Back to Home    

Data Privacy Notice

1st Claygate Scout Group
Download a copy HERE

This Data Privacy Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).

Who are we?

Our Scout Group, 1st Claygate Scout Group, is a youth charity. Our mission is to actively engage and support young people (our “members”) in their personal development, empowering them to make a positive contribution to society. We are incorporated by Royal Charter and operate under the rules of the UK Scout Association (see www.scouts.org.uk for more information.)

Our Group Executive Committee is the data controller for the information we collect from you. Any personal data that we collect will only be used by us in relation to the work we do with our members and their parents/legal guardians and through our relationship with supporters, donors and funders.

1.            Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into our possession. The processing of personal data is governed by GDPR.

2.            How we gather personal information

The majority of the personal information we hold is provided to us directly by our members, or by their parents / legal guardians, in either paper form or via our online membership systems. In the case of an adult member, data may also be provided by third party reference agencies, such as the Disclosure and Barring Service (DBS).  We also hold personal information on adults who are not members or parents / legal guardians of members, in circumstances where the adult voluntarily assists the Group (e.g. in fundraising initiatives) or where the adult wishes to receive information about the Group. Photographs and video may also be taken at Scout events.

Where a member is under the age of 18, this information will only be obtained from a parent / legal guardian and cannot be provided by the young person.

Certain information we obtain may be sensitive personal data, e.g. medical information, race and religious beliefs.

3.            How do we process personal data?

We comply with our obligations under GDPR by keeping personal data up to date; by storing it securely; when it is no longer required by removing or destroying it securely; by not collecting or retaining excessive amounts of data; and by protecting personal data from loss, misuse, unauthorised access and disclosure.

We process the data to ensure we have the ability to contact the member, parents and guardians, to inform them of meetings, events or initiatives that the Group may be running or local community events we are occasionally asked to participate in or help with.

We use personal data for the following purposes: -

·         we collect personal and medical information for the protection of that person whilst in the care of the Scout Group.  This is collected for children when they are put on the waiting list

·         we collect religious data to be able to respect a person’s beliefs with regards to activities, food and holidays

·         race and religious information is also collected to allow the Scout Association to complete its census process

·         we collect parents’ occupation details to ascertain sources of expertise which may be helpful for the running of scouting activities and events

·         to enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution

·         to administer membership records

·         to fundraise and promote the interests of the Scout Group

·         to maintain relationships with current and former members of the Scouts and their parents and with Friends of 1st Claygate

·         to manage our volunteers

·         to maintain our own accounts and records (including the processing of gift aid applications)

·         to inform interested parties of news, events, activities and services running at the Group

·         photographs and video may appear on the Group’s website, be used for fundraising and informing interested parties about the Group as described above

4.            What is the legal basis for processing the personal data?

We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:


a)       consent from the individual has been received (or the parent / guardian of the individual, in the case of a child);

b)      processing is necessary to protect the vital interests of a child (e.g. allergies or medical requirements);

c)       processing is necessary for the Group’s legitimate interests unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests;

d)      the processing is necessary for compliance with a legal obligation.

5.            How we store personal data

We are committed to the protection of your personal information.

We generally store personal information in one of three secure digital online database systems, where access to that data is restricted to a limited number of leaders and officers.

Compass: - is the online membership system of The Scout Association. This system is used for the collection and storage of adult personal data.

Online Scout Manager: - is an online membership system run by Online Youth Manager Ltd. This is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the group and activities.

Morpheus Solutions: - is a secure online database we use to collect and store information on child members, parents of child members, customers of scouting fundraising activities (e.g. annual sales of Christmas trees).  We also store information on payments received for activities, subscriptions and events.  This database is run solely for the use of the Group.  The information held on the database is stored in the Amazon Web Services cloud, based in Dublin, Ireland.

Paper forms

In certain circumstances, paper forms are still used (e.g. events (see below)).

Gift Aid collection forms, will be securely held by the Group’s Treasurer to record the eligibility of parents and donors for Gift Aid.  We have a legal obligation to retain this information for 7 years after our last claim.


Members of the Group and adult volunteers attend events and camps. Where it is necessary to fulfil our legal obligations, we will be required to have a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp.

We will ensure:

a)       Transfer of paper is secure, such as physical hand to hand transfer.

b)      Paper forms are securely destroyed after use.

c)       If transferred to somebody, we will require that they destroy or return the papers once the event is complete.


