Data Protection

This Data Privacy Notice/Policy describes the categories of personal data 24th Hastings Scout Group process and for what purposes. 24th Hastings Scout Group is committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

This Privacy Notice/Policy applies to members, parents/guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with 24th Hastings Scout Group.

24th Hastings Scout Group is a registered charity with the Charity Commission for England & Wales; charity number 268215. The Data Controller for the Group is the Executive Committee who are appointed at an Annual General Meeting and are Charity Trustees. The Chair of the Charity Trustees is Brian Pope (email: brianpope2018@outlook.com).

From this point on 24th Hastings Scout Group will be referred to as “we/us”.

As a small charity, we are not required to appoint a Data Protection Officer.

Most of the personal information we hold is provided to us directly by our members, the parents or legal guardians of youth members verbally or in paper form, in digital form or via the Scout Association online membership system Compass. In the case of adult members and volunteers, data may also be provided by third parties, such as the Disclosure and Barring Service (DBS)

Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.

We may collect the following personal information:

We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

In most cases the lawful basis for processing will be through the performance of a contract for personal data of our adult volunteers and legitimate interest for personal data of our youth members. Sensitive (special category) data for both adult volunteers and our youth members will mostly align to the lawful basis of legitimate activities of an association. Explicit consent is requested from parents/guardians to take photographs of our members.

On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent, such as large-scale events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.

We use personal data for the following purposes: