What is this document about?
To support our work with young people, we need to collect and retain certain data about those young people, as well their parents, and our leaders, helpers and friends. The “General Data Protection Regulation” (GDPR) dictates how we must treat this data, and one of the things it requires is that we publish a Privacy Notice, that describes to you (the “data subject” – the person whose data we hold) what data we hold, and what we do with it.
This document is that Privacy Notice.
The “Data Controller” is the person or organisation responsible for managing the data. For the purposes of this Privacy Notice, the Data Controller is the “2st Withington Scout Group”. We can be contacted through our web page at withingtonscouts.org.uk, where there is a “Contact” button, or by email at email@example.com.
Why do we collect data?
The information we collect is used to ensure that we provide the best service to our members, by ensuring that our leaders have all the information they need to deliver that service.
If you are a member of the Scout Group, or a parent or guardian, then we collect and use your personal data in our legitimate interests (specifically, it helps us to provide Scouting to you, in a safe and appropriate manner), and therefore, according to the GDPR, we do not require your explicit consent.
If you are a leader, helper, or friend, we also need to keep some data about you, so that we can contact you when necessary.
What data do we hold?
We keep data about our members, leaders, and friends, and their immediate family members. The data includes some or all of the following: names, date of birth, nationality, ethnicity, religion, disabilities, health and dietary issues, address, contact details, National Health number, relationships with other people (including family and health professionals), and history within the Scout Group.
The only financial data we hold is to record subscription payments, and whether each individual is eligible for Gift Aid.
Where do we get the data from?
In most cases, the information we hold about a data subject is provided by the subject themselves, or by their immediate family. In some cases, information may become apparent in other ways (for example, where a family is divided by divorce, information about one side of the divide may become apparent as a result of information provided by the other side).
We also retain data about the history of members within the Group, such as dates of transition between Sections, participation in events, and attainment of awards. This data is generated within the Group.
Who has access to the data?
The data is generally accessible to the leaders of the Scout Group, and to no one else. We may share this information with the wider Scout Association, but we do not share this information with other organisations (unless legally required to do so, or unless you ask us to).
Most of the information is held on a computer system, to ensure that it is readily accessible to everyone that may need it, and that it can easily be kept up to date and accurate. The data is protected by a system of permissions and passwords, to ensure that the data is not accessible to people who should not have access.
How can a subject know what data is held?
You may see a copy of the data we hold about you, by request to the Data Protection Officer (firstname.lastname@example.org ), and you may ask that we correct any inaccuracies. Indeed, we positively welcome being told we have something wrong!
How long do we keep the data?
Some key data, we will keep indefinitely. There may come a time, for example, when you wish to complain about your treatment in the Group, and we will need records to be able to support or refute your complaint. However, data that is considered “sensitive” (including medical, ethnicity, religion data) will be erased shortly after you leave the Group.
Need to know more?
If you require any further information, please contact the Data Protection Officer at email@example.com