Privacy Policy
Version 1.3 (January 2021)
This Data Privacy Notice is issued in accordance with the EU General Data Protection Regulation (GDPR) which came into force on 25th May 2018. It covers all data processing activity undertaken within 5th Carlton Scout Group (for the purposes of this document known as 'the Group').
To support our work with young people, we need to collect and retain certain data/personal identifiable information (PII) about those young people, their parents, our adult leaders and helpers.
PII is described as information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your personal data.
Any data processed by the Group will be:
At no time will the Group sell or transfer any of your personal data to any 3rd party for the purposes of marketing. Your personal data will be treated as strictly confidential when being processed by the Group and we will only share your data with 3rd parties outside of the organisation where there is a legitimate reason to do so.
To support our work with young people, we need to collect and retain certain data/personal identifiable information (PII) about those young people, their parents, our adult leaders and helpers.
PII is described as information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your personal data.
Any data processed by the Group will be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and where necessary, kept up to date; every reasonable step will be taken to ensure that any personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
At no time will the Group sell or transfer any of your personal data to any 3rd party for the purposes of marketing. Your personal data will be treated as strictly confidential when being processed by the Group and we will only share your data with 3rd parties outside of the organisation where there is a legitimate reason to do so.
Data Controller/Processor
The data controller within the Group is the Executive Committee. The data controller is defined as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The contacts on behalf of the Group's Executive Committee are:
Steve Baker, Group Scout Leader, or
Geoff Allen, Group Chairman
The Group Scout Leader and Section Leaders will be the main data processors within the Group. A data processor is defined as a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. This means if you have access to the personal data and you do something with it, such as host it in your system, or provide services to the data subject from this data set, you are the data processor. The data processor could also be a third-party system used for data storage.
The contacts on behalf of the Group's Executive Committee are:
Steve Baker, Group Scout Leader, or
Geoff Allen, Group Chairman
The Group Scout Leader and Section Leaders will be the main data processors within the Group. A data processor is defined as a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. This means if you have access to the personal data and you do something with it, such as host it in your system, or provide services to the data subject from this data set, you are the data processor. The data processor could also be a third-party system used for data storage.
Why are we processing your data?
We will process your data to ensure that we can safely deliver Scouting to our members and to contact you regarding any events, activities or news relevant to Scouting and the Group.
What data will we process?
The majority of PII data that we will process will include name, address, telephone number, email. At times may also need to process sensitive personal [i.e. race, ethnic origin, religion] and extra care will be taken when processing this data.
In most cases, the personal data will be provided by the subject themselves or by their parent/guardian or immediate family.
PII will be collected by a number of different ways, including but not limited to:
Young people
The data we will process will include:
Adult members (anyone listed on Compass with an active role within the Group)
The data we will process will include:
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We will use your personal data for the following purposes:
In most cases, the personal data will be provided by the subject themselves or by their parent/guardian or immediate family.
PII will be collected by a number of different ways, including but not limited to:
- Young persons information form (Paper or Digital form)
- Young persons health form (Paper or Digital form)
- Adult information form (Paper or Digital form)
- Adult health form (Paper or Digital form)
- DBS recording form (Paper or Digital form)
- Gift aid form (Paper or Digital form)
- Activity consent forms (Paper or Digital form)
- Email news sign up form (via Mail Chimp)
- Contact us form (via Weebly/the website)
Young people
The data we will process will include:
- First Name
- Surname
- Address
- Date of Birth
- Gender
- Nationality
- Medical Details (including Doctor's name, surgery address and telephone number, NHS number, dietary needs, medical information and additional needs/disabilities)
- Ethnicity
- Religion
- Parents/Emergency Contact Details (including first name, surname, address, gender, relationship to young person, telephone/mobile number and email address)
Adult members (anyone listed on Compass with an active role within the Group)
The data we will process will include:
- First Name
- Surname
- Date of Birth
- Address
- Gender
- Nationality
- Ethnicity
- Religion
- Telephone/Mobile Number
- Email Address
- Medical Details (including Doctor's name, surgery address and telephone number, NHS number, dietary needs, medical information and additional needs/disabilities)
- Emergency Contact Details (including first name, surname, address, relationship to person, telephone/mobile number)
- Information required to submit a DBS disclosure application (including but not limited to, country and town/city of birth, previous addresses, details of any previous forenames or surnames, details of any convictions, reprimands or warnings, national insurance number, details from a driving licence, passport, birth certificate, marriage certificate or another alternative ID document)
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We will use your personal data for the following purposes:
- We collect personal and medical information for the protection of that person whilst in the care of the Group
- We collect religious data to respect a person’s beliefs with regards to activities, food and holidays/festivals.
