Our Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
- Who are we?
The 21st Medway Scout Group, is an excepted youth charity. Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society.
Every year in July we hold an Annual General Meeting where members of our Executive Committee are elected (our Trustees). Any parent of a youth member can decide to be part of the Executive at the AGM and every parent has the right to attend AGMs.
Our Scout Group Executive Committee is the data controller for the information we collect from you. Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders.
We are based at St. Luke’s Methodist Church, City Way, Rochester, Kent ME1 2BQ.
- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the Scout Group’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
- How do we gather personal information?
The majority of the personal information we hold, is provided to us directly by yourself or by parents / legal guardians in either paper form, or via our online membership system and websites. In the case of an adult member, data may also be provided by third party reference agencies, such as the Disclosure and Barring Service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person.
- How do we process your personal data?
We comply with our obligations under the “GDPR”;
- by keeping personal data up to date;
- by storing and destroying it securely;
- by not collecting or retaining excessive amounts of data;
- by protecting personal data from loss, misuse, unauthorised access and disclosure;
- by ensuring that appropriate technical measures are in place to protect personal data.
We process the data to have the ability to contact members, parents and guardians, to inform them of meetings and events that the group itself may be running or attending.
- How do we use personal data?
We use personal data for the following purposes;
- we collect personal and medical information for the protection of that person whilst in the care of the Scout Group;
- we collect religious data to respect a person’s beliefs with regards to activities, food and holidays;
- to enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;
- to administer membership records;
- to fundraise and promote the interests of the Scout Group;
- to manage our volunteers;
- to maintain our own accounts and records (including the processing of gift aid applications);
- to inform you of news, events, activities and services running at the 21st Medway Scout Group.
- What is our legal basis for processing your/your child(ren)’s personal data?
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where;
- we need to use the information to comply with our legal obligations;
- we need to use the information to contact you, regarding meetings, events, collection of membership fee’s etc. (i.e. for the day to day running of the group);
- it is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services within scouting;
- the processing is necessary for your legitimate interests or the legitimate interests of our Scout Group, unless there is a good reason to protect your personal data which overrides those legitimate interests.
- How do we store personal data?
We are committed to the protection of your personal information.
We generally store personal information in one of two secure digital online database systems, where access to that data is restricted and controlled:
- Compass is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
- Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of adults and youth members for the day to day running of the group.
We keep records of payments on paper and in spreadsheets where payments were made by cash or cheque or prior to our adoption of Online Scout Manager. Spreadsheets are either stored on password protected and encrypted computers, or in secured cloud storage such as Microsoft or Google.
We keep records of past members in spreadsheets where membership pre-dated our adoption of Online Scout Manager.
Our websites store personal information provided during online sign up for events managed outside Online Scout Manager. Websites are hosted in secure data centres in the United Kingdom. Websites use the same HTTPS/SSL protection as banks to secure data in transit and data is encrypted at rest.
Occasionally leaders store names, telephone numbers and email addresses in contact and messaging software on mobile devices and supporting cloud services to assist communication with members, parents and guardians. This may sometimes also include postal addresses for GPS / navigation software so we can deliver letters and forms or return children home. Additional personal information may also be stored if provided to us by text message or email. Where mobile devices are used for personal information, they are protected with a strong pin, password or biometrics, encrypted, and have a 'remote wipe' feature enabled.
- How about printed records and event data?
Paper is still used within Sections to capture and retain some data for example the following;
- new joiners form;
- uniform order form;
- health and contact records update forms;
- Gift Aid collection forms (pre-OSM);
- event attendance consent;
- event coordination with event organisers;
- award notifications/nominations.
In the case of joining, uniform, health and contact update forms, this information is securely held by leaders, and transferred to our secure digital systems as soon as possible before the paper form is destroyed.
Gift Aid collection forms, will be securely held by the Groups Treasurer to aid in the collection of Gift Aid for monthly membership fees. We have a legal obligation to retain this information for 7 years after our last claim.
As a member of the 21st Medway Scout Group it is hoped you will take up the opportunity to attend events and camps. Where it is necessary to fulfil our legal obligations we will be required to potentially use a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems as often events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp. We will ensure;
- transfer of paper is secure, such as physical hand to hand transfer or registered post;
- paper forms are securely destroyed after use;
- secure destruction will be through a shredding machine or securely burned;
- paper records are kept secure, especially when in transit, by using:
- a lockable brief case; or
- a lockable filing cabinet.
- if transferred to somebody, we will audit that they return them when the event is complete.
- How do we share and transfer personal information?
We will only normally share personal information between our Scout Group's Leaders and Executive members.
We will however share your personal information with others outside our Scout Group where we need to meet or enforce a legal obligation, this may include, Medway Towns Scout District, Kent Scout County (known as Kent Scouts), The Scout Association, and its insurance subsidiary “Unity”, local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes.
If you move from the 21st Medway Scout Group to another Scout Group or Explorer Scout Unit we will transfer your personal information to them if you request it.
