List of active policies

Name Type User consent
MOT Policies Privacy policy Authenticated users


This document outlines the Terms & Conditions of which you adhere to by using this website or engaging with us.

Full policy

Please read our policies:
To use MOT you will need to read through the following documents to understand our Terms and Conditions and the way we use your data. You'll then need to accept these terms on the next page.

We hope you have an enjoyable experience with Midshore's Online Training Platform,
The Midshore team.
General Terms and Conditions


Within this document we make references to other documents which can be found at the following links: Midshore Consulting Limited is hereinafter referred to as "Us", We", "Midshore". Registered address: Greenways, Courtil de Bas Lane, St Sampson, Guernsey, GY2 4XJ 

Last updated: 19/10/2020 
Company registration number: 62327  

General Terms & Conditions

By using our website or engaging with us, you will be asked to read these terms and conditions, and by checking the relevant boxes you therefore understand agree to the terms and conditions below. These terms and conditions are designed to govern your use of our website and to explain the way in which your interactions can with us affect you.
  1. Agreement
    1. By using the website or engaging with Midshore, you agree to be bound by the following terms:
  2. Amendments
    1. Midshore reserves the right to amend these terms from time to time. You will be notified of any amendments made by notification on the website. However, it is your responsibility to check for such changes.
      1. If you have already engaged with Midshore, you will be notified of any changes by the most appropriate method of communication.
    2. These changes will apply to the use of the website from the date specified above within the section headed Notes.
    3. If you do not accept the terms and conditions, you should not engage with Midshore and should no longer use this website.
  3. Intellectual property
    1. You may not otherwise reproduce, modify, copy or distribute or use for commercial purposes any of the materials or content on the Website. This also includes but is not limited to:
      1. Any information available on any texts / website / content unless otherwise stated.
      2. Any third-party information, unless otherwise stated.
    2. As such, no part of this website or any part of texts and content may be used in whole or part, in any manner without the permission of the copyright owner.
  4. Data Privacy and data processing
    1. Our data privacy policy can be found at:
    2. Midshore aims to ensure that individuals are aware that their data is being processed, and that they understand:
      1. How their data is being used
      2. How to exercise their rights
      3. How to complain
    3. You should read our Data Privacy Policy for full details on this.
  5. Data Retention
    1. Our data retention policy can be found at:
  6. Cookie Information
    1. Our cookie policy can be read within our Data Privacy Policy.
  7. Indemnity
    1. You agree to fully indemnify, defend and hold our directors, employees and suppliers, harmless immediately on demand, from and against all claims, losses, costs and expenses, including reasonable legal fees, arising out of any breach of these Terms by you, or any other liabilities arising out of your use of this Website or any other person accessing the Website using your personal information.
  8. Third-party links
    1. As a convenience to our customers, the Website may include links to other websites or material which is beyond our control. For your information, we are not responsible for such websites or material nor do we review or endorse them. We will not be liable, whether directly or indirectly, for the privacy practices or content of such websites nor for any damage, loss or offence caused or alleged to be caused in connection with, the use of or reliance on any such advertising, content, products, materials or services available on such external websites or resources.
  9. Eligibility
    1. Persons under the age of 18 should not use this website.
  10. Information
    1. The information contained in this website is for general information purposes only. The information is provided by Midshore and third-parties where noted.
    2. You should not rely on this information and do so only at your own risk.
  11. Acceptance
    1. Upon reading these terms and checking the affirmative box or giving proper confirmation that these terms have been read and understood, these terms form the entire basis of any agreement reached between you and Midshore.
  12. Law and Jurisdiction
    1. These terms shall be governed by and construed in accordance with the laws of the Bailiwick of Guernsey and any disputes shall be decided only by the Guernsey Courts.

