Greenford & District Scout District Privacy Notice

Version: 2.1 Final

Last updated: 12 December 2020

The Privacy and Data Protection Policy of The Scout Association is set out in Chapter 2 of its Policy Organisation and Rules document and in published guidance.

This Privacy Notice describes the categories of personal data Greenford & District Scout District collects and processes, and for what purposes. We are committed to using such data fairly and in accordance with the requirements of the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).

Who we are

Greenford & District Scout District ('the District') is a member of The Scout Association (TSA) which is incorporated by Royal Charter. Greenford & District Scouts Headquarters is located between 111 & 113 Hill Rise, Greenford UB6 8PE. We are registered with the Charity Commission for England and Wales, registration number 1046044.
The District covers the areas of Greenford, Northolt, Perivale, Southall, Sudbury and (some of) Wembley within the London Boroughs of Ealing and Brent. It comprises 14 Scout Groups (which are data controllers in their own right and are not included in this privacy notice) and 6 Explorer Scout Units (ESU). Each ESU operates under the governance of the District. We hold an annual general meeting each year, usually in June, where members of the Executive Committee are elected.

Your rights

You have the right to object to how we process your personal information and that of your children. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator. Please contact a Member of the Executive Committee or the District Team for more information, in the first instance.
You can view and edit your personal information directly on our online membership systems Online Scout Manager (OSM) and Compass, where applicable. In some cases, membership data is recorded in a different manner. Please speak to one of the leaders should you wish to amend your personal details.

How we gather personal information

The majority of the personal information we hold on you / your child, is provided to us directly by yourself or by parents / legal guardian in either paper form or via our online membership systems (e.g. OSM and Compass). In the case of an adult member, data may also be provided by third party reference agencies, such as the disclosure and barring service (DBS).
Where a member is under the age of 13, this information will only be obtained from a parent / guardian and cannot be provided by the young person. However, we will accept and may record any personal information, such as any ongoing medical treatment from any member no matter their age.

How we use your personal information

We collect your personal and medical information for the protection and identification of that person whilst in the care of the ESU or Scout District.
We process the data to have the ability to contact the adult volunteer, youth member, parents and guardians, to inform them of meetings and events that the District may be running or attending.

Our legal basis for using your personal information

We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:

  1. We need to use the information to comply with our legal obligations.
  2. We need to use the information legitimately to contact you, regarding meetings, events, collection of membership fees, etc, for the day to day running of the District (including ESUs).
  3. It is fair to use the personal information in your interests, where there is no disadvantage to you - this can include where it is in our interests to contact you about products or services within scouting.

Sharing and transferring personal Information

We will only share personal information within our District leadership teams and executive members.
We will however share your personal information with others outside the District where we (or an affiliate processing your data on our behalf) are required to do so by law, obligation, regulation or legal proceedings. This may also include organisers of events and camps the member may attend, so they may fulfil any legal obligations although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
We may also share personal details with TSA and its insurance subsidiary "Unity", along with any other insurance company or insurance agent the District has contracted to provide services.
We would also share details in response to a valid, legally compliant request by a relevant public authority or law enforcement agency. We would also share details during an emergency when we believe physical safety is at risk if not sharing the details would cause harm or distress. In all cases we will only share personal information to the extent needed for those purposes.
We will share the personal data of youth members and their parents/guardians with TSA Headquarters for the purpose of managing safeguarding cases. The privacy and security notice for The Scout Association can be found here: https://www.scouts.org.uk/DPPolicy. The sharing of this data will be via the Online Scout Manager (OSM) platform which is used by ESUs to manage youth membership.
If you move from this District, to another scout district or explorer scout unit we will transfer your personal information or information relating to your child to them.
Sometimes we may nominate a member for national award, (such as a Scouting or Duke of Edinburgh's Award) this would require that we provide member contact details to that organisation.
We will never sell your personal information to any third party for any reason without your explicit consent.

Third Party Data Processors

Greenford & District Scout District, uses the services of the following third-party data processors:
The Scout Association via its membership system Compass which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service (DBS) check.
Unity Insurance (The Scout Association Insurance company)
Online Youth Manager Ltd. (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records, etc. We have a data processing agreement in place with online youth manager, more information is available at https://www.onlinescoutmanager.co.uk/security.php
Microsoft 365 products which is our main communication and data storage tool
Dropbox Inc. occasionally used for secure transfer of limited personal information for events.
Google occasionally used for secure transfer of limited personal information for events.

How long we keep your personal information for

We will retain your personal information, for the time you, and / or your child, is / are a member of the District.
We will retain your full personal information for one year after you have left the District, and in a much more limited form (just name, badge and attendance records) for a period of up to 3 years or the age 21 (whichever is the longer) to fulfil our legal obligations for insurance and legal claims.
We will keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21).

Automated decision making

The District does not have any automated decision-making systems.

Transfers outside the UK

The District will not transfer your personal information outside of the UK, except where an event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.

