arrow_back All policies

Data Retention Schedule

How long we keep different categories of personal data, and on what basis.

Version 1.0 · 5 May 2026 · Adopted 19 May 2026

1. Purpose

Under Article 5(1)(e) GDPR, personal data must be ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed’. This is the principle of storage limitation. This Retention Schedule sets out, for each main category of personal data Tenpin Ireland processes, the purpose, the legal basis, and the standard retention period. It replaces the table at the end of the May 2018 Privacy Policy.

2. How to read this schedule

  • ‘Retention period’ means the period during which we hold personal data in identifiable form. After the period ends, we delete the data, anonymise it, or reduce identifiers to the minimum needed for any continuing purpose.
  • ‘Last active season’ means the last bowling season in which the member competed, paid a renewal, or was otherwise an active member of Tenpin Ireland.
  • ‘Reviewed every X years’ means the DPO checks whether continued retention is still justified. If it is, the period restarts; if not, the data is reduced or deleted.

3. Adult members and other adult data subjects

CategoryPurposeLegal basisRetention
Adult member registration and contact dataMembership administrationContract; legitimate interestsWhile a member; deleted 3 years after last active season
Adult competition entriesEvent administrationContract1 year after the event
Adult competition results, rankingsHistorical record of the sportLegitimate interestsRetained as a sport record; full identifiers reviewed every 5 years
Adult coaching and officiating qualificationsSport administration; safeguardingLegal obligation; legitimate interests5 years after the qualification expires
Vetting data (adults working with children)SafeguardingLegal obligation5 years after the vetting application or as required by legislation
Health and special category data voluntarily disclosed by adultsReasonable accommodation; safetyExplicit consent (Article 9(2)(a))1 year on receipt of a new annual membership form, or until no longer necessary
Adult marketing communications data and preferencesNewslettersConsentUntil the individual withdraws consent
Adult disciplinary and complaints recordsSport administrationLegitimate interests; legal obligation7 years from the conclusion of the matter
Adult financial records (memberships, entries)Accounting and auditLegal obligation6 years (as required by Revenue and the Companies Acts)

4. Junior members (under 18)

Children’s data is given specific protection under the GDPR and the Data Protection Act 2018. The previous Privacy Policy retained competition results indefinitely; we are not continuing that practice for juniors. The schedule below replaces it. See also the Children’s Data Policy for additional context.

CategoryPurposeLegal basisRetention
Junior member registration and contact dataMembership administrationContract; legitimate interests applied conservativelyWhile a junior member; deleted 1 year after last active junior season unless they transition to senior membership
Parental contact data for junior membersCommunication; consent managementContract; legitimate interestsWhile the child is a junior member
Junior competition entriesEvent administrationContract1 year after the event
Junior competition results in identifiable form (online)Reporting current and recent performanceLegitimate interests applied conservativelyCurrent and previous season; thereafter removed from public publication
Junior competition results retained for the historical record (internal)Historical record of junior bowlingLegitimate interestsPersonal identifiers reduced (first name and last initial) or anonymised after the public publication period; reviewed at age 18
Photographs and video of identifiable juniorsPromoting the sport; event recordsSpecific parental consentRemoved from public channels at end of season in which the junior turns 18 unless fresh adult consent is given; otherwise on request
Health and special category data of juniorsSafety; reasonable accommodationExplicit parental consent (Article 9(2)(a))1 year on receipt of a new annual membership form, or until no longer necessary
Safeguarding and child protection recordsSafeguarding obligationsLegal obligationRetained as required by law and Sport Ireland safeguarding guidance
Junior disciplinary and complaints recordsSport administrationLegitimate interests; legal obligation7 years from the conclusion of the matter; sensitive content reviewed at age 18

5. Operational and governance data

CategoryPurposeLegal basisRetention
Officer and volunteer contact dataGovernance; administrationLegitimate interests; contractWhile in role; deleted 1 year after leaving role
Board meeting minutes and decisionsGovernanceLegal obligation; legitimate interestsRetained indefinitely as a corporate record (with personal data minimised)
Email correspondence held by officers and volunteersOperationalLegitimate interestsReviewed annually; routinely deleted after 2 years unless required for a specific purpose
IT logsSecurity; troubleshootingLegitimate interests12 months unless required for breach investigation
CCTV (if any at owned premises)SecurityLegitimate interests30 days unless required for an incident

6. Backups and archives

Personal data may persist in routine backups for a short period after deletion from the primary system. Backups are retained for no longer than is necessary for resilience purposes (typically up to 90 days), are protected by appropriate security measures, and are not used as a substitute for live records. Where a deletion request is honoured on the live system, the backup will not be restored without re-applying the deletion.

7. Anonymisation as an alternative to deletion

Where there is a legitimate ongoing purpose (for example, the historical record of the sport) but personal identification is no longer needed, we anonymise rather than retain. Anonymised data is no longer personal data, but only if individuals cannot be re-identified directly or indirectly. The DPO assesses whether reduction (e.g. to first name and last initial) is sufficient or whether full anonymisation is required.

8. Roles

  • Owners: each system or category of records has a named owner (a Tenpin Ireland officer) who is accountable for applying the schedule.
  • DPO: monitors compliance with the schedule and advises on edge cases.
  • Board: approves the schedule and reviews it annually.

9. Review

This schedule is reviewed at least annually by the DPO and the Board, and whenever there is a material change to law, DPC guidance, or Tenpin Ireland’s processing.

10. Adoption

This Data Retention Schedule was adopted by the Executive Board of Tenpin Ireland on 19 May 2026.