This Data Privacy Notice/Policy describes the categories of personal data that 4th West Bridgford Scout Group processes and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.
This notice applies to members, parents/guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with 4th West Bridgford (Methodist) Scout Group. It also applies to any young people who are not members of the Group but attend meetings hosted by the Group. The Group consists of a number of sections: Beavers, Cubs, Scouts and Young Explorers. This notices applies to the personal data processing of all those sections.
4th West Bridgford (Methodist) Scout Group are an excepted charity by the Charity Commission for England & Wales. Our data controller is the Executive Committee who are appointed at an Annual General Meeting. Although not legally charity trustees, they hold the same responsibilities and duties as charity trustees. From this point on 4th West Bridgford Scout Group will be referred to as “we”. Being a small charity, we are not required to appoint a Data Protection Officer.
The majority of the personal information we hold, is provided to us directly by you or by the parents or legal guardians of youth members verbally or in paper form, digital form or via our online membership systems Online Scout Manager (which includes the Parent Portal) and Compass.
In the case of adult members and volunteers, data may also be provided by third parties, such as the Atlantic Data (which performs background checks for The Scout Association) and, via Atlantic Data, the Disclosure & Barring Service.
Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person. We may collect the following personal information:
We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
In most cases the lawful basis for processing will be legitimate interests for personal data of our youth members, leaders and adult volunteers. Sensitive (special category) data for leaders, adult volunteers and our youth members will mostly align to the lawful basis of our legitimate activities. Explicit permission is requested from parents/guardians to take photographs of our members.
We may also legitimate interests as the basis for processes photographs where it is not practical to gather and maintain consent such as events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights. Please note that, in most cases, we do not record the identities of the individuals in photos. This avoids unnecessary personal data storage, but also means that these photos are not personal data.
We use personal data for the following purposes: to provide information about Scout meetings, activities, training courses and events to our members and other volunteersto provide a voluntary service for the benefit of the public in our areato administer membership recordsto fundraise and promote the interests of Scoutingto manage our volunteersto maintain our own accounts and records (including the processing of gift aid applications)to inform you of news, events, activities and services being run or attended by usto ensure and evidence your suitability if volunteering for a role in Scoutingto contact your next of kin in the event of an emergencyto ensure you have and maintain the correct qualifications and skills.
We use personal sensitive (special) data for the following purposes: for the protection of a person’s health and safety whilst in our careto respect a person’s religious beliefs with regards to activities, food and holidaysfor equal opportunity monitoring and reporting.
Please note that, for those who joined us before March 2019, we may have used consent as the basis for the processing of some of the above, even though legitimate interests could have been used. Where we have obtained your consent for processing already, this will remain the basis for processing. Otherwise, the basis is as above. Overall, we believe that legitimate interests is the right basis for most of our processing because we only process personal data as the carers for our Beavers, Cubs, and Scouts would expect – to run a Scout Group. Equally, we only process the personal data of our adult volunteers and leaders as they would expect.
We will keep certain types of information for different periods of time in line with our retention policy, which is as follows: We keep most data for the period that the young person or volunteer is with the Scout Group, and for 2 years afterwards (to answer any enquiries from them after leaving, and to enable easier rejoining). Where a young person enquires about joining but does not process, we keep the data for no more than 1 year. Photos of meetings and events are stored indefinitely.
The Scout Association’s Data Protection Policy can be found #here# and the Data Privacy Notice #here#.
We will normally only share personal information with adult volunteers and leaders holding a voluntary position with us. To a limited extent, Rushcliffe District Scout Association and Nottinghamshire Scouts may have access, but solely for the purpose of administering the District and County.
Adult volunteers (including leaders) We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for Rushcliffe district and Nottinghamshire county, as well as with The Scout Association Headquarters as data controllers in common.
We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for Rushcliffe district and Nottinghamshire county, as well as with The Scout Association Headquarters as data controllers in common.
The Scout Association conducts a recurring ‘census’ of all groups. For that, we provided anonymised data to them. The Scout Association only uses this data for statistical purposes. Other than that, we will only share your personal information with others where we need to meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes. We will never sell your personal information to any third party.
Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation. Where personal data is shared with third parties we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.
We generally store personal information in the following ways:
We use this for managing the records of young persons who are members of our sections, or on the waiting lists for our section. It also holds records of our adult volunteers and other leaders. This is necessary to manage and operate our sections and Groups. It even helps us to award badges! Some parts of our Group also use it as an event booking system instead of BookWhen (which we describe below).
is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.
our sections may operate closed Facebook groups so that the carers of young persons in those sections can see photos of section events and meetings, as well as any young persons authorised to use Facebook by their carers. The adult volunteers running those sections uploads those photos. The photos do not name individuals in the photos. If you join one of the Facebook groups, the adult volunteers who acts as group administrator for the relevant group will see your name and Facebook enables the group administrators to see a list of members for the purposes of membership management. Please refer to Facebook’s privacy notices for details of their personal data processing.
if you pay for an event using paypal, depending on how you have configured your privacy settings in Paypal, Paypal will provide your name, email address and possibly address. Please refer to Paypal’s privacy policy and your Paypal settings.
we use this to manage bookings that carers may make for their young people to attend events.
In addition, to the extent necessary, adult volunteers will hold some personal data on local spreadsheets/databases and forms. These may be stored in secure online accounts (such as on Dropbox or Office365). This data is used only to manage the Group. Printed records and data held while attending events – paper is sometimes used to capture and retain some data for example: Gift Aid administrationEvent registrationHealth and contact records forms (for events)Events coordination with event organisers Paper records for events are used rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event. Our accident book is also a paper record[AB1] . This is securely stored and contains minimal personal data. Our accident reporting procedures also include a paper record.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
A link to this website page is provided to those whose data is being processed by us. A printed version is also available on request.
As a Data Subject, you have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk). Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:
Forms related cookies When you submit data through a form such as those found on our website contact pages or comment forms, cookies may be set to remember you your user details for future correspondence. Third Party Cookies In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through our website site.
Our website site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Privacy information page.
Cookies used on Facebook, Paypal, WeBook and any other websites/apps Please refer to the privacy notices and cookie notices of those websites and apps for details.
If you have any queries relating to this Privacy Notice or our use of your personal data, please contact us using the contact details found on our website.
Version 1, last reviewed February 2019.