Our Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
1. Who are we?
Greater London South County Scout Council, known as South London Scouts, is a registered youth charity (Charity No. 303883), responsible for the growth and development of Scouting in the London Boroughs of Royal Greenwich, Lewisham, Southwark, Lambeth and Wandsworth.
Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society. We are incorporated by royal charter and are regulated as a member of the UK The Scout Association, (Registered Charity No. 306101), see www.scouts.org.uk for more information.
In July each year we hold an annual general meeting where the members of our County Executive Committee (our trustees). Further information about our Executive Committee can be found on our web site at www.southlondonscouts.org.uk/governance.
We are based at The South London Scout Centre, (also known as The Fort), Grange Lane, Dulwich, London, SE21 7LH.
Our County Executive Committee is the data controller for the information we collect from you. Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders.
2. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our Scout County (the data controller’s), possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
3. How we gather personal information
The majority of the personal information we hold, is provided to us directly by yourself or by parents / legal guardian in either paper form, using a third-party data processor (i.e. Eventbrite), and in the case of our adult member, via Compass, our online membership systems and third party reference agencies, such as the Disclosure and Barring Service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person.
4. How do we process your personal data?
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We process the data to have the ability to contact the member, parents and guardians, to inform them of meetings, events that the County may be running or attending.
We use personal data for the following purposes: -
we collect personal and medical information for the protection of that person whilst in the care of the Scout County
we collect religious data to respect a person’s beliefs with regards to activities, food and holidays
To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution
To administer membership records
To fundraise and promote the interests of Scouting across the five London Boroughs Covered by the County
To manage our volunteers
To maintain our own accounts and records (including the processing of gift aid applications);
To inform you of news, events, activities and services relating to your membership.
5. What is the legal basis for processing your/your child(ren)’s personal data?
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
- We need to use the information to comply with our legal obligations
- We need to use the information to contact with you, regarding meetings, events, collection of membership fee’s etc, (i.e. for the day to day running of the County)
- it is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services within scouting.
- The processing is necessary for the persons legitimate interests or the legitimate interests of our Scout County unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
6. How we store personal data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We generally store our adult members personal information in one of two secure digital online database systems, where access to that data is restricted and controlled.
Compass: - is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
Dropbox – Occasionally we download reports containing personal data to help us support you in your roll and administer scouting. This data is password protected and is stored in the cloud and is deleted within three months of being downloaded.
7. Printed records and event data
Paper is still used to capture and retain some data for example the following: -
New adults (adult Information Form)
Gift Aid Collection forms
I.D. checking form
In the case of adult information forms and I.D. checking forms, this information is securely held by the County Administrator, and transferred to Compass and Atlantic Data as soon as possible before the paper forms is destroyed.
Collection forms, will be securely held by the County Treasurer to aid in the collection of Gift Aid, where applicable. We have a legal obligation to retain this information for 7 years after our last claim.
As a member of South London Scouts it is hoped you will take up the opportunity to attend events and camps. Where it is necessary to fulfil our legal obligations, we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event/camp.
We will ensure:
- Transfer of paper is secure, such as physical hand to hand transfer or registered post.
- Printouts or paper forms are securely destroyed after use.
- Secure destruction will be through a shredding machine.
- Always keeping the paper records secure, especially when in transit, by using:
- A lockable brief case.
- A lockable filing cabinet if long term stored.
- If transferred to somebody, we will audit that they return them when the event is complete.
Sometimes we may nominate a member for national award, (such as Queens Scout or Duke of Edinburgh award), such nominations would require we provide contact details to the awarding organisation, this is most often done on paper via registered post.
8. Sharing and transferring personal Information
We will only normally share personal information within our Scout County with members of the County team and if necessary executive members.
We will however share your personal information with others outside our Scout County where we need meet or enforce a legal obligation, this may include, your relevant Scout District, Greater London Scout Region, The Scout Association and it insurance subsidiary “Unity”, Atlantic Data Ltd (who process our DBS checks), local authority services and law enforcement, we will only share your personal information to the extent needed for those purposes.
We will never sell your personal information to any third party for the purposes of marketing.
Sometimes we may nominate a member for a national award, (such as Good Service or St Georges Day Award), such nominations would require us to provide information on your service to scouting to The Scout Association and this may include some of your personal and sensitive details.
