HomeKnowledge base › Petrol stations and customer data
Retail

Petrol stations: destroying customer data

Receipts, fuel-card statements and customer data of a petrol station ready for confidential destruction

A petrol station processes more personal data than a pump and a till suggest. Fuel-card and customer-card numbers, loyalty and savings programmes, receipts on thermal paper, CCTV footage at the pumps, payment and transaction data and your staff files all run through the administration. Part falls under the tax retention obligation, part should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: transaction and payment data falls under the tax seven years. Loyalty and customer-card data you keep as long as the programme runs. CCTV footage you keep about four weeks. What may go disappears confidentially and with a certificate as proof.

Which data passes through a petrol station

At first glance a petrol station is a place for fuel and a shop, but behind the counter sits a collection of personal data. For the business customer it is fuel cards and customer cards tied to a number plate, an employee or a company. For the private customer it is payment data, savings points and receipts. Around the site, cameras record number plates and faces. And internally you hold staff files with everything an employer keeps.

So treat those volumes separately. A transaction statement you must keep for tax has a different status than an old customer-card application or a stack of receipts. If you make that distinction, you keep exactly what you must and clear out the rest on time.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the contract or the transaction.

PartStarting pointPeriod
Transaction and payment dataTax retention obligation7 years
Fuel-card and invoicing dataContract and taxterm + 7 years
Loyalty and savings programmePurpose-boundas long as the membership runs
Receipts on thermal paperNo standalone retention dutyclear out after settlement
CCTV footage at the pumpsStorage limitationabout 4 weeks
Staff dataOwn GDPR periodsper part

Use this as a guideline, not a substitute for your own situation. When in doubt, consult your accountant or privacy adviser. A full overview per document type is in the GDPR retention periods cheatsheet and for the home in how long to keep documents.

Fuel-card and customer-card data

A fuel card links a fill-up to a company, an employee or a number plate. That builds a rich picture of where and when someone refuels. As long as the contract runs and you must be able to substantiate the invoicing, you keep that data. Once the fuel-card agreement ends and the tax period has passed, the ground lapses and you clear out the application forms, mandates and old statements. Do not keep piles of old cards and forms because they might come in handy one day, as that is not a valid ground.

Loyalty and savings programmes

Loyalty and savings programmes record purchase behaviour, tied to a name, an email address or a card number. That is valuable for your marketing, but it remains personal data with a purpose. Keep the data as long as the membership is active and the purpose exists. Once a member stops or the programme goes dormant, the ground lapses and you clear the data out. An old paper application form with a name and signature belongs with the confidential paper, not the paper bin.

Receipts and thermal paper

Receipts look innocuous, but part of your own administration and sometimes customer data sits on them. Thermal paper also needs attention because it does not belong in every paper stream. A single receipt with no tax function you simply clear out after settlement. Copies of transaction receipts that belong to your cash administration you keep within the tax period. How to handle receipts and thermal paper is in thermal paper, receipts and boarding passes.

CCTV footage at the pumps

Almost every petrol station has cameras at the pumps, the shop and the till. That footage is personal data, because it records number plates and faces. The GDPR calls for a short retention period, in practice about four weeks, unless an incident or a fuel-fraud investigation justifies keeping it longer. After that the footage is overwritten or wiped. When an old recorder or hard drive comes out of the cupboard, it should be physically destroyed and not put out with the bulky waste. More on this is in CCTV footage: retention period and destruction.

How to handle it in 6 steps

  1. Split the data into transactions, fuel cards, loyalty, receipts, footage and staff.
  2. Keep the tax administration for the seven years.
  3. Clear out fuel-card and loyalty data once the contract or programme stops.
  4. Set the CCTV footage to a short retention period and wipe it afterwards.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Petrol-station customer data is destroyed confidentially, because it contains payment, number-plate and sometimes identity data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old till computer, a recorder or a backup with transaction data belongs with it too. How a webshop or retailer handles this is comparable to what you read in webshop: destroying customer data.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Customer data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping old fuel-card forms. After the contract and tax period the purpose lapses.
  • Holding loyalty data forever. Without an active membership there is no ground.
  • Throwing receipts out with the ordinary shop waste. Payment and customer data belong separate.
  • Keeping CCTV footage too long. A short period is the norm, not months.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does a petrol station keep fuel-card and transaction data?

Transaction and payment data falls under the seven-year tax retention obligation. Fuel-card data you need for invoicing you keep just as long. Other customer data you keep no longer than necessary for the settlement and the contract.

May I keep loyalty and customer-card data indefinitely?

No. Loyalty and savings data you keep as long as the membership runs and the purpose is active. Once a customer stops or the programme is inactive, the ground lapses and you clear the data out.

How long do I keep CCTV footage at the pumps?

Ordinary security footage you keep about four weeks, unless an incident or investigation justifies keeping it longer. After that the footage is overwritten or wiped and the hard drive is physically destroyed when discarded.

How do I destroy petrol-station customer data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A petrol station works with payment, number-plate and customer data, from fuel cards and loyalty programmes to receipts and CCTV footage. Keep the tax administration seven years, clear out fuel-card and loyalty data once the purpose lapses and keep CCTV footage only briefly. What may go you have destroyed confidentially with a certificate as proof. That way you protect your customers' and your staff's data and meet the GDPR.

Read also: courier services: destroying delivery data, coach companies: destroying passenger data, car body repair: destroying customer data and the GDPR retention periods cheatsheet.


Have customer data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.