Data Storage

The District is committed to the protection of your personal information.
We store personal information in one of two secure digital online database systems, where access to that data is restricted and controlled:
Compass is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data; and
Online Scout Manager is an online membership system run by Online Youth Manager Ltd., this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the ESUs.
We also store documents, which may occasionally contain personal data, within access-controlled Microsoft 365 products.

Printed records and Event data
Paper is still used within the District to capture and retain some data for example the following:

In the case of Joining forms, health and contact update forms, this information is securely held by the leader or joining list manager and transferred to our secure digital systems as soon as possible before the paper form is destroyed.

Gift Aid declaration forms will be securely held by the District Treasurer to aid in the Declaration of Gift Aid for membership fees and donations. We have a legal obligation to retain this information for HMRC for 7 years after our last claim.

Events

The District encourages all members to take the opportunity to attend events and camps. To fulfil our legal obligations, it may be necessary to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems. This is because events may be held where internet and digital access is not available. We will minimise the use of paper to only what is required for the event/camp. We will ensure:

  1. transfer of paper is secure, such as physical hand to hand transfer or registered post
  2. paper forms are securely destroyed after use
  3. secure destruction will be through a shredding machine or securely burned
  4. that paper records are always kept secure, especially when in transit, by using:
    1. a lockable brief case
    2. a lockable filing cabinet if long term stored
  5. if transferred to somebody, we will audit that they return them when the event is complete.

Photography, Videos and Audio Recordings

The District would like to use photographs, videos and audio recordings taken during activities and events to promote scouting locally and nationally, and to celebrate the endeavours and successes of our members. Photographs, videos and audio recordings are considered personal data (when the individual in it is identifiable) so is managed as with all data.

Informing and gaining permission
Explicit consent is required to take photographs, videos or make audio recordings, from members or parents/guardians. This consent will be requested at the same time as other data is collected as part of general joining information [or as part of an attendance form for an event or activity]. For members under 18 this will need to involve a parent or guardian.
Individuals or parents/ guardians may have good reason to request that photos video or audio materials are not shared (e.g. for personal or child protection) and may choose not to give consent; and consent may change over time due to circumstances. In some cases the young person may not be aware that consent has not been given, and should be dealt with sensitively.
On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as at large-scale or public event. On such occasions we will make it clear that this activity will take place, and give individuals the opportunity to exercise their data subject rights. The District event organizer may provide a means of identification to individuals where consent has been declined (TSA suggest using badges, lanyards, wristbands etc. /badges or some similar method etc.) to assist photographers etc.
The District website may use photographs of activities and events. Occasionally we may forward photographs to other scouting media outlets or to the local press. Where we publish media we take care to ensure that full names are not included in the related article or caption. We never publish personal details (full name, address, email, etc.) with any photo image that is used. We will endeavour to remove identifying metadata from graphics (e.g. location, comments etc.)
The content of all photos, videos and audio recordings will be considered for 'good taste' (not embarrassing etc.) before publication. We will only use images to publicise scouting related events, and permission will be sought from members, parents/legal guardians before publication of media.

Members, parents and guardians should be aware that the District cannot control the legal right of third party photographers to take and publish pictures taken in a public place.
Photographs taken by press photographers that invades personal privacy are subject to the normal Independent Press Standards Organisation Code of Practice.

Social Media
The District does not have any control over social media sites (e.g. Facebook, Instagram, Twitter etc.) that may be used by parents or youth members; individuals are responsible for the content of their own social media account. We therefore request that all members are mindful of any content that members (including children) may post to this type of site and that any pictures that are set in a scouting context should not bring the District or Scout movement into disrepute or put individuals or young people at risk. We ask that you respect the wishes of other members, parents and guardians, if they ask for their own, or their child's picture to be removed.

ESUs may store an image of members on the Online Scout Manager (OSM) membership database for the purposes of identification, alongside and linked to the personal information, access to this image is limited to the leaders and authorised users of OSM as is the rest of the personal information.

Capture, editing and storage
The District will ensure that we can find and delete personal data at a later date, by linking content with an individual. Labelling will be (for example) via file metadata or by renaming the file and folders. A copy of the permission form with consent paragraph, or release form (for advertising, marketing or media coverage) will be stored in the same place as the related photo, video and audio content. Any remaining materials will be disposed of.

Existing content
The District will undertake regular audit of content to ensure it is labelled with event details including a date and location. Where there is existing personal consent for photos, video and audio, this will be stored alongside relevant content. If the District is asked to delete content, this can be traced through details of events/activities they took part in, and the personal data can be deleted.

The District are responsible for making sure that they operate in accordance with this policy. If you become aware of a data protection issue you should report it promptly to the designated data protection officer or equivalent role holder at data.protection@greenfordscouts.org.uk.

If members do not adhere to this data protection policy and its associated policies and procedures, we may take disciplinary action against you.

If you have any questions on this policy or its application please email us at data.protection@greenfordscouts.org.uk.

 
Home Page