The leadership team and Executive committee of the 12th Winchester Scout Group (“the Group”) take the safekeeping and proper use (or, “data processing”) of the personal data of our members, their parents and carers, and all our volunteers (“the data subjects”) very seriously. We have revised our data protection policy in line with the General Data Protection Regulation (“GDPR”), which is in force in the UK from 25th May 2018 and which applies to our Group in exactly the same way that it does to businesses and other organisations.
The GDPR introduces six lawful grounds for the processing of personal data. We rely under consent under article 6 (1) (a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Our commitment to our data subjects
In line with the requirements of the GDPR, the Group will:
- Store personal data securely
- Keep personal data only for as long as is necessary and delete it as soon as it is no longer needed
- Ensure that access to any piece of personal data is restricted to those leaders, volunteers or Executive members who need access to it
- Transfer personal data appropriately and securely
Our Privacy Notice (Fair Processing Notice) is as follows:
This Privacy Notice covers all data processing conducted by and within the Group.
- Data Controller
The Data Controller for the Group is Richard Eve at email@example.com.
- Why is the Group processing your personal data?
The safe delivery of scouting for all Beaver Scouts, Cub Scouts and Scouts in our Group depends upon the Group’s Executive Committee holding pertinent pieces of information about the young people, their parents or carers, and our adult volunteers. This information is used to contact you routinely about Scouting events and news affecting our Group and also in any emergency situation. It is also used to collect membership subscriptions.
- What personal data will the Group process?
- Telephone numbers
- Email addresses
- Medical information, including health conditions
- Third party contact details, including GP surgery
- Dietary requirements
NB: information on ethnicity and religion is collected and passed anonymously to the Scout Association only for statistical reporting purposes and we do not have access to it.
- In the Group, who will have access to your personal data?
The information is held by the Group’s Executive committee and leadership team. Section leaders, the Group Scout Leader and the Executive committee may need to access the data in order to carry out the Group’s purpose of providing Scouting activities to its members or in pursuance of their obligations as charity trustees. In certain circumstances, personal data may be shared with a volunteer who acts as an intermediary between leaders and parents or carers during camps and other activities. That individual will be required to keep the data securely for the duration of the event and to destroy it (whether by deleting it electronically or shredding any paper copies) immediately afterwards. We will obtain DBS clearance for all adults handling personal data.
- Outside the Group, who will have access to your personal data?
Personal data may be shared with Winchester District Scout Council, Hampshire Country Scout Council or the United Kingdom Scout Association on occasions where the Group joins in with activities or events run by any of these bodies. Any personal data shared with the organisers of an external activity or event will be shared for the purpose of that activity or event only. Medical or welfare incidents may also necessitate the sharing of personal data. In addition, personal data will be shared with the police and authorities where required in accordance with English law.
- Where will the Group hold your personal data?
- Online Scout Manager – a bespoke, online application for the management of Scout Groups
- Compass – the Scout Association’s online membership service
- Electronically on encrypted computer systems. Information will only be stored on the home computers of the leadership team where those computers incorporate secure and encrypted features.
- In paper documents held by the leadership team. These will be stored securely and destroyed when no longer needed.
- For how long will the Group store your personal data?
The Group will store personal data for as long as is needed. As a minimum this means for the duration of a young person’s membership of the Group. However, we may retain the data beyond this period if we need to in order to fulfil a legitimate Scout-related purpose. This might include fulfilling your request to the transfer of the young person and their data to another Group or in order to respond to an outstanding complaint.
- What is the Group’s legal basis for processing your personal data?
Our legal basis is under Article 6 (1) (a) of the General Data Protection Regulation: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
We consider you to have consented to our processing of your personal data when you complete and return any documentation we send you. This includes forms for new members of the Groups, One Day Activity Information Forms and Nights Away Activity Information Forms. It also includes verbal consent. You are free to withdraw your consent at any time. However, withdrawal may mean that we will have to end the data subject’s membership of the Group as we will not be able to guarantee our compliance with the Scout Association’s rules on the safe delivery of Scouting.
- Your rights
You have the right to request a copy of all of the personal data that the Group holds on you. This is called a Subject Access Request (SAR). If you would like to make a SAR, please contact our Group’s data controller on firstname.lastname@example.org. Please also direct any other queries about how the Group processes your personal data to email@example.com.