top of page

Data Privacy Notice

Data Privacy Notice (V2.  09 May 2023)

1. What is our data privacy notice/policy?

7th Purley (All Saints Kenley) Scout Group (the Group) is committed to protecting the rights and privacy of individuals.

Our Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes. The Group is committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR) and Data Protection Act 2018 (DPA 2018), the English law that encompasses GDPR.

2. Who are we?

The Group is a youth charity. Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society. We are incorporated by Royal Charter and are regulated as a member of the UK Scout Association, (see www.scouts.org.uk for more information.) As part of The Scout Association we are not required to be individually registered with the UK Charity Commission.

Every year we hold an Annual General Meeting (AGM) where members of the Group Trustee Board are elected;  any parent/carer of a youth member can volunteer to become a trustee at the AGM and every parent/carer has the right to attend the AGM.

The Group is based at The Church Hall, All Saints Church, Church Road, Kenley, Surrey CR8 5DU.

The Group is governed by the rules (Policy, Organisation and Rules or P.O.R) of the Scout Association and the Group’s own Constitution.

The Group Trustee Board is the data controller for the information we collect from you. The Group Trustee Board members are appointed at an Annual General Meeting and are Charity Trustees. Any personal data that we collect will only be in relation to the work we do with our members or through the Group’s relationship with supporters, donors and funders.

Being a small charity, the Group is not required to appoint a Data Protection Officer.

3. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the possession of the Group or likely to come into such possession. The processing of personal data is governed by GDPR and the Data Protection Act 2018 (DPA 2018).

4. How do we gather personal information?

The majority of the personal information held by the Group is provided directly to us by youth members or by parents / legal guardian in either paper form or via the Group’s online membership systems, in the case of an adult member, data may also be provided by third party reference agencies, such as the Disclosure and Barring Service (DBS).

Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person.

5. How do we process your personal data?

The Group complies with its obligations under the GDPR legislation by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

The Group processes the data in order to have the ability to contact the member, parents and guardians, to inform them of meetings and events that the Group itself may be running or attending.

The Group may collect the following personal information:

  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.

  • Date of birth – so that we can ensure young people are allocated to the appropriate Section for their age and that adults are old enough to take on an appointment with Scouting.

  • Gender – so that we can address individuals correctly and accommodate for any specific needs.

  • Emergency contact information – so that we are able to contact someone in the event of an emergency.

  • Government identification numbers e.g. national insurance, driving licence, passport – to be able to process volunteer criminal record checks.

  • training records – so that members can track their progression through the Scout programme or adult training scheme.

  • Race or ethnic origin – so that we can make suitable arrangements based on members cultural needs.

  • Health records – so that we can make suitable arrangements based on members medical needs.

  • Criminal records checks (DBS) – to ensure Scouting is a safe space for young people and adults.

 

6. What is the lawful basis for processing your data?

The Group complies with its obligations under GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

In most cases the lawful basis for the processing of personal data will be by consent of our adult volunteers and legitimate interest for personal data of our youth members. Sensitive (special category) data for both adult volunteers and our youth members will mostly align to the lawful basis of legitimate activities of an association.  Explicit consent is requested from parents/guardians to take photographs of our members. On occasion the Group may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions it will be made clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.

The Group uses personal data for the following purposes:

  • to provide information about Scout meetings, activities, training courses and events to members and other volunteers in the Group

  • to provide a voluntary service for the benefit of the public

  • to administer membership records

  • to fundraise and promote the interests of Scouting

  • to manage volunteers

  • to maintain the Group’s accounts and records (including the processing of gift aid applications)

  • to inform members and parents/carers of news, events, activities and services being run or attended by the Group

  • to ensure and evidence suitability if volunteering for a role in Scouting

  • to contact next of kin in the event of an emergency

  • to ensure leaders and volunteers maintain the correct qualifications and skills.

 

The Group uses personal sensitive (special) data for the following purposes:

  • for the protection of a person’s health and safety whilst in the care of the Group

  • to respect a person’s religious beliefs with regards to activities, food and holidays

  • for equal opportunity monitoring and reporting

 

7. How do we store personal data?

The Group generally stores personal information in the following ways:

Compass is the online membership system of The Scout Association, this system is used for the collection and storage of personal data for leaders and volunteers.

Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where the Group stores the personal information of adult and youth members for the running of the Group. In addition, adult volunteers may hold some personal data on local spreadsheets/databases. This will be kept securely and will not be retained for longer than necessary.

 

Dropbox is a secure online system used to store information relate to the running of the Group including gift aid forms and subscription records.

Sage is used to maintain the Group’s financial records. Records of payments and receipts are stored on Sage which may include the name of the parent/carer and the child. This is a cloud based system which is password protected and access is limited to authorised Group signatories. The independent examiner is given read-only access for the purpose of conducting the examination of the accounting records.

Printed records and event data

Paper is still used within the sections to capture and retain some data for example the following: –

  • new joiners forms.

  • new joiners waiting lists.

  • health and contact records update forms.

  • gift aid collection forms.

  • Events’ consent from parents.

  • Events’ coordination with event organisers.

  • award notifications/nominations

 

In the case of joining forms, health and contact update forms, this information is securely held by the leader and transferred to our secure digital systems as soon as possible before the paper form is destroyed.

 

Events

It is hoped that all youth members of the Group will take up the opportunity to attend events and camps. Where it is necessary to fulfil the Group’s legal obligations, the Group will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information (including specific event contact forms) rather than relying on secure digital systems, as the events may be held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp.

