- Background
- 4th/6th Stirling – Our GDPR Statement
- The Policy
- Q & A : Description of Workings, Rights and Obligations
Background
On
the 25th May 2018 the General Data Protection Regulations came
into force.
GDPR means that Personal Identity Information held
by us must be actively consented to by the person, the consent must
clearly states what information is held and its purpose, how it is
stored, how it is processed, who it may be passed to, how its
accuracy is maintained, for how long we will retain it and if they
will allow us to use it to contact them.
GDPR also allows ‘Subject Access Requests’ for ALL of a subject’s data held within the Group, and the reporting of any data loss to the Information Commissioners Office.The responsibility for this falls on the Executive Committee of the Scout Group and will normally be administered by a nominated Data Protection Officer (DPO).
4th/6th Stirling Scout Group Privacy Policy Statement
Dear 4th/6th Stirling Scout Group Parent, Leader or Helper,
As you will have probably heard, the new General Data Protection Regulation (GDPR) came into force on 25th May 2018, significantly updating privacy laws, giving you more control over how your data is used and how you are contacted.
You receive emails from 4th/6th Stirling Scout Group by consenting to be included on our database; either by filling out the Group membership form, attended a camp or responding positively to an email asking if you would like to join us.
We send emails to you so you can be updated on section programmes, events and information related to Scouting. We hope that you will want to stay informed with emails from the 4th/6th Stirling Scout Group.
Here is a little information to reassure you:
- We always treat your personal details with utmost care. Your personal details (comprising: name, address, telephone number, email address and, in the case of your child, any relevant medical issues) are for our use only in connection with the smooth running and administration of the scout group. This data is stored securely and never shared with others, other than the two databases below. At any time you can request that your details be deleted from our databases.We will of course explain to you at the time what this means with regard to continuing association with Scouting, and to those you are parent or guardian to.
- We use two databases, both of which are password protected and have access limited to only those who need to refer to them. “Online Scout Manager” (OSM) is used for child, parent/carer, adult leader and helper information which includes: contact information, badge and attendance records, medical issues (where relevant) and subscription records. Access to OSM within our Group is solely governed and administered by the GSL. The second database is the UK Scout Association “Compass” system which is used for uniformed leaders, section assistants and those occasional parent helpers who have passed the PVG checking system. Access to compass is restricted to the key Executive Committee post holders and uniformed leaders; all of whom are PVG’d and GDPR certified.
- The Compass Data base is owned and managed by the Scout Association. OSM is strictly a third party commercial undertaking, but is Scouting only, built as a bespoke system by a UK Scout Group, and now adopted Scouting UK wide.
OSM Security Policy https://onlinescoutmanager.co.uk/security.html
Scout Association Compass Privacy Policy http://scouts.org.uk/privacy-policy
If you have any concerns regarding our storage and use of data or any questions arising from this email please don’t hesitate to contact the Executive Committee Chair, Andy Fair, or the Group Scout Leader (GSL), Jane MacPherson.
Andy Fair 4th/6th Stirling Scout Group Chair & Data Protection Officer (DPO) 5th February 2019
The GDPR Privacy Policy
From
the 25th May 2018 the General Data Protection Regulations came
into force.
GDPR means that Personal Identity Information held
by us must be actively consented to by the person, the consent must
clearly state what information is held and its purpose, how it is
stored, how it is processed, to who it may be passed, how its
accuracy is maintained, for how long we will retain it and if they
will allow us to use it to contact them. GDPR also allows ‘Subject
Access Requests’ (SARs)
for
ALL of
a
subject’s
data held within the group,
and the reporting of any data loss to the Information Commissioners
Office.The responsibility for this falls on the
Scout Group Executive
Committee
and
the person of its Chair. In this regard the Chair is the Data
Protection
Officer (DPO)
We
hold data on 2
different groups;
young
members
(under 18) and adult
members.
Information
held and its purpose will be listed on consent forms for each of the
groups.
All information will be held in one of the following
methods:
- Youth records – primarily in OSM, but for e.g. Camps and external Events, paper records may be used, then securely destroyed within 3 months of the event. Home computer records should be double password protected, or in encrypted files
- Adult records – primarily in COMPASS.Again, paper based records created must be securely destroyed by 3 months afterwards. Any home computer records should be double password protected, or in encrypted files.
