Skip to main content

Data Retention Policy

March 2026

Purpose

This is the Data Retention Policy of The Scout Association, by which we mean, the Association as the national charity (306101) and all its subsidiaries and business units for which its board is responsible for. This includes Scout Stores, Scout Adventures and Unity Insurance Services.

The purpose of this policy is to specify The Scout Association's (“TSA”) guidelines for retaining different types of personal data and for how long.

For clarity, this policy does not include the movement data retention provision. This is because each Local Scout Group, District and County are their own distinct data controllers, separate to TSA.

Scope

This policy covers all data in the possession or control of TSA regardless of the medium in or on which those data are held. Where statute or regulation departs from the requirements of this policy, TSA will comply with the relevant statute or regulation. This policy is regularly reviewed. 

Policy

Personal data

Personal data retention is governed by current Data Protection legislation. Data must be kept accurate, up to date and retained for no longer than is necessary for the purpose for which they were obtained. 
Where a person has requested that we delete all data we hold about them, we may need to retain basic personal data to evidence that we have completed the request.

Lawful purpose for processing

Personal Data can only be processed (including how it is retained) where there is a lawful basis.

TSA relies on different lawful bases depending on what the Personal Data is being used for.

Data subjects also have a number of rights that they can exercise over their Personal Data, such as to delete or rectify it.

More information can be found in our Data Protection Policy.

Maintaining consent or legitimate reasons for retention

TSA needs to communicate with these data subjects to clearly sign post them to their ability to withdraw their consent or challenge the legitimate interest that has been assessed, this is commonly known as ‘opt out’. Where appropriate the data subject should be informed every 2 years of the consent or legitimate interest being used to process their data with an option to update this preference.

A formal retention period for data processing based on consent has not been defined in this policy and is assumed as permanent until the data subject exercises their rights to cease the processing activity. Examples of processing covered by this statement are subscribers to newsletters, photograph consents and marketing communications.


Annex A - Retention periods

The following retention periods are analysed into the categories of data held within TSA, these are as follows:

  • Across the Movement
  • Awards
  • Safety & Safeguarding
  • Donors
  • Event Registrants’ and Participants
  • Heritage Archives
  • Legal Services
  • TSA Staff Data
  • Complaints, Customer Service, Communication & Whistleblowing
  • Unity Insurance Services
  • Scout Store
  • Scout Adventures and Scout Venues

The retention period is applicable at the point where the relationship has finished, for example where a member has left the organisation.

The same piece of data may be held by different teams and for different purposes. It will therefore be covered by the retention policy for each purpose, and so retained by the organisation for the longer of the stated periods.

This section covers data we hold on our members, volunteers and others who are recorded on our systems. 

Data Process

Data Type

Retention

Justification

Want to Join Personal data 1 year after enquiry or until member joins, whichever is shorter. To keep them informed of their joining status.

Joining – including the role, dates of joining and permits

Personal and Sensitive data (special category) 10 years after leaving the data will be reduced to only include name, address, membership number, date of birth, roles, training, permits, accreditations, suspensions awards, training records, events attended, length of service, safeguarding flags. This remaining data will be retained for 100 years. The 10-year retention of all data is required to provide tenure and service records in the event an individual wants to re-join. The 100 years retention of data is required for evidence requests from statutory agencies or internal safeguarding investigations.
Grant Applications (successful and unsuccessful) Personal and sensitive data (special category data) 3 years from the date the grant decision is made. Anonymised records of grants are retained for longer   For repeat applications and for responding to queries and complaints
Membership System Audit and Log in Data

Personal & Special 

 

Audit History containing all amendments made to records is retained for three years. Details of individual log ins including details such as time location and IP addresses is retained for two years

 

For the purpose of retaining accurate auditable data for data security purposes, and to investigate any possible issues or complaints that may arise. 
Research -  surveys and other methodologies

Personal and Sensitive data (special category)

 

2 years (This is a guide only and may differ for specific research. Retention periods will be stated at the point of collection).

 

To allow sufficient time for data analysis and challenge.
Anonymised data may be retained for longer.

