1st Marldon Scouts Group
Data Policy (revised in light of GDPR regulations) – May 2018
From 25th May 2018 new legislation is in place regarding management of personal data. 1st Marldon Scout Group are committed to working within this legislation and the guidance issued from the Scout Assoc. (click here) to manage and use the data of all those within the Group correctly.
This relates to the data held for Group purposes, specifically:
- Enrolment forms (paper)
- Activity permissions forms (paper)
- Electronic registers (principally the Group management googledoc and any googledoc or similar document produced for specific events).
This does not explicitly cover the Compass system used to manage Leaders records. Responsibility for managing Compass is deemed to rest with the Scout Association, and management of it locally is deemed to rest with Torbay District Scouts Council. The Compass system is not used for data for those under the age of 18 and is for Leaders records only.
Increased rights under the legislation and how to exercise them
- Individuals have the right to access their data and request a copy of their personal data via a “Data Subject Access Request”.
- Individuals have a right to be forgotten and personal data corrected or deleted.
- Individuals must give consent to an organisation to process personal data. This is given by the parent in the case of those Group members under the age of 13, and by the Group member in conjunction with the parent in the case of those aged between 13 and 18.
Information set out under the terms of the legislation:
Every member of the Group is deemed to be a “data subject”, irrespective of age.
The data subject is determined to be the member of the Group rather than the parent/guardian of that Group member but since we will be holding some measure of personal data for the parent (name and telephone number) we undertake to hold that data in the same secure manner and us this data only in the same manner as outlined within this document.
The “data controller” for the Group is deemed to be the Group Scout Leader, John Harrison
The “data processor” for each section is Group Secretary, Elaine Harrison. Under the legislation, the data processor is responsible for the use, retention and disposal of data
Data Subject Access Requests
Requests to review the personal data held by the Group within the records described within this document must be made to the Data Controller: John Harrison, Group Scout Leader in writing.
These will be dealt with as quickly as possible and within a target of 1 week. The Nominated Data Processor will not normally be able to deal with such requests.
Those wishing to exercise their right to have their data corrected should follow the same procedures. It should be noted that the only data held by the Group has been provided by data subjects, or by their parents on their behalf. We do not hold any personal data from any other source.
Those wishing to exercise their right to be forgotten and have their data deleted should contact the Data Controller as above and requests will be dealt with in the same manner.
All data breaches, or suspected data breaches, must be reported immediately to the Data Controller (John Harrison) for investigation.
Under 18’s data
- Under the legislation, only those over the age of 13 are deemed to be data subjects.
- However, we treat the personal data of all young people (under the age of 18) in the same manner within the Group.
- Parental permissions are always sought at the point of joining the Group.
- For those who join the Group before the age of 13, permissions given by the parent is deemed to continue as from their 13th birthday but the data subject (young person) then acquires the same rights as all other data subjects set out above.
- For those who join the Group aged 13 or over, a signature box is now included on the enrolment form for signature giving the Group to use your data in the specified manner.
The Group does not hold any personal data for adults within the Group electronically, other than the information with regard to the Compass system. The responsibility for managing Compass is deemed to rest with the Scout Association, and management of it locally is deemed to rest with Torbay District Scouts Council. The same data rights, retention and use policies and security measures apply to this data as for under 18 members of the Group.
What data do we hold?
Personal information provided via the Group enrolment form, completed on first entry to the Group and when moving sections:
- Contact information (both standard and emergency)
- Date of birth
- Medical information
- Permissions & signatures
From May 2018 a new amended enrolment form will be used across the Group.
From time to time activity permissions forms will be used with reference to specific events. These will be paper forms designed to capture and manage specific items of data ahead of events. These capture the same information as outlined above. These forms remains in the possession of the event leader during the event and only used in the case of emergency. Following the event, the Data is securely disposed of, as detailed below
With relation to events organised by Torbay Scout District or Devon Scout County, a standard format paper form is used to gather the same information outlined above. This form is provided by and managed by the District or County. These forms remains in the possession of a group Leader during the event and only used in the case of emergency. Following the event, the Data is securely disposed of, as detailed below
What do we use this data for?
Standard enrolment information is held in a file relevant to each section. This is then used as a reference guide for Leaders, and in case of emergency.
This is information is not shared with any 3rd party and is used for reference and in case of emergency only.
The original paper forms are retained for reference by those Leaders responsible for records keeping in each section and are kept secure in a locked section cupboard.
Activity forms are taken to the event and used for registration and in case of emergency only.
As a Group we never pass data onto any 3rd parties and have no reason to do so. Data will never be sold.
Photographs are taken for the sole use of promoting positive Scouting. Images of Scouting events, evenings and activities will now only be taken on the Groups secure device. Adults assisting at events and evenings will no longer use their personal devices. The images will be shared via each sections Facebook page and the Groups website. Once shared the images are deleted
Access to systems
Access to the Group records has been reviewed and is restricted to members of the Leadership team with a need to access personal data, primarily those set out as data processors.
Spreadsheets created by Leaders for section evenings and individual events are managed by those Leaders and access restricted to those Leaders who require this information for the evening or event.
As a volunteer organisation it must be recognised that electronic records are accessed via machines not owned or controlled by the Group and which are the personal property of adults within the Group. All adults within the Group who have been granted access to these electronic records are regularly reminded about the need for system security, the use of strong and secure passwords, and ensuring that access is not possible by anyone else using their machine.
Data retention and disposal policy
Data held will be maintained only for the period during which the young person is an active member of the Scout Group. Once they leave the Group this will be securely disposed of..
On moving between sections, this data will be transferred between sections records.
On transferring to other Groups this data will be deleted and new records will be need to be created by the receiving Scout Group.
On receiving transfers from other Groups a new record will be created and no electronic data will be received by our systems.
Paper enrolment forms will be kept securely for 6 months following the last active involvement in Scouting. They will then be destroyed in a secure manner.
This also applies to those young people moving between sections where a new enrolment form is created. The form held by the previous section will be destroyed after 6 months.
Activity permissions forms will be retained for 1 month following the event and then destroyed in a secure manner.
Registers for evenings will be retained for a minimum of 24 months and then are deleted.
Images are shared as soon after the event as possible, and then are deleted from the device.
Communication with parents is on an information basis governed by permissions granted via the enrolment form with no marketing or sales implications. Therefore standard marketing preferences and permissions governed by GDPR regulations in the commercial world do not apply.
All current adult members of the Group have been instructed to identify any records containing personal data which they may hold electronically or in paper format and report these to the Group Scout Leader as part of a pre-GDPR audit. These records will then be deleted and destroyed if they fall outside of those systems or constraints outlined above.
During Section and Group events and activities, members of our leadership team, other members of the Scout Association and members of the public may be taking still and moving pictures. Pictures used by 1st Marldon Scouts outside of the event/activity will only be used in accordance with Scout Association guidelines. Pictures taken by our leadership team may be used during and after the event/activity in Torbay Scout or the Scout Association publications, and in local newspapers, on websites or in other social media channels.
For larger District and County events local newspapers and TV stations may also attend to provide external media coverage and members of the press will be accompanied at all times by a member of the event or activity staff/leader team. We will seek your specific permission if we wish to use your/your child’s picture name with any picture in any promotional or advertising material.
Anyone attending any Section, Group or District event or activity, or giving permission for their child/ward to attend an event or activity should note that attendance at the event or activity signifies their consent for pictures of themselves/their child to be used in line with the above policy.
If you have specific concerns in this regard, please contact the Section Leader for the activity