Pegasus Explorer
Scout Unit (the Unit)
Data Policy (revised in light of GDPR regulations)
– May 2018
From 25th May 2018 new legislation is in place regarding
management of personal data. The Unit are committed
to working within this legislation and the guidance
issued from the Scout Association to manage and use
the data of all those within the Unit correctly.
This relates to the data held for Unit purposes, specifically:
• Enrolment forms (paper)
• Activity permissions forms (paper)
• Electronic registers (principally OSM* and locally
produced spreadsheets / word documents for specific
events).
• Gift Aid forms and related data
* OSM – Online Scout Manager – an online
database containing member’s details. Please refer
to OSM’s own Security and GDPR policy statements
on their web site : www.onlinescoutmanager.co.uk/security.html
This does not explicitly cover the Compass system used
to manage Leaders records. Responsibility for managing
Compass is deemed to rest with the Scout Association,
and management of it locally is deemed to rest with
Doncaster Danum District Scouts Council. The Compass
system is not used for data for those under the age
of 18, it is for Leaders records only.
Increased rights under the legislation and how
to exercise them
• Individuals have the right to access their data
and request a copy of their personal data via a ‘Data
Subject Access Request’.
• Individuals have a right to be forgotten and
personal data corrected or deleted.
• Individuals must give consent to an organisation
to process personal data. This is given by the Unit
member in conjunction with the parent in the case of
those aged under 18.
Nominated individuals
Information set out under the terms of the legislation:
Every member of the Unit is deemed to be a ‘data
subject’, irrespective of age.
The data subject is determined to be the member of the
Unit rather than the parent/guardian of that Unit member
but since we will be holding some measure of personal
data for the parent (name and telephone number) we undertake
to hold that data in the same secure manner and use
this data only in the same manner as outlined within
this document.
The ‘data controller’ for the Unit is deemed
to be the Unit Treasurer..
The ‘data processor’ for each section is
the section leader for that section. Under the legislation,
the data processor is responsible for the use, retention
and disposal of data
Data Subject Access Requests
Requests to review the personal data held by the Unit
within the records described within this document must
be made to the Data Controller in writing.
These will be dealt with as quickly as possible and
within a target of 2 weeks. The Nominated Data Processor
will not normally be able to deal with such requests.
Those wishing to exercise their right to have their
data corrected should follow the same procedures. It
should be noted that the only data held by the Unit
has been provided by data subjects, or by their parents
on their behalf. We do not hold any personal data from
any other source.
Those wishing to exercise their right to be forgotten
and have their data deleted should contact the Data
Controller as above and requests will be dealt with
in the same manner.
Data Breaches
All data breaches, or suspected data breaches, must
be reported immediately to the Data Controller for investigation.
Under 18’s data
• Under the legislation, only those over the age
of 13 are deemed to be data subjects.
• However, we treat the personal data of all young
people (under the age of 18) in the same manner within
the Unit.
• Parental permissions are always sought at the
point of joining the Unit, giving the Unit permission
to use your data in the specified manner.
Adult data
The Unit does not hold any personal data for adults
within the Unit electronically, other than the information
with regard to the Compass system. The responsibility
for managing Compass is deemed to rest with the Scout
Association, and management of it locally is deemed
to rest with Doncaster Danum District Scouts Council.
The same data rights, retention and use policies and
security measures apply to this data as for under 18
members of the Unit.
What data do we hold?
Personal information provided via the Unit enrolment
form, completed on first entry to the Unit and when
moving sections:
• Name
• Address
• Contact information (both standard and emergency)
• Date of birth
• Medical information
• Permissions & signatures
• Photographs
From time to time activity permissions forms will be
used with reference to specific events. These will be
paper forms designed to capture and manage specific
items of data ahead of events. These capture the same
information as outlined above. These forms remain in
the possession of the event leader during the event
and only used in the case of emergency. Following the
event, the Data is securely disposed of, as detailed
below.
Security of paper forms whilst on camps and at other
outside events. We have a legal requirement to keep
our data safe and secure. However, in the event of an
emergency, it also needs to be easily accessible. As
such all camp/activity leaders need to have easy access.
In a camp environment this balance can be difficult
to achieve. Having a locked box in a tent does not meet
this requirement, equally locking the documents in car
boot could delay ‘emergency access’ or the
car could be stolen! We will make reasonable endeavors
to keep the records safe, whilst enabling emergency
access, this will be determined by the camp/activity
leader.
