Privacy Policy

Introduction

This Data Protection and Privacy Policy outlines how Dane Valley Scout Group (“the Group”) collects, uses, stores, and shares personal data, reflecting the Group’s commitment to transparency and compliance with data protection legislation. This includes both the Data Protection Act 1998 and the EU’s General Data Protection Regulation (GDPR). As a registered charity, Dane Valley Scout Group is entitled to hold data in line with The Scout Association Policies, Rules and Procedures.

This page aims to explain:

• The personal data the Group collects via its website, how it is stored and protected, and the reasons for its collection.

• How the Group uses this personal data.

• Who has access to the data and for how long it is kept.

• Your rights as a Data Subject regarding your personal data.

Who we are

Dane Valley Scout Group is a registered charity with the Charity Commission for England & Wales; charity number xxx. The Group Executive Committee is the Data Controller responsible for ensuring that personal data is entered, maintained, used, and deleted appropriately.

How do we collect data

The majority of personal information held by the Group is provided directly by members or by parents/legal guardians via online membership systems and web forms. For members under 18, information must be obtained from a parent/guardian. The Group gathers individuals’ data through electronic media such as:

• Online membership systems (e.g., Online Scout Manager for youth members and Compass for adults).

• Event registration and consent forms.

• Web forms

• Third-Party services like DBS Online (for adult members and volunteers).

• Payment gateways like PayPal (which may provide name, email, and address depending on user’s privacy settings).

Data we may collect

The Group may collect and hold Personal Data, including Sensitive Personal Data, about members, parents/guardians, and volunteers through its website. This includes, but may not be limited to:

• Personal Details: Name, date of birth, addresses, phone numbers, email addresses, and gender.

• Emergency Contact Information: Details of next of kin.

• Health Information: Details of any health conditions.

• Diversity Data: Race or ethnic background and native languages, and religion.

• Scouting-Related Information: Length and periods of service (and absence from service), details of Scouting events and activities participated in, role(s) in Scouting, membership status, training records, qualifications, occupation, skills, and any awards received.

• Financial Information: Financial/Gift Aid information.

• Background Checks: Details of disclosure checks (e.g., DBS).

What we use the data for

Data is collected to enable the Group to communicate and carry out its obligations as a Scouting body as set out by The Scout Association. The legal basis for using your personal information includes when:

• The Group needs to use the information to comply with its legal obligations.

• The Group needs to use the information to contact you regarding meetings, events, collection of membership fees, etc., for the safe day-to-day running of the group.

• For sensitive personal data, the processing aligns to the lawful basis of legitimate activities of an association.

Specific purposes for data use include:

• Safety and Protection: Collecting personal and medical information for your safety and protection while in the care of the Group, including contact information for incidents or emergencies. This is particularly important as a physical activity provider.

• Respecting Diversity: Collecting sensitive personal data to respect members’ gender, personal beliefs, and ethnicity regarding activities, food, and residential events.

• Communication: Storing contact information to inform members, parents, and carers of meetings and events, and to distribute information from various Scout organisations.

• Awards and Insurance: Storing attendance and badge progress data to enable awards to be gained and in line with Scout Insurance Policies.

• Financial Management: Storing financial/Gift Aid information for proper financial control, year-end accounts, and expense payments in line with statutory reporting rules.

• Publicity and Growth: Using photographs in various publications to show Scouting activities and publicise and grow the movement, with an option to opt-out.

• Volunteer Suitability: To ensure and evidence your suitability if volunteering for a role in Scouting.

How long we retain your data

The Group has a responsibility to collect and keep information pre-, during, and post-membership due to safeguarding and legal responsibilities.

• Membership Duration: Personal information is retained throughout the time a person is a member of Dane Valley Scout Group.

• Event Attendance & Accidents: Information regarding event attendance and accidents is retained for up to 18 years (until age 24) to fulfil legal obligations for insurance and legal claims, as advised by Scout Association insurers.

• Gift Aid Claims: Gift Aid Claim information is kept for the statutory 7 years as required by HMRC.

• Transfers: Award information and contact details of members leaving sections are retained for a minimum of 18 months to manage section transfers appropriately.

• Paper Records: Paper records are securely destroyed (shredded) once they have been used for their intended purpose or in line with legal/statutory obligations.

