Privacy statement

Last updated: April 24, 2018

Andover District Scouts Data Protection and Privacy Policy Version 1

Copyright Paul O’Beirne Hampshire Scouts 2018 County.secretary@scouts-hants.org.uk

Who is this for and what does it apply to?

The current Data Protection (DP) regulations were updated in May 2018 to be consistent with European legislation known as the General Data Protection Regulation (GDPR). Data Protection regulation applies to all organisations that hold any information that identifies living people.

DP rules do not apply to organisations holding only organisation data, with no names attached and the rules do not apply to individuals holding address books or, for example, Christmas Card lists on computer.

In Scouts, DP applies to the lists of young people, adults and any other people recorded in a structured way for their future contact. It applies to the use of the Compass membership system from recruitment onwards and Online Scout Manager (OSM). It applies to information gathered from the website, to activity information forms and fundraising list information. It does not apply to incidental naming of people in, for example, minutes of meetings or action lists.

Commitment

Andover District Scouts is committed to fully complying with the DP rules. This means that every person (leaders, administrators, honorary officers and executive members) involved in Scout Group/ District will observe this policy.

Formal Contact

Andover District Scouts is the Data Controller. The contact address is The District Chair by email vernonneedham@hotmail.com

Andover District Scouts processes personal data using paper and electronic systems. It works with partner data processors including The Scout Association, OSM, and Dropbox. Andover District Scouts has determined that the partner organisation data processing on its behalf is compliant with GDPR as far as it can assess.

The Legal Basis of our Data Processing

Andover District Scouts is an unincorporated educational children’s organisation. The young people it serves are members. Adults in leader, trustee and supporter roles are either members, associate members or non-members. Andover District Scouts also processes data of helpers and benefactors.

To achieve the purposes of the charity we process data for our legitimate interests This includes processing for the purposes of

  • Administration of the Scouting Programme and Activities
  • Governance
  • Safety and safeguarding
  • Fundraising and Public /Community Relations

This includes processing by holding paper and electronic records, processing with the facilities or our data processing partners and sending communications by paper and electronic means.

We process data for legal reasons

This includes for the purposes of

  • maintaining safety and safeguarding records in compliance with the Scout Association’s Policy Organisation and Rules (POR)
  • maintaining accounting records as required by HMRC and charity regulation

We process data by reason of data subjects’ consent

This includes for the purposes of

  • Providing information to about the Scouting programme
  • Providing communications necessary relevant to governance, administration and fundraising
  • Statistical reporting about inclusion relating ethnicity and disability

Special Categories of Personal Data

Data will be processed about members’ and adult helpers’ Ethnicity, Health, Disability and Religious Belief to enable inclusion. Information about criminal records will be processed to inform recruitment decisions but will not be kept. (disclosure of all criminal convictions and cautions and the provision of an enhanced certificate from the Disclosure and Barring Service is required for all adults in relevant roles, this being incompliance with the relevant legislation about filtering and rehabilitation of offenders)

The personal data of members and adult helpers we process will include full name and contact details, date of birth and age, records of service and training. Records of service will include roles and activities undertaken and role reviews. Relevant records will be kept for the management of Safety, Safeguarding and Personnel.

Website information will be kept for the effective management of the website and statistical purposes.

Financial information about bank accounts, payment of membership and activity fees, donations the processing of gift aid and the maintenance of records as required by regulations.

Sharing of your Personal Data

Subject to DP regulations Andover District Scouts will share your data as relevant with The Scout Association, the local Scout District and Scout County and groups to enable to provision of Scout programme and activities, training opportunities, administration and promotion.

It would be shared to comply with legal requirements when necessary or others when we have your consent.

It would be shared with medical services to protect your vital interests

It would be shared when relevant to the good administration of the charity and security of our processes.

It will be processed by partner data processors including cloud-based services for the good administration of the Group/ District and achievement of its charitable purposes.

Personal data may be transferred outside the UK ad European Economic Area (EEA) through the use of cloud computing systems. The use of these systems will considered for their data security compliance before use; their use will be approved by the executive before use.

