1. Why we collect personal data
We need a minimum of personal data from both our volunteer leaders and supporters, and from the parents or guardians of our young members.
• For volunteers: it allows us to ensure that the volunteer is a suitable candidate to supervise the young members in our care. It then allows us to maintain contact with the volunteer in order to manage our activities.
• For young members’ parents or guardians: it allows us to communicate with the parents or guardians about the day to day activities, meetings and notices. It enables us to collect subscriptions. It allows us to react to emergencies involving a young member in the most appropriate fashion for that young member and communicate with the parent or guardian in real time if required.
• We also collect data on ethnicity and religion for statistical purposes only, allowing the Scout Association to monitor its targets for inclusion and diversity.
2. What we collect
Volunteer leaders and supporters, members of executive committees and scout sub-committees
For all adult volunteers the data collected will include:
• Name, address, contact details and sex
• Occupation, ethnicity, and religious affiliation.
In the case of uniformed members (leaders, assistant leaders, sectional assistants) this will additionally require
• Character references
• Proof of identity
In the case of uniformed members and officers of the executive committee we will require the data needed for the volunteer to undergo a Scouting enhanced DBS check.
Parents or guardians of young members
For the parents or guardians of young members we will collect the following data:
• Name, address and contact details of the parent or guardian
• For each young member
• Name, date of birth, sex
• Details of any medical conditions or allergies
• School attended
• Any special educational needs
• Ethnicity and religious affiliation
Additional data that may be required for an ad hoc event
For events outside the District, we may require additional information. This MIGHT include such items as
• Emergency contact name and number
• The young member’s mobile phone number (for a scout or explorer who may be required to perform a task without direct supervision of an adult)
• Other data required by the event organiser
3. Sharing data
We minimise the sharing of data outside the Group. Except as listed below, we will not share the data with 3rd parties outside the Group, unless legally required to do so.
Volunteers and supporters
We will share the data with the Chiltern Vale Scout District and the Scout Association as part of the membership management and safeguarding process.
Parent, guardian and young member data
Except in an emergency, for a safeguarding incident, an external event (see below) or Gift Aid (see below), we will not share this data outside the Scouts.
We participate in externally organised events in order to give our young members the widest possible experience.
The organisers of such external events will require personal data and maybe sensitive personal data (usually a health form) from participants. For Scout organised events, we will share the data we have. For external (non-Scout Association) bodies, we will forward the data request to participants and submit on their behalf.
Gift Aid is a valuable source of income to the Group and consequently, where authorised by a Gift Aid Declaration, we will share the required personal data together with the value of the donation(s) with HMRC to reclaim the tax paid.
4. Unsolicited email
The Scout Group’s primary mode of contact is by email. This will include logistical emails for organisation of meetings, of events and opportunities that may occur, plus scouting information and updates. Any person may elect not to opt-in to such communication, but the ongoing participation in scouting will be EXTREMELY CHALLENGING for those who do not opt-in.
5. Retention of the data
Personal data about volunteers, parents, guardians and young members
Any data that might be collected on manual forms will be transferred to the appropriate computer system.
For volunteers, such data will be transferred to Compass, the Scout Association’s member database. This system is fully GDPR compliant.
For parent, guardian and young member data, such data will be transferred to Online Scout Manager (OSM). This system is fully GDPR compliant.
The paper forms will be kept in a secure location pending transfer to the appropriate on-line system. The forms will be destroyed as soon as the data is transferred to on-line storage .
Subscription data is kept by the Section leaders and the Group Treasurer locally. This is kept on a secure password protected PC, with the intent to move such storage to a secure GDPR compliant cloud storage solution.
Subscription data will be deleted after the legal period defined by HMRC for the retention of gift aid records has expired.
Data for events
Paper records will be necessary for events, for example, camps. These may include details such as allergies and medical conditions, and emergency contact details. These will be kept securely during the event by the leadership team and destroyed after the event.
If the volunteer or young member should move onto another scout organisation, then the data will be transferred to the receiving entity and will be destroyed upon transfer.
If the young member should leave scouting, then the records will be destroyed except to the extent required by law (for example, the parent’s or guardian’s Gift Aid records have to be kept for a legally required period).
If a volunteer leaves scouting, the data will be archived so that it is no longer available on line. This data will only be accessible by a few authorised members of The Scout Association staff. Note that at the time of writing The Scout Association is in the process of consulting with a number of agencies with regard to the relevant guidelines in order to finalise its data retention policy.
For more details on the policies on Compass, see “Data Protection and Compass” on scouts.org.uk.
6. Request for data deletion
The volunteer, parent or guardian may request that some or all of their data be deleted. This will be performed to the extent legally permitted and to the extent that allows the Group to continue legitimate normal operations.