 

Scouts Experience Survey

Personal and Sensitive data (special category)

 

15 Years

 

 

To keep a collation of completing members and compare answers from the previous years.

 

Scout Stories Personal data

5 years after submission

Required for the Media team to ascertain if a story is newsworthy during this period.

Data Process

Data Type

Retention

Justification

Youth Top Award registrations

Personal and Sensitive data

6 months after the member turns 25.

To retain their award registrations for the duration of the eligibility period.

Youth Top Award completions

Personal data and Sensitive data

Permanent for basic data; name, location, award, membership number, HQ approval date and Windsor attendance status (where relevant).
For KSA and Explorer Belt data: Other data is deleted three years after the award completion date.
For SOWA data: Other data is deleted one year after the award completion date.

Historic record of award completions.

Youth MC/G/CSB/CSPA award nominations

Personal and Sensitive data (special category including citation)

Successful awards: Permanent.
Unsuccessful awards: One year after decision by HQ.

To retain their award nominations/locally made decisions for the purpose of processing awards.
Successful awards: Historic record of awards.

Adult GS/MC/G/CSB/CSPA award nominations made locally

Personal and Sensitive data (special category including citation)

Successful awards: Permanent.
Unsuccessful awards: One year after decision by HQ.

To retain their award nominations/locally made decisions for the purpose of processing awards.
Successful awards: Historic record of awards.

Department for Digital, Culture, Media & Sport (DCMS) Award nomination at local Scout Group

Personal data and Sensitive data (special category including citation)

Where TSA are approached by a local group in relation to a possible national honour nomination, TSA will retain the information for two years from the initial contact.
Where TSA are informed that the local group have made a submission to DCMS, TSA will retain the information for three years from the date of submission.

To assist with progressing award nominations.

Department for Digital, Culture, Media & Sport (DCMS) Award nomination direct to TSA

Personal data and Sensitive data (special category including citation)

Where TSA are approached by DCMS in relation to a possible national honour nomination, TSA will retain the information for two years from the initial contact.

To retain their award registrations for the duration of the eligibility period.

 

Data Process

Data Type

Retention

Justification

Vetting

Personal Data – Disclosure Certificate

6 months after issue. Details of any offences and alleged offences may be retained in order to support ongoing suitability risk assessments.

6 months after issue. Details of any offences and alleged offences may be retained in order to support ongoing suitability risk assessments.

Safeguarding – Adult volunteer ’person of concern’

Personal and Sensitive data (special category)

Adult – 100 years after case closure. Will include all case notes, including those of witnesses and young person along with any litigation correspondence. In the event that the allegation is actually disproved or is found to have been mis-recorded in the first place, the record will include a statement that the data subject has been exonerated and the data will be subject to the joining data process retention period.

Required for evidence requests from statutory agencies or internal safeguarding investigations.

Safeguarding – Young person -Welfare

Personal and Sensitive data (special category)

Young Person – 7 years after last communication with the Young Person or Family. 

Required for evidence requests from statutory agencies or internal safeguarding investigations.

Safeguarding – Young person ’person of concern’

Personal and Sensitive data (special category)

Young Person – 100 years after case closure. Will include all case notes, including those of witnesses and adult volunteers along with any litigation correspondence. In the event that the allegation is actually disproved or is found to have been mis-recorded in the first place, the record will include a statement that the data subject has been exonerated and the data will be subject to the joining data process retention period.

Required for evidence requests from statutory agencies or internal safeguarding investigations.

Safety Incident (Adult) –including personal injury details (covering sexual abuse/psychological damage) and cases with no personal injury identified 

Personal and Sensitive data (special category)

20 Years after the incident.

To address a legal claim, offer support and identify trends.

Safety Incident (Young Person) – including personal injury details (covering sexual abuse/psychological damage) and cases with no personal injury identified

Personal and Sensitive data (special category)

20 Years after the young person turns 18.

To address a legal claim, offer support and identify trends.

