Pegasus Explorer Scout Unit (the Unit)

Data Policy (revised in light of GDPR regulations) – May 2018

From 25th May 2018 new legislation is in place regarding management of personal data. The Unit are committed to working within this legislation and the guidance issued from the Scout Association to manage and use the data of all those within the Unit correctly.
This relates to the data held for Unit purposes, specifically:

• Enrolment forms (paper)
• Activity permissions forms (paper)
• Electronic registers (principally OSM* and locally produced spreadsheets / word documents for specific events).
• Gift Aid forms and related data

* OSM – Online Scout Manager – an online database containing member’s details. Please refer to OSM’s own Security and GDPR policy statements on their web site :

This does not explicitly cover the Compass system used to manage Leaders records. Responsibility for managing Compass is deemed to rest with the Scout Association, and management of it locally is deemed to rest with Doncaster Danum District Scouts Council. The Compass system is not used for data for those under the age of 18, it is for Leaders records only.

Increased rights under the legislation and how to exercise them
• Individuals have the right to access their data and request a copy of their personal data via a ‘Data Subject Access Request’.
• Individuals have a right to be forgotten and personal data corrected or deleted.
• Individuals must give consent to an organisation to process personal data. This is given by the Unit member in conjunction with the parent in the case of those aged under 18.

Nominated individuals

Information set out under the terms of the legislation:
Every member of the Unit is deemed to be a ‘data subject’, irrespective of age.
The data subject is determined to be the member of the Unit rather than the parent/guardian of that Unit member but since we will be holding some measure of personal data for the parent (name and telephone number) we undertake to hold that data in the same secure manner and use this data only in the same manner as outlined within this document.
The ‘data controller’ for the Unit is deemed to be the Unit Treasurer..
The ‘data processor’ for each section is the section leader for that section. Under the legislation, the data processor is responsible for the use, retention and disposal of data

Data Subject Access Requests
Requests to review the personal data held by the Unit within the records described within this document must be made to the Data Controller in writing.
These will be dealt with as quickly as possible and within a target of 2 weeks. The Nominated Data Processor will not normally be able to deal with such requests.
Those wishing to exercise their right to have their data corrected should follow the same procedures. It should be noted that the only data held by the Unit has been provided by data subjects, or by their parents on their behalf. We do not hold any personal data from any other source.
Those wishing to exercise their right to be forgotten and have their data deleted should contact the Data Controller as above and requests will be dealt with in the same manner.

Data Breaches
All data breaches, or suspected data breaches, must be reported immediately to the Data Controller for investigation.

Under 18’s data
• Under the legislation, only those over the age of 13 are deemed to be data subjects.
• However, we treat the personal data of all young people (under the age of 18) in the same manner within the Unit.
• Parental permissions are always sought at the point of joining the Unit, giving the Unit permission to use your data in the specified manner.

Adult data
The Unit does not hold any personal data for adults within the Unit electronically, other than the information with regard to the Compass system. The responsibility for managing Compass is deemed to rest with the Scout Association, and management of it locally is deemed to rest with Doncaster Danum District Scouts Council. The same data rights, retention and use policies and security measures apply to this data as for under 18 members of the Unit.

What data do we hold?
Personal information provided via the Unit enrolment form, completed on first entry to the Unit and when moving sections:
• Name
• Address
• Contact information (both standard and emergency)
• Date of birth
• Medical information
• Permissions & signatures
• Photographs
From time to time activity permissions forms will be used with reference to specific events. These will be paper forms designed to capture and manage specific items of data ahead of events. These capture the same information as outlined above. These forms remain in the possession of the event leader during the event and only used in the case of emergency. Following the event, the Data is securely disposed of, as detailed below.

Security of paper forms whilst on camps and at other outside events. We have a legal requirement to keep our data safe and secure. However, in the event of an emergency, it also needs to be easily accessible. As such all camp/activity leaders need to have easy access. In a camp environment this balance can be difficult to achieve. Having a locked box in a tent does not meet this requirement, equally locking the documents in car boot could delay ‘emergency access’ or the car could be stolen! We will make reasonable endeavors to keep the records safe, whilst enabling emergency access, this will be determined by the camp/activity leader.

