Data Privacy Notice

Simplified Summary

We (1st Woodley Scout Group) collect information about you (like your name, what group you’re in, and if you have allergies).

Why we collect it: So you can join in all the fun Scout activities safely, get your badges, and for grown-ups, help us run the group or hire equipment.

Who gives us your info: Usually you, or your parent/guardian if you’re a young person.

Who sees your info: Mainly your leaders and other grown-ups who help run the Scouts. Sometimes we share it with the main Scout Association to keep your records right. If you hire equipment or come to our fireworks, we might share your name with the ticket people to make sure you get in. We never sell your information.

Is it safe? Yes! We keep it safely online in special Scout systems, and sometimes on paper for events, making sure it’s locked away.

Your say: You can always ask us what information we have about you, or ask us to change it if it’s wrong. If you want us to remove it, you can ask, but sometimes we need to keep certain bits of info for safety or rules.

Got questions? Just ask your leader or email [email protected].

---

Executive Summary

We, 1st Woodley Scout Group, are dedicated to protecting your personal data in full compliance with GDPR and DPA 2018.

What we collect: We collect personal data specific to your connection with us. This includes names, contact details, date of birth, gender, and emergency contacts for youth members. For parents/carers, we collect contact information and financial details for subscriptions. For volunteers and leaders, we collect contact details, training records, health and ethnic origin (for arrangements/monitoring), and conduct criminal records checks. For equipment hirees, we collect contact details to manage agreements. For charity trustees, we collect contact details and information relevant to their governance role. We also handle financial records for donations and payments. Data is primarily provided by you or a parent/guardian, with some adult data from third parties like the DBS.

How we use it: We use your data to facilitate Scouting activities, manage memberships and volunteers, communicate essential information, ensure health and safety, administer equipment hire, and maintain financial records. Sensitive data is used to ensure safe participation and for diversity monitoring.

Legal basis: Our processing is based on:

• Performance of a Contract: For adult volunteers (their role agreement), equipment hirees (hire agreement), and parents/carers for financial transactions (youth services).
• Legitimate Interest: For youth members (to manage participation and safety), and parents/carers (for communication and emergency contacts).
• Legitimate Activities of an Association: For sensitive (special category) data of youth members, adult volunteers, and charity trustees, ensuring suitable arrangements and diversity monitoring.
• Substantial Public Interest: For criminal records checks on adult volunteers and trustees (for safeguarding).
• Legal Obligation: For charity trustees (reporting to the Charity Commission).
• Explicit Consent: For photographs where individuals are the focal point, or legitimate interest for large-scale events with clear opt-out options.

Who we share it with: We primarily share data with 1st Woodley Scout Group volunteers and The Scout Association. We also share data with third-party processors for specific functions, such as Ticketmaster, Stripe, iZettle (for public event ticketing and payments), and Go Cardless (for youth activity payments). Trustee data is shared with the Charity Commission. We may share data for legal obligations (e.g., law enforcement, national awards) but never sell your data.

How we store it: We use secure online systems (Scouts.org.uk, Online Scout Manager) and Google Drive for electronic records. Limited paper records are used for hire forms, certificates, and event-specific needs, stored and destroyed securely.

Your Rights: You have rights to be informed about, access, rectify, erase (with exceptions), restrict processing of, and object to the use of your personal data. Rights for youth members are typically exercised by parents/guardians, which may affect participation.

Questions? Contact your leader or email [email protected].

---

Introduction

This Data Privacy Notice describes the categories of personal data 1st Woodley Scout Group process and for what purposes.  1st Woodley Scout Group is committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

This Privacy Notice/Policy applies to members, parents/guardians of youth members, volunteers, employees, charity trustees, contractors, suppliers, supporters, donors and members of the public who will make contact with 1st Woodley Scout Group.

1. Who are we?

Our Scout Group, 1^st Woodley, is a youth charity. The Data Controller for 1st Woodley Scout Group is the Trustee Board who are appointed at the Annual General Meeting and are Charity Trustees.  The Chair of the Charity Trustees is Tarah Thumwood [email protected].

From this point on 1st Woodley Scout Group will be referred to as “we”.

2. The data we may process

The majority of the personal information we hold, is provided to us directly by you or by the parents or legal guardians of youth members verbally or in paper form, digital form or via our online membership systems. The privacy and [PS1] security notice for our youth membership system can be found here.  In the case of adult members and volunteers, data may also be provided by third parties, such as the England & Wales – Disclosure and Barring Service (DBS)

Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.