Your personal data will be treated as strictly confidential. We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. We will take steps to anonymise the data we provide (i.e. collective reporting on gender, ethnicity, age, etc.). If identifiable data is to be shared we will seek your consent.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
When you access our website we will place small amounts of information on the device you are using. These small files cannot be used to identify you personally.
There are two types of cookie on this website: tracking cookies and technical cookies
Tracking cookies allow us to measure how many people access our website, which pages they visit, how they find the site and other related information. We use this information to maintain and improve the website, for example by making changes to reflect users’ preferences.
The tracking cookies we use are provided by Google Analytics, a web analytics service provided by Google, Inc.
Please note looking at the Google Analytics page the following cookies are currently used for the existing website:
Overview, Visits and Unique Visits, Page Views, Visit duration, % new visits, Demographics, System and Mobile.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
The table below explains the cookies we use and why.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
3rd party systems
We use two third part systems in our website these are: -.
Youtube: We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more please visit YouTube’s embedding videos information page..
- Google maps: We use google maps to display the location of our Scout Groups, Explorer Scout Units and District and County owned buildings.
10. Third Party Data Processors
South London Scouts, employs the services of the following third-party data processors: -
The Scout Association via its adult membership system “Compass” which is used to record the personal information of adult members and parents who have undergone a Disclosure and Barring Service (DBS) check (www.scouts.org.uk/privacy-policy).
Dropbox: occasionally used for secure transfer of limited personal information for adult training and County events (www.dropbox.com/privacy).
- Google: use to administer the county’s email system which may occasionally be used for secure transfer of limited personal information for adult training and events (www.cloud.google.com/security/gdpr).
- Eventbrite: used to collect and administer personal and sensitive personal data for our adult training course, events and trips (www.eventbrite.com/security).
- Jot Form: used to collect personal information to administer services to our members, such as our Going for Growth badge scheme (www.jotform.com/privacy).
- The Do-it Trust: we use do-it.org to advertise our volunteering vacancies and collect personal information from members of the public that are interested in volunteering with us (www.do-it.org/about/privacypolicy).
- thescouts.disclosures.co.uk: we use thescouts.disclosures.co.uk to administer Disclosure and Barring Service criminal records checks (https://thescouts.disclosures.co.uk/secure/PrivacyStatement.pdf).
- Facebook: we have a number of facebook groups and pages to help us communicate with our members and the general public (https://www.facebook.com/policy.php).
- Twitter: we use twitter to help publicise scouting across South London (https://twitter.com/en/privacy).
- youtube: we use youtube to share video content about our events and to help publicise the adventure of scouting to the general public (https://www.youtube.com/static?template=privacy_guidelines).
- The Jack Petchey Foundation: We share the personal data of the young people that win Jack Petchey Awards through South London with the Jack Petchey Foundation (http://www.jackpetcheyfoundation.org.uk/privacy-policy).
Third party compliance – We ensure third parties we contract with to store personal data comply with the principles of this policy, have an information security policy in place and ideally hold an information security standard (such as ISO 27001). Or Cyber Essentials/Essentials Plus
11. Automated decision making
South London Scouts does not have any automated decision-making systems in place.
12. Transfers outside the UK
South London Scouts will not transfer your personal information outside of the UK, with the exception where an event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
13. How do we protect personal data?
We take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.
14. How long do we keep your personal data?
We will retain your personal information as follows:
15.. Your rights and your personal data
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
The right to be informed – you have a right to know how your data will be used by our Scout County.
The right to access your personal data – you can ask us to share with you the data they have about you!
The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing. You can view and edit your personal information directly on our online membership systems Online Scout Manager and Compass.
The right to erasure – this means that you have the right to request that we delete any personal data they have about you. There are some exceptions, for example, some information can be held for legal reasons.
The right to restrict processing – if you think there’s something wrong with the data being held about you, or you aren’t sure if we are complying to rules, you can restrict any further use of your data until the problem is resolved.
The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.
The right to object – you can object to the ways your data is being used. This should make it easier to avoid unwanted marketing communications and spam from third parties.
Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input.
Please contact our Data Protection Lead for more information, in the first instance.
Whether or not you exercise your new rights is up to you – the main thing to remember is that they’re there if you need them.
16. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
18. Disclosure of data by order of a Court and Security
We reserve the right to communicate personal information as we hold to third parties who are empowered by regulation, statute or order of a court.
19. Contact Details
If you want to contact us to raise any questions about this privacy statement, or any general matters relating to the way we process and hold data, you can contact us using this email address: email@example.com.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.