HomeKnowledge base › Riding stables and customer data
Sport

Riding stables: destroying customer data

A riding stable's customer and rider data ready for confidential destruction

A riding stable processes the data of almost everyone who comes through the gate. Name and address of members and riders, lesson data and progress notes, boarding contracts, data of the owners of boarding horses, payment and subscription data and sometimes medical declarations. Part falls under the tax retention obligation, part under the GDPR storage limitation and part is sensitive. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer. You keep the administration and payment data for seven years under the tax retention obligation. Member, rider and lesson data you keep no longer than necessary for the membership and its settlement. Medical declarations and other health data you keep as briefly as possible. What may go disappears confidentially and with a certificate.

Two frameworks: tax and GDPR

At a riding stable two things run together. The tax retention obligation requires you to keep the administration for seven years, think of invoices, boarding contracts and payment data. Alongside this the GDPR applies, which requires not keeping personal data longer than necessary. The tax duty sets the floor for the financial records, the GDPR the ceiling for the personal data you may not keep too long.

So treat the data per type. An invoice has a different status than a rider's medical declaration or an old boarding contract. If you make that distinction, you keep exactly what you must and clear out the rest on time. A sports club faces the same tension, as described in the guide on member administration at sports clubs.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the membership or the contract.

PartStarting pointPeriod
Invoicing and administrationTax retention obligation7 years
Member and rider dataPurpose limitation, membershipmembership term + short period
Lesson data and progress notesAs long as relevant to the lessonpurpose-bound
Boarding contracts and owner dataContractual and taxterm + 7 years (tax part)
Payment and subscription dataTax administration7 years
Instructor screening and HR dataHR periodsusually 2 years after leaving
Riders' medical declarationsSensitive, storage limitationas briefly as possible

Use this as a guideline, not a substitute for your own arrangements and the statutory rules. When in doubt, consult your accountant or privacy adviser. A complete overview per document type is in how long you must keep documents and in the GDPR retention periods cheatsheet.

Member, rider and lesson data

The core of a riding stable is in the member administration. You record who rides, which lessons someone takes and how their progress is going. You use that data for as long as someone is a member and as long as the coaching runs. When a rider ends the membership, you keep the administration for the settlement and the tax period, but the lesson notes and progress overviews no longer serve a purpose after that. Clear them out as soon as they are no longer needed.

Watch out too for old paper enrolment forms, attendance lists and trial-lesson requests that never led to a membership. Those contain names, addresses and sometimes dates of birth of minor riders and do not belong in a binder in the office forever. Keeping them just in case is not a valid ground.

Boarding and owners of boarding horses

Boarding adds an extra layer. You process the data of the horse's owner, emergency contact details, contract terms and sometimes information about the animal's health and care. The contract and the invoicing tied to it you keep for its term and the tax part for seven years afterwards. The personal data that no longer serves a purpose after the term you clear out sooner.

Health and care data of a boarding horse, for example veterinary reports or medication schedules, you share only with those who need it and keep no longer than necessary. How you handle this kind of sensitive report resembles the approach at a veterinary practice, where patient records of animals are likewise cleared out with care.

Screening and HR data of instructors

If you work with instructors, stable hands or volunteers, you also process HR data. A certificate of good conduct belongs with the screening, but you do not have to keep it forever. Keep the screening document and other HR records for the usual HR periods, generally up to two years after someone leaves, while the payroll administration falls under the tax seven years. Whatever remains after that you clear out confidentially.

The approach resembles that at associations working with volunteers and coaches. The guide on screening and coach vetting at sports clubs shows how to have these documents destroyed sealed afterwards rather than leaving them in a drawer.

Medical declarations and sensitive data

Riding stables sometimes record health data, from an allergy or medication to an injury or limitation relevant to safety during the lesson. That is special-category personal data that needs extra protection. Keep that information recognisably separate, use it only where safety requires it and clear it out as soon as it is no longer needed. With minor riders that applies all the more strongly.

How to handle it in 6 steps

  1. Split the data into administration, member and rider data, boarding contracts and HR.
  2. Limit health data to what safety during the lesson truly requires.
  3. Treat medical declarations separately and clear them out once they no longer serve a purpose.
  4. Keep the administration for the tax seven years and the contract for its term.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Customer and rider data is destroyed confidentially, because it contains identity, payment and sometimes health data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old office computer or backup with member and boarding data belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Customer data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping old enrolment and trial-lesson forms. Without a membership the purpose lapses quickly.
  • Keeping lesson notes forever. After the membership, progress overviews no longer serve a purpose.
  • Treating medical declarations as ordinary paper. Those need extra care.
  • Leaving former staff's screening documents lying around. Keep the HR period and clear out the rest.
  • Throwing away unshredded. A member list on the street is a reportable data breach.

Frequently asked questions

How long must a riding stable keep member and rider data?

No longer than necessary for the membership and its settlement. The administration and payment data fall under the seven-year tax retention obligation. Lesson data and progress notes you keep as long as they are relevant to the coaching, after which you clear them out.

May I keep riders' medical declarations?

Be restrained here. Health data is special-category personal data. Keep only what you need for safety during the lesson and no longer than necessary. Whatever you no longer use, you clear out confidentially.

How long do I keep boarding contracts and payment data?

Payment data and invoices fall under the seven-year tax administration. A boarding contract you keep for its term and the tax part for seven years afterwards. Personal data that no longer serves a purpose you clear out sooner.

How do I destroy stable data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A riding stable works with identity, payment and sometimes health data of members, riders and owners of boarding horses, between the tax retention obligation and the GDPR. Keep the administration for seven years, keep boarding contracts for their term and be restrained with medical declarations and screening documents. Member, rider and lesson data you clear out once it no longer serves a purpose. What may go you have destroyed confidentially with a certificate as proof. That way you meet both frameworks and protect your riders' data.

Read also: swimming pools: destroying member data, animal shelters: destroying owner data, marinas: destroying berth-holder data and the GDPR retention periods cheatsheet.


Have customer data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.