- To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution
- To administer membership records
- To fundraise and promote the interests of the Group
- To manage our volunteers
- To maintain our own accounts and records (including the processing of gift aid applications);
- To inform you of news, events and activities
What is the legal basis for processing your personal data?
We only use your personal information where it is permitted by the laws that protect your privacy rights. We will only use personal information when:
- We need to use the information to comply with our legal obligations
- We need to use the information to contact with you, regarding meetings, events, collection of membership fee’s etc. (i.e. for the day to day running of the group)
- It is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services within Scouting.
- The processing is necessary for the persons legitimate interests or the legitimate interests of the Group unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Who will have access to this data?
The members of the Group's leadership team and Executive Committee will hold/have access to this data. The Executive Committee, Group Scout Leader and Section Leaders may need to access this data in their role as Charity Trustees.
The Group is part of Central Notts Scout District (the District) and Nottinghamshire County Scouts (the County). The Group will periodically join in events that are run by the District and County and in these cases, data will be shared with the organisers for the purpose of the event only.
Where we run events for the Group, we will share information with a 'Home Contact'. They are usually volunteers in Scouting who will act as a go between at camps for the leadership team to contact parents in an emergency.
The Group is part of Central Notts Scout District (the District) and Nottinghamshire County Scouts (the County). The Group will periodically join in events that are run by the District and County and in these cases, data will be shared with the organisers for the purpose of the event only.
Where we run events for the Group, we will share information with a 'Home Contact'. They are usually volunteers in Scouting who will act as a go between at camps for the leadership team to contact parents in an emergency.
Where will your data be held
Your data will be processed and stored in the following manner:
Young person
Adult members (anyone listed on Compass with an active role with the Group)
Members of the public visiting our website or associated systems
Young person
- By the leadership team on their own personal computer/laptop, tablet or mobile phone
- On Online Scout Manager (OSM) - OSM is a bespoke online application created by Online Youth Manager Ltd to manage the day to day administration of running a Beaver, Cub or Scout section.
- By the leadership team in physical (paper) records
- Mail Chimp - We use the secure system Mail Chimp to send out regular news letters by email. All recipients are able to unsubscribe from the mailing list by clicking on the link at the bottom of each email sent out.
- Email – Any emails sent to our website email address ([email protected]) will be kept until dealt with before being deleted. Should an enquiry about joining the group be sent in, this email will be forwarded onto the Section leader's personal email address and deleted once the young person has joined the Group.
- Weebly/the Website - There are a number of contact forms on our website, all entries made on these forms will be sent via email to the Webmaster at ([email protected]). After each form has been dealt with by the Webmaster the email will be deleted.
- Google Drive - We use Google Drive for Section Leaders to upload photographs of activities to the Website administrator, so that they can be used on the website, social media and presentations/displays.
Adult members (anyone listed on Compass with an active role with the Group)
- By the leadership team on their own personal computer/laptop, tablet or mobile phone
- On Compass, the Scout Association's membership database
- On Atlantic Data, the portal the Scout Association use to process DBS disclosure applications
- On Online Scout Manager (OSM). OSM is a bespoke online application created by Online Youth Manager Ltd to manage the day to day administration of running a Beaver, Cub or Scout section.
