The Trustee Board is responsible for this policy.
Last updated 27th April, 2026.
Data Retention Policy (v1.0)
This Data Retention Policy aims to specify 1st Bournville Scout Group guidelines for retaining different types of data and for how long. It covers all data held by the 1st Bournville Scout Group, including the Squirrels, Beavers, Cubs, Scouts, Volunteers, and Parents/Guardians, regardless of the medium in or on which the data is held.
Where a statute or regulation departs from the requirements of this policy, 1st Bournville Scout Group will comply with the relevant statute or regulation. This policy will be reviewed annually.
Personal data retention is governed by current data protection legislation. Data must be accurate, kept up to date and retained for no longer than is necessary for the purpose for which it was obtained. Details of retention periods are set out in the tables below.
The retention periods set out in this policy cover data routinely collected and stored by the 1st Bournville Scout Group. Any other personal data required for ad hoc purposes will be destroyed as soon as it is no longer necessary.
1. Young People
| Data Process | Data Type | Retention | Justification |
| Pre Join Enquiries | Personal Data | Until a place is offered or the parent/guardian advises the place is no longer required. | To place them on the waiting list for a place and keep them informed of progress |
| Joining (Manual process in OSM) | Personal and Sensitive Data (Special Category) | 5 years after a Young Person leaves the group their OSM record is anonymised which removes all personal data except initials and DOB | For enquiries on membership and to assist re-joining |
| Events | Personal and Sensitive Data (Special Category) | 15 years after event (N.B any consent provided for photos and videos will be kept with the Personal data and Consent records). | Required for enquiries on the event and responding to incidents, future claims and to assist with badge records |
| Safety Accident Reports (Requires manual expiry date or manual deletion in OSM) | Personal and Sensitive Data | Until the Young Person is 25. Accident records maybe be shared with Scout UK. | Legal claims raised against the incident. |
| Badge/Training Records | Personal Data | 12 Years after the Young Person leaves (Young person’s record anonymised to initials and DoB after 5 years and fully deleted 7 years later | Required for any re-joins to connect them back to their training records |
| Attendance Register | Personal Data | 15 Years | Required for annual review of register attendance or for incident investigations |
| Photos & Video | Personal and Sensitive Data (Special Category) | Indefinite, or until the subject requests deletion. | This makes up the permanent record and history of the Group. The photos may already be in the public domain and may not be able to remove. |
2. Adult Volunteers
| Data Process | Data Type | Retention | Justification |
| Pre Join Enquiries | Personal Data | Until adult volunteer is added to ‘My Membership’ | To prove enquiry and keep them informed of progress. |
| Joining | Personal and Sensitive Data (Special Category) | Any personal information held by the Group in OSM will be deleted when the Adult Volunteer leaves the group. The Scout Association will hold personal data for longer, see https://www.scouts.org.uk/about-us/policy/data-retention-policy/ for more details | Most adult member data is held by the Scout Association so the Group does not need to also retain any personal data. |
| Events | Personal and Sensitive Data (Special Category) | 15 years after event or when Adult volunteer leaves the group, whichever is sooner (N.B any consent provided for photos and videos will be kept with the Personal data and Consent records). | Required for enquiries on the event and responding to incidents, future claims and to assist with badge records |
| Safety Accident Reports (Requires manual expiry date or manual deletion in OSM) | Personal and Sensitive Data | 3 years after the incident. Accident records maybe be shared with Scout UK. | Legal claims raised against the incident. |
| Accounting | Personal Data | 6 years from the end of the accounting period during which any transaction took place | Required by charity reporting and accounting regulations. |
| Complaints | Personal Data | 1 year after the complaint has been resolved/concluded. | To enable the complaint to be dealt with and to allow for any follow up. |
| Photos & Video | Personal and Sensitive Data (Special Category) | Indefinite, or until the volunteer requests deletion. | This makes up the permanent record and history of the Group. The photos may already be in the public domain and may not be able to remove. |
3. Parent & Guardian
| Data Process | Data Type | Retention | Justification |
| Pre Join Enquiries | Personal Data | Until a place is offered or the parent/guardian advises the place is no longer required. | To place them on the waiting list for a place and keep them informed of progress |
| Joining (Manual process in OSM) | Personal and Sensitive Data (Special Category) | 5 years after a Young Person leaves the group their OSM record is anonymised which removes all personal data except initials and DOB | For enquiries on membership and to assist re-joining |
| Events | Personal and Sensitive Data (Special Category) | 15 years after event (N.B any consent provided for photos and videos will be kept with the Personal data and Consent records). | Required for enquiries on the event and responding to incidents, future claims and to assist with badge records |
| Safety Accident Reports (Requires manual expiry date or manual deletion in OSM) | Personal and Sensitive Data | 3 years after the incident. Accident records maybe be shared with Scout UK. | Legal claims raised against the incident. |
| Complaints | Personal Data | 1 year after the complaint has been resolved/concluded. | To enable the complaint to be dealt with and to allow for any follow up. |
| Photos & Video | Personal and Sensitive Data (Special Category) | Indefinite, or until the volunteer requests deletion. | This makes up the permanent record and history of the Group. The photos may already be in the public domain and may not be able to remove. |
4. Donors
| Data Process | Data Type | Retention | Justification |
| Individual Givers | Personal Data | 6 years from the end of the accounting period during which any transactions took place, | To keep informed about donation and to retain details for Gift Aid |
| Individual Givers | Gift Aid Declaration | 6 years from the end of the accounting period during which any transactions took place, | HMRC Tax Audit |
| Individual Givers | Direct Debit Mandate | 6 years after the end of the year or accounting period that includes the last Direct Debit. | As proof of Direct Debit Instruction (DDI) and to assist in claims against that DDI. |
5. Suppliers
| Data Process | Data Type | Retention | Justification |
| Supplier Information | Personal Data/Invoices | Policy applies 7 years after any purchase | Invoice information held with financial records. Data also on fie in case warranty claim needs to be made. |