Data Privacy Notice

Data Privacy Notice

1st Hampton-in Arden Scouts

Our Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).

1st Hampton-in-Arden Scouts take your privacy seriously and we will only use your personal information to administer your account and to provide the services you have requested.  We will collect sensitive personal data on the children in order to comply with Health and Safety regulations.  This data is stored on an external, password protected server and paper copies are kept in secure locked locations when not held on the Leader’s person.  The GSL, Section Leaders, Assistant Section Leaders and the Treasurer are the only members who have access to this information.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our Scout Group’s (the data controller’s), possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

How we gather personal information

The majority of the personal information we hold, is provided to us directly by yourself or by parents / legal guardian in either paper form or via our online membership systems, in the case of an adult member, data may also be provided by third party reference agencies, such as the Disclosure and Barring Service (DBS).

Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person.

How do we process your personal data?

We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We process the data to have the ability to contact the member, parents and guardians, to inform them of meetings, events that the group itself may be running or attending.

We use personal data for the following purposes:

  • we collect personal and medical information for the protection of that person whilst in the care of the Scout Group
  • we collect religious data to respect a person’s beliefs with regards to activities, food and holidays
  • to administer membership records
  • to fundraise and promote the interests of the Scout Group
  • to manage our volunteers
  • to maintain our own accounts and records (including the processing of gift aid applications);
  • to inform you of news, events, activities and services running at 1st Hampton-in-Arden Scouts.

What is the legal basis for processing your/your child(ren)’s personal data?

We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:

  1. We need to use the information to comply with our legal obligations
  2. We need to use the information to contact with you, regarding meetings, events, collection of membership fee’s etc, (i.e. for the day to day running of the group)
  3. it is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services within scouting.
  4. The processing is necessary for the persons legitimate interests or the legitimate interests of our Scout Group unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

How we store personal data

We generally store personal information in one of two secure digital online database systems, where access to that data is restricted and controlled.  Data may be temporarily stored on password protected personal computers and in our secure 1st Hampton-in-Arden Dropbox account.

Compass is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.

Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the group.

Printed records and Event data

Paper is still used within the sections to capture and retain some data for example the following: –

  • New joiners form.
  • New joiners waiting lists.
  • Health and contact records update forms.
  • Gift Aid Collection forms.
  • Events consent from parents.
  • Events coordination with event organisers.
  • Award notifications/nominations

In the case of Joining forms, Health and contact update forms, this information is securely held by the leader or waiting list manager and transferred to our secure digital systems as soon as possible before the paper form is destroyed.

Gift Aid collection forms will be securely held by the Groups Treasurer to aid in the collection of Gift Aid for monthly membership fees, we have a legal obligation to retain this information for 7 years after our last claim.

Events

As a member of 1st Hampton-in-Arden Scouts it is hoped you will take up the opportunity to attend events and camps, where is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp.

We will ensure:

  1. Transfer of paper is secure, such as physical hand to hand transfer or registered post.
  2. Paper forms are securely destroyed after use.
  3. Secure destruction will be through a shredding machine or securely burned.
  4. Always keeping the paper records secure, especially when in transit, by using:
    1. A lockable brief case.
    2. A lockable filing cabinet if long term stored.
  5. If transferred to somebody, we will audit that they return them when the event is complete.

Awards

Sometimes we may nominate a member for national award, (such as Queens Scout or Duke of Edinburgh award), such nominations would require we provide contact details to the awarding organisation, this is most often done on paper via registered post.

Sharing and transferring personal Information

We will only normally share personal information within our Scout Group leaders and executive members.

We will however share your personal information with others outside our Scout Group where we need meet or enforce a legal obligation, this may include Cole District Scouts, Solihull Scout County, The Scout Association and it insurance subsidiary “Unity”, local authority services and law enforcement, we will only share your personal information to the extent needed for those purposes.

If you move from 1st Hampton-in-Arden, to another Scout Group or Explorer Scout Unit we will transfer your personal information to them.

Your data will never be sold or shared with outside companies for marketing purposes and data will never be used for profiling purposes.

Sometimes we may nominate a member for national award, (such as Scouting or Duke of Edinburgh award) such nominations would require we provide contact details to that organisation.

Your personal data will be treated as strictly confidential.  We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. We will take steps to anonymise the data we provide (i.e. collective reporting on gender, ethnicity, age, etc.).  If identifiable data is to be shared we will seek your consent.

Third Party Data Processors

1st Hampton-in-Arden employs the services of the following third-party data processors: –

  • The Scout Association via its adult membership system “Compass” which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service ( DBS) check. More information is available at https://members.scouts.org.uk/supportresources/1861/data-protection-and-scouting?cat=55,400&moduleID=10
  • Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records etc, we have a data processing agreement in place with online youth manager, more information is available at https://www.onlinescoutmanager.co.uk/security.php
  • Dropbox occasionally used for secure transfer of limited personal information for events. More information is available at https://aem.dropbox.com/cms/content/dam/dropbox/www/en-us/security/privacy_data_protection_whitepaper.pdf
  • Google occasionally used for secure transfer of limited personal information for events. More information is available at https://cloud.google.com/security/gdpr/
  • Outlook occasionally used for secure transfer of limited personal information for events. More information is available at https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
  • Apple occasionally used for secure transfer of limited personal information for events. More information is available at https://www.apple.com/legal/privacy/en-ww/governance/
  • Sky occasionally used for secure transfer of limited personal information for events. More information is available at https://www.sky.com/help/articles/sky-privacy-and-cookies-notice

Automated decision making

1st Hampton-in-Arden Scouts does not have any automated decision-making systems.

Transfers outside the UK

1st Hampton-in-Arden Scouts will not transfer your personal information outside of the UK, with the exception where an Event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.

How do we protect personal data?

We take appropriate measures to ensure that the information discussed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.

How long do we keep your personal data?

We will keep the data on you and your child for as longs as they are a member of 1st Hampton-in-Arden Scouts.  We will check the data we hold is correct every year, at the beginning of the Autumn Term.  Waiting list data will be kept until the child joins a section of 1st Hampton-in-Arden Scouts, they go past the age of 14 or you request to leave the waiting list.  Forms completed for specific one-off purposes, such as camps, will be destroyed 10 working days after the activity has been completed

We will retain your full personal information for a period of one year after you have left 1st Hampton-in-Arden Scouts and in a much more limited form (just name, badge and attendance records) for a period of up to 15 years (or until the age 21) to fulfil our legal obligations for insurance and legal claims.

We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21)

Your rights and your personal data 

You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.

You have the right to see what information we hold on you or your child and the right to update this information if incorrect, requests of this type will be fulfilled within 10 working days.  You have the right to be forgotten, requests of this type will be fulfilled within 20 working days.  Access to Data is password protected and stored on encrypted servers.  You have the right to pause or refuse entirely the processing of your data, requests of this type will be fulfilled within 10 working days.

What we will do in the event of a data breach 

A breach is defined as any event which “leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”. If a breach occurs, our Data Protection Lead will be immediately informed.  In the unfortunate event of a Data Breach we will endeavour to inform all affected persons within 24 hours and investigate the breach within 48 hours.  Our Data Protection Lead (in consultation with the Group Chair and Group Scout Leader) will need to consider if the breach is likely to “result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage”. If it does, the ICO will be informed within 72 hours of the breach occurring.