GDPR and Privacy Notice

What is the purpose of this document?

This Data Privacy Notice describes the categories of personal data the 15th Stafford (Penkridge) Scout Group process and for what purposes. The Group are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

The general data protection regulation is essential to ensure that personal information is kept securely and used only for correct purposes. From the 25th May 2018, the law in Europe changed to tighten further the protection of personal data, this applies to all organisations in or trading with the European Union that have access to personal information. As a Scout Group, we are committed to the protection of the personal information we hold. Under the new regulation’s, members of a charities executive committee are deemed as ‘data controllers’, deciding how data is stored and used. This document outlines the groups’ procedures for storing and using data.

This Privacy Notice/Policy applies to members, parents/guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with the Group.

Who are we?

The 15th Stafford (Penkridge) Scout Group are a registered charity with the Charity Commission for England & Wales; Charity Number: 524531

The Data Controller for the 15th Stafford (Penkridge) Scout Group is the Group Executive Committee who are appointed at the Groups’ Annual General Meeting and are Trustees of the Charity. The 15th Stafford (Penkridge) Scout Group may be referred to as “we” or ‘the Group” for the purpose of this document. Being a small charity, we are not required to appoint a Data Protection Officer. The contact for Data and Privacy enquiries is Alex Windows (Scout Section Leader/Group Administrator/Charity Trustee) who can be contacted via email; scouts@penkridgescouts.org.uk.

What data may we process?

The majority of the personal information we hold is provided to us directly by you or by the parents or legal guardians of youth members verbally or in paper form, digital form or via our online membership system Compass.  In the case of adult members and volunteers, data may also be provided by third parties, such as the Disclosure and Barring Service (DBS) via Atlantic Data.

Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.

We may collect the following personal information:

  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
  • Date of birth – so that we can ensure young people are allocated to the appropriate Section for their age and that adults are old enough to take on an appointment with Scouting.
  • Gender – so that we can address individuals correctly and accommodate for any specific needs.
  • Emergency contact information – so that we are able to contact someone in the event of an emergency.
  • Government identification numbers e.g. national insurance, driving licence, passport – to be able to process volunteer criminal record checks (adults only).
  • Bank account details, payroll information and tax status information – for the collection of Subscription payments or other payments for camps/events and to collect gift aid from HMRC where donations are made.
  • Training records – so that members can track their progression through the Scout programme or adult training scheme.
  • Race or ethnic origin – so that we can make suitable arrangements based on members cultural needs.
  • Health records – so that we can make suitable arrangements based on members medical needs.
  • Criminal records checks – to ensure Scouting is a safe space for young people and adults.

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

How do we process your data in line with the law?

We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

In most cases, the lawful basis for processing will be through the performance of a contract for personal data of our adult volunteers and legitimate interest for personal data of our youth members. Sensitive (special category) data for both adult volunteers and our youth members will mostly align to the lawful basis of legitimate activities of an association.  Explicit consent is requested from parents/guardians to take photographs of our members. On occasion, we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions, we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.

We use personal data for the following purposes:

  • To provide information about Scout meetings, activities, training courses and events to our members and other volunteers in the Group.
  • To provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution.
  • To administer membership records.
  • To fundraise and promote the interests of Scouting.
  • To manage our volunteers.
  • To maintain our own accounts and records (including the processing of gift aid applications).
  • To inform you of news, events, activities and services being run or attended by the Group.
  • To ensure and evidence your suitability if volunteering for a role in Scouting.
  • To contact your next of kin in the event of an emergency.
  • To ensure you have and maintain the correct qualifications and skills.

We use personal sensitive (special) data for the following purposes:

  • For the protection of a person’s health and safety whilst in the care of the Group.
  • To respect a person’s religious beliefs with regards to activities, food and holidays.
  • For equal opportunity monitoring and reporting.

We will keep certain types of information for different periods of time. All data will be held for the length of time a young person or adult is a member of the group and all data up to 4 years, even after a member has left the Group.

How will we store your personal data?

We generally store personal information in the following ways:

Compass – is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.

Online Scout Manager – is the online membership system of Online Youth Manager, this system is used for the collection and storage of youth member personal data.

In addition, adult volunteers will hold some personal data on local spreadsheets/databases.

Printed records and data – paper is sometimes used to capture and retain some data for example:

  • Gift Aid administration
  • Event registration
  • Health and contact records forms
  • Events coordination with event organisers.

Paper records are used rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available.  We will minimise the use of paper to only what is required for the event.

How will we share your data?

Young people and other data subjects:

We will normally only share personal information with adult volunteers holding an appointment in the Group. Your personal data is accessible to adult leaders within your child section of the group, all Section Leaders in the group, the Group Scout Leader, the Group Chair and the Group Treasurer. All leaders and Executive Officers have undergone mandatory GDPR training as a requirement for taking on their role in Scouting.

We will share the personal data of youth members and their parents/guardians with The Scout Association Headquarters for the purpose of managing safeguarding cases. The privacy and security notice for The Scout Association can be found here: https://www.scouts.org.uk/DPPolicy

The sharing of this data will be via the Online Scout Manager platform which is used by the Group to manage youth membership. The privacy and security notice for OSM can be found here: https://www.onlinescoutmanager.co.uk/security.html

Adult volunteers:

We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for the Group, as well as with The Scout Association Headquarters as data controllers in common.

All data subjects:

We will, however, share your personal information with others outside of Group where we need to meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement.  We will only share your personal information to the extent needed for those purposes.

We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. We will never sell your personal information to any third party.

Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation.

Where personal data is shared with third parties, we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.

What are my rights under GDPR?

As a Data Subject, you have the right to object to how we process your personal information. However, where you object to how we process your data and withdraw your permission for the Group to hold your data you will forfeit your membership and that of your young person, if you are a parent or legal guardian. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk).

Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:

  • The right to be informed – you have a right to know how your data will be used by us (Outlined in this document).
  • The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request (You can access your personal data via the adult membership system if you have taken out a role or otherwise have a DBS with the Scout Association. You can access the data we have for your young person via the parent portal of online Scout Manager).
  • The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.  Adult members will be able to edit and update some information directly on The Scout Association’s Compass membership system.
  • The right to erasure – this means that you have the right to request that we delete any personal data we have about you. There are some exceptions, for example, some information will be held by The Scout Association for legal reasons.
  • The right to restrict processing – if you think that we are not processing your data in line with this privacy notice then you have the right to restrict any further use of that data until the issue is resolved.
  • The right to data portability – this means that if you ask us, we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.
  • The right to object – you can object to the ways your data is being used.
  • Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than human input, it’s highly unlikely that this will be used by us.

How might website cookies be used?

When you submit data through a form such as those found on our contact pages or comment forms, cookies may be set to remember you your user details for future correspondence.

We also use cookies provided by trusted third parties, such as submitting data via google forms or Microsoft forms. See link for Microsoft and Google’s own privacy statements.

https://policies.google.com/
https://privacy.microsoft.com/en-gb/privacystatement