Data Protection

Last Updated 30th March 2023

The below Data Protection Agreement (DPA) is to provide our members with details of how we collect, store and process Personal Identifiable Information (PII). This page will be updated periodically to reflect any changes in the data we store and how it is secured.

144th Glasgow (1st Baillieston) Scout Group is committed to collecting and processing PII fairly and in accordance with the relevant GDPR guidelines encompassed by the UK's Data Protection Act 2018 (DPA 2018). The policy, detailed on this web page applies to all members, parents/guardians of members, contractors, suppliers, leaders and members of the public who make contact with the group. This privacy notice is provided via this web page for anyone to view and access and a link will be included on any data collection methods used by the group.

The 144th Glasgow (1st Baillieston) Scout Group a registered charity with the Office of the Scottish Charity Regulator; Scottish charity number SC032585.

Definitions

"We", "Us", "The group"- The 144th Glasgow (1st Baillieston) Scout Group
PII - Personal Identifiable Information - Any information collected by the group related to a person.
DPA, "policy" - The Data Protection Agreement or Policy outlined on this web page.
GDPR - The General Data Protection Regulation
DPA 2018, "Data Protection Law"- The UK Data Protection Act 2018
"The Scouts" - The Scout Association UK.
"Users", Data Subject - members, young people, parents, guardians, members of the public, volunteers, leaders and young leaders.
OSM - Online Scout Manager.
"administrators" - Volunteers with the group in a position to access any and all information stored on our systems. This will include The Group Scout Leader, The Assistant Group Scout plus any trusted Leaders in an administrative or development role with the group.

As a small charity we are not required to appoint a Data Protection Officer. All leaders will act as Data Protection Officer for the data they are responsible for and is relevant to the specific activity, event or section they are working with.

We the group as a whole act as the Data Controller.

The group will collect and store information on a number of different software systems either controlled by us, The Scouts or a third party which provides us access. Any system we use will be approved by either us or The Scouts to be compliant with Data Protection Law and to always have access to it's own DPA policy and allows all users to give consent to the system to process their PII. Consent for data processing shall never be assumed and must be provided by a manual check.

Online Scout Manager

Overview

OSM is our main admin system and is used for storing all members information that we require and for communication to members regarding events and activities.

Consent

The consent to store this information is built into OSM and is a field you must check in order to allow us to store the information. Unfortunately we require this information and without consent we will not be able to allow adult volunteers or young people to join the group.

Information Stored

Data Sharing

Data from OSM will be shared with The Scouts as part of our annual census. You can find more information here about that. The data shared from OSM is age, gender, ethnicity, disabilites and some information related to badges awarded. The data is anonymised and you can learn more about what it is used for here.

OSM Data Sharing Partnership

The data sharing mentioned above for census purposes is currently extracted manually from OSM and uploaed directly to The Scouts census system. The Scouts is moving towards a permanent link with OSM meaning the groups census data would be automatically collected from the system.

This is currently in a pilot phase and groups need to manually allow this from within OSM. The Group does not currently take part in the partnership scheme but may in the future. If the group does take part in this pilot scheme or The Scouts makes it mandatory for groups then the text here will change to reflect the situation and all members will be informed.

Learn more about the partnership scheme here.

OSM Data Security Policy

Click here to learn more about OSM and it's commitment to data security.

Google for Nonprofits

The group use Google free for non profits system for our email communications, website and documentation and planning. Leaders have access to only what they need in order to perform their role with the group. PII will only be temporarily stored on our Google systems for purposes of sharing for specific events, camps or anything similar meaning we need access to a specific reason. Any PII stored here will only be stored for the duration of that event and then deleted within 30 days of the event being concluded.

In the case of gathering information for a survey for example where the PII is only needed for a short time but the information gathered is required longer term we will separate the PII from the required information and essentially anonymize it.

Any PII sent either intentionally or accidentally to a leaders or shared leaders email address the information may be kept stored safely within the leaders inbox as only those leaders have access to that email. Leaders will delete any old emails containing PII when they are no longer relevant. Leaders may save emails containing PII in the case of complaints or problems in case we require them in the future. Depending on the circumstances these may be moved to a separate stored drive where only the groups senior management would have access to.

Physical Records

The group will not permanently store any PII on a physical medium.

We may store PII on paper print outs for the following reasons:

For an event where we require access to emergency contact information but devices internet access and/or battery life cannot be depended upon.
For expeditions and longer range events where internet access and/or battery life cannot be depended upon.
For small events where information may need shared with visiting adults for the purpose of assisting the group with an event where they may need access to emergency contact information.
For sharing with a person not immediately involved with the group but may be acting as a home contact for the group for an event which requires this.
- On occasion depending on the circumstances we may leave physical copies of PII with a local police or mountain rescue station in case of emergencies.

In all circumstances involving PII printed out or stored in a physical way the leaders responsible for the event will have the information destroyed within 30 days of the event concluding.

Social Media

The group manage several social media channels for the purpose of sharing event information and for highlighting what we do. We also use social media for communication purposes. People do not need to send any PII across social media channels and messages containing PII will be deleted once the conversation is concluded.

Information Sharing

The group will never share any PII with a third party or non relevant persons without your explicit consent and without informing you exactly why the information needs to be shared. The only exception mentioned already on this page is the PII which is shared with The Scouts for the purpose of the annual census.

Gift Aid

For the purposes of claiming gift aid from HMRC we will extract and store the following information related to relevant payments made to the group which we can claim gift aid on. Your donations can only be included in our gift aid claims if you have manually completed a gift aid declaration with OSM. This declaration includes giving us permission to store information permanently in a separate secure online drive within out Google for Nonprofits system as described above. We are required by HMRC to keep a record of payments made and the related PII for the purposes of potential auditing and to pass this information in it's entirety or individually for HMRC's own purposes of checking people have paid the necessary tax to make gift aid donations.

The information stored and shared for HMRC is the following:

Title
First Name
Last Name
Address
Postcode

The information stored here will not be used for any other purpose than for ensuring the group meets it's obligations related to claiming Gift Aid.

Please note that even if you leave the group but previously made a gift aid declaration the group is still required to keep a hold of this information.

You can read more about HMRC's gift aid rules for charities here

Providing and Storing Consent

In the case that we require further consent for using data in such a way not explicitly outlined in this DPA then we will use an electronic Google form stating exactly how the data will be used and require a manual confirmation of consent. This will be stored on a separate drive accessable only by administrators.