Sharing and transferring information

The Group will only normally share personal information securely amongst its Scout Leaders and Executive members. Data may also be shared with:

• Other Scout Entities: If you move from the Group to another part of The Scout Association, your personal information will be transferred with your permission. Membership data may also be shared with other local scouting groups/District Scouts/County Scouts for delivering scouting obligations and coordinating events.

• National Awards Bodies: When nominating a member for a national award (e.g., Scout Award, Duke of Edinburgh award, Leader Awards), contact details and training records may be provided to that organisation.

• Legal Obligations: Personal information will be shared with others outside the Group where required to meet or enforce a legal obligation. This may include Cheshire County Scouts, The Scout Association and its insurance subsidiary “Unity”, financial auditors, local authority services, and law enforcement, only to the extent needed for those purposes.

• Insurers: The Group may share data with its insurers and The Scout Association in the event of an incident involving a member.

• Safeguarding Concerns: In the unlikely event of a safeguarding concern, the Group is legally required to securely provide data to the local authority without prior consent.

The Group will never sell your personal information to any third party. On rare occasions where a data processor not affiliated with the Group is deployed, the Data Subject will either be asked for consent in advance (“opt-in”) or notified and given the right to object (“opt-out”).

Third-party data processors

The Group uses the services of the following third-party data processors:

• The Scout Association’s “Compass” membership system: Used to record personal information of leaders, adults, and parents who have undergone DBS checks.

• Online Scout Manager: Used to record personal information, badge records, event, and attendance records. A data processing agreement is in place with Online Scout Manager. (More information is available at https://www.onlinescoutmanager.co.uk/security.php).

• Appointed Accountants: For financial auditing purposes only.

• DBS Online service: For safeguarding screening.

Data storage

The Group stores data in both electronic and paper formats:

• Paper Records: Some data is captured and retained in paper form, including:

  • Initial information gathering forms when joining.

  • DBS and Leader Application forms.

  • Health and contact records update forms.

  • Accident Book (in First Aid kits).

  • Gift Aid Collection forms.

  • Award notifications/nominations.

  • Activities & Events forms (application, health, and organisation forms). Printed copies of contacts and medical information may be used for events where internet/digital access is unavailable (e.g., camps).

• Electronic Storage: Core personal information is stored in two secure digital online database systems:

  • Compass: The Scout Association’s online membership system for adult personal data. Adults with a Compass record can access and update their own record.

  • Online Scout Manager (OSM): A secure membership database used for the day-to-day running of the group. It stores personal information of adults and youth members.

Your data protection rights

Data protection regulations apply to all copies of data, regardless of media (electronic, paper, etc.). Individuals have several rights concerning their personal data:

• The Right to Information: As a data controller, the Group must provide clear, concise, transparent, understandable, and accessible information about how data is collected and processed.

• The Right of Subject Access (SAR): You have the right to request a copy of the personal data held about you. The Group will respond without undue delay and within 30 days of receipt. If the request impinges on data regarding others, the Group may refuse or seek consent from other parties. This right does not apply to the Group’s legal obligations.

• The Right to Rectification: You can update your data if it’s inaccurate or missing. Members (or their parents/carers if under 18) can view and edit personal information directly on Online Scout Manager. All adult members can access and edit their personal information on the Compass system at any time.

• The Right to Erasure: You have the right to request that personal data about you be deleted, though exceptions exist (e.g., for legal reasons).

• The Right to Restrict Processing: If you believe data is not being processed in line with this policy, you have the right to restrict its use until the issue is resolved.

• The Right to Data Portability: If requested, the Group will share your data in a digitally readable format (e.g., PDF) to facilitate sharing with others.

For any data-related queries or feedback, Section Leaders should be your first point of contact.

Complaints

If you are not satisfied with the response to a data-related concern, you should initially raise your complaint with the Group’s Data Protection Officer via info@danevalleyscoutgroup.org.uk. If the Group is unable to resolve your concern or you remain unsatisfied, you have the right to lodge a complaint with the UK’s supervisory authority, The Information Commissioner’s Office (www.ico.org.uk).

Data breaches

If the Group suspects or experiences a data breach of any severity, it has a legal obligation to inform the Information Commissioner’s Office within 72 hours of discovery. The data breach will be reported by the Group’s Data Protection Officer. The Group will also inform all victims of the data breach as soon as possible if there is a high risk of the breach adversely affecting individuals’ rights and freedoms. Any data breaches will be recorded and stored by the Group.