We will never sell your personal information to any third party for the purposes of marketing.
Sometimes we may nominate a member for an award (such as Scouting or Duke of Edinburgh awards). Such nominations would require we provide contact details to that organisation. Such nominations would require we provide contact details to the awarding organisation, which is most often done on paper via registered post, or by secure email or online form.
Your personal data will be treated as strictly confidential. We will only share your data with third parties outside of our organisation where there is a legitimate reason to do so. We will take steps to anonymise the data we provide (i.e. collective reporting on gender, ethnicity, age, etc.). If identifiable data is to be shared we will seek your consent.
- What third party data processors do we use?
The 21st Medway Scout Group employs the services of the following third-party data processors;
- The Scout Association via its adult membership system “Compass” which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service (DBS) check;
- Online Youth Manager Ltd (Online Scout Manager) which is used to record personal information, badge records, event and attendance records etc. We have a data processing agreement in place with online youth manager, more information is available at: https://www.onlinescoutmanager.co.uk/security.php
- Dropbox is occasionally used for secure transfer of limited personal information for events;
- Google is occasionally used for secure transfer of limited personal information for events;
- Microsoft is occasionally used for secure transfer of limited personal information for events.
- Do we use automated decision making?
The 21st Medway Scout Group does not have any automated decision-making systems.
- Do we transfer personal information outside the UK?
The 21st Medway Scout Group will not transfer your personal information outside of the UK, with the exception where an event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations. Generally such an event will have its own data collection form which will be securely held and disposed of after the event.
- How do we protect personal data?
We take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.
- How long do we keep your personal data?
We will retain your personal information throughout the time you/your child(ren) are a member of 21st Medway Scout Group.
We will retain your full personal information for a period of one year after you have left the 21st Medway Scout Group and in a much more limited form (just name, date of birth, last known address, badge and attendance records) for a period of up to 15 years (or until the age 21) to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21)
- What are your personal information rights?
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data;
- the right to be informed – you have a right to know how your data will be used by our Scout Group;
- the right to access your personal data – you can ask us to share with you the data we have about you;
- the right to rectification – this means you can update your data if it’s inaccurate or if something is missing; (You can view and edit your personal information directly on Online Scout Manager and Compass.)
- the right to erasure – this means that you have the right to request that we delete any personal data we have about you; (There are some exceptions, for example, some information can be held for legal reasons.)
- the right to restrict processing – if you think there’s something wrong with the data being held about you, or you aren’t sure if we are complying to rules, you can restrict any further use of your data until the problem is resolved;
- the right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally - such as a pdf or spreadsheet - making it easier for you to move your information to other organisations;
- the right to object – you can object to the ways your data is being used, making it easier to avoid unwanted marketing communications and spam from third parties;
- rights in relation to automated decision making and profiling – this protects you in cases where decisions are being made about you based entirely on automated processes rather than human input.
Please contact your child(ren)’s Section Leader or our Group Scout Leader in the first instance.
Whether or not you exercise your new rights is up to you – the main thing to remember is that they’re there if you need them.
- What if we want to do further processing?
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- Who should you contact?
To exercise all relevant rights, queries or complaints please in the first instance contact the Group Scout Leader of the 21st Medway Scout Group on 07961 076000 or by email via our Contact Form.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
- What about non-member and prospective member personal information?
Non-member and prospective member data may be processed by the Scout Group. Non-members and prospective members are either;
- other adult members of The Scout Association;
- business, service and voluntary organisations who have, do and may provide or share services to the 21st Medway Scout Group using a named person as contact;
- young people, parents and guardians who have expressed interest in joining the 21st Medway Scout Group.
Non-member and prospective member personal information may include name, role, email, telephone and postal address, enabling one-to-one communication and group notification for specific events and activities. Related correspondence may also be stored. In the case of prospective members, a date of birth will be included.
Non-members and prospective members have the same personal information rights as Group members. Again, please contact our Group Scout Leader in the first instance.
Reviewed: 25th May 2018
Note to other Scout Groups:
Feel free to copy and amend our Data Privacy Notice for your own use, with several caveats:
- You must review its contents, removing or adding any irrelevant or missing data processing undertaken by your Group.
- You must ensure you have processes in place to accommodate the rights of individuals highlighted in section 15, and ensure continuous management of your data processing.
We found two key resources which helped us review our GDPR compliance:
- The Scout Association GDPR Toolkit: (Make sure you’re looking at the latest version.)
A comprehensive GDPR framework including general guidance, FAQs, management tools and videos.
- South London County Scouts – 12 Practical Steps to achieve GDPR compliance:
Well presented, down to earth and comprehensive GDPR guidance targeted specifically at Scout Groups. Includes a number of Group appropriate templates. Our Data Privacy Notice started with South London’s template!
Feel free to use our contact form if you'd like assistance with sensible interpretation of Scout Groups' obligations under GDPR. Remember though, responsibility to ensure you are compliant remains with you.