Privacy

Scouting and Girlguiding take the issue of privacy very seriously and we are committed to protecting and respecting our users’ privacy.  If you have any queries or concerns regarding these practices, you should contact us.

Data Privacy Notice

This Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes.  We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).

Who are we?

The 17th Holborn (Great Ormond Street Hospital) Scout & Guide Group (the Group) is a youth charity.  Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society.  We are incorporated by Royal Charter and are regulated as a member of The Scout Association (see www.scouts.org.uk for more information.)  As part of The Scout Association and of Girlguiding UK we are not required to be individually registered with the Charity Commission.

Every year we hold an Annual General Meeting where members of the Executive Committee (our trustees) are elected.  Any parent of a youth member can decide to be in the Executive at the AGM and every parent has the right to attend the Annual General Meeting.

We are based at Great Ormond Street Hospital, London WC1N 3JH.

Our Group Executive Committee is the data controller for the information that we collect from you.  Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our Group’s (the data controller’s) possession or likely to come into such possession.  The processing of personal data is governed by the General Data Protection Regulation (the GDPR).

How we gather personal data

The majority of the personal information that we hold is provided to us directly by you or by parents/legal guardians in either paper form or via our online systems.  In the case of an adult member, data may also be provided by third party reference agencies, such as the Disclosure and Barring Service (DBS).

Where a member is under the age of 18, this information will only be obtained from a parent/guardian and cannot be provided by the young person.

How do we process your personal data?

We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We process the data so that we have the ability to contact the member, parents and guardians, to inform them of meetings and events that the Group itself may be running or attending.

We use personal data for the following purposes:

  • we collect personal and medical information for the protection of that person whilst in the care of the Group
  • we collect religious data to respect a person’s beliefs with regards to activities, food and holidays
  • to enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution
  • to administer membership records
  • to fundraise and promote the interests of the Group
  • to manage our volunteers
  • to maintain our own accounts and records (including the processing of Gift Aid applications)
  • to inform you of news, events, activities and services running at the Group.

What is the legal basis for processing your/your child(ren)’s personal data?

We only use your personal information where that is permitted by the laws that protect your privacy rights.  We only use personal information where:

  • we need to use the information to comply with our legal obligations
  • we need to use the information to contact you, regarding meetings, events, collection of membership fees etc (i.e. for the day to day running of the Group)
  • it is fair to use the personal information in your interests, where there is no disadvantage to you. This can include where it is in our interests to contact you about products or services within Scouting and Girlguiding.
  • the processing is necessary for the person’s legitimate interests or the legitimate interests of the Group unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

How we store personal data

We are committed to the protection of your personal information.

We generally store personal information in one or more of two secure digital online database systems, plus our own records held in Google Drive, where access to that data is restricted and controlled.

  • Compass is the online membership system of The Scout Association.  This system is used for the collection and storage of adult personal data.
  • Go! is the online membership system of Girlguiding UK.  This system is used for the collection and storage of adult personal data.

However, paper is still used within the sections to capture and retain some data, for example the following:

  • Consent to leave the ward forms
  • Events and trips consent from parents and medical staff
  • Events and trips coordination with event organisers
  • Award notifications/nominations

In the case of Consent to leave the ward forms this information is securely held by the leaders and transferred to our secure digital systems as soon as possible before the paper form is destroyed.

Forms relating to events and trips are destroyed as soon as possible after returning from the event or trip.

Gift Aid collection forms will be securely held by the Group’s Treasurer to aid in the collection of Gift Aid for monthly membership fees.  We have a legal obligation to retain this information for 7 years after our last claim.

Events

As a member of the Group we hope that you will take up the opportunity to attend events and trips.  Where it is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information (including specific event contact forms), rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available.  We will minimise the use of paper to only what is required for the event/trip.

We will ensure that:

  • the transfer of paper is secure, such as physical hand to hand transfer or Signed For postal delivery
  • paper forms are securely destroyed after use
  • secure destruction will be through a shredding machine or secure burning
  • we always keep the paper records secure, especially when in transit, by using:
    • a lockable briefcase for short term storage
    • a lockable filing cabinet for long term storage
  • if paper is transferred, we will audit that the records are returned when the event is complete.

