A: Introduction

1. Who is this policy for and who does it apply to?
The North Leeds District comprises several Scout Groups. For the purposes of this policy document the term ‘North Leeds Scouts’ only applies to the District-level organisation that is led by the District Commissioner and managed by the North Leeds Scouts Board of Trustees.

Individual Groups will have their own related policies.

North Leeds Scouts is committed to fully complying with the Data Protection rules at all times. This means that every person (Leaders, Managers, Administrators, Honorary Officers and Trustees) involved in North Leeds Scouts must observe this policy.

2. Who we are
North Leeds District Scout Council are a registered charity with the Charity Commission for England & Wales (charity number 1085203).

The Data Controller is North Leeds District Scout Council. The contact address is; North Leeds District Scout Council C/O Stacy-Paul Wilshaw, 51 Allerton Grange Rise, Leeds, West Yorkshire, LS17 6LJ

The District Secretary acts as our Data Protection Officer, who can be contacted at
[email protected]

B: How we process data

1. The Legal Basis of our Data Processing

To achieve the purposes of the charity we process data for our legitimate interests. This includes processing for the purposes of:

  • Administration of the Scouting Programme and Activities
  • Governance
  • Safety and Safeguarding
  • Administering bookings at Wike Scout Campsite
  • Fundraising and Public/Community Relations

We will process data by holding paper and electronic records, using the facilities of our data processing partners and sending communications by paper and electronic means.

We process data for legal reasons. This includes for the purposes of:

  • Maintaining safety and safeguarding records in compliance with the Scout Association’s Policy Organisation and Rules (https://www.scouts.org.uk/por/)
  • Maintaining accounting records as required by HMRC and charity regulation

We process data by reason of data subjects’ consent. This includes for the purposes of:

  • Providing information to members about the Scouting programme
  • Providing communications relevant to governance, administration, and fundraising
  • Statistical reporting about inclusion relating to ethnicity and disability

2. Categories of Personal Data we process

Data will be processed about members’, adult helpers’ and employees’ Ethnicity, Health, Disability and Religious Belief to enable inclusion.

Information about criminal records will be processed to inform recruitment decisions but will not be kept. (Disclosure of all criminal convictions and cautions and the provision of an enhanced certificate from the Disclosure and Barring Service is required for all adults in relevant roles, this being in compliance with the relevant legislation about filtering and rehabilitation of offenders)

The personal data of members and adult helpers we process will include full name and contact details, date of birth and age, records of service, and training. Records of service will include roles and activities undertaken and role reviews. Relevant records will be kept for the management of Safety, Safeguarding and Personnel.

Website information will be kept for the effective management of the website and statistical purposes. This may include cookies, and further details are provided below (appendix two).

Financial information about bank accounts, payment of membership and activity fees, donations, payroll information, the processing of gift aid and the maintenance of records is processed as required by and in accordance with regulations.

3. Sharing of your Personal Data with Third Parties

North Leeds Scouts works with partner data processors including but not limited to; The Scout Association (TSA), Central Yorkshire County Scout Council (CYCSC), Online Scout Manager (Online Youth Manager), Duke of Edinburgh Award Scheme, Google, Microsoft, Mailchimp and Dropbox. North Leeds Scouts has determined that our partner organisations processing data on its behalf are compliant with GDPR as far as it can assess.

Subject to Data Protection regulations North Leeds Scouts will share personal data as relevant with the Scout Association to enable to provision of the Scout programme and activities, training opportunities, administration, and promotion.

Your data may also be shared to comply with legal requirements when necessary or to others when we have your consent or shared with medical services to protect your vital interests.

Your data will be processed by partner data processors including cloud-based services for the good administration of North Leeds Scouts and achievement of its charitable purposes.

Personal data may be transferred outside the UK and European Economic Area (EEA) through the use of cloud computing systems. The use of these systems has been considered for their data security compliance.

4. Safeguarding Partnership

North Leeds Scouts is a member of the Scout Association (TSA) and complies with its Policy Organisation and Rules (POR). POR includes the safeguarding processes involving recruitment and safeguarding investigations. Personal information will be passed to TSA for their processes in safer recruitment and safeguarding. Information will be passed to the Police when there is a relevant concern.