Course / Event / Training Specific Terms and Conditions

The following Terms apply specifically to bookings made with Midshore in respect of both live and online training.
  1. Study Materials
    1. Course notes will be supplied to delegates at the start of the course.
    2. Under no circumstances are course notes transferable.
  2. Course Attendance
    1. Delegates must bring the relevant course joining instructions to all sessions of the course. Failure to do so may lead to Delegates being refused entry to the course.
    2. Failure of a Delegate to attend a course will result in the Employer being notified of non-attendance. If a Delegate fails to attend, they will not be eligible for a refund and an administrative re-booking fee of £30 will be applied.
    3. The Employer may substitute a different Delegate up to 2 business days prior to the commencement of the course without charge. Any change within 2 business days prior to the commencement of the course will be made subject to a £30 administration fee.
  1. Intellectual Property
    1. Midshore grants the Delegate a non-transferable, non-exclusive license to use Midshores course materials under the terms of this Agreement.
    2. This license terminates on termination of this Agreement.
    3. The Delegate warrants that they shall only use Midshores course materials for their own educational purposes and shall not, without Midshores prior written consent, copy, make available, re-transmit, reproduce, sell, disseminate, license, distribute, publish, broadcast or otherwise circulate Midshores course notes (or any part of them) to any person other than in accordance with this Agreement.
    4. The Delegate and the Employer shall fully indemnify Midshore in respect of any infringement of intellectual property rights arising as a result of their use of Midshores course materials in breach of this Agreement.
  2. Change of contact details
    1. Midshore must be notified in writing of any change in an Employers or Delegates contact details.
  3. Enrolment Periods
    1. Manual enrolments will last for 12 months from activation.
    2. PayPal enrolments will last for 12 months from activation.
    3. Enrolments can be extended at the discretion of Midshores administration team.
    4. Reactivation of enrolment (for 12 months) will be subject to an administrative charge of £30 or the course total. Whichever is less.
    5. When a course becomes obsolete, either by a newer course superseding the previous course, or the course expires, as long as the enrolment period has not expired or has 90 days or longer remaining, candidates will be offered access to the course replacing the obsolete course (where applicable) at reduced fee equal to that of their organisational discount.
  1. Security
    1. Personal possessions are the sole responsibility of the Delegate and Midshore accepts no responsibility for anything that is lost or stolen from its training venues. Delegates are advised to keep valuables with them at all times.
  1. Notices
    1. Any notices required to be served by Midshore under this Agreement will be deemed properly served in sent via prepaid postage to the postal address, or emailed to the email address, notified by the Employer or the Delegate, at Midshores discretion.
  2. Limitation of Liability
    1. The liability for Midshore for direct losses arising out of their negligence (other than in respect of liability for death or personal injury), breach of contract or any other cause of action arising out of or in connection with this Agreement shall be limited to the cash receipts from the Delegate or Employer for the course.
    2. Midshore shall not be liable for any direct or consequential loss whether arising from negligence, breach of contract or otherwise.
  1. Warranty
    1. Midshore warrants that course materials will be of satisfactory quality but does not warrant that course materials will be error free.
    2. Midshore warrants that it will perform any services under this Agreement with reasonable skill and care.
    3. These warranties are provided in lieu of all other warranties express or implied which are hereby excluded to the fullest extent permitted by law.
  2. Data Protection
    1. Employers and Delegates agree that, in relation to information held from time to time, Midshore may:
      1. Use the information to perform their obligations and enforce rights under this Agreement
      2. Use the information to inform Employers and Delegates about courses, products or services which may be of interest to them.
      3. Use the information to inform Employers and Delegates with feedback.
      4. Communicate with Employers about Delegates progress and attendance.
    2. Employers and Delegates have the right to receive details of the personal information held by Midshore.
    3. In the event that Employers and Delegates do not wish to receive correspondence from Midshore, a written request should be sent to Midshore Consulting Limiteds correspondence address.
    4. Our Data Protection and Retention policies apply to all data held or processed by Midshore.
  3. Validity
    1. If any provision is held to be invalid or unenforceable by any tribunal of competent jurisdiction, the remaining provisions shall not be affected and shall be carried out as closely as possible according to the original intent.
  4. Jurisdiction
    1. The parties to this Agreement irrevocably submit to the exclusive jurisdiction of the Guernsey Courts for the determination of disputes arising under this Agreement.
  5. Promotions & Discounts
    1. Any promotions or discounts listed on our website are only valid during the dates displayed. If no date is displayed, we reserve the right to refuse the promotion displayed.
    2. Where promotions are displayed any other discounts usually available do not apply. This includes multiple user discounts when booking training through our MOT platform.

