68th Hatfield Scout Group

 
Home_button Beavers Cubs Scouts Downloads Subs Fund raising Contact us Badges Links

 

Data Policy

                   
68th Doncaster (Hatfield) Scout Group (the 68th)

Data Policy (revised in light of GDPR regulations) – May 2018


From 25th May 2018 new legislation is in place regarding management of personal data. The 68th are committed to working within this legislation and the guidance issued from the Scout Association to manage and use the data of all those within the Group correctly.
This relates to the data held for Group purposes, specifically:


• Enrolment forms (paper)
• Activity permissions forms (paper)
• Electronic registers (principally OSM* and locally produced spreadsheets / word documents for specific events).
• Gift Aid forms and related data


* OSM – Online Scout Manager – an online database containing member’s details. Please refer to OSM’s own Security and GDPR policy statements on their web site : www.onlinescoutmanager.co.uk/security.html


This does not explicitly cover the Compass system used to manage Leaders records. Responsibility for managing Compass is deemed to rest with the Scout Association, and management of it locally is deemed to rest with Doncaster Danum District Scouts Council. The Compass system is not used for data for those under the age of 18, it is for Leaders records only.


Increased rights under the legislation and how to exercise them
• Individuals have the right to access their data and request a copy of their personal data via a ‘Data Subject Access Request’.
• Individuals have a right to be forgotten and personal data corrected or deleted.
• Individuals must give consent to an organisation to process personal data. This is given by the parent in the case of those Group members under the age of 13, and by the Group member in conjunction with the parent in the case of those aged between 13 and 18.

Nominated individuals

Information set out under the terms of the legislation:
Every member of the Group is deemed to be a ‘data subject’, irrespective of age.
The data subject is determined to be the member of the Group rather than the parent/guardian of that Group member but since we will be holding some measure of personal data for the parent (name and telephone number) we undertake to hold that data in the same secure manner and use this data only in the same manner as outlined within this document.
The ‘data controller’ for the Group is deemed to be the Group Scout Leader.
The ‘data processor’ for each section is the section leader for that section. Under the legislation, the data processor is responsible for the use, retention and disposal of data


Data Subject Access Requests
Requests to review the personal data held by the Group within the records described within this document must be made to the Data Controller in writing.
These will be dealt with as quickly as possible and within a target of 2 weeks. The Nominated Data Processor will not normally be able to deal with such requests.
Those wishing to exercise their right to have their data corrected should follow the same procedures. It should be noted that the only data held by the Group has been provided by data subjects, or by their parents on their behalf. We do not hold any personal data from any other source.
Those wishing to exercise their right to be forgotten and have their data deleted should contact the Data Controller as above and requests will be dealt with in the same manner.


Data Breaches
All data breaches, or suspected data breaches, must be reported immediately to the Data Controller for investigation.


Under 18’s data
• Under the legislation, only those over the age of 13 are deemed to be data subjects.
• However, we treat the personal data of all young people (under the age of 18) in the same manner within the Group.
• Parental permissions are always sought at the point of joining the Group.
• For those who join the Group before the age of 13, permissions given by the parent is deemed to continue as from their 13th birthday but the data subject (young person) then acquires the same rights as all other data subjects set out above.
• For those who join the Group aged 13 or over, a signature box is now included on the enrolment form for signature giving the Group permission to use your data in the specified manner.


Adult data
The Group does not hold any personal data for adults within the Group electronically, other than the information with regard to the Compass system. The responsibility for managing Compass is deemed to rest with the Scout Association, and management of it locally is deemed to rest with Doncaster Danum District Scouts Council. The same data rights, retention and use policies and security measures apply to this data as for under 18 members of the Group.


What data do we hold?
Personal information provided via the Group enrolment form, completed on first entry to the Group and when moving sections:
• Name
• Address
• Contact information (both standard and emergency)
• Date of birth
• Medical information
• Permissions & signatures
• Photographs
From time to time activity permissions forms will be used with reference to specific events. These will be paper forms designed to capture and manage specific items of data ahead of events. These capture the same information as outlined above. These forms remain in the possession of the event leader during the event and only used in the case of emergency. Following the event, the Data is securely disposed of, as detailed below.

