|
This Data Privacy
Notice describes the categories of personal
data we process and for what purposes. We
are committed to collecting and using such
data fairly and in accordance with the
requirements of the General Data Protection
Regulations (GDPR).
Who are we?
Our Scout Group, 1st
Claygate Scout Group, is a youth charity.
Our mission is to
actively engage and support young people
(our “members”) in their personal
development, empowering them to make a
positive contribution to society. We
are incorporated by Royal Charter and
operate under the rules of the UK Scout
Association (see
www.scouts.org.uk for more information.)
Our Group Executive
Committee is the data controller for the
information we collect from you. Any
personal data that we collect will only be
used by us in relation to the work we do
with our members and their parents/legal
guardians and through our relationship with
supporters, donors and funders.
1.
Your personal data – what is it?
Personal data relates
to a living individual who can be identified
from that data. Identification can be by
the information alone or in conjunction with
any other information in our possession or
likely to come into our possession. The
processing of personal data is governed by
GDPR.
2.
How we gather personal information
The majority of the
personal information we hold is provided to
us directly by our members, or by their
parents / legal guardians, in either paper
form or via our online membership systems.
In the case of an adult member, data may
also be provided by third party reference
agencies, such as the Disclosure and Barring
Service (DBS). We also hold personal
information on adults who are not members or
parents / legal guardians of members, in
circumstances where the adult voluntarily
assists the Group (e.g. in fundraising
initiatives) or where the adult wishes to
receive information about the Group.
Photographs and video may also be taken at
Scout events.
Where a member is under
the age of 18, this information will only be
obtained from a parent / legal guardian and
cannot be provided by the young person.
Certain information we
obtain may be sensitive personal data, e.g.
medical information, race and religious
beliefs.
3.
How do we process personal data?
We comply with our
obligations under GDPR by keeping personal
data up to date; by storing it securely;
when it is no longer required by removing or
destroying it securely; by not collecting or
retaining excessive amounts of data; and by
protecting personal data from loss, misuse,
unauthorised access and disclosure.
We process the data to
ensure we have the ability to contact the
member, parents and guardians, to inform
them of meetings, events or initiatives that
the Group may be running or local community
events we are occasionally asked to
participate in or help with.
We use personal data
for the following purposes: -
·
we collect personal and medical information
for the protection of that person whilst in
the care of the Scout Group. This is
collected for children when they are put on
the waiting list
·
we collect religious data to be able to
respect a person’s beliefs with regards to
activities, food and holidays
·
race and religious information is also
collected to allow the Scout Association to
complete its census process
·
we collect parents’ occupation details to
ascertain sources of expertise which may be
helpful for the running of scouting
activities and events
·
to enable us to provide a voluntary service
for the benefit of the public in a
particular geographical area as specified in
our constitution
·
to administer membership records
·
to fundraise and promote the interests of
the Scout Group
·
to maintain relationships with current and
former members of the Scouts and their
parents and with Friends of 1st Claygate
·
to manage our volunteers
·
to maintain our own accounts and records
(including the processing of gift aid
applications)
·
to inform interested parties of news,
events, activities and services running at
the Group
·
photographs and video may appear on the
Group’s website, be used for fundraising and
informing interested parties about the Group
as described above
4.
What is the legal basis for
processing the personal data?
We only use your personal information where
that is permitted by the laws that protect
your privacy rights. We only use personal
information where:
a)
consent from the individual has been
received (or the parent / guardian of the
individual, in the case of a child);
b)
processing is necessary to protect
the vital interests of a child (e.g.
allergies or medical requirements);
c)
processing is necessary for the Group’s
legitimate interests unless there is a good
reason to protect the individual’s personal
data which overrides those legitimate
interests;
d)
the processing is necessary for compliance
with a legal obligation.
5.
How we store personal data
We are committed to the
protection of your personal information.
We generally store
personal information in one of three secure
digital online database systems, where
access to that data is restricted to a
limited number of leaders and officers.
Compass: - is
the online membership system of The Scout
Association. This system is used for the
collection and storage of adult personal
data.
Online Scout
Manager: - is an online membership
system run by Online Youth Manager Ltd. This
is a secure membership database where we
store the personal information of Adults and
Youth members for the day to day running of
the group and activities.
Morpheus Solutions:
- is a secure online database we use to
collect and store information on child
members, parents of child members, customers
of scouting fundraising activities (e.g.
annual sales of Christmas trees). We also
store information on payments received for
activities, subscriptions and events. This
database is run solely for the use of the
Group. The information held on the database
is stored in the Amazon Web Services cloud,
based in Dublin, Ireland.
Paper forms
In certain
circumstances, paper forms are still used
(e.g. events (see below)).
Gift Aid
collection forms, will be securely held by
the Group’s Treasurer to record the
eligibility of parents and donors for Gift
Aid. We have a legal obligation to retain
this information for 7 years after our last
claim.
Events
Members of the Group
and adult volunteers attend events and
camps. Where it is necessary to fulfil our
legal obligations, we will be required to
have a less secure means to access personal
information, such as printouts of personal
contacts and medical information, (including
specific event contact forms), rather than
relying on secure digital systems, as often
the events are held where internet and
digital access will not be available. We
will minimise the use of paper to only what
is required for the event/camp.
We will ensure:
a)
Transfer of paper is secure, such as
physical hand to hand transfer.
b)
Paper forms are securely destroyed
after use.
c)
If transferred to somebody, we will
require that they destroy or return the
papers once the event is complete.
Awards
Sometimes we may
nominate a member for a national award,
(such as Queens Scout or Duke of Edinburgh
award). Such nominations would require we
provide contact details to the awarding
organisation, this is most often done via
secure email.
