Data Protection Policy

Updated: 5th November 2023

Who this is for and what does it apply to?

The current Data Protection regulations were updated in May 2018 to be consistent with the General Data Protection Regulation (GDPR). Data Protection regulation applies to all organisations that hold any information that identifies living people.

Data Protection rules do not apply to organisations holding only organisation data, with no names attached and the rules do not apply to individuals holding address books or, for example, Christmas Card lists on computer.

In Scouts, Data Protection applies to the lists of young people, adults and any other people recorded in a structured way for their future contact. It applies to the use of the membership system from recruitment onwards and Online Scout Manager (OSM). It applies to information gathered from the website to activity information forms and fundraising list information. It does not apply to incidental naming of people in, for example, minutes of meetings or action lists.

Commitment

Basingstoke East Scout District is committed to fully complying with the Data Protection rules. This means that every person (leaders, administrators, honorary officers, and trustees) involved in Basingstoke East Scout District will observe this policy.

Formal Contact

Basingstoke East Scout District is the Data Controller. The contact email address is chair@bescouts.org.uk.

Basingstoke East Scout District processes personal data using paper and electronic systems. It works with partner data processors including The Scout Association, OSM, Charity Commission & Microsoft. Basingstoke East Scout District has determined that the partner organisation data processing on its behalf is compliant with GDPR as far as it can assess.

The Legal Basis of our Data Processing

Basingstoke East Scout District is an unincorporated educational children’s charity. The young people it serves are members. Adults in leader, trustee and supporter roles are either members or non-members. The Basingstoke East Scout District also processes data of helpers and benefactors.

To achieve the purposes of the charity we process data for our legitimate interests.

This includes processing for the purposes of:

• Administration of the Scouting Programme and Activities
• Governance
• Safety and safeguarding
• Fundraising and Public/Community Relations

This includes processing by holding paper and electronic records, processing with the facilities or our data processing partners and sending communications by paper and electronic means.

We process data for legal reasons.

This includes for the purposes of:

• maintaining safety and safeguarding records in compliance with the Scout Association’s Policy Organisation and Rules (POR)
• maintaining accounting records as required by HMRC and charity regulation

We process data by reason of data subjects’ consent.

This includes for the purposes of:

• Statistical reporting about inclusion relating to ethnicity and disability
• Fundraising by direct mail or electronic communications

Special Categories of Personal Data

Data will be processed about members and adult helpers Ethnicity, Health, Disability and Religious Belief to enable inclusion. Information about criminal records will be processed to inform recruitment decisions but will not be kept. (disclosure of all criminal convictions and cautions and the provision of an enhanced certificate from the Disclosure and Barring Service is required for all adults in relevant roles, this being in compliance with the relevant legislation about filtering and rehabilitation of offenders).

The personal data of members and adult helpers we process will include full name and contact details, date of birth and age, records of service and training. Records of service will include roles and activities undertaken and role reviews. Relevant records will be kept for the management of Safety, Safeguarding and Personnel.

Website information will be kept for the effective management of the website and statistical purposes.

Financial information about bank accounts, payment of membership and activity fees, donations the processing of gift aid and the maintenance of records as required by regulations.

Sharing of your Personal Data

Subject to Data Protection regulations the Basingstoke East Scout District will share your data as relevant with:

• The Scout Association, the local Scout County and Groups to enable to provision of Scout programme and activities, training opportunities, administration, and promotion.
• To comply with legal requirements when necessary or others when we have your consent.
• With medical services to protect your vital interests
• For the good administration of the charity and security of our processes.

It will be processed by partner data processors, including cloud-based services, for the good administration of the Basingstoke East Scout District and achievement of its charitable purposes.

Personal data may be transferred outside the UK and European Economic Area (EEA) through the use of cloud computing systems.

Confidentiality

Basingstoke East Scout District is an organisation with approximately 400 leaders with various levels of access to groups of Young Persons and Adults information. All persons with access to personal data are required to maintain confidentiality and not to share it outside a “need to know” basis. All persons with access to personal data are required to agree to a Confidentiality and Data Protection statement.  Anyone accessing personal information is required to only use devices that are secure by being in their own homes or scouting offices. Where these devices are removed from secure premises (home) they must be protected by password and encrypted, and with system security and data back-up.