- By the leadership team in physical (paper) records
- Mail Chimp - We use the secure system Mail Chimp to send out regular news letters by email. All recipients are able to unsubscribe from the mailing list by clicking on the link at the bottom of each email sent out.
- Email – Any emails sent to our website email address ([email protected]) will be kept until dealt with before being deleted.
- Weebly/the Website - There are a number of contact forms on our website, all entries made on these forms will be sent via email to the Webmaster at ([email protected]). After each form has been dealt with by the Webmaster the email will be deleted.
- SuperSaaS - We have an online booking system for our Group Minibus. The data collected for this system, are for the purpose of contact. Previous bookings will remain on the system, for record purposes.
- Google Drive - We use Google Drive for Section Leaders to upload photographs of activities to the Website administrator, so that they can be used on the website, social media and presentations/displays.
Members of the public visiting our website or associated systems
- Weebly/the Website - There are a number of contact forms on our website, all entries made on these forms will be sent via email to the Webmaster at ([email protected]). After each form has been dealt with by the Webmaster the email will be deleted.
- Weebly/the Website - The Group's website (www.5thcarlton.org.uk) uses cookies. We use cookies to personalise content, to provide social media features and to analyse our traffic. More information regarding our use of cookies can be found on http://www.5thcarlton.org.uk/cookies-policy.html
- SuperSaaS - We have an online booking system for our Group Minibus. The data collected for this system, are for the purpose of contact. Previous bookings will remain on the system, for record purposes.
- Email – Any emails sent to our website email address ([email protected]) will be dealt with by the Webmaster and then deleted.
How long do we retain the data for?
We may keep information for different periods of time for different purposes as required by law or best practice.
We will retain your personal data for as long as the young person is a member of the Group and for a period of one year after they have left the Group. After that we will retain in a much more limited form (i.e. name, badge and attendance records) the data for a period of up to 15 years (or until the age of 21) to fulfill our legal obligations for insurance and legal claims.
If a Data Subject moves to another Scout Group or on to Explorers, we will ask you before we share any data with the new Group.
Gift Aid - as required by the HMRC we will keep a record of declarations for 6 years after the most recent donation Gift Aid was claimed on. Therefore we would retain the data collected on the 'Gift Aid form' for this period of time. The data collected on this form includes: Young persons name/s, Taxpayer's first name, surname and address.
We will retain your personal data for as long as the young person is a member of the Group and for a period of one year after they have left the Group. After that we will retain in a much more limited form (i.e. name, badge and attendance records) the data for a period of up to 15 years (or until the age of 21) to fulfill our legal obligations for insurance and legal claims.
If a Data Subject moves to another Scout Group or on to Explorers, we will ask you before we share any data with the new Group.
Gift Aid - as required by the HMRC we will keep a record of declarations for 6 years after the most recent donation Gift Aid was claimed on. Therefore we would retain the data collected on the 'Gift Aid form' for this period of time. The data collected on this form includes: Young persons name/s, Taxpayer's first name, surname and address.
Subject access request
You are entitled to ask us, in writing, for a copy of the personal data we hold about you. This is known as a subject access request (SAR). In line with legislation, we will not charge a fee for this information and will respond to your request within one month. This is unless this is not possible or deemed excessive, in which case we will contact you within the month of making the SAR.
Other Information
We reserve the right to update this data privacy notice at any time and that any changes will be notified in this document.
Version Number and date of last review
Version
|
Date
|
Reason for Change
|
1.0
|
22/05/2018
|
Baseline
|
1.1
|
27/05/2018
|
Amendment - Top of Policy: Re-wording of paragraph 1 following the 25th May 2018 and the new GDPR coming into force.
Addition - Added bullet point to 'Where will your data be held?' section regarding Google Drive. |
1.2
|
15/05/2019
|
Amendment - Data Controller/Processor Section
Name of Group Scout Leader changed |
1.3
|
01/01/2021
|
Amendment - Methods of Data collection, reflecting digital submissions.
|
Useful Links |