6.
Sharing and transferring personal
Information
We will only normally
share personal information within our Group
between leaders and certain of our Group
executive members.
We will, however, share
your personal information with others
outside our Group where we need to meet or
enforce a legal obligation. This may
include: Esher District Scout Association;
the Scout Association and its insurance
subsidiary “Unity Insurance”; local
authority services; and law enforcement. We
are required to obtain DBS clearances in
certain circumstances and use “Atlantic
Data” which acts as the intermediary for
passing data to and from the DBS. We will
only share your personal information to the
extent needed for those purposes.
If you move from our
Group, to another Scout Group or Explorer
Scout Unit we will transfer your personal
information to them.
We will never sell your
personal information to any third party for
the purposes of marketing.
Sometimes we may
nominate a member for a national award,
(such as Scouting or Duke of Edinburgh
award) and such nominations would require we
provide contact details to that
organisation.
Sometimes, in
connection with an event, we need to share
personal information (including sensitive
personal information) with the event
provider (e.g. for the purpose of
indemnity).
Your personal data will
be treated as strictly confidential. We
will only share your data with third parties
outside of the organisation where there is a
legitimate reason to do so. We will take
steps to anonymise the data we provide (i.e.
collective reporting on gender, ethnicity,
age, etc.) where necessary.
Third Party Data Processors
The Group employs the services of the
following third-party data processors: -
·
The Scout Association via its adult
membership system “Compass” which is
used to record the personal information of
leaders, adults and parents who have
undergone a DBS check.
·
Online Youth Manager Ltd (Online Scout
Manager) which is used to record the
personal information, badge records, event
and attendance records etc, of our members
with whom we have a data processing
agreement in place. More information is
available at
https://www.onlinescoutmanager.co.uk/security.php
·
Dropbox
occasionally used for secure storage and/or
transfer of limited personal information.
·
Google
occasionally used for secure storage and/or
transfer of limited personal information.
·
Microsoft
occasionally used for secure storage and/or
transfer of limited personal information.
Automated decision making
The Group does not have any automated
decision-making systems.
Transfers outside the EU
The Group will not
transfer your personal information outside
of the EU, with the exception where an Event
is taking place outside of the EU and it is
necessary to provide personal information to
comply with our legal obligations, although
generally such an event will have its own
data collection form which will be securely
held and disposed of after the event.
Certain third-party data processors may
store data on servers hosted outside the
EU.
7.
How do we protect personal data?
We take appropriate
measures to ensure that the information
disclosed to us is kept secure, accurate and
up to date and kept only for as long as
necessary for the purpose for which it is
used.
8.
How long do we keep your personal
data?
We will retain your
personal information throughout the time
you/your child is a member of the Group.
Personal information on children who are on
the waiting list but do not join the Group
will be deleted within 2 months of it
becoming clear they will not be joining the
Group.
We will retain your
full personal information for a period of
one year after you have left the Group and
in a much more limited form (just name,
badge and attendance records) for a period
of up to 7 years (or until the age 21) to
fulfil our legal obligations for insurance
and legal claims.
We will also keep any
Gift Aid information and accounting records
for the statutory 7 years as required by
HMRC (which may be beyond age 21).
For adults who have
asked to be kept informed about the Group
(including being notified of fundraising
events), we will keep your personal data
until you ask us to stop doing so.
9.
Your rights and your personal data
You have the right to
object to how we process your personal
information. You also have the right to
access, correct, sometimes delete and
restrict the personal information we use. In
addition, you have a right to complain to us
and to the data protection regulator.
Unless subject to an
exemption under the GDPR, you have the
following rights with respect to your
personal data: -
·
The right to be informed
– you have a right to know how your data
will be used by our Scout Group.
·
The right to access your
personal data – you can ask us to share
with you the data we hold about you or your
child(ren).
·
The right to rectification
– you can ask us to update your data if it’s
inaccurate or if something is missing.
·
The right to erasure –
you have the right to request that we delete
any personal data we hold about you or your
child(ren), unless we need to hold the
information for legal reasons. However,
some information is essential if we are to
safeguard you or your child(ren)’s
interests: for example, having parental
contact information and medical information
if your child(ren) are undertaking scouting
activities.
·
The right to restrict
processing – if you think there’s
something wrong with the data being held
about you, or you aren’t sure if we are
complying to rules, you can restrict any
further use of your data until the problem
is resolved.
·
The right to data
portability – this means that if you ask
us we will have to share your data with you
in a way that can be read digitally – such
as a pdf. This makes it easier to share
information with others.
·
The right to object –
you can object to the ways your data is
used. This will make it easier for you to
avoid unwanted marketing communications and
spam from third parties.
·
Rights in relation to
automated decision making and profiling –
this protects you in cases where
decisions are being made about you based
entirely on automated processes rather than
a human input.
Please contact your
child(ren)’s leader, our Group Scout Leader
or our Data Protection Officer if you wish
to discuss or review the information we hold
about you and/or your child(ren).
10.
Further processing
If we wish to use your
personal data for a new purpose, not covered
by this Data Protection Notice, then we will
provide you with a new notice explaining
this new use prior to commencing the
processing and setting out the relevant
purposes and processing conditions. Where
and whenever necessary, we will seek your
prior consent to the new processing.
11.
Contact Details
To exercise all relevant rights, queries or
complaints please in the first instance
contact our Data Protection Officer at 1st
Claygate Scouts, Oaken Lane, Claygate KT10
0RQ or email
gsl@claygatescouts.org .
|
