Privacy Policy – 4th Huddersfield Golcar Scout Group

About this Policy

For the purposes of this Policy ‘The Scout Group’ includes;

‘4th Huddersfield Golcar Scout Group’ Registered Charity Number: 1139501,

Our partnered Explorer Scout Unit ‘4th Golcar Explorer Scouts’,

Our trading/fundraising activities including;

Golcar Scout and Community Centre

Golcar Local

 

Last Updated: 01/04/2019

Last Reviewed: 14/04/2019

 

 

This policy is written in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA2018).

We adhere to current UK legislation which governs the collection, storage and use of personal data.

Who does this policy apply to?

This policy applies to all members/associate members of ‘The Scout Group’, prospective members and their parents/guardians, visitors to any of our websites and people who contact us directly (including electronic means). Anyone who contacts us or takes part in any of our trading/fundraising activities, including but not limited to; ‘Golcar Scout and Community Centre’, ‘Golcar Local’ and general fundraising events. Collectively known as ‘The Data Subjects’.

What data will we collect?

So that we can safely deliver Scouting within ‘The Scout Group’ we need to hold personal information about all our members.

This information will include; Name, Address, Email, Phone, Medical Details (including Doctors Surgery), Allergies, Dietary Requirements, School and abilities (for example; ability to swim) on all our members. Along with these records, we will also store, Name, Address, Email, Phone details of our members' parents/guardians and/or their nominated emergency contact/s.

For our adult volunteers, additional data will be collected to enable us to complete an enhanced Disclosure and Barring Service (DBS) check.

For our trading/fundraising activities, we will collect data that is relevant to enable us to run the event/activity. This data will be provided by the end user.

Data collected via our websites may include but is not limited to; browser and host information and statistics, your public IP Address and information which you provide in any contact form.

Who is our Data Controller?

The Trustees of ‘4th Huddersfield Golcar Scout Group’ is the Data Controller for all data collected, stored, processed and used within the Group.

The Scout Association is a data controller in common with the local Executive Committees for adult volunteer data which is collected on the Compass membership system. Local Executive Committees include ‘The Scout Group’, ‘Huddersfield South West District Scout Council’ and ‘West Yorkshire County Scout Council’.

Who is our Data Processors and where is the data stored?

For most of our member data, we utilise a product called ‘Online Scout Manager’ (OSM) developed and maintained by ‘Online Youth Manager Ltd’.  This system has been specifically designed for Scouting organisations. See References for further information.

We use ‘Dropbox’, an online cloud storage platform for storing ‘The Scout Group’ records, including but not limited to; Programme planning, event planning, financial records, template documents and archives.

We use ‘Google G Suite’ an online cloud-based email, storage and office suite service. ‘The Scout Group’ uses this platform for storing ‘The Scout Group’ records, including but not limited to; Programme planning, event planning, financial records, template documents and archives. This product is also used for collecting and processing data from ‘google forms’.

‘Google Analytics’ is used on all of ‘The Scout Group’ websites to allow us to see usage data and help us to enhance our websites.

Our photos and videos are published to ‘Youtube’, ‘Facebook’, ‘Twitter’ and other social media channels where we feel appropriate. Further details on how we use this data can be found in our Photo and Video Policy.

Our main online Photo storage service is based on ‘Smugmug’ this is a cloud-based photo hosting service.

Our websites are hosted in the UK. Our websites use several content management systems and software to keep our data safe.

Who will have access to this data?

Volunteers of ‘The Scout Group’ will have varying levels of access to this information according to their role, information needs and the requirement to complete their tasks.

‘The Scout Group’ will periodically join in events organised by other entities within the wider Scouting Movement. Where appropriate for the event to take place, we will, where required, share personal information with the event organisers, this may include, but is not limited to; member data, medical details and parent/guardian and emergency contact details.

Our Volunteer data will be accessible to line management and The Scout Associations headquarters teams.

What is our Lawful Basis for Processing Personal Data?

We use a range of lawful basis for processing Personal Data within ‘The Scout Group’ these include;

Contract

For most of our member data, we can’t provide a service to our members without key information to keep our members safe.

Consent

We ask all our members to complete the following Consent statement when adding and updating personal information on OSM.

“I give consent for the storage and processing of sensitive personal information, including medical details (these are required for the safety of your child). I understand these may be shared with other Scout groups/organisers if/when my child moves sections or attends external events.”

Our social media accounts can be ‘followed’/’liked’ and these are done so by members/public as they wish to do so, the action of the ‘following’ or ‘liking’ our accounts is them giving consent. Information on individuals is stored and managed by the social media provider.

Legitimate interests

We use legitimate interests for our Photo and Video policy.

Legal Obligation

HMRC requires us to hold financial records and Gift Aid records for a period of at least 7 years.

How long do we retain data for?

We will retain data for as long as ‘The Data Subject’ remains a part of our Group and for up to 12 months after. After 12 months, we will retain some data in a limited form, name and badge records.

Accident Reports will be kept until the data subject is 21 years old.

Financial and statutory data required by HMRC will be kept for at least 7 years.

Social Media contact may be kept longer, however, this is controlled by the individual.

Third Party Websites

We may, from time to time, post links in our social media, emails, websites etc to third party websites. If you visit one of these websites, please make yourself aware of their own privacy policies as we have no control over the content and collection of data from you visiting these sites.

Your Rights

Individuals can request a copy of their personal data by making a Subject Access Request (SAR) to us via [email protected]

In some cases, you may be required to request data directly from third parties, however we will advise if this is the case.

If you have any questions about our policy or data we hold, please direct these to [email protected]

 

 

 

References

Scouts Data Protection - http://scouts.org.uk/dataprotection

Information Commissioners Office GDPR Guidance - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Disclosure and Barring Service (DBS) - https://www.gov.uk/dbs-check-applicant-criminal-record

Online Youth Manager Ltd – Includes Online Scout Manager (OSM) - https://www.onlinescoutmanager.co.uk/security.html

Dropbox - https://www.dropbox.com/en_GB/security/GDPR

Google G Suite - https://cloud.google.com/security/gdpr/

Google Analytics - https://support.google.com/analytics/answer/6004245?hl=en

Smugmug – https://www.smugmug.com/about/privacy