Safeguarding Partnership

Andover District is a member of The Scout Association and complies with its Policy Organisation and Rules. POR includes the safeguarding processes involving recruitment and safeguarding investigations. Personal information will be passed to the Scout Association for their processes in safer recruitment and safeguarding. Information will be passed to the Police when there is a relevant concern.

Subject Access

Any person who is the subject of personal data held by the group/ district may make a subject access request by contacting: The request will be processed in accordance with current regulation.

Not registered with ICO

As a charity, the Scout Group/ District, handling personal data only for the purposes of maintenance of its membership and donors is not required to notify the Information Commissioners Office (ICO) or to pay the Data Protection fee.

Your Rights under Data Protection Regulation

Your rights are as follows

To be informed about how we process your personal data: this Data Protection and Privacy Policy seeks to provide that information

To have your personal data corrected: Andover District Scouts requests all members to notify any changes to their Scout Group who will update information without delay.

To object to processing: Andover District Scouts will comply with your request as far as possible, some records are maintained for the formal administration of the charity, for safety and for safeguarding purposes when retention of records will be required.

To restrict processing: Andover District Scouts will comply with your request as far as possible.

To have your personal data erased: Andover District Scouts will comply with your request as far as possible.

To request access: Andover District Scouts will comply with current regulations

To move, copy or transfer your personal data: Andover District Scouts will comply with your request as far as possible acknowledging that adult member records are included in Compass. The transfer of young persons data in OSM may be possible.

Questions about Data Protection or the use of Personal Data

Any questions or comments about data protection or this policy, notwithstanding your rights above, should be addressed to the District Chair at …..

Administrative Procedures in the Andover District

All leaders, administrators and executive (personnel) with access to personal data will be trained in Data Protection. This will include reading this policy, it may include attending relevant other training. Everyone with access to personal data must commit to comply fully with the policy and to raise any concerns with their line manager or the data protection lead.

All personnel will only use the personal data of Andover District Scouts for the achievement of the charitable purposes and not for any other reason. Personal data will only be accessed and processed as relevant to their role in Andover District.

The personal data must not be shared outside Andover District Scouts except in accordance with the specific conditions of this policy.

Personnel may process data on their home PC providing it is secure from possible unauthorised access. PCs must be protected by firewall and internet security.

Data will only be placed on portable devices if the device allows passwording and encryption.

When a PC is disposed of then the data on the hard drive must be properly fully erased – not just deleted.

Data must be backed up sufficiently.

Paper based files must be kept secure at home. Files must only be transported when essential and when the data security risk has been considered and management steps put in place.

Adult Members Personal records

The personal membership profile of each member is kept on Compass. It is the responsibility of each member to ensure that they keep their own record up to date. If anyone has difficulty in accessing their membership record, then they should ask their line manager for assistance. The Scout Association Information Centre (0345 300 1818) may also be able to help.

Directory

The compilation of any directory must have the approval of the executive. Directories must only contain the information that is specifically consented to include. The request for consent must include information about access to or distribution of the directory. The directory must be kept- up to date by a named person.

Programme, Activity and Training Registration

Personnel will use appropriate and secure methods to gather information for registration. Only information that is necessary for the purpose will be requested.

Information may be gathered by paper or online forms. A data protection statement will be included in the form stating the whole use of the data and specifically identifying any sharing or not.

Activity registration data will often form part of relevant training and safeguarding information and so will be kept for the relevant time scale.

Retention of records

Records will be retained for the good administration of Andover District.

  • For governance matters – indefinitely
  • Attendance records for safeguarding purposes – indefinitely
  • Membership, involvement and training records will be kept on Compass and not in other forms of record, therefore kept in compliance with the persons membership and Scout Association policy.
  • Notes and records from Safeguarding investigations will be sent to the Scout Association for retention and not kept locally
  • For accounting purposes for 6 years after the relevant year

Consent for children

Consent for children (under 18’s) to participate in activities and to receive communications will require parental / guardian consent.

Consent to mailings – unsubscribe

Mailings will be sent for notification of events, administration and governance. Anyone who wishes not to receive such mailings, providing it is not a duty, will be unsubscribed. All mailings will have an Unsubscribe facility.

Communication of this Policy

This policy is placed on the website and is available from Andover District.