Security of paper forms whilst on camps and at other outside events. We have a legal requirement to keep our data safe and secure. However, in the event of an emergency, it also needs to be easily accessible. As such all camp/activity leaders need to have easy access. In a camp environment this balance can be difficult to achieve. Having a locked box in a tent does not meet this requirement, equally locking the documents in car boot could delay ‘emergency access’ or the car could be stolen! We will make reasonable endeavors to keep the records safe, whilst enabling emergency access, this will be determined by the camp/activity leader.

With regard to events organised by Doncaster Danum Scout District or South Yorkshire Scout County, a standard format paper form is used to gather the same information outlined above. This form is provided by and managed by the District or County. These forms remain in the possession of a group Leader during the event and are only used in the case of emergency. Following the event, the Data is securely disposed of, as detailed below

What do we use this data for?
Standard enrolment information is entered in to the OSM system. This is used as a reference guide for Leaders, and in case of emergency. The paper form will securely disposed of, as detailed below.
This is information is not shared with any 3rd party (with the possible exception of medical staff in the event of an emergency) and is used for reference and in case of emergency only.
Activity forms are taken to the event and used for registration and in case of emergency only.
As a Group we never pass data onto any 3rd parties and have no reason to do so. Data will never be sold.
At Scouting events, evenings and activities, photographs are taken for the sole use of promoting positive Scouting. The images will be shared via each section's Facebook page and the Group’s website. Once shared the images are deleted.


Access to systems
Access to the Group records has been reviewed and is restricted to members of the Leadership team with a need to access personal data, primarily those set out as data processors.
Spreadsheets created by Leaders for section evenings and individual events are managed by those Leaders and access restricted to those Leaders who require this information for the evening or event.
As a volunteer organisation it must be recognised that electronic records are accessed via machines not owned or controlled by the Group and which are the personal property of adults within the Group. All adults within the Group who have been granted access to these electronic records are regularly reminded about the need for system security, the use of strong and secure passwords, and ensuring that access is not possible by anyone else using their machine.


Data retention and disposal policy
Data held will be maintained only for the period during which the young person is an active member of the Scout Group. Once they leave the Group this will be securely disposed of ( exception – see Gift Aid below).
On moving between sections, this data will be transferred between sections records.
On transferring to other Groups this data will be deleted and new records will be need to be created by the receiving Scout Group.
On receiving transfers from other Groups a new record will be created and no electronic data will be received by our systems.
Paper enrolment forms will be kept securely for 6 months following the last active involvement in Scouting. They will then be destroyed in a secure manner.
This also applies to those young people moving between sections where a new enrolment form is created. The form held by the previous section will be destroyed after 6 months.
Activity permissions forms will be retained for 1 month following the event and then destroyed in a secure manner.
Registers for evenings will be retained for a minimum of 24 months and then are deleted.
Images are shared as soon after the event as possible, and then are deleted from the device.
Gift Aid collection forms and data will be securely held by the Group to enable us to claim Gift Aid for membership fees and donations. We have a legal obligation to retain this information for 7 years after the last claim which references the young person and tax payer.


Communications
Communication with parents is on an information basis governed by permissions granted via the enrolment form with no marketing or sales implications. Therefore standard marketing preferences and permissions governed by GDPR regulations in the commercial world do not apply.


Historic records
All current adult members of the Group have been instructed to identify any records containing personal data which they may hold electronically or in paper format and report these to the Group Scout Leader as part of a pre-GDPR audit. These records will then be deleted and destroyed if they fall outside of those systems or constraints outlined above.


Photography Policy
During Section and Group events and activities, members of our leadership team, other members of the Scout Association and members of the public may be taking still and moving pictures. Pictures used by the 68th outside of the event/activity will only be used in accordance with Scout Association guidelines. Pictures taken by our leadership team may be used during and after the event/activity in local or national Scout Association publications, and in local newspapers, on websites or in other social media channels.
For larger District and County events local newspapers and TV stations may also attend to provide external media coverage and members of the press will be accompanied at all times by a member of the event or activity staff/leader team. We will seek your specific permission if we wish to use your/your child’s picture name with any picture in any promotional or advertising material.


Anyone attending any Section, Group, District or County event or activity, or giving permission for their child/ward to attend an event or activity should note that attendance at the event or activity signifies their consent for pictures of themselves/their child to be used in line with the above policy.


If you have specific concerns in this regard, please contact the Section Leader for the activity

                   
 
                   
 
                   
                   
Top Legal Cookies Data Policy Terminology © 2014 Hatfield Scout Group
www.000webhost.com