General Payment Terms and Conditions

  1. Invoice Terms
    1. Full payment must be made within 14 calendars days of the invoice date.
    2. In the case of bookings, no booking will be considered complete until payment has been received.
      1. Cancellation within 14 calendar days prior to the start of a course will result in a 50% refund.
      2. Cancellation within 7 calendar days prior to the start of a course will result in no refund
  2. Late Payment Terms
    1. Midshore reserve the right to levy a suitable administration charge (Generally 2%) for late payments of an invoice or booking.
  3. Payment Methods
    1. Acceptable payment methods for services, goods or any other materials are:
      1. Bank Transfer
      2. Cheque
      3. Cash
      4. PayPal
    2. Where a third-party payment provider is used you should already have accepted their relevant Terms and Conditions and Data Privacy Policies, the information you share with them is passed on to us in order to complete the transaction. Therefore your contract is with the third-party agent, we accept no liability for loss or corruption of data in this insatance.


Midshore - Midshore Consulting Limited Content - Text, imagery, documents, logo, icon, website, design, advertisements etc Website(s) - / MOT / MOT Platform - Midshore Online Training / Texts - Any document or communication with Midshore Terms - this or any other document related to Course - Courses are pre-written training, be it taken online or live Training - Training is educational information delivered either live, online or in any other format Event - Events are any activity held on a specific organised date, regardless of if they are free or incur a fee

Contact Information

Should you have any questions regarding any of our policies, please send them to
Data Privacy Notice


Within this document we make references to other documents which can be found at the following links:

Midshore Consulting Limited ("us", "we", or "our") operates the website (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. Midshore Consulting is a business providing the following services:

  • Consultancy Services
  • Training Services
  • Website, Design and & SEO Services
In providing these services, Midshore needs to gather and use certain information about individuals in the provision of those services it is a Data Controller. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact (data subjects). This policy describes how this personal data must be collected, handled and stored to meet the business data protection standards and to comply with relevant law and regulation.

Why this policy exists

This data protection policy ensures that Midshore:
  • Complies with data protection law and follows good practice
  • Protects the rights of employees, customers and partners
  • Is open about how it stores and processes individuals data
  • Protects itself from the risks of a data breach

Relevant law and regulation

The following laws and regulations describe how organisations including Midshore must collect, handle and store personal information:
  • The Data Protection (Bailiwick of Guernsey) Law, 2017 (the Guernsey Law)
  • Ordinances and regulation promulgated under the Guernsey Law
  • The General Data Protection Regulation (the GDPR) of the European Union with respect to its extraterritorial nature
  • Any other international or foreign legislation that may, by reason of its extraterritorial nature, have impact on the processing of personal data in the Bailiwick of Guernsey
These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the relevant laws and regulations, personal information must be collected and used fairly, stored safely, kept up to date and not disclosed unlawfully. The requirements of data protection laws and regulations are underpinned by seven principles, the first six of which state that personal data must:
  • Be processed lawfully, fairly and in a transparent manner
  • Be obtained only for specific, explicit and legitimate purposes and must not be processed in a manner incompatible with the purpose for which it was collected
  • Be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed
  • Be accurate and, where applicable, kept up to date with reasonable steps being taken to ensure that personal data that is inaccurate is erased or corrected without delay
  • Not be kept in a form that permits identification of the data subject any longer than is necessary for the purpose for which it is processed
  • Be processed in a manner that ensures its security appropriately, including protecting it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
The seventh principle applies to data controllers, including Midshore, and states that such data controllers are responsible for, and must be able to demonstrate, compliance with the other six principles. Data controllers also have an obligation to facilitate exercise of the rights of data subjects (the Rights).

Data Retention Summary

What are Cookies?

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. Examples of Cookies we use:
  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
For more general information on cookies see the Wikipedia article on HTTP Cookies...

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

If you create an account with us then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out. This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users. From time to time we offer user surveys and questionnaires to provide you with interesting insights, helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide you with accurate results after you change pages. When you submit data through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, Twitter, LinkedIn, YouTube, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Finally, our websites use Hotjar Analytics, this is done by a tracking code and allows our team to look at the way users browse our website (anonymously). This data is stored without any recognisable data and allows our team to make informative changes to improve user experience.

If you wish to not be tracked by Hotjar, please see their guide here.

