V2. Updated August 2021
This privacy notice describes the categories of personal data 3rd Wombourne Scout Group process and for what purposes. 3rd Wombourne Scout Group are committed to collecting and using such data fairly and in accordance with the requirements of the EU General Data Protection Regulations (GDPR) and Data Protection Act 2018.
This Privacy Notice/Policy applies to members, parents/guardians of youth members, volunteers, donors and members of the public who will make contact with 3rd Wombourne Scout Group.
Who We Are
3rd Wombourne Scout Group are an excepted charity by the Charity Commission for England and Wales. The Data Controller for 3rd Wombourne Scout Group is the Executive Commitee who are appointed at an Annual General Meeting who are Charity Trustees.
From this point on 3rd Wombourne Scout Group will be referred to as “we” or “The Group”.
Data Controller and Data Protection Officer
Our Group Scout Leader is the Data Controller and Data Protection Officer for the information we collect from you. Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders. You can contact the group and Data Controller using the contact us page on our website or speak to any of the section leaders.
The Data We May Process
The majority of the personal information we hold, is provided to us directly by you or by the parents or legal guardians of youth members verbally or via our online membership systems Compass and Online Scout Manager (OSM). The privacy and security notice for OSM can be found here: https://www.onlinescoutmanager.co.uk/security.html. In the case of adult members and volunteers, data may also be provided by third parties, such as the Disclosure and Barring Service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.
We may collect the following personal information:
- Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
- Date of birth – so that we can ensure young people are allocated to the appropriate Section for their age and that adults are old enough to take on an appointment with Scouting.
- Gender – so that we can address individuals correctly and accommodate for any specific needs.
- Emergency contact information – so that we are able to contact someone in the event of an emergency.
- Government identification numbers e.g. national insurance, driving licence, passport – to be able to process volunteer criminal record checks.
- Bank account details, and tax status information – so that we are able to pay any staff that might be employed by us and collect gift aid from HMRC where donations are made.
- Training records – so that members can track their progression through the Scout programme or adult training scheme.
- Race or ethnic origin – so that we can make suitable arrangements based on members cultural needs.
- Health records – so that we can make suitable arrangements based on members medical needs.
- Criminal records checks – to ensure Scouting is a safe space for young people and adults.
The lawful basis we process your data by
We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
In most cases the lawful basis for processing will be through the performance of a contract for personal data of our adult volunteers and legitimate interest for personal data of our youth members. Sensitive (special category) data for both adult volunteers and our youth members will mostly align to the lawful basis of legitimate activities of an association. Explicit consent is requested from parents/guardians to take photographs of our members. On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events.
We use personal data for the following purposes
- To provide information about Scout meetings, activities, training courses and events to our members and other volunteers in the group.
- To provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution
- To administer membership records
- To fundraise and promote the interests of Scouting
- To manage our volunteers
- To maintain our own accounts and records (including the processing of gift aid applications)
- To inform you of news, events, activities and services being run or attended by the group
- To ensure and evidence your suitability if volunteering for a role in Scouting
- To contact your next of kin in the event of an emergency
- To ensure you have and maintain the correct qualifications and skills.
We use personal sensitive (special) data for the following purposes:
- For the protection of a person’s health and safety whilst in the care of the group.
- To respect a person’s religious beliefs with regards to activities, food and holidays
- For equal opportunity monitoring and reporting.
Our retention periods
We will keep certain types of information for different periods of time in line with our retention policy.
We will retain your personal information and that of any youth members throughout the time you/your child is a member of the group.
We will retain your personal information after you have left the group in a much more limited form (just name, badge and attendance records) for a period of up to 7 years (or until the age 21) to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21).
The Scout Association’s Data Protection Policy can be found here and the Data Privacy Notice here.
