Greenford & District Scout District Privacy Notice
Version: 0.2.1 Draft
Last updated: 07 August 2018
Our Privacy Notice describes the categories of personal data we collect and process and for what purposes.
We are committed to using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
Who we are
Greenford & District Scout District (here forth known as ‘the district’) is a member of The Scout Association (TSA) which is incorporated by Royal Charter. We are registered with the UK charity commission, registration number 1046044.
The district consists of 15 Scout Groups (which are data controllers in their own right and do not fall under this privacy notice) and three Explorer Scout Units (ESU). Each ESU falls under the governance of the district but may be partnered with a Scout Group.
We are based at Greenford & District Scouts Headquarters, between 111 & 113 Hill Rise, Greenford UB6 8PE. We cover the areas of Greenford, Northolt, Perivale, Southall, Sudbury and (some of) Wembley within the London Boroughs of Ealing and Brent.
Every year, usually in June, we hold an annual general meeting where members of the charity executive committee are elected.
You have the right to object to how we process your personal information and that or your children. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.
Please contact a Member of the Executive Committee or the District Team for more information, in the first instance.
You can view and edit your personal information directly on our online membership systems Online Scout Manager (OSM) and Compass, where applicable. Some ESUs may not use OSM so will hold the membership data in a different manner. Please speak to one of the leaders should you wish to amend your personal details.
How we gather personal information
The majority of the personal information we hold on you / your child, is provided to us directly by yourself or by parents / legal guardian in either paper form or via our online membership systems, in the case of an adult member, data may also be provided by third party reference agencies, such as the disclosure and barring service (DBS).
Where a member is under the age of 13, this information will only be obtained from a parent / guardian and cannot be provided by the young person, however we will accept and may record any personal information, such as any ongoing medical treatment from any member no matter their age.
How we use your personal information
We collect your personal and medical information for the protection and identification of that person whilst in the care of the Explorer Scout Unit or Scout District.
We process the data to have the ability to contact the adult volunteer, youth member, parents and guardians, to inform them of meetings and events that the district itself may be running or attending.
Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
- We need to use the information to comply with our legal obligations.
- We need to use the information legitimately to contact you, regarding meetings, events, collection of membership fees, etc, i.e. for the day to day running of the district (including ESUs).
- it is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services within scouting.
Sharing and transferring personal Information
We will only share personal information within our district leadership teams and executive members.
We will however share your personal information with others outside the district where we (or an affiliate processing your data on our behalf) are required to do so by law, obligation, regulation or legal proceedings, this may also include organisers of events and camps the member may attend so they may fulfil any legal obligations although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
We may also share personal detail with The Scout Association and its insurance subsidiary “Unity”, along with any other insurance company or insurance agent the district has contracted to provide services.
We would also share details in response to a valid, legally compliant request by a relevant public authority or law enforcement agency. We would also share details during an emergency when we believe physical safety is at risk if not sharing the details would cause harm or distress. In all cases we will only share personal information to the extent needed for those purposes.
If you move from the district, to another scout district or explorer scout unit we will transfer your personal information or information relating to your child to them.
Sometimes we may nominate a member for national award, (such as a Scouting or Duke of Edinburgh’s Award) such nominations would require that we provide contact details to that organisation.
We will never sell your personal information to any third party for any reason without your explicit consent.
Third Party Data Processors
Greenford & District Scout District, employs the services of the following third-party data processors: -
The Scout Association via its membership system Compass which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service (DBS) check.
Unity Insurance (The Scout Association Insurance company)
Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records etc, we have a data processing agreement in place with online youth manager, more information is available at https://www.onlinescoutmanager.co.uk/security.php
Microsoft – Office 365 products - occasionally used for secure transfer of limited personal information
Dropbox inc occasionally used for secure transfer of limited personal information for events.
Google occasionally used for secure transfer of limited personal information for events.
How long we keep your personal information for
We will retain your personal information, throughout the time you are a member of the district.
We will retain your full personal information for a period of one year after you have left the district, and in a much more limited form (just name, badge and attendance records) for a period of up to 3 years or the age 21 (whichever is the longer) to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21).
Automated decision making
The district does not have any automated decision-making systems.
Transfers outside the UK
The district will not transfer your personal information outside of the UK, except where an Event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
The district is committed to the protection of your personal information.
We generally store personal information in one of two secure digital online database systems, where access to that data is restricted and controlled.
Compass: - is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the ESUs.
Printed records and Event data
Paper is still used within the district to capture and retain some data for example the following: -
In the case of Joining forms, health and contact update forms, this information is securely held by the leader or waiting or joining list manager and transferred to our secure digital systems as soon as possible before the paper form is destroyed.
- New joiners form.
- New joiners waiting or joining lists
- Health and contact records update forms.
- Gift Aid Collection forms.
- Events and certain activity consent from parents.
- Events coordination with event organisers.
- Award notifications/nominations
- Membership details and awards (where an ESU does not use OSM)
Gift Aid collection forms will be securely held by the District Treasurer to aid in the collection of Gift Aid for membership fees. We have a legal obligation to retain this information for 7 years after our last claim.
As a member of the district it is hoped you will take up the opportunity to attend events and camps, where it is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp.
We will ensure
- Transfer of paper is secure, such as physical hand to hand transfer or registered post.
- Paper forms are securely destroyed after use.
- Secure destruction will be through a shredding machine or securely burned.
- Always keeping the paper records secure, especially when in transit, by using:
- A lockable brief case.
- A lockable filing cabinet if long term stored.
- If transferred to somebody, we will audit that they return them when the event is complete.
Clarification is awaited on the law on image use and GDPR. Until then, the position of the district is as follows: -
Photographs / images (which can be classed as personal information when the subject is identified) of yourself or your child may be taken during activities and be used within a Scouting context and, in particular, publicity material for example Scouting publications and the media. Images may be published on official Scout websites and scouting affiliated social media but will never identify individuals in line with The Scout Association guidelines.
We cannot ask for explicit consent “Yes/No” for photo as consent presumes that it can be revoked, as is your right to do so under the GDPR.
Under GDPR consent is invalid if people cannot easily withdraw consent, which would be the case with publishing to any publicly accessible system, therefore if you do not wish your child to appear in these then please confirm, in writing, to the Explorer Scout Leader and we will not publish any photographs of you or your child on a public forum such as social media from that point forward, we will be unable to confirm full removal of images and photographs from the historical record online or otherwise stored.
Please note that the district cannot control or stop images being taken by other individuals, parents or organisations not connected with the Greenford & District Scout District leadership team.
The district may store an image of you or your child on the Online Scout Manager (OSM) membership database for the purposes of identification, alongside and linked to the personal information, access to this image is limited to the leaders and authorised users of OSM as is the rest of the personal information.
If you have any questions on this policy or its application please email us at firstname.lastname@example.org.