With regard to events organised by Doncaster Danum
Scout District or South Yorkshire Scout County, a standard
format paper form is used to gather the same information
outlined above. This form is provided by and managed
by the District or County. These forms remain in the
possession of a Unit Leader during the event and are
only used in the case of emergency. Following the event,
the Data is securely disposed of, as detailed below
What do we use this data for?
Standard enrolment information is entered in to the
OSM system. This is used as a reference guide for Leaders,
and in case of emergency. The paper form will securely
disposed of, as detailed below.
This is information is not shared with any 3rd party
(with the possible exception of medical staff in the
event of an emergency) and is used for reference and
in case of emergency only.
Activity forms are taken to the event and used for registration
and in case of emergency only.
As a Unit we never pass data onto any 3rd parties and
have no reason to do so. Data will never be sold.
At Scouting events, evenings and activities, photographs
are taken for the sole use of promoting positive Scouting.
The images will be shared via each section's Facebook
page and the Unit’s website. Once shared the images
are deleted.
Access to systems
Access to the Unit records has been reviewed and is
restricted to members of the Leadership team with a
need to access personal data, primarily those set out
as data processors.
Spreadsheets created by Leaders for section evenings
and individual events are managed by those Leaders and
access restricted to those Leaders who require this
information for the evening or event.
As a volunteer organisation it must be recognised that
electronic records are accessed via machines not owned
or controlled by the Unit and which are the personal
property of adults within the Unit. All adults within
the Unit who have been granted access to these electronic
records are regularly reminded about the need for system
security, the use of strong and secure passwords, and
ensuring that access is not possible by anyone else
using their machine.
Data retention and disposal policy
Data held will be maintained only for the period during
which the young person is an active member of the Unit.
Once they leave the Unit this will be securely disposed
of ( exception – see Gift Aid below).
On moving between sections, this data will be transferred
between sections records.
On transferring to other Units this data will be deleted
and new records will be need to be created by the receiving
Unit.
On receiving transfers from other Units a new record
will be created and no electronic data will be received
by our systems.
Paper enrolment forms will be kept securely for 6 months
following the last active involvement in Scouting. They
will then be destroyed in a secure manner.
This also applies to those young people moving between
sections where a new enrolment form is created. The
form held by the previous section will be destroyed
after 6 months.
Activity permissions forms will be retained for 1 month
following the event and then destroyed in a secure manner.
Registers for evenings will be retained for a minimum
of 24 months and then are deleted.
Images are shared as soon after the event as possible,
and then are deleted from the device.
Gift Aid collection forms and data will be securely
held by the Unit to enable us to claim Gift Aid for
membership fees and donations. We have a legal obligation
to retain this information for 7 years after the last
claim which references the young person and tax payer.
Communications
Communication with parents is on an information basis
governed by permissions granted via the enrolment form
with no marketing or sales implications. Therefore standard
marketing preferences and permissions governed by GDPR
regulations in the commercial world do not apply.
Historic records
All current adult members of the Unit have been instructed
to identify any records containing personal data which
they may hold electronically or in paper format and
report these to the Unit Treasurer as part of a pre-GDPR
audit. These records will then be deleted and destroyed
if they fall outside of those systems or constraints
outlined above.
Photography Policy
During Section and Unit events and activities, members
of our leadership team, other members of the Scout Association
and members of the public may be taking still and moving
pictures. Pictures used by the Unit outside of the event/activity
will only be used in accordance with Scout Association
guidelines. Pictures taken by our leadership team may
be used during and after the event/activity in local
or national Scout Association publications, and in local
newspapers, on websites or in other social media channels.
For larger District and County events local newspapers
and TV stations may also attend to provide external
media coverage and members of the press will be accompanied
at all times by a member of the event or activity staff/leader
team. We will seek your specific permission if we wish
to use your/your child’s picture name with any
picture in any promotional or advertising material.
Anyone attending any Section, Unit, District
or County event or activity, or giving permission for
their child/ward to attend an event or activity should
note that attendance at the event or activity signifies
their consent for pictures of themselves/their child
to be used in line with the above policy.
If you have specific concerns in this regard, please
contact the Section Leader for the activity
|
