Data Retention Policy

Purpose

This is the Data Retention Policy of 1st St Helens (YMCA) Scout Group. This includes all operations for which the Trustee Board is directly responsible.

The purpose of this policy is to specify 1st St Helens (YMCA) Scout Group’s guidelines for retaining different types of data and for how long.

Scope

This policy covers all data in the possession or control of 1st St Helens (YMCA) Scout Group regardless of the medium in which the data is held. Where statute or regulation departs from the requirements of this policy, 1st St Helens (YMCA) Scout Group will comply with the relevant statute or regulation. This policy may be updated from time to time.

Personal Data

Personal data retention is governed by current Data Protection legislation. These data must be kept accurate, up to date and retained for no longer than is necessary for the purpose for which they were obtained. Detail of retention periods can be found in Annex A – Retention periods.

Lawful Purpose for Processing

Where personal data is processed using the lawful basis of legitimate interest or consent, the data subject has a number of rights that they can exercise over this data, such as delete or rectify. Communications with these data subjects will need to clearly sign post them to their ability to withdraw this consent or challenge the legitimate interest that has been assessed, this is commonly known as ‘opt out’. Where appropriate the data subject should be informed every 2 years of the consent or legitimate interest being used to process their data with an option to update this preference. A formal retention period for data processing based on consent has not been defined in this policy and is assumed as permanent until the data subject exercises their rights to cease the processing activity.

Examples of processing covered by this statement are subscribers to newsletters, photograph consents and marketing communications.

Annex A – Retention Periods

Young people

Data Process	Data Type	Retention	Justification
Pre-join enquiries	Personal data	1 year after enquiry or until young person joins, whichever is shorter	Required for placing individual on a waiting list for a place
Joining	Personal and Sensitive date (special category)	10 years after a young person leaves	Required for enquiries on membership and to respond to enquiries from HQ or statutory agencies regarding incidents
Events	Personal and Sensitive date (special category)	2 years after a young person leaves	Required for enquiries on the event and responding to incidents
Safeguarding	NA – See TSA Safeguarding policy	NA – See TSA Safeguarding policy	NA – See TSA Safeguarding policy
Incident – No medical intervention	Personal and Sensitive data	7 years after incident, or 7 years after individual turns 18 if later	Legal claims raised against the incident
Training records	Personal data	2 years after the young person leaves	Required for any re-joins to connect them back to their training records
Attendance register	Personal data	18 months	Required to complete annual registration review
HQ Youth award registrations	Personal and Sensitive data (special category including citation)	6 months after the award completion	To retain their award registrations for the duration of the eligibility period
HQ Youth award completions	HQ Youth award completions	HQ Youth award completions	To retain their award registrations for the duration of the eligibility period Historic record of award completions

Adult volunteers

Data Process	Data Type	Retention	Justification
Pre-join enquiries	Personal data	1 year after enquiry or until adult volunteer joins, whichever is shorter	Required for placing individual on a waiting list for a place
Joining	Personal and Sensitive data (special category)	2 Years after the adult volunteer leaves	Required for enquiries on membership
Adult Information Form	Personal and Sensitive data (special category)	12 months or until approval checks and “Getting started” training is complete, whichever is shortest	Required to assist in the appointment process
Identity Checking Form	Personal data	Until ID data has been submitted to DBS and the vetting process is complete	Required to verify that the identity has been checked.
Events	Personal and Sensitive data (special category)	2 years after event	Required for enquiries on the event and responding to incidents
Safeguarding	NA – See TSA Safeguarding policy	NA – See TSA Safeguarding policy	NA – See TSA Safeguarding policy
Incident – No medical intervention	Personal and Sensitive data	7 years after incident, or 7 years after individual turns 18 if later	Legal claims raised against the incident
Training records	Personal data	2 Years after the young person leaves	Required for any re-joins to connect them back to their training records
Appointments Advisory Committee notes	Personal data	18 months	Required to review any training needs of adult volunteers
Adult award registrations	Personal and Sensitive data (special category including citation)	6 months after the award completion	To retain their award registrations for the duration of the eligibility period
Adult award completions	Personal data and Sensitive data (special category including citation)	6 months after the award completion HQ will retain the data permanently for basic data; name, county, award, membership number, completion date	To retain their award registrations for the duration of the eligibility period Historic record of award completions

Parents

Data Process	Data Type	Retention	Justification
Pre-join enquiries	Personal data	1 year after enquiry or until young person joins	Required for placing young person on a waiting list for a place
Joining	Personal data	2 Years after the young person leaves	Required for enquiries on membership
One off events	Personal data	2 years after event	Required for enquiries on the event and responding to incidents
Safeguarding	N/A – See TSA Safeguarding Policy	N/A – See TSA Safeguarding Policy	N/A – See TSA Safeguarding Policy
Incident – No medical intervention	Personal data	7 years after incident, or 7 years after individual turns 18 if later	Legal claims raised against the incident

Donors’ details

Data Process	Data Type	Retention	Justification
Individual Givers	Personal Data	5 years post last donation	To keep an individual informed of their donation and other fundraising campaigns
	Gift aid declaration	6 years after the end of the year or accounting period that includes the last donation	HMRC Tax Audit
	Direct debit mandate	6 years after the end of the year or accounting period that includes the last Direct Debit	As proof of Direct Debit Instruction (DDI) and to assist in claims against that DDI
Partnerships	Personal Data	3 years	To answer queries on the donations and maintain a record of partner donor
Legacy Donors	Personal Data	In perpetuity.	To maintain record of the donation.
Major Donors	Personal Data	5 years post last donation or last positive interaction with Scouts Fundraising Team, whichever is longer.	To keep an individual informed of their donation and other fundraising campaigns.
All donations – transaction information (including Gift aid declaration)	Personal Data	6 years after the end of the year or accounting period.	For audit purposes (including HMRC Tax Audit).

END OF POLICY

---

Policy approval and review

Policy prepared by:	Gavin Jones-Verity
Approved by board / management on:	March 9 2026
Policy became operational on:	March 9 2026
Next review date:	July 9 2026 (amendments pursuant to DUAA 2025)

Review history

Version #	Date of review	Reviewed by
1.0	March 9 2026	Trustee Board

Who to contact?

If you have any queries relating to this Data Retention Policy, please contact Gavin Jones-Verity, Group Lead Volunteer. (info@firstymcascout.org.uk)