1. Who is this policy for and who does it apply to?
The North Leeds District comprises several Scout Groups. For the purposes of this policy document the term ‘North Leeds Scouts’ only applies to the District-level organisation that is led by the District Commissioner and managed by the North Leeds Scouts Board of Trustees.
Individual Groups will have their own related policies.
North Leeds Scouts is committed to fully complying with the Data Protection rules at all times. This means that every person (Leaders, Managers, Administrators, Honorary Officers and Trustees) involved in North Leeds Scouts must observe this policy.
2. Who we are
North Leeds District Scout Council are a registered charity with the Charity Commission for England & Wales (charity number 1085203).
The Data Controller is North Leeds District Scout Council. The contact address is; North Leeds District Scout Council C/O Stacy-Paul Wilshaw, 51 Allerton Grange Rise, Leeds, West Yorkshire, LS17 6LJ
The District Secretary acts as our Data Protection Officer, who can be contacted at [email protected]
1. The Legal Basis of our Data Processing
To achieve the purposes of the charity we process data for our legitimate interests. This includes processing for the purposes of:
We will process data by holding paper and electronic records, using the facilities of our data processing partners and sending communications by paper and electronic means.
We process data for legal reasons. This includes for the purposes of:
We process data by reason of data subjects’ consent. This includes for the purposes of:
2. Categories of Personal Data we process
Data will be processed about members’, adult helpers’ and employees’ Ethnicity, Health, Disability and Religious Belief to enable inclusion.
Information about criminal records will be processed to inform recruitment decisions but will not be kept. (Disclosure of all criminal convictions and cautions and the provision of an enhanced certificate from the Disclosure and Barring Service is required for all adults in relevant roles, this being in compliance with the relevant legislation about filtering and rehabilitation of offenders)
The personal data of members and adult helpers we process will include full name and contact details, date of birth and age, records of service, and training. Records of service will include roles and activities undertaken and role reviews. Relevant records will be kept for the management of Safety, Safeguarding and Personnel.
Website information will be kept for the effective management of the website and statistical purposes. This may include cookies, and further details are provided below (appendix two).
Financial information about bank accounts, payment of membership and activity fees, donations, payroll information, the processing of gift aid and the maintenance of records is processed as required by and in accordance with regulations.
3. Sharing of your Personal Data with Third Parties
North Leeds Scouts works with partner data processors including but not limited to; The Scout Association (TSA), Central Yorkshire County Scout Council (CYCSC), Online Scout Manager (Online Youth Manager), Duke of Edinburgh Award Scheme, Google, Microsoft, Mailchimp and Dropbox. North Leeds Scouts has determined that our partner organisations processing data on its behalf are compliant with GDPR as far as it can assess.
Subject to Data Protection regulations North Leeds Scouts will share personal data as relevant with the Scout Association to enable to provision of the Scout programme and activities, training opportunities, administration, and promotion.
Your data may also be shared to comply with legal requirements when necessary or to others when we have your consent or shared with medical services to protect your vital interests.
Your data will be processed by partner data processors including cloud-based services for the good administration of North Leeds Scouts and achievement of its charitable purposes.
Personal data may be transferred outside the UK and European Economic Area (EEA) through the use of cloud computing systems. The use of these systems has been considered for their data security compliance.
4. Safeguarding Partnership
North Leeds Scouts is a member of the Scout Association (TSA) and complies with its Policy Organisation and Rules (POR). POR includes the safeguarding processes involving recruitment and safeguarding investigations. Personal information will be passed to TSA for their processes in safer recruitment and safeguarding. Information will be passed to the Police when there is a relevant concern.
5. Further processing
If we wish to use your personal data for a new purpose not already outlined to you or within this policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
1. Your Rights under Data Protection Regulation
People’s (Data Subjects) rights are as follows:
2. Subject Access Requests
Any person, who is the subject of personal data held by North Leeds Scouts, may make a Subject Access Request by contacting the District Secretary. The request will be processed in accordance with current regulations. Details of how you can make a request can be found on our website.
3. Questions about Data Protection or the use of Personal Data
Any questions or comments about data protection or this policy, notwithstanding personal rights above, should be addressed to the Data Protection Officer.
1. Data Breaches
Any loss of personal data, as described in the legislation, must be reported to the Data Protection Officer (DPO) including:
The DPO will consider the seriousness of the data breach and if necessary, report the matter to the Information Commissioner’s Office (ICO). The record of every Data Breach and the actions taken will be recorded in the Data Privacy Breach log. North Leeds Scouts will cooperate with the ICO fully to respond to any matters.
The matter will be investigated and if possible, the root cause of the breach will be determined. Corrective action will be taken in accordance with the regulations.
If a breach is likely to result in a high risk to the rights and freedoms of individuals, those affected by the data breach will be informed as soon as is practicable so that they may take appropriate action. All breaches will be reported as a matter of routine to the District Board of Trustees.
