Data Retention Policy

June 2024

Purpose

This is the Data Retention Policy of 1st St Helens (YMCA) Scout Group. This includes all operations for which the Group Exec is directly responsible. 

The purpose of this policy is to specify 1st St Helens (YMCA) Scout Group’s guidelines for retaining different types of data and for how long.

Scope

This policy covers all data in the possession or control of 1st St Helens (YMCA) Scout Group regardless of the medium in or on which those data are held. Where statute or regulation departs from the requirements of this policy, 1st St Helens (YMCA) Scout Group will comply with the relevant statute or regulation. This policy may be updated from time to time.

Personal Data

Personal data retention is governed by current Data Protection legislation. These data must be kept accurate, up to date and retained for no longer than is necessary for the purpose for which they were obtained. Detail of retention periods can be found in Annex A – Retention periods.

Lawful Purpose for Processing

Where personal data is processed using the lawful basis of legitimate interest or consent, the data subject has a number of rights that they can exercise over this data, such as delete or rectify. Communications with these data subjects will need to clearly sign post them to their ability to withdraw this consent or challenge the legitimate interest that has been assessed, this is commonly known as ‘opt out’. Where appropriate the data subject should be informed every 2 years of the consent or legitimate interest being used to process their data with an option to update this preference. A formal retention period for data processing based on consent has not been defined in this policy and is assumed as permanent until the data subject exercises their rights to cease the processing activity.

Examples of processing covered by this statement are subscribers to newsletters, photograph consents and marketing communications.

Annex A – Retention Periods

Members and Volunteer’s data

Data ProcessData TypeRetentionJustification
Want to JoinPersonal data15 years after enquiry or until member joins, whichever is shorterTo keep them informed of their joining status
Joining –
including the role and dates of joining
Personal and Sensitive data (special category)10 years after leaving the data will be reduced to only include name, date of birth, awards, training records, events attended, roles and permits held and any complaints in summary format. This remaining data will be retained for 100 years.The 10-year retention of all data is required to provide tenure and service records in the event an
individual wants to re-join. The 100 years retention of data is
required for evidence requests from statutory agencies
Youth award registrationsPersonal and Sensitive
data (special category including citation)
6 months after the member turns 25To retain their award registrations for the duration of the eligibility period
Youth award completionsPersonal data and Sensitive data (special category including citation)Permanent for basic data; name, county, award, membership number, completion dateHistoric record of award completions
Adult award registrationsPersonal and Sensitive data (special category including citation)6 months after the registrationTo retain their award registrations for the duration of the eligibility period
Adult award completionsPersonal data and Sensitive data (special category including citation)Permanent for basic data; name, county, award, membership number, completion dateHistoric record of award completions
VettingPersonal Data – Disclosure Certificate6 months after issueIn line with DBS, Access NI and Disclosure Scotland Code of Practice
Safeguarding – Adult volunteer perpetratorPersonal and Sensitive data (special category)Adult – 100 years after case closure. Will include all case notes, including those of witnesses and young person along with any litigation correspondence until it is appropriate to reduce this to a detailed summary of the case. In the event that the allegation is actually disproved or is found to have been mis-recorded in the first place, the record will include a statement that the data subject has been exonerated and the data will be subject to the joining data process retention period.Required for required for evidence requests from statutory agencies
Safeguarding – Young person -WelfarePersonal and Sensitive data (special category)Young Person – 7 years after last communication with the Young Person or Family. Required for evidence requests from statutory agencies
Safeguarding – Young person perpetratorPersonal and Sensitive data (special category)Young Person – 100 years after case closure. Will include all case notes, including those of witnesses and adult volunteers along with any litigation correspondence, until it is appropriate to reduce this to a detailed summary of the case. In the event that the allegation is actually disproved or is found to have been mis-recorded in the first place, the record will include a statement that the data subject has been exonerated and the data will be subject to the joining data process retention period.Required for evidence requests from statutory agencies
Incident – personal injury (including sexual abuse/psychological damage)Personal and Sensitive data (special category)4 years after incident, or 4 years after alleged victim turns 18 if laterFight a case – Limitation act 1980
Incident – not involving personal injuryPersonal and Sensitive data (special category)7 years after incident, or 7 years after alleged victim turns 18 if laterFight a case – Limitation act 1980
Permit AssessmentsPersonal data6 months after the permit expiresRequired for permit renewals and queries

Donor’s details

Data ProcessData TypeRetentionJustification
Individual GiversPersonal Data5 years post last donationTo keep an individual informed of their donation and other fundraising campaigns
Gift aid declaration6 years after the end of the year or accounting period that includes the last donationHMRC Tax Audit
Direct debit mandate6 years after the end of the year or accounting period that includes the last Direct DebitAs proof of Direct Debit Instruction (DDI) and to assist in claims against that DDI
PartnershipsPersonal Data3 YearsTo answer queries on the donations and maintain a record of partner donor

Event Registrants’ and Participants’ data

Data ProcessData TypeRetentionJustification
Ad-hoc eventsPersonal and Sensitive data (special category)2 months after event. Scouting Young People attendance records will be retained for 100 yearsRequired for enquiries on the event and responding to incidents. The 100 years retention of data is required for evidence requests from statutory agencies
Annual eventsPersonal and Sensitive data (special category)18 months after event for personal data, 2 months after event for sensitive data (special category). Scouting Young People attendance records will be retained for 100 yearsTo re-invite the guests to the same event in the following year. The 100 years retention of data is required for evidence requests from statutory agencies
Event Permits and licensesPersonal data6 months after the permit expiresTo retain a record of permits and licenses held

END OF POLICY


Policy approval and review

Policy prepared by:Gavin Jones-Verity
Approved by board / management on: 
Policy became operational on: 
Next review date: 

Review history

Version #Date of reviewReviewed by
1.007 June 2024Gavin Jones-Verity

Who to contact?

If you have any queries relating to this Data Retention Policy, please contact Gavin Jones-Verity, Section Leader – Scouts (info@firstymcascout.org.uk)

Subject access requests

If you wish to make a subject access request under UK GDPR, please click on the button below:

Skip to content