Joint control of membership data
The Scout Association and 3rd Wombourne Scout Group process the data of members, parents/guardians of youth members, volunteers on our membership databases (OSM and Compass). This data is processed between the local Scout Groups and The Scout Association. Information The Scout Association and 3rd Wombourne Scout Group hold about members, parents/guardians of youth members, volunteers may include the following:
- name and contact details
- length and periods of membership and volunteer service (and absence from membership and service)
- details of training you receive
- details of any youth badges and awards
- details of your experience, qualifications, occupation, skills and any awards you have received
- details of Scouting events and activities you have taken part in
- details of next of kin or parents details (in the case of youth members)
- age/date of birth
- details of any health conditions
- details of disclosure checks
- any complaints we have received about the member
- details about your role(s) in Scouting
- details about your membership status
- race or ethnic background and native languages
- religion
- nationality
Processing Activities
The following is a list of common data processing activities for members, parents/guardians of youth members, volunteers data on the membership systems. This includes an indication of which entity carries out this activity which is shared with the other.
Processing Activity | Description | Processing entity |
Scout Member capture | Initial data load of a new Scout Member onto the membership database | 3rd Wombourne Scout Group |
Scout Member disclosure check | Disclosure checks for any adult Scout Members that require them | 3rd Wombourne Scout Group initiate
The Scout Association complete the check |
Scout Member operational administration | This may include: Scout Member data updates Maintaining training record Events attended Permits approved Badges awarded |
3rd Wombourne Scout Group and The Scout Association |
Scout Member disciplinary | Scout Member disciplinary detail capturing where a Scout Member has breached POR or any other Scout policy | 3rd Wombourne Scout Group initiate
The Scout Association involved if severity meets a policy threshold |
Scout Member leaving | The updating of an individual’s membership status post leaving the association. | 3rd Wombourne Scout Group |
Scout Member data reporting | Reporting on trends and monitoring data to be able to demonstrate The Scouts impact and to attract funding (this may include optional special category data of the Scout Members) | The Scout Association
3rd Wombourne Scout Group may access special category data for Census and local Scouting delivery |
Sharing your information
Young people and other data subjects
We will normally only share personal information with adult volunteers holding an appointment in the group.
If you move from 3rd Wombourne Scout Group to another Scout Group or Explorer Scout Unit we will transfer your personal information to them for the purposes of maintaining records.
Adult volunteers
We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for the group as well as with The Scout Association Headquarters as data controllers in common.
All data subjects
We will however share your personal information with others outside of the group where we need meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes.
We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.
We will never sell your personal information to any third party.
Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation.
Where personal data is shared with third parties we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.
How we Store Personal Data
We store personal information in the following ways:
Compass – is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.
Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the group. You can view the security policy of OSM here.
Compass is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
As a group we use Go Cardless, through Online Scout Manager, to process payments for attending any camps or events. You can view the GDPR Security Policy of Go Cardless here.
Google Suite is used to provide an email and file storage system for adult members of the group.
We will minimise the use of paper in the group for data security purposes. Where paper is used (for example printouts of personal information taken to specific events) we will ensure these are destroyed as soon as possible after the event. We will minimise the use of paper to only what is required for the event/camp. No paper copies of personal data is stored for longer than is absolutely necessary.
Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Your rights
As a Data Subject, you have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk).
Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:
- The right to be informed – you have a right to know how your data will be used by us.
- The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request.
- The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing. Adult members will be able to edit and update some information directly on The Scout Association’s Compass membership system.
- The right to erasure – this means that you have the right to request that we delete any personal data we have about you. There are some exceptions, for example, some information will be held by The Scout Association for legal reasons.
- The right to restrict processing – if you think that we are not processing your data in line with this privacy notice then you have the right to restrict any further use of that data until the issue is resolved.
- The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.
- The right to object – you can object to the ways your data is being used.
Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input, it’s highly unlikely that this will be used by us.
How can a subject know what data is held
You may see a copy of the data we hold about you and you may ask that we correct any inaccuracies. Parents of youth members are regularly asked to check the accuracy of information held.
You may ask that we delete the data. However, we may deem that the data (or some of it) should be retained, for example, financial records.
If you want to do either of these things, or if you require any further information, please contact the group.