2. Retention of Records
| Data Description | Data Type | Retention | Comments/Justification |
| Information about our members | Personal and Sensitive Data | Retained whilst a current member. This will be reduced 10 years after leaving to only a subset of data and is subject to The Scout Association’s retention policy | The ten year retention of all data is required to provide tenure and service records in the event an individual wants to rejoin. The 100 years retention of data is required for evidence requests from statutory agencies
|
| Information about Safeguarding incidents | Personal and Sensitive Data (special category) | Until the case is closed locally, then data is stored with The Scout Association as per their retention period. | Required for evidence requests from statutory agencies
|
| Information about accidents and near misses | Personal Data | 3 years after the event, or 3 years after alleged victim turns 18 if later | Fight a case – Limitation act 1980 |
| Information about attendance at District events including attendance at Wike Campsite | Personal and Sensitive Data | 18 months after event for personal data, 2 months after the event for sensitive data | Required for enquiries on the event and responding to incidents. To inform attendees of the repeat of the event I the next cycle. |
| Information about attendees at adult training events | Personal and Sensitive Data | 18 months after event for personal data, 2 months after the event for sensitive data | Required for enquiries on the event and responding to incidents. To inform attendees of the repeat of the event I the next cycle. |
| Information about general enquiries, including youth joining and adult volunteering | Personal Data | 1 year after enquiry or until member joins, whichever is shorter | To keep individuals informed of their joining status/enquiry |
| Information about Complaints | Personal Data | 3 years after end of complaint process | Required for evidence requests from The Scout Association. |
| Gift Aid Claim information | Gift Aid Declaration | 7 years | Requirement from HMRC |
| Role Review Forms | Personal Data | Destroyed after review completed and recommendations entered into Compass | In keeping with The Scout Association Poicies |
| Appointments Committee and Recruitment | Personal Data | 6 months after decision made | Required to support the vetting process |
| CCTV Footage | Personal Data | 30 days after footage captured, unless required as evidence in an investigation | Required for evidence in the case of an internal or criminal investigation |
| Subject Access Request records | Personal and Sensitive Data | The request and response kept for 1 year after response issued by the District | Retained as evidence in the event of any concerns raised. |
1. Access to Data by North Leeds Scouts Personnel
All leaders, administrators and executive (personnel) with access to personal data will be trained in Data Protection. For most the Scout Association Online training will suffice. North Leeds Scouts personnel with access to personal data must also read this policy and training may also include attending other relevant courses.
Everyone with access to personal data must comply fully with this policy and must raise any concerns with their line manager or the DPO.
All personnel will only use the personal data of North Leeds Scouts for the achievement of the charitable purposes as set out above and not for any other reason. Personal data will only be accessed and processed as relevant to their role in North Leeds Scouts.
Personal data must not be shared outside of North Leeds Scouts by any personnel except in accordance with the specific conditions of this policy.
Personnel may process data on their home or work computer providing it is secure from possible unauthorised access. Computers must be protected by firewall and internet security. Data will only be placed on portable devices if the device allows password protection and encryption and is backed-up sufficiently.
When a computer or any other electronic device on which data is physically stored is disposed of the data on the hard drive must be properly and fully erased or destroyed, not just deleted.
Paper based files used at home must be kept secure. Files must only be transported when essential and when the data security risk has been considered and management steps put in place.
2. Processing of Adult Members’ Personal records
The personal membership profile of each member is kept on Compass. It is the responsibility of each member to ensure that they keep their own record up to date.
3. Creation of Directories
The compilation of any directory must have the approval of the District Commissioner and District Chair. Directories must only contain the information that is specifically consented to be included. The request for consent must include information about access to or distribution of the directory. The directory must be kept up-to-date by a named person, and those persons contained within the directory have the right to have their data removed at their request.
4. Data Processing at Wike Campsite
Wike Campsite uses the Online Scout Manager (OSM) Booking System. Data is collected for the purposes of administering bookings, and is stored in accordance with this policy. The OSM booking system’s data protection and privacy policy has been examined and approved for use by the Wike Steering Group. The booking system uses minimal personal data, and this data is not used for marketing purposes.
5. Programme, Activity and Training Registration
Personnel will use appropriate and secure methods to gather information for registration. Only information that is necessary for the purpose will be requested.
Information may be gathered by paper or online forms.
Activity registration data is often part of relevant training and safeguarding records and so will be kept for the relevant time scale.
6. Consent to Bulk Mailings
Bulk electronic mailings will be sent for notification of events, administration and governance. Anyone who wishes not to receive such mailings, providing it is not a duty, will be unsubscribed. All mailings will have an unsubscribe facility.
This policy is approved and owned by the District Board of Trustees, with operational oversight of the measures set out above delegated to the District Secretary (who is also the Data Protection Officer).
Communication of this Policy
This policy is placed on the website.
Review of this Policy
This policy will be reviewed periodically as any changes in regulations or best practice occur; this will be at least every 3 years.
Approval of this Policy
This policy was approved by the North Leeds Scouts Board of Trustees on 03 May 2022.
It is accepted that no Policy can cover all situations. Therefore, in any situation where an exception to this policy is identified, it must be raised for review and approval. This review can occur at the Board of Trustees, or at one of its sub-committees if more appropriate. Decisions made by this committee are final, and where an exception is granted it should be for no longer than one year, but maybe refreshed.
If you want to contact us to raise any questions about this privacy statement, or any general matters
relating to the way we process and hold data, you can contact us using this email address:
[email protected] or by the contact methods listed at nlscouts.org.uk
All information in this Policy is correct as of the date of publication.
© Copyright North Leeds District Scout Council . All Rights Reserved.
Charity number: 1085203 (England and Wales)
Website Data Protection and Privacy Policy and Cookie Policy
Last build at 17:30:51 on 20.09.2023