Awards

Sometimes we may nominate a member for a national award such as the Queen’s Scout or Guide Awards or an award external to Scouting and Girlguiding such as a Jack Petchey Foundation Achievement Award or the Duke of Edinburgh’s award.  Such nominations would require that we provide contact details to the awarding organisation.  This is most often done on paper via Signed For postal delivery.

Sharing and transferring personal information

We will only normally share personal information within our Group leadership team and Executive Committee members.

We will however share your personal information with others outside our Group where we need to meet or enforce a legal obligation.  This may include North London Scout District; Greater London North Scout County; The Scout Association and its insurance subsidiary Unity (Scout Insurance Services); St Pancras Division Girlguiding; London North West County Girlguiding; London and South East England Region Girlguiding; Girlguiding UK; local authority services and law enforcement.  We will only share your personal information to the extent needed for those purposes.

If you move from the Group to another Scout Group, Explorer Scout Unit, or Unit of Girlguiding UK we will transfer your personal information to them.

We will never sell your personal information to any third party for the purposes of marketing.

Sometimes we may nominate a member for a national award such as the Queen’s Scout or Guide Awards or an award external to Scouting and Girlguiding such as a Jack Petchey Foundation Achievement Award or the Duke of Edinburgh’s award. Such nominations would require we that provide contact details to that organisation.

Your personal data will be treated as strictly confidential.  We will only share your data with third parties outside the organisation where there is a legitimate reason to do so.  We will take steps to anonymise the data that we provide (i.e. gender, ethnicity, age, religion etc will be reported collectively not individually).  If identifiable data is to be shared we will first seek your consent.

Third Party Data Processors

The Group employs the services of the following third-party data processors:

  • The Scout Association via its adult membership system Compass, which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service (DBS) check.
  • Girlguiding UK via its via its membership system Go!, which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service (DBS) check.
  • Google Drive is used for the secure local storage of adult membership records.

Automated decision making

The Group does not use any automated decision-making systems.

Transfers outside the UK

The Group will not transfer your personal information outside the UK, with the exception of an event that is taking place outside the UK and it is necessary to provide personal information to comply with our legal obligations.  Generally such an event will have its own data collection form which will be securely held and disposed of after the event.

How do we protect personal data?

We take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.

How long do we keep your personal data?

We will retain your personal information throughout the time that you/your child(ren) are a member of the Group.

We will retain your full personal information for a period of one year after you have left the Group and in a much more limited form (name, badge and attendance records) for a period of up to 15 years (or until the age of 21) to fulfil our legal obligations for insurance and legal claims.

We will keep any Gift Aid claim information for the statutory 7 years as required by HMRC (which may be beyond the age of 21).

Your rights and your personal data

You have the right to object to how we process your personal information.  You also have the right to access, correct, sometimes delete and restrict the personal information we use.  In addition, you have a right to complain to us and to the data protection regulator.

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to be informed – you have a right to know how your data will be used by our Scout Group.
  • The right to access your personal data – you can ask us to share with you the data that we have about you.
  • The right to rectification – you can update your data if it is inaccurate or if something is missing. You can view and edit your personal information directly on our online membership systems Compass and Go!
  • The right to erasure – you have the right to request that we delete any personal data that we have about you. There are some exceptions, for example some information can be held for legal reasons.
  • The right to restrict processing – if you think that there’s something wrong with the data being held about you, or you aren’t sure if we are complying with the rules, you can restrict any further use of your data until the problem is resolved.
  • The right to data portability – if you ask us we will have to share your data with you in a way that can be read digitally. This makes it easier for you to share information with others.
  • The right to object – you can object to the ways that your data is being used. This should make it easier to avoid unwanted marketing communications and ‘spam’ from third parties.
  • Rights in relation to automated decision making and profiling – this protects you in cases where decisions are being made about you based entirely on automated processes rather than a human input.

In the first instance please contact your child(ren)’s leader, our Group Scout or Guide Leader or our Data Protection Lead for more information.

Whether or not you exercise your new rights is up to you.  The main thing to remember is that they’re there if you need them.

Further processing

If we wish to use your personal data for a new purpose not covered by this Data Protection Notice, we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

Contact details

To exercise all relevant rights, queries of complaints please in the first instance contact our Data Protection Lead at 17th Holborn (Great Ormond Street Hospital) Scout & Guide Group, Great Ormond Street Hospital, Great Ormond Street, London WC1N 3JH or email or 

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

 

Reviewed: 24th May 2018