• Member details:
  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
  • Date of birth – so that we can ensure young people are allocated to the appropriate Section for their age and that adults are old enough to take on an appointment with Scouting.
  • Gender – so that we can address individuals correctly and accommodate for any specific needs.
  • Emergency contact information – so that we are able to contact someone in the event of an emergency.
  • Race or ethnic origin – so that we can make suitable arrangements based on members’ cultural needs.
  • Health records – so that we can make suitable arrangements based on members medical needs
• Parent/carer details:
  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.  This includes emergency contact information.
• Volunteer, charity trustees, and leader details:
  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
  • Training records – so that members can track their progression through the Scout programme or adult training scheme.
  • Health records to make suitable arrangements for training and participation
  • Race or ethnic origin for diversity monitoring
• Hiree details:
  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can manage equipment hire agreements, including booking, payment, and return logistics.
• Employee records (contracts, payroll information, performance appraisals, disciplinary records)
• Financial records:
  • Donations and subscriptions so that we can provide our services to young people
  • Payments for trips
  • Bank account details, payroll information and tax status information – so that we are able to pay any staff that might be employed by us and collect gift aid from HMRC where donations are made
• Criminal records checks – to ensure Scouting is a safe space for young people and adults

3. How do we process your personal data?

We comply with our obligations under the GDPR and DPA 2018 by keeping as little personal data as possible, keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use personal data for the following purposes: –

• to provide information about Scout meetings, activities, training  courses and events to our members and other volunteers in 1st Woodley Scout Group
• to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution
• to administer membership records
• to fundraise and promote the interests of Scouting
• to manage our volunteers
• to maintain our own accounts and records (including the processing of gift aid applications)
• to inform you of news, events, activities and services being run or attended by 1st Woodley Scout Group
• to ensure and evidence your suitability if volunteering for a role in Scouting
• to contact your next of kin in the event of an emergency
• to ensure you have and maintain the correct qualifications and skills.

We use personal sensitive (special) data for the following purposes:

• for the protection of a person’s health and safety whilst in the care of 1st Woodley Scout Group
• to respect a person’s religious beliefs with regards to activities, food and holidays
• for equal opportunity monitoring and reporting.

We only collect the personal data necessary to achieve these purposes.

4. What is the legal basis for processing personal data?

The lawful bases for processing personal data are:

• For our adult volunteers’ personal data: through the performance of a contract – your volunteer role and responsibilities within 1st Woodley Scout Group and The Scout Association – or by legitimate interest to ensure safety
• For hirees’ personal data: through the performance of a contract – the hire agreement
• For youth members’ personal data: legitimate interest.  This allows us to manage your young person’s participation in Scouting activities, ensure their safety, communicate relevant information, and administer their membership effectively, all of which are essential for the operation of the Scout Group.
• For parents/carers of youth members’:
  • personal data: legitimate interest.  This allows us to contact you about your young person’s participation in Scouting activities and to contact you in case of an emergency.
  • financial data: through the performance of a contract – providing youth services.
• For charity trustees’ personal data: through the performance of a contract – their appointment as a trustee – legal obligation – to comply with charity law and regulatory requirements – and legitimate interest – for effective governance and administration of the charity.
• For sensitive (special category) data for both adult volunteers, charity trustees, and our youth members will mostly align to the lawful basis of legitimate activities of an association, monitoring diversity, and making suitable arrangements for participation.
• For criminal records checks for adult volunteers and charity trustees: substantial public interest for safeguarding young people and vulnerable adults.
• For photographs: Explicit consent is requested from parents/guardians to take photographs of our members, where such photographs place the data subject as the focal point of the shot.
  • On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.

5. Our retention periods

We will keep certain types of information for different periods of time in line with our Data Protection Policy, which is available on request.

The Scout Association’s Data Protection Policy can be found here and the Data Privacy Notice here.

6. Joint control of personal membership data

The Scout Association and 1st Woodley Scout Group process the data of members, parents/guardians of youth members, and volunteers on our membership databases. Volunteer data is processed between the local Scout Groups and The Scout Association. Information The Scout Association and 1st Woodley Scout Group hold about volunteers may include the following, members, parents/guardians of youth members data is only held by 1st Woodley Scout Group

• name and contact details
• length and periods of membership and volunteer service (and absence from membership and service)
• details of training you receive
• details of any youth badges and awards
• details of your experience, qualifications, occupation, skills and any awards you have received
• details of Scouting events and activities you have taken part in
• details of next of kin or parents details (in the case of youth members)
• age/date of birth
• details of any health conditions
• details of disclosure checks
• any complaints we have received about the member
• details about your role(s) in Scouting
• details about your membership status
• race or ethnic background and native languages
• religion
• nationality

Processing Activities

The following is a list of common data processing activities for members, parents/guardians of youth members, and volunteers data on the membership systems. This includes an indication of which entity carries out this activity which is shared with the other.

