Our Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
2. Who are we?
Our Scout County, is a youth charity. Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society. We are incorporated by royal charter and are regulated as a member of the UK The Scout Association, (see www.scouts.org.uk for more information.) As part of The Scout Association we are not required to be individually registered with the UK Charity Commission.
Every year in May we hold an annual general meeting where members of the charity executive committee (our trustees), are elected, any parent of a youth members can decide to be in the executive at the AGM and every parent has the right to attend the Annual General Meeting.
We are based at 89-91 Hatchett Street, Newtown, Birmingham, B19 3NY.
Our Group Executive Committee is the data controller for the information we collect from you. Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders.
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our Scout Group’s (the data controller’s), possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
The majority of the personal information we hold, is provided to us directly by yourself or by parents / legal guardian in either paper form or via our online membership systems, in the case of an adult member, data may also be provided by third party reference agencies, such as the Disclosure and Barring Service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person.
3. How do we process your personal data?
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We process the data to have the ability to contact the member, parents and guardians, to inform them of meetings, events that the County itself may be running or attending.
We use personal data for the following purposes:
4. What is the legal basis for processing your/your child(ren)’s personal data?
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
Personal data is stored in a number of forms including paper and electronic formats such as on computers, spreadsheets, databases including EMS and OSM (Online Scout Manager). Any third party providers for data storage must demonstrate to us that they are aligned with the GDPR principles.
We are committed to the protection of your personal information.
We generally store personal information in one of two secure digital online database systems, where access to that data is restricted and controlled.
Compass: – is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the group.
Printed records and Event data
Paper is still used within the sections and events to capture and retain some data for example the following: -
In the case of Joining forms, Health and contact update forms, this information is securely held by the leader or waiting list manager, and transferred to our secure digital systems as soon as possible before the paper form is destroyed.
Gift Aid collection forms, will be securely held by the Groups Treasurer to aid in the collection of Gift Aid for monthly membership fee’s, we have a legal obligation to retain this information for 7 years after our last claim.
As a member of Birmingham County it is hoped you will take up the opportunity to attend events and camps, where is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp.
We will ensure:
Sometimes we may nominate a member for national award, (such as Queens Scout or Duke of Edinburgh award), such nominations would require we provide contact details to the awarding organisation, this is most often done on paper via registered post.
6. Sharing and transferring personal Information
We will only normally share personal information within our Scout County and District leaders and executive members.
We will however share your personal information with others outside our Scout County where we need meet or enforce a legal obligation, this may include The Scout Association and it insurance subsidiary “Unity”, local authority services and law enforcement, we will only share your personal information to the extent needed for those purposes.
We will never sell your personal information to any third party for the purposes of marketing.
Your personal data will be treated as strictly confidential. We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. We will take steps to anonymise the data we provide (i.e. collective reporting on gender, ethnicity, age, etc.). If identifiable data is to be shared we will seek your consent.
Birmingham County utilises the services of the following third-party data processors: -
Birmingham County does not have any automated decision-making systems.
Birmingham County will not transfer your personal information outside of the UK, with the exception where an Event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
7. How do we protect personal data?
We take appropriate measures to ensure that the information discussed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.
8. How long do we keep your personal data?
We will retain your personal information, throughout the time you/your child(ren) are a member of Birmingham County .
We will retain your full personal information for a period of one year after you have left Birmingham County and in a much more limited form (just name, badge and attendance records) for a period of up to 15 years (or until the age 21) to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21)
9. Your rights and your personal data
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
Please contact the Event leader, or our Data Protection Lead for more information, in the first instance.
Whether or not you exercise your new rights is up to you – the main thing to remember is that they’re there if you need them.
10. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
11. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact our Data Protection Lead by email on firstname.lastname@example.org
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Reviewed: 25th June 2018