Data Retention and Disposal Policy

Company: Tyrogen Limited (16884876)
Owner: Data Protection Lead (DPO)
Approved by: Governing Body (or delegated authority per MD/GOVERNANCE/DELEGATION OF AUTHORITY)
Status: Draft (controlled policy)
Version: 0.2
Last updated: 2026-04-05
Next review: 2026-04-30

1) Purpose

This document is Tyrogen’s canonical policy source for general retention, disposal, hold, and retention-governance rules across the live controlled library and related operational record sets.

Tyrogen has this policy so that information is retained only for as long as there is a valid reason to keep it, can be retrieved and explained when needed, and is disposed of securely once the applicable retention and hold conditions have ended. This framework supports privacy governance, Ofqual-facing evidence readiness, operational traceability, and reduction of unnecessary retention risk.

1.1 Ofqual and control alignment

This policy supports Tyrogen’s wider regulatory and control framework, including:

• A5 expectations relating to adequate information and record availability,
• B4 expectations relating to the ability to provide accurate and comprehensive information to Ofqual,
• H6 / I3 / I4 expectations relating to results, certification, and related recordkeeping,
• UK GDPR and wider data-protection expectations relating to storage limitation and accountable governance,
• and the wider evidence-production architecture used across Tyrogen’s controlled document and record set.

1.2 What this file owns

This file owns Tyrogen’s canonical position on:

• the general retention framework,
• the governing rules for routine retention, review, and disposal,
• when routine disposal must pause because a hold or override applies,
• the general secure-disposal expectation,
• the roles responsible for oversight and application of the framework,
• and the minimum retained evidence showing retention and disposal governance is operating.

1.3 What this file does not own

This file does not own:

• standard retention periods by record class, which are owned in Retention Schedule,
• the activity-level processing model, which is owned in Record of Processing Activities,
• subject-access workflow detail, which is owned in DSAR Process,
• security-control mechanics, which are owned in Information Security Policy,
• document-control governance, which is owned in Document Control,
• or process-specific case-management mechanics, which remain with the relevant complaints, appeals, malpractice, audit-access, safeguarding, finance, or operational owner files.

Where those files are relevant, this policy signposts them rather than duplicating their substance.

2) Scope

This policy applies to information and records held under Tyrogen’s control, including:

• learner data,
• assessment and awarding records,
• centre records,
• complaints, appeals, and malpractice case files,
• governance, finance, HR, and supplier records,
• system logs, security records, and audit evidence,
• and physical or electronic records where retention, retrieval, disposal, or hold governance is relevant.

This policy applies to both controlled records and operationally held information where Tyrogen is responsible for the retention and disposal position.

3) Retention framework and primary sources

Tyrogen applies retention and disposal through a source-owned model. This policy provides the governing framework, while Retention Schedule provides the canonical source for standard retention periods and disposal expectations by record class. Record of Processing Activities links relevant processing activities to that retention framework, and process or case-owner files govern the workflow detail for their own routes.

Tyrogen will maintain and keep under review the retention schedule in Retention Schedule. The schedule is the primary reference for standard retention periods. This policy governs how those periods are applied, when they are overridden, and how disposal is controlled.

4) Policy principles

Tyrogen manages retention and disposal in a way that is:

• Necessary — information is kept only where there is a valid legal, regulatory, contractual, operational, or evidential reason.
• Controlled — standard periods and disposal expectations are defined, reviewable, and linked to accountable owners.
• Secure — retained records are protected appropriately and disposed of through proportionate secure methods.
• Auditable — Tyrogen can explain what is retained, why it is retained, and when disposal or hold decisions were applied.
• Responsive to holds — routine disposal pauses where complaints, appeals, malpractice, incident review, litigation, DSAR handling, audit, or regulatory activity require continued retention.

5) Retention, review, and retrieval requirements

• Records must be retained in line with Retention Schedule unless a justified override or hold applies.
• Owners of relevant process or record sets must ensure retained information remains identifiable, retrievable, and governable for as long as it must be kept.
• Retained records must remain sufficiently organised that Tyrogen can support audit, investigation, learner-protection review, rights handling, regulatory response, and operational continuity where relevant.
• Where a process or record owner becomes aware that continued retention is no longer justified, the record should move to the appropriate disposal route once any hold has been released.

6) Hold, override, and suspension of routine disposal

Routine disposal must be suspended for any affected record set where continued retention is required because of:

• a complaint, appeal, malpractice, or maladministration matter,
• a DSAR or other data-rights request,
• a regulatory request, audit, investigation, or evidence-production requirement,
• an incident investigation or security review,
• litigation, threatened litigation, or legal-advice hold,
• or any other authorised retention hold or justified exception.

Tyrogen pauses routine disposal promptly where a complaint, appeal, malpractice matter, DSAR, incident, audit, regulatory request, litigation risk, or other authorised hold affects the record set. Disposal remains suspended until release is authorised through the correct governance or case-owner route.

7) Secure disposal

When records reach the end of the applicable retention period and no hold or override remains active, Tyrogen will dispose of them securely and appropriately.

This may include:

• secure deletion from systems or storage locations,
• controlled destruction of physical records,
• revocation of access where access is no longer needed,
• archive removal where the archive period has ended,
• and retaining evidence of deletion or destruction where proportionate or required.

Tyrogen disposes of records through secure deletion, controlled destruction, archive removal, or access revocation appropriate to the record type and storage model. Where proportionate or required, Tyrogen retains evidence that disposal was completed through an authorised route.

8) Roles and responsibilities

• Data Protection Lead (DPO): maintains oversight of the retention framework and its linkage to the GDPR control set.
• Document, process, and record owners: ensure records within their area are retained, retrievable, and disposed of in line with the framework and the applicable schedule.
• Operations / Technology / Security roles: support secure storage, deletion, access-control changes, and operational implementation where relevant.
• All staff and contractors: must not destroy, conceal, or dispose of records outside approved retention, hold, and disposal arrangements.

Tyrogen uses a role-based retention model: the DPO oversees the framework, process and record owners apply it to their own record families, and operational roles support secure storage and disposal. Records must not be destroyed outside approved retention and hold arrangements.

9) Minimum records and evidence

Relevant records may include:

• Retention Schedule,
• disposal logs or equivalent disposal evidence where maintained,
• records of legal hold, investigation hold, complaint hold, regulatory hold, or other exceptions to routine disposal,
• supporting deletion, archive-removal, access-revocation, or destruction evidence where relevant,
• and governance or case-owner records showing when a hold was applied, continued, or released.

10) Related documents

• Retention Schedule
• Record of Processing Activities
• GDPR README
• DSAR Process
• Ofqual Audit Access and Evidence Production
• Information Security Policy
• Document Control

11) Change log