Animal shelters: destroying owner data
An animal shelter processes not only data about animals, but above all about people. The owner who gives up an animal, the adopter who takes one home, the donor who supports the work and the volunteer who helps out. Name, address, telephone number, an identity document, payment data and sometimes a whole story about the reason for surrender. Part belongs to a contract or a registration, part falls under the tax retention obligation and part should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
The quick answer. The financial administration around adoption fees and donations falls under the seven-year tax retention obligation. Intake and adoption contracts you keep as long as they are needed for settlement and aftercare. Owner data you needed only for a placement you clear out as soon as the animal is rehomed. What may go disappears confidentially and with a certificate.
Two frameworks that run together
At a shelter two things run together. On one side there is the animal registration. A chipped animal sits in a database linked to a keeper, and on rehoming that registration must be put in the new owner's name. On the other side the GDPR applies, which requires not keeping personal data longer than necessary. The registration determines which data you temporarily need to transfer an animal correctly. The GDPR determines that you may not keep that data indefinitely afterwards.
So treat the owner data per type. The data of someone surrendering an animal has a different status than that of a regular donor or a volunteer with a long-standing arrangement. If you make that distinction, you keep exactly what must remain and clear out the rest on time.
Which owner data you process
A shelter records more people data than it seems at first sight. It starts at intake. Whoever gives up an animal fills in a surrender form with name, address and often a reason. That sometimes holds sensitive information about health, behaviour or the home situation. At an adoption the new owner signs an adoption contract, gives an adoption fee and is sometimes screened for suitability. Alongside this you have donors who support you by mandate or transfer and volunteers whose contact data and sometimes a certificate of good conduct you manage. Each of these volumes has its own purpose and therefore its own retention period.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the moment the animal is rehomed or the relationship ends.
| Part | Starting point | Period |
|---|---|---|
| Adoption fee and donation administration | Tax retention obligation | 7 years |
| Intake and surrender form | Settlement and liability | purpose-bound |
| Adoption contract and aftercare | As long as needed for aftercare | purpose-bound |
| Owner identity data | As limited as possible | only what is needed |
| Chip and animal registration | Until the transfer is complete | until rehoming done |
| Donor and volunteer data | As long as the relationship lasts | until relationship ends |
| Correspondence and drafts | No retention obligation | clear out at once |
Use this as a guideline, not a hard rule for every file. When in doubt, weigh the purpose of the data. You will find more background in the GDPR retention periods cheatsheet and in how long to keep documents.
Chip and animal registration linked to an owner
A chip links an animal to a person in a registration database. As long as an animal stays at the shelter, it makes sense that it is in the name of the shelter or the previous keeper. On rehoming, the registration should be put in the new owner's name as soon as possible. If the former keeper stays registered, you needlessly keep a link between an animal and someone who is no longer its owner. So update the registration and clear out the paper handover confidentially afterwards.
The medical side of an animal often runs through a vet. How a practice handles that data is set out in destroying veterinary practice data. For the shelter the same line applies. Keep what is needed for care and transfer, and clear out the rest.
Donors, volunteers and donation data
Many shelters run on gifts and volunteers. Donor data you keep as long as the support relationship lasts, plus the tax period for the financial processing of the donation. If someone cancels their support, you keep the contact data no longer than necessary for settlement. Volunteer files with contact data, arrangements and sometimes a certificate of good conduct you clear out when someone stops and there is no ongoing obligation. How to approach this for an association or charity is set out in destroying charity and association data.
Payment and donation data need extra care. A mandate or account number is sensitive and does not belong in the paper bin or on a shared drive without protection. Handle this data just as carefully as the rest of your administration.
How to handle it in 6 steps
- Split the data into administration, contracts, registration, donors and volunteers.
- Limit the owner's identity data to what the transfer really requires.
- Update the chip registration to the new owner and clear out the handover afterwards.
- Keep the financial administration for seven years.
- Collect what may go in sealed containers, not in the paper bin.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Owner data is destroyed confidentially, because it contains identity, payment and sometimes sensitive data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old office computer or backup with surrender and adoption files belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Why that proof matters is set out in demonstrable destruction for the GDPR. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Owner data to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Leaving the old chip registration in place. Update the link to the new owner.
- Keeping surrender forms forever. After settlement the purpose often lapses.
- Keeping identity copies of the owner. Note only what the transfer requires.
- Treating donor and payment data as ordinary paper. Those need extra care.
- Throwing away unshredded. A surrender file on the street is a reportable data breach.
Frequently asked questions
How long does an animal shelter keep data on a surrenderer or adopter?
The financial administration around the adoption fee falls under the seven-year tax retention obligation. The intake or adoption contract you keep as long as it is needed for settlement and aftercare. Other owner data you keep no longer than necessary for the rehoming.
May a shelter keep a copy of an owner's identity document?
Be restrained here. Note only the data you need to transfer an animal correctly and do not keep a full copy longer than necessary. A copy contains a national ID number and photo and is sensitive.
What do I do with chip and registration data once an animal is rehomed?
Update the registration to the new owner, so the animal is no longer linked to the former keeper. The paper handover you then clear out confidentially once the rehoming is complete.
How do I destroy owner data in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
An animal shelter manages the data of surrenderers, adopters, donors and volunteers, between an animal registration and the GDPR. Update the chip registration to the new owner, keep the financial administration seven years and be restrained with identity copies. Contracts you keep as long as settlement and aftercare require, then clear them out. What may go you have destroyed confidentially with a certificate as proof. That way you protect the people behind the animals and meet both frameworks.
Read also: swimming pools: destroying member data, riding stables: destroying customer data, marinas: destroying berth holder data and the GDPR retention periods cheatsheet.
Have owner data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.