GDPR Data Privicy Policy
This Data Privacy Notice/Policy describes the categories of personal data 1st Sevenoaks Scout Group process and for what purposes. 1st Sevenoaks Scout Group are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.
This Privacy Notice/Policy applies to members, parents/guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with 1st Sevenoaks Scout Group.
1st Sevenoaks Scout Group are a registered charity with the Charity Commission for England & Wales; charity number 303436.
The Data Controller for 1st Sevenoaks Scout Group is the Executive Committee who are appointed at an Annual General Meeting and are Charity Trustees. The Chair of the Charity Trustees is Nick Roberts firstname.lastname@example.org
From this point on 1st Sevenoaks Scout Group will be referred to as “we”.
Being a small charity, we are not required to appoint a Data Protection Officer.
The majority of the personal information we hold is provided to us directly by you or by the parents or legal guardians of youth members verbally or in paper form or digital form via our online adult membership system Compass or Online Scout Manager for youth members. In the case of adult members and volunteers, data may also be provided by third parties, such as the Disclosure and Barring Service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.
We may collect the following personal information:
We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
In most cases the lawful basis for processing will be through the performance of a contract for personal data and as legitimate interests for your sensitive data.
We use personal data for the following purposes:
We use personal sensitive data for the following purposes:
We will keep certain types of information for different periods of time in line with our retention policy.
The Retention Policy for the data we hold is:
The Scout Association’s Data Protection Policy can be found here and the Data Privacy Notice here.
Young people and other data subjects
We will normally only share personal information with adult volunteers holding an appointment in the 1st Sevenoaks Scout Group.
We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for the1st Sevenoaks Scout Group as well as with The Scout Association Headquarters as joint data controllers.
All data subjects
We will however share your personal information with others outside of 1st Sevenoaks Scout Group where we need to meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes.
We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. For example, we may share data with other Scout Groups if a young person transfers to another Scout Group. We also share data with the Sevenoaks District Explorer Section when the young people are nearing the age to leave Scouts. (14 years).
We will never sell your personal information to any third party.
Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation.
Where personal data is shared with third parties we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.
We generally store personal information in the following ways:
Compass – is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.
Online Scout Manager – is a third party system used for the collection and storage of personal data of young people and adult volunteers for the use of their section leaders in order to run their program. This includes name, DoB, contact details, medical details, attendance record, badge record, events record. OSM is GDPR Compliant. https://www.onlinescoutmanager.co.uk/security.html
In general the personal information we collect will only be stored at a location within the UK.
In addition, adult volunteers will hold some personal data on local spreadsheets/databases.
Printed records and data held while attending events – paper is sometimes used to capture and retain some data for example:
Paper records for events are used rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
A link to this website page is provided to those whose data is being processed by us. A printed version is also available on request.
As a Data Subject, you have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk).
Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:
The www.1stsevenoaks.org.uk website is built using WordPress and generic cookies associated with this application may be stored on your computer
Forms related cookies:
When you submit data through a form such as those found on our contact pages or comment forms, cookies may be set to remember your user details for future correspondence.
Third Party Cookies:
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Privacy information page.
If you have any queries relating to this Privacy Notice or our use of your personal data, please contact us by email. Nick Roberts, Executive Committee Chairman, email@example.com
VERSION NUMBER 1 – September 2018