Information Collection And Use We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally, identifiable information may include, but is not limited to:
  • Email address
  • First Name and Last Name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Dispatch address and Name
  • Cookies and Usage of Data

Usage of Data

We may also collect information on how the Service is accessed and used ("Usage of Data"). This Usage of Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. Personal data is of no value to Midshore unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft.
  • When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
  • Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
  • Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
  • Personal data should never be transferred outside the Bailiwick of Guernsey, the European Economic Area or an equivalent jurisdiction, unless previously approved by the board due to there being some mechanism in place.
Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data. Midshore uses the collected data for various purposes:
  • To provide and maintain the Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer care and support
  • To provide analysis or valuable information so that we can improve the Service
  • To monitor the usage of the Service
  • To detect, prevent and address technical issues

Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside of Guernsey and choose to provide information to us, please note that we transfer the data, including Personal Data, to Guernsey and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Midshore will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

Legal Requirements Midshore may disclose your Personal Data in the good faith belief that such action is necessary to:
  • To comply with a legal obligation
  • To protect and defend the rights or property of Midshore Consulting Limited
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Disclosing data for other reasons

There are other circumstances where personal data may be disclosed, without consent of the data subject. This includes situations where the data must be disclosed by reason of local legislation or international agreement. Under these circumstances, Midshore will disclose the requested data. However, the data controller will seek to ensure the request is legitimate, with approval from the board and legal advisers as appropriate.

General data protection policies relating to staff

  • The only people able to access data covered by this policy should be those who need it in respect of the function(s) they perform
  • Data should not be shared informally. When access to confidential information is required, employees can request it from their line manager.
  • Midshore will provide training to all employees to help them understand their responsibilities when handling data.
  • Employees should keep all data secure, by taking sensible precautions and following this policy and related procedures.
  • Strong passwords must be used and they should never be shared.
  • Personal data should not be disclosed to unauthorised people, either within the business or externally.
  • Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of as detailed in the Data Retention Policy.
  • Employees should request help from their line manager or the person responsible for data protection if they are unsure about any aspect of data protection.

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. Details of our websites security certificate can be seen by clicking on the padlock how this is done is dependant on your browser, so please consult the help section.

Data Protection Risks

This policy helps to protect Midshore from data security risks, including:
  • Breaches of confidentiality, for example information being given out inappropriately
  • Failing to offer choice, for example all individuals should be free to choose how the business uses data relating to them
Reputational damage, for example the business could suffer if hackers successfully gained access to sensitive data

Data Storage

These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or the person responsible for data protection. When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. This also applies to data that is usually stored electronically but has been printed out.
  • When not required, the paper or files should be kept in a locked drawer or filing cabinet.
  • Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
  • Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
  • Data should be protected by strong passwords that are changed regularly and never shared between employees.
  • If data is stored on removable media (CD, DVD, USB flash drive or external hard drive), these should be kept locked away securely when not being used.
  • Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service.
  • Servers containing personal data should be sited in a secure location, away from general office space.
  • Data should be backed up frequently. Those backups should be tested regularly, in line with the business standard backup procedures.
  • Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
All servers and computers containing data should be protected by approved security software and a firewall.

Data Accuracy

The law requires Midshore to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
  • Data will be held in as few places as necessary. Staff should not create any unnecessary instances of personal data.
  • Staff should take every opportunity to ensure data is updated. For instance, by confirming a customers details when they call.
  • Midshore Consulting will make it easy for data subjects to update the information held in respect of them.
  • Data should be updated as inaccuracies are discovered and as clients advise that it requires updating.

Subject Access Requests

All individuals who are the subject of personal data held by Midshore are entitled to:
  • Ask what information the company holds about them and why
  • Ask how to gain access to it
  • Be informed how to keep it up to date
  • Be informed how the company is meeting its data protection obligations
If an individual contacts the business requesting this information, this is called a subject access request. Subject access requests can be received from the data subject by mail or email. An individual making a subject access request can request a single copy of their data free of charge. The business will aim to respond to this within 14 days. If the individual requests further copies of their data, then administrative costs can be charged at standard rates. The business will always seek to verify the identity of the individual making a subject access request prior to providing them with any information.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We use service providers such as PayPal to make it easier for our customers to pay for our training courses / documents / events online. A copy of PayPal's Terms & Conditions can be found on their website.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Privacy for Children

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Child/Children has/have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page (effective date at the top of page). Where applicable, you will be notified by email if any changes to our Terms & Conditions or Data Protection Privacy Policy are made. Policy scope This policy applies to:
  • Midshore Consulting
  • All staff of Midshore Consulting
  • All contractors, suppliers, outsource providers and other people working on behalf of Midshore Consulting
It applies to all data that the business holds relating to identifiable individuals, whether or not that data falls under the provisions of relevant data protection legislation, including:
  • Names of individuals
  • Postal and physical addresses
  • Email addresses
  • Telephone numbers (including mobile telephone numbers)