With regard to events organised by Doncaster Danum Scout District or South Yorkshire Scout County, a standard format paper form is used to gather the same information outlined above. This form is provided by and managed by the District or County. These forms remain in the possession of a Unit Leader during the event and are only used in the case of emergency. Following the event, the Data is securely disposed of, as detailed below

What do we use this data for?
Standard enrolment information is entered in to the OSM system. This is used as a reference guide for Leaders, and in case of emergency. The paper form will securely disposed of, as detailed below.
This is information is not shared with any 3rd party (with the possible exception of medical staff in the event of an emergency) and is used for reference and in case of emergency only.
Activity forms are taken to the event and used for registration and in case of emergency only.
As a Unit we never pass data onto any 3rd parties and have no reason to do so. Data will never be sold.
At Scouting events, evenings and activities, photographs are taken for the sole use of promoting positive Scouting. The images will be shared via each section's Facebook page and the Unit’s website. Once shared the images are deleted.

Access to systems
Access to the Unit records has been reviewed and is restricted to members of the Leadership team with a need to access personal data, primarily those set out as data processors.
Spreadsheets created by Leaders for section evenings and individual events are managed by those Leaders and access restricted to those Leaders who require this information for the evening or event.
As a volunteer organisation it must be recognised that electronic records are accessed via machines not owned or controlled by the Unit and which are the personal property of adults within the Unit. All adults within the Unit who have been granted access to these electronic records are regularly reminded about the need for system security, the use of strong and secure passwords, and ensuring that access is not possible by anyone else using their machine.

Data retention and disposal policy
Data held will be maintained only for the period during which the young person is an active member of the Unit. Once they leave the Unit this will be securely disposed of ( exception – see Gift Aid below).
On moving between sections, this data will be transferred between sections records.
On transferring to other Units this data will be deleted and new records will be need to be created by the receiving Unit.
On receiving transfers from other Units a new record will be created and no electronic data will be received by our systems.
Paper enrolment forms will be kept securely for 6 months following the last active involvement in Scouting. They will then be destroyed in a secure manner.
This also applies to those young people moving between sections where a new enrolment form is created. The form held by the previous section will be destroyed after 6 months.
Activity permissions forms will be retained for 1 month following the event and then destroyed in a secure manner.
Registers for evenings will be retained for a minimum of 24 months and then are deleted.
Images are shared as soon after the event as possible, and then are deleted from the device.
Gift Aid collection forms and data will be securely held by the Unit to enable us to claim Gift Aid for membership fees and donations. We have a legal obligation to retain this information for 7 years after the last claim which references the young person and tax payer.

Communication with parents is on an information basis governed by permissions granted via the enrolment form with no marketing or sales implications. Therefore standard marketing preferences and permissions governed by GDPR regulations in the commercial world do not apply.

Historic records
All current adult members of the Unit have been instructed to identify any records containing personal data which they may hold electronically or in paper format and report these to the Unit Treasurer as part of a pre-GDPR audit. These records will then be deleted and destroyed if they fall outside of those systems or constraints outlined above.

Photography Policy
During Section and Unit events and activities, members of our leadership team, other members of the Scout Association and members of the public may be taking still and moving pictures. Pictures used by the Unit outside of the event/activity will only be used in accordance with Scout Association guidelines. Pictures taken by our leadership team may be used during and after the event/activity in local or national Scout Association publications, and in local newspapers, on websites or in other social media channels.
For larger District and County events local newspapers and TV stations may also attend to provide external media coverage and members of the press will be accompanied at all times by a member of the event or activity staff/leader team. We will seek your specific permission if we wish to use your/your child’s picture name with any picture in any promotional or advertising material.

Anyone attending any Section, Unit, District or County event or activity, or giving permission for their child/ward to attend an event or activity should note that attendance at the event or activity signifies their consent for pictures of themselves/their child to be used in line with the above policy.

If you have specific concerns in this regard, please contact the Section Leader for the activity


© 2013 Pegasus Explorer Scout Unit