Data Process

Data Type

Retention

Justification

Individual Givers

Personal Data

5 years post last donation or last positive interaction with Scouts Fundraising Team, whichever is longer.

To keep an individual informed of their donation and other fundraising campaigns.

Direct debit mandate

6 years after the end of the year or accounting period that includes the last Direct Debit.

As proof of Direct Debit Instruction (DDI) and to assist in claims against that DDI.

Partnerships

Personal Data

3 Years

To answer queries on the donations and maintain a record of partner donors.

Legacy Donors

Personal Data

In perpetuity.

To maintain record of the donation.

Major Donors

Personal Data

5 years post last donation or last positive interaction with Scouts Fundraising Team, whichever is longer.

To keep an individual informed of their donation and other fundraising campaigns.

All donations – transaction information (including Gift aid declaration)

Personal Data

6 years after the end of the year or accounting period.

For audit purposes (including HMRC Tax Audit).

Data Process

Data Type

Retention

Justification

Ad-hoc events

Personal and Sensitive data (special category)

12 months after event. Scouting young people and adult volunteer attendance records (name, email, scout unit, membership number) will be retained for 100 years.

Post event administration, incident management, evaluation, budgeting, recognition and responding to enquiries. The 100 years retention of data is required for evidence requests from statutory agencies, internal safeguarding or safety investigations and insurance claims.

Annual events

Personal and Sensitive data (special category)

18 months after event. Scouting young people and adult volunteer attendance records (name, email, scout unit, membership number)  will be retained for 100 years.

Post event administration, incident management, evaluation, budgeting, recognition and responding to enquiries. The 100 years retention of data is required for evidence requests from statutory agencies, internal safeguarding or safety investigations and insurance claims.

International events

Personal and Sensitive data (special category)

5 years after event for. Scouting Young People and adult volunteer attendance records will be retained for 100 years.

Post event administration, incident management, evaluation, budgeting, recognition and responding to enquiries The 100 years retention of data is required for evidence requests from statutory agencies, internal safeguarding or safety investigations and insurance claims.

Data Process

Data Type

Retention

Justification

Heritage Collection (includes business archive)

Personal data

Permanent

Required for historical, research and statistical purposes.

Donor (entry and accession) records/registers

Personal data

Permanent

Required for historical, research and statistical purposes.

Information gathered as a result of an enquiry including unsuccessful donation offers

Personal data

2 years after enquiry is complete

Required to check for repeat enquiries.

Object exit files and register

Personal data

Permanent

Required for historical, research and statistical purposes.

Day books/Index Cards

Personal data

Permanent

Required for historical, research and statistical purposes.

Loan In and Out files

Personal data

Permanent

Required for historical, research and statistical purposes.

Data Process

Data Type

Retention

Justification

Estate deeds and associated information, including communications

Personal data

Permanent

Required for proof of ownership.

Estate claims against deeds

Personal data

12 years from the breach of obligation

Fight a case – Limitation Act 1980.

Various pre action and litigated actions, to include: simple claims in contract, tort, fraud or negligence

Personal and Sensitive data (special category)

6 years from the closure of the case 
For pre action personal injury claims relating to a minor for 4 years beyond the date upon which the minor attains the age of 21

Fight a case – Limitation Act 1980.

Litigation action: defamation

Personal and Sensitive data (special category)

1 year from the publication of defamatory act

Fight a case – Limitation Act 1980.

Legacies

Personal and sensitive data (special category)

12 years from the administration of the estate

Fight a case – Limitation Act 1980.

Subject Access Request (SAR) & other Subject Rights Requests

Personal data

7 years after the SAR has been closed, or 7 years after the data subject turns 18 if later. ID documents are not retained. 

Fight a case – Limitation Act 1980.

Contracts

Personal data

6 - 12 years beyond the end of the contract depending on the type of contract.  If externally funded the time period specified in the funding agreement.

Required as part of the Limitation Act 1980.

General advice

Personal data

6 years unless required longer for TSA to defend a position where general advice has been given

Fight a case – Limitation Act 1980.

Data Process

Data Type

Retention

Justification

Income tax and NI records

Personal data

6 years from the end of financial year to which they relate.