5. Further processing

If we wish to use your personal data for a new purpose not already outlined to you or within this policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

C: Data subject rights

1. Your Rights under Data Protection Regulation
People’s (Data Subjects) rights are as follows:

  • To be informed about how personal data is processed: this Data Protection and Privacy Policy seeks to provide that information
  • To have personal data corrected: North Leeds Scouts requests all members to notify any changes and will update information without delay.
  • To object to processing: North Leeds Scouts will comply with all requests as far as possible, some records are maintained for the formal administration of the charity, for safety and for safeguarding purposes when retention of records will be required.
  • To restrict processing: North Leeds Scouts will comply with all requests as far as possible,
  • To have personal data erased: North Leeds Scouts will comply with all requests as far as possible.
  • To request access: North Leeds Scouts will comply with current regulations
  • To move, copy or transfer personal data: North Leeds Scouts will comply with requests as far as possible acknowledging that adult member records are included in Compass. The transfer of young persons data in OSM may be possible.

2. Subject Access Requests

Any person, who is the subject of personal data held by North Leeds Scouts, may make a Subject Access Request by contacting the District Secretary. The request will be processed in accordance with current regulations. Details of how you can make a request can be found on our website.

3. Questions about Data Protection or the use of Personal Data

Any questions or comments about data protection or this policy, notwithstanding personal rights above, should be addressed to the Data Protection Officer.

D: Data management processes

1. Data Breaches

Any loss of personal data, as described in the legislation, must be reported to the Data Protection Officer (DPO) including:

  • Data being accessed by unauthorised person(s) either in North Leeds Scouts or externally,
  • Data or records being lost (or found)
  • Systems failing their security including IT and hard copy files

The DPO will consider the seriousness of the data breach and if necessary, report the matter to the Information Commissioner’s Office (ICO). The record of every Data Breach and the actions taken will be recorded in the Data Privacy Breach log. North Leeds Scouts will cooperate with the ICO fully to respond to any matters.

The matter will be investigated and if possible, the root cause of the breach will be determined. Corrective action will be taken in accordance with the regulations.

If a breach is likely to result in a high risk to the rights and freedoms of individuals, those affected by the data breach will be informed as soon as is practicable so that they may take appropriate action. All breaches will be reported as a matter of routine to the District Board of Trustees.

2. Retention of Records

Data DescriptionData TypeRetention Comments/Justification
Information about our membersPersonal and Sensitive DataRetained whilst a current member. This will be reduced 10 years after leaving to only a subset of data and is subject to The Scout Association’s retention policyThe ten year retention of all data is required to provide tenure and service records in the event an
individual wants to rejoin. The 100 years retention of data is
required for evidence requests from statutory agencies

 

Information about Safeguarding incidentsPersonal and Sensitive Data (special category)Until the case is closed locally, then data is stored with The Scout Association as per their retention period.

Required for evidence requests from statutory agencies

 

Information about accidents and near missesPersonal Data3 years after the event, or 3 years after alleged victim turns 18 if laterFight a case – Limitation act 1980
Information about attendance at District events including attendance at Wike CampsitePersonal and Sensitive Data18 months after event for personal data, 2 months after the event for sensitive dataRequired for enquiries on the event and responding to incidents. To inform attendees of the repeat of the event I the next cycle.
Information about attendees at adult training eventsPersonal and Sensitive Data18 months after event for personal data, 2 months after the event for sensitive dataRequired for enquiries on the event and responding to incidents. To inform attendees of the repeat of the event I the next cycle.
Information about general enquiries, including youth joining and adult volunteeringPersonal Data1 year after enquiry or until member joins, whichever is shorterTo keep individuals informed of their joining status/enquiry
Information about ComplaintsPersonal Data3 years after end of complaint processRequired for evidence requests from The Scout Association.
Gift Aid Claim informationGift Aid Declaration7 yearsRequirement from HMRC
Role Review FormsPersonal DataDestroyed after review completed and recommendations entered into CompassIn keeping with The Scout Association Poicies
Appointments Committee and RecruitmentPersonal Data6 months after decision madeRequired to support the vetting process
CCTV FootagePersonal Data30 days after footage captured, unless required as evidence in an investigationRequired for evidence in the case of an internal or criminal investigation
Subject Access Request recordsPersonal and Sensitive DataThe request and response kept for 1 year after response issued by the DistrictRetained as evidence in the event of any concerns raised.