Contact Us

If you have any questions about this Privacy Policy, please contact us:
Data Retention Policy


Within this document we make references to other documents which can be found at the following links:


The need to retain data varies widely with the type of data. Some data can be immediately erased, and some must be retained until reasonable potential for future need no longer exists. Since this can be somewhat subjective, this retention policy is important to ensure that the company's guidelines on retention are consistently applied throughout the organisation. Data controller for the company: Christopher Jehan Data controllers email address:


The purpose of this policy is to specify the company's guidelines for retaining different types of data.


The scope of this policy covers all company data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location. Note that the need to retain certain information can be mandated by local, industry regulations and will comply with EU General Data Protection Regulation GDPR and the General Data Protection (Bailiwick of Guernsey) Law, 2017.


Reasons for Data Retention

For the general purposes related to continued and safe business with our clients, it is necessary to hold some data. There are various reasons behind this and this document aims to explain those with the aid of our Data Privacy Notice and general Terms & Conditions. Some data, however, must be retained in order to protect the company's interests, client access, preserve evidence, and generally conform to good business practices. Some reasons for data retention include:
  • Litigation
  • Accident investigation
  • Security incident investigation
  • Regulatory requirements
  • Intellectual property preservation
  • Client access both business and personal

Data Duplication

  • Backups
    • We create monthly, weekly and daily backups of all our systems so that in the event of a systems failure we are able to restore data accurately and efficiently
    • These backups are stored onsite for daily and weekly backups and offsite for monthly backups on an encrypted drive.
  • Sharing with approved partners
    • This will open happen when pre-approved and in order to complete schedules outlines within consultation agreements
  • Midshore Online Training
    • Some information is duplicated on our Midshore Online Training (MOT) platform, this will only be done should you engage with Midshore for online training.

Retention Requirements

This section sets guidelines for retaining the different types of company data.
  • Personal customer data:
    • Personal data will be held for as long as the individual is a customer of the company plus 5 years.
  • Client Relationship Data
    • This will be held for 5 years after the end of the client relationship
  • Personal employee data:
    • General employee data will be held for the duration of employment and then for 5 years after the last day of contractual employment.
    • Employee contracts will be held for 5 years after last day of contractual employment.
    • Tax payments will be held for 6 years.
    • Records of leave will be held for 3 years.
    • Recruitment details:
      • Interview notes, CV's, Supporting Documentation including Criminal Record Checks of unsuccessful applicants will be held for 1 year after interview.
  • Planning data:
    • 5 years.
  • Health and Safety:
    • 5 years for records of major accidents and dangerous occurrences.
  • Public data:
    • Public data will be retained for 3 years.
  • Operational data: Most company data will fall in this category.
    • Operational data will be retained for 5 years.
  • Critical data including Tax and VAT:
    • Critical data must be retained for 6 years.
  • Confidential data:
    • Confidential data must be retained for 7 years.

Retention of Encrypted Data

If any information retained under this policy is stored in an encrypted format, considerations must be taken for secure storage of the encryption keys. Encryption keys must be retained as long as the data that the keys decrypt is retained.

Data Destruction

Data destruction is a critical component of a data retention policy. Data destruction ensures that the company will use data efficiently thereby making data management and data retrieval more cost effective. When the retention timeframe expires, the company must actively destroy the data covered by this policy. If a user feels that certain data should not be destroyed, he or she should identify the data to his or her supervisor so that an exception to the policy can be considered. Since this decision has long-term legal implications, exceptions will be approved only by a member or members of the company's management team. The company specifically directs users not to destroy data in violation of this policy. Destroying data that a user may feel is harmful to himself or herself is Particularly forbidden, or destroying data in an attempt to cover up a violation of law or company policy.

Applicability of Other Policies

This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.


This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities. IT Manger: Sam du Feu IT Manager email:


Backup: To copy data to a second location, solely for the purpose of safe keeping of that data. Encryption: The process of encoding data with an algorithm so that it is unintelligible and secure without the key. Used to protect data during transmission or while stored. Encryption Key: An alphanumeric series of characters that enables data to be encrypted and decrypted.