Safeguarding Partnership

The Basingstoke East Scout District is a member of The Scout Association and complies with its Policy, Organisation and Rules (POR). POR includes safeguarding processes involving recruitment and the requirement for specified investigations. Personal information will be passed to the Scout Association for their processes in safer recruitment and safeguarding. Information will be passed to the relevant authorities when there is a relevant concern.

Subject Access

Any person who is the subject of personal data held by the district may make a subject access request by contacting: the GDPR representative at chair@bescouts.org.uk. The request will be processed in accordance with current regulation.

Registered adults may access their personal data by logging into Membership System. Adults are encouraged to keep this up to date themselves.

Parents and Young People can log into OSM where access is allowed and edit their OSM data.

Not registered with ICO

As a charity, the Basingstoke East Scout District, handling personal data only for the purposes of maintenance of its membership and donors is not required to notify the Information Commissioners Office (ICO) or to pay the Data Protection fee.

Your Rights under Data Protection Regulation

Your rights are as follows;

To be informed about how we process your personal data: this Data Protection and Privacy Policy seeks to provide that information

To have any erroneous personal data corrected: the Basingstoke East Scout District requests all members to notify any changes and will update information without delay.

To object to processing: the Basingstoke East Scout District will comply with your request as far as possible, some records are maintained for the formal administration of the charity, for safety and for safeguarding purposes when retention of records will be required.

To restrict processing: the Basingstoke East Scout District will comply with your request as far as possible,

To have your personal data erased: the Basingstoke East Scout District will comply with your request as far as possible.

To request access: the Basingstoke East Scout District will comply with current regulations

To move, copy or transfer your personal data: the Basingstoke East Scout District will comply with your request as far as possible, acknowledging that adult member records are included in Membership System. The transfer of young person’s data in OSM may be possible.

Questions about Data Protection or the use of Personal Data

Any questions or comments about data protection or this policy, notwithstanding your rights above, should be addressed to the Basingstoke East Scout District Chair at chair@bescouts.org.uk.

Adult Volunteers Personal records

The personal membership profile of each member is kept on Membership System. It is the responsibility of each member to ensure that they keep their own record up to date. If anyone has difficulty in accessing their membership record, then they should ask their line manager for assistance. The Scout Association Information Centre (0345 300 1818) may also be able to help.

Internal and Other Directories

The compilation of any online directory containing contact details must have the approval of the Trustee Board. Directories must only include information for which individuals have given specific consent. The request for consent must include information about access to and/or distribution of the directory. The directory must be kept-up to date by a named person.

Programme, Activity and Training Registration

Personnel will use appropriate and secure methods to gather information for registration. Only information that is necessary for the purpose will be requested.

Information may be gathered by paper or online forms. A data protection statement will be included in the form stating the whole use of the data and specifically identifying any sharing or not.

Activity registration data will often form part of relevant training and safeguarding information and so will be kept for the relevant time scale.

Retention of records

Records will be retained for the good administration of the Basingstoke East Scout District:

• For governance matters – 5 years
• Attendance records for safeguarding purposes – 5 years
• Adult membership, involvement and training records will be kept on Membership System and not in other forms of record, therefore kept in compliance with the persons membership and Scout Association policy
• Notes and records from Safeguarding investigations will be sent to the Scout Association for retention and not kept locally
• For accounting purposes for 6 years after the end of the relevant year

Consent for children

Consent for children (under 18’s) to participate in activities and to receive communications will require parental / guardian consent.

Consent to electronic mailings – unsubscribe

Mailings will be sent for notification of events, administration, and governance. Anyone who wishes not to receive such mailings can unsubscribe. All mailings will have an Unsubscribe facility.

Communication of this Policy

This policy is placed on the website and is available from the Basingstoke East Scout District Chair.

Review of this Policy

This Policy will be reviewed periodically as any changes in regulations or best practice occur; this will be at least every 3 years.