Purpose
This is the Data Retention Policy of 1st St Helens (YMCA) Scout Group. This includes all operations for which the Group Exec is directly responsible.
The purpose of this policy is to specify 1st St Helens (YMCA) Scout Group’s guidelines for retaining different types of data and for how long.
Scope
This policy covers all data in the possession or control of 1st St Helens (YMCA) Scout Group regardless of the medium in or on which those data are held. Where statute or regulation departs from the requirements of this policy, 1st St Helens (YMCA) Scout Group will comply with the relevant statute or regulation. This policy may be updated from time to time.
Personal Data
Personal data retention is governed by current Data Protection legislation. These data must be kept accurate, up to date and retained for no longer than is necessary for the purpose for which they were obtained. Detail of retention periods can be found in Annex A – Retention periods.
Lawful Purpose for Processing
Where personal data is processed using the lawful basis of legitimate interest or consent, the data subject has a number of rights that they can exercise over this data, such as delete or rectify. Communications with these data subjects will need to clearly sign post them to their ability to withdraw this consent or challenge the legitimate interest that has been assessed, this is commonly known as ‘opt out’. Where appropriate the data subject should be informed every 2 years of the consent or legitimate interest being used to process their data with an option to update this preference. A formal retention period for data processing based on consent has not been defined in this policy and is assumed as permanent until the data subject exercises their rights to cease the processing activity.
Examples of processing covered by this statement are subscribers to newsletters, photograph consents and marketing communications.
Annex A – Retention Periods
Members and Volunteer’s data
Data Process | Data Type | Retention | Justification |
Want to Join | Personal data | 15 years after enquiry or until member joins, whichever is shorter | To keep them informed of their joining status |
Joining – including the role and dates of joining | Personal and Sensitive data (special category) | 10 years after leaving the data will be reduced to only include name, date of birth, awards, training records, events attended, roles and permits held and any complaints in summary format. This remaining data will be retained for 100 years. | The 10-year retention of all data is required to provide tenure and service records in the event an individual wants to re-join. The 100 years retention of data is required for evidence requests from statutory agencies |
Youth award registrations | Personal and Sensitive data (special category including citation) | 6 months after the member turns 25 | To retain their award registrations for the duration of the eligibility period |
Youth award completions | Personal data and Sensitive data (special category including citation) | Permanent for basic data; name, county, award, membership number, completion date | Historic record of award completions |
Adult award registrations | Personal and Sensitive data (special category including citation) | 6 months after the registration | To retain their award registrations for the duration of the eligibility period |
Adult award completions | Personal data and Sensitive data (special category including citation) | Permanent for basic data; name, county, award, membership number, completion date | Historic record of award completions |
Vetting | Personal Data – Disclosure Certificate | 6 months after issue | In line with DBS, Access NI and Disclosure Scotland Code of Practice |
Safeguarding – Adult volunteer perpetrator | Personal and Sensitive data (special category) | Adult – 100 years after case closure. Will include all case notes, including those of witnesses and young person along with any litigation correspondence until it is appropriate to reduce this to a detailed summary of the case. In the event that the allegation is actually disproved or is found to have been mis-recorded in the first place, the record will include a statement that the data subject has been exonerated and the data will be subject to the joining data process retention period. | Required for required for evidence requests from statutory agencies |
Safeguarding – Young person -Welfare | Personal and Sensitive data (special category) | Young Person – 7 years after last communication with the Young Person or Family. | Required for evidence requests from statutory agencies |
Safeguarding – Young person perpetrator | Personal and Sensitive data (special category) | Young Person – 100 years after case closure. Will include all case notes, including those of witnesses and adult volunteers along with any litigation correspondence, until it is appropriate to reduce this to a detailed summary of the case. In the event that the allegation is actually disproved or is found to have been mis-recorded in the first place, the record will include a statement that the data subject has been exonerated and the data will be subject to the joining data process retention period. | Required for evidence requests from statutory agencies |
Incident – personal injury (including sexual abuse/psychological damage) | Personal and Sensitive data (special category) | 4 years after incident, or 4 years after alleged victim turns 18 if later | Fight a case – Limitation act 1980 |
Incident – not involving personal injury | Personal and Sensitive data (special category) | 7 years after incident, or 7 years after alleged victim turns 18 if later | Fight a case – Limitation act 1980 |
Permit Assessments | Personal data | 6 months after the permit expires | Required for permit renewals and queries |
Donor’s details
Data Process | Data Type | Retention | Justification |
Individual Givers | Personal Data | 5 years post last donation | To keep an individual informed of their donation and other fundraising campaigns |
Gift aid declaration | 6 years after the end of the year or accounting period that includes the last donation | HMRC Tax Audit | |
Direct debit mandate | 6 years after the end of the year or accounting period that includes the last Direct Debit | As proof of Direct Debit Instruction (DDI) and to assist in claims against that DDI | |
Partnerships | Personal Data | 3 Years | To answer queries on the donations and maintain a record of partner donor |
Event Registrants’ and Participants’ data
Data Process | Data Type | Retention | Justification |
Ad-hoc events | Personal and Sensitive data (special category) | 2 months after event. Scouting Young People attendance records will be retained for 100 years | Required for enquiries on the event and responding to incidents. The 100 years retention of data is required for evidence requests from statutory agencies |
Annual events | Personal and Sensitive data (special category) | 18 months after event for personal data, 2 months after event for sensitive data (special category). Scouting Young People attendance records will be retained for 100 years | To re-invite the guests to the same event in the following year. The 100 years retention of data is required for evidence requests from statutory agencies |
Event Permits and licenses | Personal data | 6 months after the permit expires | To retain a record of permits and licenses held |
END OF POLICY
Policy approval and review
Policy prepared by: | Gavin Jones-Verity |
Approved by board / management on: | |
Policy became operational on: | |
Next review date: |
Review history
Version # | Date of review | Reviewed by |
1.0 | 07 June 2024 | Gavin Jones-Verity |
Who to contact?
If you have any queries relating to this Data Retention Policy, please contact Gavin Jones-Verity, Section Leader – Scouts (info@firstymcascout.org.uk)
Subject access requests
If you wish to make a subject access request under UK GDPR, please click on the button below: