained for the duration of the business relationship plus 6 years
  • Inactive client accounts: Retained for 6 years after the last interaction or service provision
  • Client identification documents (passport, driver's license): 6 years after the end of the business relationship
  • National Insurance numbers and UTRs: 6 years after the end of the business relationship

4.3 Communication Records

  • Email correspondence related to services: 6 years
  • Phone call recordings (if applicable): 6 years or as required by regulation
  • General inquiries (non-client): 2 years from the last communication
  • Marketing communications opt-out records: Permanently retained to ensure compliance

4.4 Marketing and Website Data

  • Newsletter subscriptions: Until you unsubscribe, then deleted within 30 days
  • Website analytics data: 26 months (Google Analytics default)
  • Cookie data: As specified in our Cookie Policy
  • Lead generation forms: 2 years from submission if no engagement; converted to client records if services are provided

4.5 Employment and HR Records

  • Employee records: 6 years after employment ends
  • Payroll records: 6 years from the end of the tax year they relate to
  • Job applicant records: 1 year from the application date (unless hired)

4.6 Legal and Compliance Records

  • Contracts and agreements: 6 years after termination or expiry
  • Professional indemnity insurance claims: 15 years from the date of the claim
  • Anti-money laundering (AML) records: 5 years from the end of the business relationship
  • Data protection impact assessments: 3 years after completion
  • Data breach records: 3 years from resolution

5. Retention Period Justification

Our retention periods are based on:

  • HMRC requirements: Tax records must be kept for at least 5 years plus the current year (we retain for 6 years to ensure full compliance)
  • Limitation Act 1980: Contracts and legal claims can be brought within 6 years in most cases
  • UK GDPR Article 5(1)(e): Personal data should not be kept longer than necessary
  • Professional standards: Accounting and financial services industry best practices

6. Secure Deletion and Disposal

When data reaches the end of its retention period, we ensure secure deletion or anonymization:

  • Electronic data: Securely deleted using data wiping software that meets industry standards
  • Physical documents: Shredded or securely destroyed using certified disposal services
  • Backup systems: Data is removed from all backup systems in accordance with our backup retention schedules
  • Third-party systems: We ensure third-party service providers delete data in accordance with our instructions

7. Exceptions to Retention Periods

In certain circumstances, we may retain data beyond the standard retention periods:

  • Legal holds: If data is subject to ongoing legal proceedings or investigations
  • Regulatory investigations: If HMRC or other regulators request specific data to be retained
  • Fraud prevention: If data is needed to prevent, detect, or investigate fraud
  • Dispute resolution: If there is an active dispute or complaint
  • User requests: If you explicitly request that we retain your data for a longer period

8. Your Rights Regarding Data Retention

Under UK GDPR, you have the following rights:

  • Right to erasure ("right to be forgotten"): You can request deletion of your data, subject to legal and contractual obligations
  • Right to restriction of processing: You can request that we limit how we use your data in certain circumstances
  • Right to object: You can object to processing of your data for certain purposes
  • Right to data portability: You can request a copy of your data in a machine-readable format

Please note that we may not be able to delete all data if we have a legal obligation to retain it (e.g., tax records required by HMRC). In such cases, we will inform you of the specific legal basis for retention.

9. Regular Reviews

We conduct regular reviews of the data we hold to ensure compliance with this policy. Our data retention processes are reviewed annually or whenever there are changes to legal requirements or business practices.

10. Third-Party Data Processors

We ensure that third-party service providers who process data on our behalf have appropriate data retention and deletion policies in place. We include data retention requirements in our contracts with third parties and monitor compliance.

11. Archiving

For certain types of data that must be retained for long periods but are no longer actively used, we may transfer the data to secure archive storage with restricted access. Archived data is subject to the same security and retention standards as active data.

12. Changes to This Policy

We may update this Data Retention Policy to reflect changes in legal requirements, business practices, or technology. Any material changes will be communicated through our website, and the "Last updated" date will be revised accordingly.

13. Related Policies

For more information about how we protect and use your data, please refer to our Privacy Policy and Cookie Policy.

14. Contact Us

If you have questions about our data retention practices or wish to exercise your rights, please contact us:

Skyie Global Financial Advisors Ltd

Registered in England: 16481433

hello@skyieglobal.co.uk

Address: London, United Kingdom

Request Data Deletion

If you would like to request deletion of your personal data (subject to legal retention requirements), please send a written request to the email address above. We will respond to your request within 30 days and inform you of any data that must be retained for legal compliance.