E: Administrative procedures

1. Access to Data by North Leeds Scouts Personnel

All leaders, administrators and executive (personnel) with access to personal data will be trained in Data Protection. For most the Scout Association Online training will suffice. North Leeds Scouts personnel with access to personal data must also read this policy and training may also include attending other relevant courses.

Everyone with access to personal data must comply fully with this policy and must raise any concerns with their line manager or the DPO.

All personnel will only use the personal data of North Leeds Scouts for the achievement of the charitable purposes as set out above and not for any other reason. Personal data will only be accessed and processed as relevant to their role in North Leeds Scouts.

Personal data must not be shared outside of North Leeds Scouts by any personnel except in accordance with the specific conditions of this policy.

Personnel may process data on their home or work computer providing it is secure from possible unauthorised access. Computers must be protected by firewall and internet security. Data will only be placed on portable devices if the device allows password protection and encryption and is backed-up sufficiently.

When a computer or any other electronic device on which data is physically stored is disposed of the data on the hard drive must be properly and fully erased or destroyed, not just deleted.

Paper based files used at home must be kept secure. Files must only be transported when essential and when the data security risk has been considered and management steps put in place.

2. Processing of Adult Members’ Personal records

The personal membership profile of each member is kept on Compass. It is the responsibility of each member to ensure that they keep their own record up to date.

3. Creation of Directories

The compilation of any directory must have the approval of the District Commissioner and District Chair. Directories must only contain the information that is specifically consented to be included. The request for consent must include information about access to or distribution of the directory. The directory must be kept up-to-date by a named person, and those persons contained within the directory have the right to have their data removed at their request.

4. Data Processing at Wike Campsite

Wike Campsite uses the Online Scout Manager (OSM) Booking System. Data is collected for the purposes of administering bookings, and is stored in accordance with this policy. The OSM booking system’s data protection and privacy policy has been examined and approved for use by the Wike Steering Group. The booking system uses minimal personal data, and this data is not used for marketing purposes.

5. Programme, Activity and Training Registration

Personnel will use appropriate and secure methods to gather information for registration. Only information that is necessary for the purpose will be requested.

Information may be gathered by paper or online forms.

Activity registration data is often part of relevant training and safeguarding records and so will be kept for the relevant time scale.

6. Consent to Bulk Mailings

Bulk electronic mailings will be sent for notification of events, administration and governance. Anyone who wishes not to receive such mailings, providing it is not a duty, will be unsubscribed. All mailings will have an unsubscribe facility.

F: Management of this policy

This policy is approved and owned by the District Board of Trustees, with operational oversight of the measures set out above delegated to the District Secretary (who is also the Data Protection Officer).

Communication of this Policy

This policy is placed on the website.

Review of this Policy

This policy will be reviewed periodically as any changes in regulations or best practice occur; this will be at least every 3 years.

Approval of this Policy

This policy was approved by the North Leeds Scouts Board of Trustees on 03 May 2022.

Exceptions to this policy

It is accepted that no Policy can cover all situations. Therefore, in any situation where an exception to this policy is identified, it must be raised for review and approval. This review can occur at the Board of Trustees, or at one of its sub-committees if more appropriate. Decisions made by this committee are final, and where an exception is granted it should be for no longer than one year, but maybe refreshed.

Contact details

If you want to contact us to raise any questions about this privacy statement, or any general matters
relating to the way we process and hold data, you can contact us using this email address:
[email protected] or by the contact methods listed at nlscouts.org.uk

All information in this Policy is correct as of the date of publication.

© Copyright North Leeds District Scout Council . All Rights Reserved.
Charity number: 1085203 (England and Wales)
Website Data Protection and Privacy Policy and Cookie Policy
Last build at 17:30:51 on 20.09.2023

crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram