Data Security and Retention Policy

Professional Language Solutions Ltd


Data Security and Retention Policy - August 2019


This policy applies to:


(1) all data of PLS or our customers which can reasonably be considered to be “confidential”

(2) personal and private data which is collected by PLS, and which is governed by GDPR

All such data is hereafter referred to as “affected data”



Definition of Our Network


1/ The PLS local domain server (including virtual servers)

2/ Cloud-based file-storage applications approved by PLS, which have their own User Credentials. At the time of writing, these include:


  • Google Drive
  • Dropbox
  • Microsoft OneDrive
  • HR Bright
  • Microsoft Teams
  • Microsoft Office 365 (including Microsoft Exchange)
  • Jotform
  • Cardstream


Secure Storage

Affected data must always be stored on our network.

Provided the affected data is held on our network, there is no further requirement to password-protect individual files, unless the file is being shared outside that environment (eg emailed to an external third party)

No affected data is permitted to be stored by PLS employees anywhere outside our network, defined above, unless it is on an approved device which is listed on the IT Register of Approved Devices

Affected data may be accessed from any device, provided it is not downloaded and stored, using approved User Credentials.


Transmission/sharing of affected data

If affected data held within our network needs to be sent by Microsoft Exchange email, it must always be password-protected, in accordance with our password-authentication processes.

Alternatively, affected data can be shared with other users through the file-sharing systems included above in the definition of our network.


Physical files

Where affected data is printed and results in a hard copy, or where PLS receives confidential or GDPR data in the form of a hard copy, the following security protocols concerning the safe-guarding of this data apply:


  • No hard copies of affected data to be taken outside PLS head office without permission and being recorded on the data register by the Data Controller (CT) or designated delegate
  • Hard copies of affected data always to be stored in lockable cupboards/cabinets, with the key held by the staff member designated to be responsible
  • No hard copies of affected data to be left on desks or in any shared work areas without appropriate supervision


Data Retention Policy

Affected data will be kept “live” for a maximum of 5 years (see note below)

All data older than 5 years will be archived with encryption and stored in a protected area on our network.

All data older than 10 years will be destroyed, unless PLS is required by either customer contract or legal obligations to retain it.


Maintenance and Updating Policy

In December each year, IT to oversee a company-wide update, to archive/delete data in accordance with the Data Retention Policy above.

Contact Us (HQ)

Language Solutions

7 King Street Cloisters

London, W6 0GY


Language Solutions Holdings - our companies

  Professional Language Solutions Ltd
Established in 1991, PLS provides language training in multiple formats and over 50 languages for corporate and government customers across the UK.
  Language Solutions International Ltd
Operating since 1993, LSI is the international wing of our organisation. We offer specialist English language training and assessments, as well as recruitment and manpower solutions for projects around the world.


We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.