How long MAP Health Care keeps personal data, the principles governing retention, and our procedures for secure deletion and anonymisation.
MAP Health Care LTD ("we", "our", "us") is committed to ensuring that personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, in accordance with applicable data protection laws.
This Data Retention Policy explains how long we keep personal data, the principles governing retention, and the procedures for secure deletion or anonymisation.
This Policy applies to all personal data processed by MAP Health Care LTD, including data collected through:
This Policy should be read alongside:
MAP Health Care LTD processes and retains personal data in accordance with:
We apply the principle of data minimisation and storage limitation, ensuring that data is not kept longer than necessary.
Our retention practices are based on the following principles:
Personal data is retained only for specified, explicit and legitimate purposes, including:
We do not retain personal data indefinitely. Data is retained only for as long as it is necessary to:
We retain only the minimum amount of personal data required for operational and legal purposes.
When data is no longer required, it is securely:
MAP Health Care LTD processes and retains several categories of data, including:
Retention periods vary depending on the nature of the data and the legal or operational requirement.
As a general framework:
Specific retention periods are defined in Section 6.
The following retention standards apply unless otherwise required by law:
Retained for the duration of the user’s active account and up to a defined period after account closure for audit and compliance purposes.
Includes CVs, applications, interview records and placement history.
Retained for the duration of active engagement and a limited post-engagement period to support:
Includes:
Retained for as long as required to meet legal, safeguarding and regulatory obligations.
Includes messages between users and platform administrators.
Retained for operational, safeguarding, dispute resolution and compliance purposes for a defined period.
Includes system logs, authentication data and security monitoring records.
Retained for a limited period necessary for:
Retained in accordance with UK tax and employment legislation requirements.
The following table defines the standard retention periods applied by MAP Health Care LTD for key categories of personal data. Retention periods may vary where required by law, safeguarding obligations, or contractual necessity.
| Data Category | Examples | Retention Period | Basis |
|---|---|---|---|
| Account Data | User profile, login credentials, contact details | Duration of active account + up to 6 years after closure | Contract / Legitimate interests |
| Recruitment Data | CVs, applications, interview records, placement history | Up to 3 years after last activity | Legitimate interests |
| Compliance Documents | DBS, Right to Work, ID, training certificates | 3–7 years depending on regulatory requirement | Legal obligation / Safeguarding |
| Payroll & Finance Data | Timesheets, invoices, payments | 6 years minimum | UK tax law |
| Communication Records | Messages, support tickets | Up to 3 years | Legitimate interests |
| Security Logs | Access logs, authentication records | 12–24 months | Security / Fraud prevention |
| Device & Technical Data | IP logs, device identifiers | 12–18 months | Security / Analytics |
| Marketing Data | Email consent, campaign interactions | Until consent withdrawn + 2 years | Consent |
MAP Health Care LTD may extend retention where required for ongoing legal proceedings, audits or regulatory investigations.
When personal data is no longer required, MAP Health Care LTD applies secure deletion procedures designed to ensure that data cannot be recovered or reconstructed.
Deletion methods include:
Deletion requests from data subjects will be processed in accordance with UK GDPR, subject to legal retention obligations.
Where immediate deletion is not possible, data will be securely isolated and restricted until deletion is permitted.
In some cases, instead of deletion, personal data may be anonymised for analytical or operational purposes.
Anonymisation ensures that:
Anonymised data is no longer considered personal data under UK GDPR.
Certain data may be transferred to secure archival storage when it is no longer actively required but must be retained for legal or operational reasons.
Archived data is:
Archiving does not extend retention beyond legal requirements.
In certain circumstances, MAP Health Care LTD may suspend normal retention and deletion procedures.
This may occur where:
In such cases, data will be retained until the matter is resolved and lawful deletion is permitted.
MAP Health Care LTD uses trusted third-party providers who may store or process data on our behalf, including:
These providers retain data only in accordance with contractual agreements and applicable data protection laws.
We ensure that third-party retention practices align with our internal retention standards and UK GDPR requirements.
Individuals may request deletion of their personal data at any time.
Upon receiving such a request, MAP Health Care LTD will:
Where deletion is not possible, we will provide a clear explanation of the legal basis for retention.
All retained data is protected using appropriate technical and organisational measures, including:
Only authorised personnel with a legitimate business need may access retained data.
Compliance with this Data Retention Policy is mandatory for all MAP Health Care LTD systems and personnel.
Failure to comply may result in:
Regular audits may be conducted to ensure compliance with retention requirements.
MAP Health Care LTD reserves the right to update or modify this Policy at any time in response to:
The latest version will always be available on our Platform.
The “Last Updated” date indicates the most recent revision.
For questions regarding this Data Retention Policy or to exercise your data protection rights, please contact:
Company Number: 09723243
Registered Office:
Unit 36, Kingswood House, South Road, Kingswood, Bristol, BS15 8JF, United Kingdom
Data Protection Contact: Marius Popescu
MAP Health Care LTD is committed to responsible data stewardship and ensures that all personal data is retained only for as long as necessary, in accordance with UK GDPR principles and healthcare sector obligations.
We continuously review our retention practices to maintain compliance, improve data security and protect the rights of individuals whose data we process.
By using the MAP Health Care Platform, you acknowledge and understand the practices described in this Data Retention Policy.