1st COPMANTHORPE SCOUTING GDPR COMPLIANCE POLICY
To operate effectively we need to hold data about members of our Scout Group. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR). This policy notice describes the categories of personal data we process and for what purposes. We primarily hold personal data within OSM, which is used extensively by Scout Groups in the UK and adopts high standards of security. Access is restricted to people with a legitimate reason. Parents of our members have access to personal data about them and their young people in OSM, and should keep it accurate and uptodate.
1st Copmanthorpe Scouting Group do not store personal information in paper format, as this is a non-secure form of processing information.
When the Group are undertaking activities or events, a paper register may be produced, for leaders to note attendance. This register will contain details of the child’s name, any relevant health conditions, and a telephone contact number for the child’s parents. This paper document will be destroyed once the activity is complete. The paper register will be in the possession of the activity leader, for ease of access. We believe the importance of being able to access the information easily in the case of emergency outweighs the risk of the accidental loss of the paper register.
Online Scout Manager (OSM)
1st Copmanthorpe Scouting Group use OSM, a recognised third party service provider who has confirmed that their security systems are GDPR complaint.
The personal information held on OSM about you and your child is:
- Your child’s name
2. Your child’s date of birth
3. Home address
4. Contact telephone numbers
5. Contact email addresses
6. Data on achievements and key dates in the child’s journey through Scouting
We also have the ability to store information in OSM about ongoing health conditions that might help us support the young person’s Scouting experience, if that condition is relevant to weekly activities, rather than one-off events.
Only authorised leaders and adult volunteers helping out with Section activities have access to the data.
Updating the information held in OSM is the responsibility of the parent/carer. Leaders do not have authority to update personal information relating to the children and young people.
We believe this information is the minimum information necessary for us to hold and process for the safe and efficient running of our Scout Group. This information will be stored on our database for the entire time that your child is a member of our Scout Group, and for one year after they have left the Group, in case of administrative queries.
All event administration is carried out through OSM. Whilst the event is active, leaders will have access to the information associated with the children attending that event. This is necessary for the safe organisation and administration of the event.
Once the event has finished, personal data may remain active on OSM for a maximum of two months, after which time it will be archived. This means that, if necessary, the leaders will be able to go back into the event to obtain a list of attendees but will not be able to access any health information or telephone contact numbers. The information regarding attendance at an event is relevant to confirm achievements and skills.
Occasionally, we ask a third party to run an event on our behalf, for example at Askham Bryan College, or Energi trampoline park. On those occasions, the third party organiser may require a list of attendees, or separate waivers to be signed. We will always make a note in the event information on OSM where we may be passing on your child’s name and date of birth to a third party organiser, and we will only pass on information necessary to the safe running of the event.
It is the parent/carer’s responsibility to ensure that any relevant health information is completed through OSM activity sign-up screen before each event.
It is a feature of running a modern Scouting group that lots of photographs and video clips are taken of our Group during sessions and events, to show parents and carers what we are doing. We know from feedback that parents and carers find these photographs interesting and reassuring.
We take photographs of our Group for our historical records. These photographs will be stored indefinitely on some type of Cloud based storage system, and may be used in the future as part of publications relating to the Group, including in local press or as part of a display. No names will be associated with the images.
We also publish photographs on our Facebook page, which is a closed group and cannot be accessed by anyone who is not a member of the Group and approved for joining by one of the Admins. However, as we have all seen in the media, Facebook is not a secure medium and we cannot control how Facebook use and process any images posted on their forum.
As we often attend events with other Groups, we also cannot control whether your child is in the background of any photographs taken by other parents or Leaders, and subsequently posted on their Facebook sites.
We understand that some people do not want photographs of their child on Facebook. If that is the case, then you can refuse consent for your child to be photographed, and this will not affect their membership of the Group. However, for the reasons given above, we cannot ensure that they will not appear in the background of either our photos or other people’s photos which may then get posted on the internet, although we will use our best efforts to ensure that this does not happen.
Our Facebook group is a recent addition, and is a useful method of communication. We have made the Group closed, so information on the site cannot be accessed by anyone unless they are approved to join by the Admins. The Admins have to approve all posts appearing on the Facebook group. However, we have no control over information posted in the replies to posts. We ask that all users of our Facebook group consider carefully what they post, and in particular do not include personal information.
We have considered in detail whether we should continue with our Facebook group, as it is not a secure medium of holding information. However, we think that the benefits of having the Facebook group significantly outweigh the risks of a third party accessing and misusing information.
Therefore we use our Facebook group with the following health warnings:
- When joining Facebook, Facebook will have access to any personal information you choose to enter on the site. We cannot control how Facebook use that information
2. The responsibility for checking posts are accurate and do not reveal personal information about a third party without their consent eg posting someone’s email address or telephone number, lies with the individual poster.
3. Admins will have the ability to remove any posts they deem to be in breach of our Group’s policy, either because the original post is in breach, or because of an issue with one of the subsequent replies.
4. Please do not post any information on Facebook that you would not be happy sharing publically.
By consenting to these privacy notices, you are giving us permission to process your and your child’s personal data specifically for the purposes identified. Personal data consists of information relating to a person’s name, address, date of birth and relevant medical conditions. Sensitive personal data is information relating to a person’s health, religion or ethnicity. Consent is required for 1st Copmanthorpe Scout Group to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data (health, religion, ethnicity), we will always tell you why and how the information will be used. 1st Copmanthorpe Scout Group will not pass your personal data on to third parties. Data on gender, religion and ethnicity may be used at an aggregated level for the annual national Scouting census and is not traceable to specific individuals.