The consent form for each group shall list who may access and process this information. It will also list who we may pass the data on to, how the accuracy of the records may be maintained, how long they will be retained and if we can use the details to contact them.
SARs must be responded to within 30 days and be recorded by the DPO. The DPO will direct the GSL to collate the record from the Databases. Following delivery, the DPO will then confirm completion; or any correction / deletion required of the record to the Exec. Required changes to the record will be carried out by the GSL.
Any records loss or suspected data breach must be reported to the Data Protection Officer immediately as the loss must be investigated and reported to the Information Commissioners Officer (ICO)
note: OSM Security Policy https://onlinescoutmanager.co.uk/security.html
Scout Association Compass Privacy Policy http://scouts.org.uk/privacy-policy
4th/6th Stirling Scout Group website https://4th6thstirling.scoutsites.org.uk
Information Commissioners website (ICO) https://ico.org.uk
Q & A : Description of Workings, Rights and Obligations
What is this Privacy Policy?
This Privacy Policy sets out what we do with Personal Data in connection with 4th/6th Stirling Scout Group and what you can expect from us as part of our obligations when processing this Personal Data.
What data are we gathering?
We may hold Personal Data (including Sensitive Personal Data) about members, parents/guardians and volunteers. We believe it is important to be open and transparent about how we will use your Personal Data. Information we may hold includes the following:
- name and contact details;
- age/date of birth;
- details of any health conditions;
- awards and attendance information in connection with the Group.
Why do we collect this information?
We use this information to communicate with you and to carry out our obligations as Leaders. We have a responsibility to keep information about you during your membership, and afterwards (due to our safeguarding responsibilities, and if you leave or re-join). In addition, we collect data for registration to events, including nights away. Some of this will be sensitive Personal Data, which we require, to allow us to provide appropriate care for members whilst under our supervision. e.g.
- To manage our volunteers
- To manage our membership records – Census and Capitation
- To update you on events and meetings
- To Fund Raise for the Scout Group
- To process Gift Aid applications
- To arrange and provide appropriate, safe activities
How do we gather data?
We gather data through a variety of methods, these include:
- Information you provide by email
- Admissions forms
- Event registration forms.
When will we delete this data?
We may keep information for different periods of time for different purposes as required by law or best practice. As far as membership information is concerned, to make sure of continuity (for example leavers and then re-joiners) and to carry out our legal responsibilities relating to safeguarding young people, we keep membership information throughout the membership, and no longer than 1 year thereafter.
Paper and electronically gathered data are used to update records held on OSM and Compass, and for specific Camps and Events. Paper records produced by our Leaders to manage and deliver these may be held for no longer than 3 months after the event, then destroyed securely.
Who has access to this data and who do we share it with?
Only those members who need membership information to carry out their role have access to that information. Access is governed by the GSL. We share data within The Scout Association. Other than OSM, we do not share data with any other third parties.
Where will the data be stored?
This data is securely stored and accessible only by those entitled to do so. We take data security seriously.
What are your rights to your Personal Data ?
As a Data Subject you have rights over your own data that you can exercise at any time. [SAR – Subject Access Request] These are:
- Data is accurate – we must ensure your data is accurate and amend if not
- Data is erasable – we must erase data if not needed or if requested by you { Impact on continuing Membership ! }
- Data is available – we must be able to provide a copy of the data we hold on you if you request it; and within 30 days. [SAR]
- Data processing is limited – we must cease any processing activity if you object to it, or it is not necessary
- Consent withdrawal – we must allow you to withdraw your consent at any time { Impact on continuing Membership ! }
- Data is portable – if you or the child transfers to another Group you have the right to expect that the Scout data would follow
- Right to Complain – you have the right to complain if you think this policy has not been followed by us. You should address your complaint to our Exec. Committee Chair in the first instance. We must answer within 30 days of receipt of the complaint.
In the event that you wish to exercise these rights, or for any further queries on this, then contact Andy Fair; 4th/6th Stirling Scout Group Chair