Sometimes we may nominate a member for a national award, (such as Queens Scout or Duke of Edinburgh award).  Such nominations would require we provide contact details to the awarding organisation, this is most often done via secure email.

6.            Sharing and transferring personal Information

We will only normally share personal information within our Group between leaders and certain of our Group executive members.

We will, however, share your personal information with others outside our Group where we need to meet or enforce a legal obligation. This may include: Esher District Scout Association; the Scout Association and its insurance subsidiary “Unity Insurance”; local authority services; and law enforcement. We are required to obtain DBS clearances in certain circumstances and use “Atlantic Data” which acts as the intermediary for passing data to and from the DBS. We will only share your personal information to the extent needed for those purposes.

If you move from our Group, to another Scout Group or Explorer Scout Unit we will transfer your personal information to them.

We will never sell your personal information to any third party for the purposes of marketing.

Sometimes we may nominate a member for a national award, (such as Scouting or Duke of Edinburgh award) and such nominations would require we provide contact details to that organisation.

Sometimes, in connection with an event, we need to share personal information (including sensitive personal information) with the event provider (e.g. for the purpose of indemnity). 

Your personal data will be treated as strictly confidential.  We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. We will take steps to anonymise the data we provide (i.e. collective reporting on gender, ethnicity, age, etc.) where necessary. 

Third Party Data Processors

The Group employs the services of the following third-party data processors: -


·         The Scout Association via its adult membership system “Compass” which is used to record the personal information of leaders, adults and parents who have undergone a DBS check.

·         Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records etc, of our members with whom we have a data processing agreement in place. More information is available at https://www.onlinescoutmanager.co.uk/security.php

·         Dropbox occasionally used for secure storage and/or transfer of limited personal information.

·         Google occasionally used for secure storage and/or transfer of limited personal information.

·         Microsoft occasionally used for secure storage and/or transfer of limited personal information.

Automated decision making

The Group does not have any automated decision-making systems.

Transfers outside the EU

The Group will not transfer your personal information outside of the EU, with the exception where an Event is taking place outside of the EU and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.  Certain third-party data processors may store data on servers hosted outside the EU.  

7.            How do we protect personal data?

We take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.

8.            How long do we keep your personal data?

We will retain your personal information throughout the time you/your child is a member of the Group.  Personal information on children who are on the waiting list but do not join the Group will be deleted within 2 months of it becoming clear they will not be joining the Group.

We will retain your full personal information for a period of one year after you have left the Group and in a much more limited form (just name, badge and attendance records) for a period of up to 7 years (or until the age 21) to fulfil our legal obligations for insurance and legal claims.

We will also keep any Gift Aid information and accounting records for the statutory 7 years as required by HMRC (which may be beyond age 21).

For adults who have asked to be kept informed about the Group (including being notified of fundraising events), we will keep your personal data until you ask us to stop doing so.

9.            Your rights and your personal data 

You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

·         The right to be informed – you have a right to know how your data will be used by our Scout Group.

·         The right to access your personal data – you can ask us to share with you the data we hold about you or your child(ren).

·         The right to rectification – you can ask us to update your data if it’s inaccurate or if something is missing.

·         The right to erasure – you have the right to request that we delete any personal data we hold about you or your child(ren), unless we need to hold the information for legal reasons.  However, some information is essential if we are to safeguard you or your child(ren)’s interests:  for example, having parental contact information and medical information if your child(ren) are undertaking scouting activities.

·         The right to restrict processing – if you think there’s something wrong with the data being held about you, or you aren’t sure if we are complying to rules, you can restrict any further use of your data until the problem is resolved.

·         The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.

·         The right to object – you can object to the ways your data is used. This will make it easier for you to avoid unwanted marketing communications and spam from third parties.

·         Rights in relation to automated decision making and profiling – this protects you in cases where decisions are being made about you based entirely on automated processes rather than a human input.

Please contact your child(ren)’s leader, our Group Scout Leader or our Data Protection Officer if you wish to discuss or review the information we hold about you and/or your child(ren). 

10.        Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

11.        Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer at 1st Claygate Scouts, Oaken Lane, Claygate KT10 0RQ or email gsl@claygatescouts.org .

last updated: 28/05/2018