 

The Group will ensure:

  • transfer of paper is secure, such as physical hand to hand transfer or registered post.

  • paper forms are securely destroyed after use.

  • secure destruction will be through a shredding machine or securely burned.

  • that paper records are securely held, especially when in transit.

  • if transferred to somebody, we will ensure that they return them when the event is complete.

 

Awards

Sometimes the Group may nominate a member for national award, (such as Jack Petchey Foundation, King’s Scout or Duke of Edinburgh award), such nominations requires the Group to provide contact details to the awarding organisation which is most often done on paper or by email.

Activities

When members participate in Scouting activities outside the Group, contact details are provided to support the activity. This may include Croydon Scout District, Greater London South-West Scout County, other Scout Districts or Counties and The Scout Association.

 

8. How do we share and transfer your personal Information?

Personal data will be treated as strictly confidential.  The Group will normally only share personal information with adult volunteers holding an appropriate appointment in the Group or with third parties outside of the organisation where there is a legitimate reason to do so. The Group will take steps to anonymise the data provided where appropriate (i.e. collective reporting on gender, ethnicity, age, etc.).

The Group will share the personal data of youth members and their parents/guardians with The Scout Association for the purpose of managing safeguarding cases. The privacy and security notice for The Scout Association can be found here:  www.scouts.org.uk/DPPolicy.  The sharing of this data may be via the Online Scout Manager platform which is used by the Group to manage youth membership. The privacy and security notice for OSM can be found here: www.onlinescoutmanager.co.uk/security.html

 

The Group will share personal information with others outside the Group where the Group needs to meet or enforce a legal obligation. This may include, Croydon Scout District, Greater London South-West Scout County, The Scout Association and its insurance subsidiary “Unity”, local authority services and law enforcement. The Group will only share your personal information to the extent needed for those purposes.

 

If youth members move from the Group to another Scout Group or Explorer Scout Unit, the Group will transfer your personal information to them.

 

The Group will never sell personal information to any third party for the purposes of marketing or financial gain.

When members participate in scouting activities outside the Group, contact details are provided to the relevant Scouting organisation.

Personal data will be treated as strictly confidential.  The Group will only share data with third parties outside of the organisation where there is a legitimate reason to do so. The Group will take steps to anonymise the data provided (e.g. collective reporting on gender, ethnicity, age, etc.).

 

Third Party Data Processors

The Group employs the services of the following third-party data processors: –

  • The Scout Association via its adult membership system “Compass” which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service ( DBS) check.

  • Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records etc. We have a data processing agreement in place with online youth manager, more information is available at https://www.onlinescoutmanager.co.uk/security.php.

  • Dropbox occasionally used for secure transfer of personal information within the Group.

  • Google occasionally used for secure transfer of limited personal information for events.

 

Automated decision making

The Group does not have any automated decision-making systems.

 

Transfers outside the UK

The Group will not transfer your personal information outside of the UK, with the exception where an event is taking place outside of the UK and it is necessary to provide personal information to comply with legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.

9. How do we protect your personal data?

The Group takes appropriate measures to ensure that the information disclosed is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.

10. How long do we keep your personal data?

The Group will retain personal information for all current members of the Group.

The Group will retain personal information for a period of one year after a member has left the Group and in a much more limited form (just name, badge and attendance records) for a period of up to 15 years to fulfil the Group’s legal obligations for insurance and legal claims.

Gift Aid collection forms, will be securely held by the Group’s Treasurer to aid in the collection of Gift Aid for monthly membership fees. The Group has a legal obligation to retain this information for 6 years after the last claim as required by HMRC.

When youth members or parent/carers are no longer with the Group, the Group may extend an invitation to be added to the Friend of the Group contact list comprising name and email so that the Group can keep in contact with regards to relevant activities such as jumble sale or reunions.   If requested, the Group will remove details from this distribution list.

9. Your rights and your personal data 

You have the right to object to how the Group processes your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • To be informed about how personal data is processed: this Data Privacy Notice seeks to provide that information.

  • To have personal data corrected:  all members should notify any changes which will be updated without delay.

  • To object to processing:  The Group will comply with all requests as far as possible. Some records are maintained for the formal administration of the charity, for safety and for safeguarding purposes when retention of records will be required.

  • To restrict processing:  The Group will comply with all requests as far as possible,

  • To have personal data erased:  The Group will comply with all requests as far as possible.

  • To request access:  The Group will comply with the current regulations

  • To move, copy or transfer personal data:  The Group will comply with requests as far as possible acknowledging that adult member records are included in Compass.  The transfer of young person’s data within OSM may be possible

 

Please contact the Group Scout Leader or Data Protection Lead for more information in the first instance.

 

10. Further processing

In the event the Group wishes to use personal data for a new purpose, an updated notice explaining the processing conditions and purpose will be provided prior to commencing the processing. Where and whenever possible, the Group will seek prior consent to the new processing.

11. Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact our Data Protection Lead c/o The Group Trustee Board, 7th Purley (All Saints Kenley) Scout Group, The Vicarage, 3 Valley Road, Kenley, Surrey CR8 5DJ (correspondence address only) or email group@7thpurleyscouts.org.uk. The Group is based at All Saints Church Hall, All Saints Church, Church Road, Kenley, Surrey CR8 5DU.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

bottom of page