The Income Tax (Employments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No. 6) Regulations 1996 (SI 1996/2631).

Payroll wage/salary records (also overtime, bonuses, expenses)

Personal data

6 years from the end of the tax year to which they relate.

Taxes Management Act 1970.

Retirement Benefits Schemes – records of notifiable events, for example, relating to incapacity

Personal data

 

6 years from the end of the scheme year in which the event took place.

 

The Retirement Benefits Schemes (Information Powers) Regulations 1995 (SI 1995/3103).

MATB1 and associated Family Leave Pay Records

Personal data

3 years after the employee has had their baby.

The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended Maternity & Parental Leave Regulations 1999.

Working time records

Personal data

2 years from date on which they were made.

The Working Time Regulations 1998 (SI 1998/1833).

Personnel records (full record including training)

Personal and Sensitive data (special category)

6 years after the employee has left. After this period only the name, role history and contact details are retained on our HR system for 25 years. 

The full record is retained in order to defend against tribunals or county or high court claim. The reduced record is retained for the purpose of responding to reference requests. 

Recruitment records

Personal data

6 months after the candidate has not been successful unless they opt in to join the talent pool. Data will be held on the talent pool for two years, and will be used to contact people about future vacancies that may be of interest to them.

To defend against tribunals or county or high court claim. The data is retained on the Talent Pool to contact people about future vacancies that may be of interest to them.

Emails and personal data volumes

Personal and Sensitive data (special category)

6 months after the employee has left.

To answer queries that are contained in these data sources.

Swipe Card Data

Personal data 

Photographs will be deleted when employee has left. The data around movement around buildings will be retained for three years following the employee leaving.

To address any potential legal claims or enquiries. 

Data Process

Data Type

Retention

Justification

Complaints Process

Personal and Sensitive data (special category)

6 years from the final recorded communication from the complainant about the complaint.

Required as part of the Limitation Act 1980.

Whistleblowing Process

Personal and Sensitive data (special category)

6 years from the final recorded communication from the person raising the issue about the case. Where a case is raised anonymously, 6 years from the date the case is concluded. 

Required as part of the Limitation Act 1980.

Records of outbound bulk emails (including membership emails) and relevant metadata

Personal data

10 years after the sent date.

For the purpose of evidencing communication and successful delivery. 

Customer Contact Information on our Customer Service Platform (Teams across TSA use the platform including The Support Centre)

Personal and Sensitive data (special category)

Records of contacts are retained for 5 years.

To retain accurate business records and assist with further enquiries.

Site Visitors (including contractors)

Personal data

Vehicle registration number and phone number stored for the duration of visit. Name, organisation and safeguarding declaration retained for 3 years after visit

To retain accurate visitor records

 

Data Process

Data Type

Retention

Justification

Non-liability cover

Personal and Sensitive data (special category)

7 Years after case closure.

Claims management and advisory stipulations of the regulator(s), currently the Financial Conduct Authority.

Liability cover

Personal and Sensitive data (special category)

In perpetuity

Claims management and advisory stipulations of the regulator(s), currently the Financial Conduct Authority.

Prospect customers - enquiries

Personal data

18 months after enquiry.

To keep in communication with the enquirer.

 

Data Process

Data Type

Retention

Justification

Scout Store purchase

Personal data

1 Year after account closure.

Required for enquiries on purchases and account.

Transaction data

6 Years after the end of the tax year for that purchase or duration of warranty period, whichever is longest.

HMRC Tax Audit or warranty period.

Prospect customers - enquiries

Personal data

18 months after enquiry.

To keep in communication with the enquirer.

Data Process

Data Type

Retention

Justification

Scout Adventure Centre attendance and booking (including White House bookings)

Personal and Sensitive data (special category)

6 Years after the end of the tax year for that purchase.

Required for enquiries about further booking, HMRC tax audits and to maintain business records

Prospect customers - enquiries

Personal data

2 years after the enquiry.

To keep in communication with the enquirer, and to respond to further enquiries