Processing Activity	Description	Processing entity
Scout Member capture	Initial data load of a new Scout Member onto the membership database	1st Woodley Scout Group
Scout Member disclosure check	Disclosure checks for any adult Scout Members that require them	1st Woodley Scout Group initiateThe Scout Association complete the check
Scout Member operational administration	This may include:Scout Member data updatesMaintaining training recordEvents attendedPermits approvedBadges awarded	1st Woodley Scout Group and The Scout Association
Scout Member disciplinary	Scout Member disciplinary detail capturing where a Scout Member has breached POR or any other Scout policy	1st Woodley Scout Group initiateThe Scout Association involved if severity meets a policy threshold
Scout Member leaving	The updating of an individual’s membership status post leaving the association.	1st Woodley Scout Group
Scout Member data reporting	Reporting on trends and monitoring data to be able to demonstrate The Scouts impact and to attract funding (this may include optional special category data of the Scout Members)	The Scout Association 1st Woodley Scout Group may access special category data for Census and local Scouting delivery
Scout Member Training	The addition of mandatory training for Scout Members, where applicable	The Scout Association
Scout Member roles definition	The definition of Scout Member roles on the membership databases	The Scout Association

For further details on this joint arrangement please visit here.

7. Sharing and transferring personal Information

Young people and other data subjects

We will normally only share personal information with adult volunteers holding an appointment in the 1st Woodley Scout Group  

Adult volunteers

We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for the 1st Woodley Scout Group as well as with The Scout Association Headquarters as independent data controllers.

All data subjects

We will however share your personal information with others outside of 1st Woodley Scout Group where we need to meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement.  We will only share your personal information to the extent needed for those purposes.

We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.

We will never sell your personal information to any third party.

Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations may require us to provide contact details and award nomination details, such as citations to that organisation. We may also share data on award nominees for National Honours Awards, including the same data as above.

Where personal data is shared with third parties we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.

Charity trustee data is shared with the Charity Commission for England and Wales as a legal obligation.

Third Party Data Processors

1^st Woodley, employs the services of the following third-party data processors: –

• Google occasionally used for secure transfer of limited personal information for events.  Our Google Drive is UK based.  Google privacy policy.
• Ticketmaster for ticketing for public events like fireworks.  Ticketmaster privacy policy.
• Stripe and iZettle for payments for public events.  Stripe privacy policy.  iZettle privacy policy.
• Go Cardless for payments for youth activities.  Go Cardless privacy policy.

Transfers outside the UK

1^st Woodley will not transfer your personal information outside of the UK, with the exception where an Event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.

8. Automated decision making

1^st Woodley does not have any automated decision-making systems.

9. How we store personal data

We generally store personal information in the following ways:

Scouts.org.uk – is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.

Online Scout Manager – is the online membership system of Online Youth Manager, this system is used for the collection and storage of youth member personal data.

Google Drive – is our electronic file store, used for the secure retention of photographs and trustee data.

Printed records are used in three scenarios:

1. Hire forms
   1. Paper is used rather than secure digital systems as the hiree may not have access to our digital systems
2. Certificates
   1. When a member achieves a top award a paper certificate may be created and awarded to the member
3. Events, such as:

·         One page profiles for members

·         Health and contact records forms (for events)

·         Events coordination with event organisers

Paper records for events are used rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available.  We will minimise the use of paper to only what is required for the event.

When working with paper records we will ensure:

1. Transfer of paper is secure, such as physical hand to hand transfer or registered post.
2. Paper forms are securely destroyed when they reach their retention period.
3. Secure destruction will be through a shredding machine.
4. Always keeping the paper records secure, especially when in transit, by using:
   1. A lockable briefcase.
   2. A lockable filing cabinet if long term stored.
5. If transferred to somebody, we will audit that they return them when the event is complete.

10. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

11. How we provide this privacy notice

A link to this website page is provided to those whose data is being processed by us.  A printed version is also available on request.

12. Your rights and your personal data

As a Data Subject, you have the right to object to how we process your personal information.  You also have the right to access, correct, sometimes delete and restrict the personal information we use.  In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk).

Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:

• The right to be informed – you have a right to know how your data will be used by us.
• The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request.
• The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.  Adult members will be able to edit and update some information directly on The Scout Association’s Compass membership system.
• The right to erasure – this means that you have the right to request that we delete any personal data we have about you. There are some exceptions, for example, some information will be held by The Scout Association for legal reasons.
• The right to restrict processing – if you think that we are not processing your data in line with this privacy notice then you have the right to restrict any further use of that data until the issue is resolved.
• The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.
• The right to object – you can object to the ways your data is being used.
• Rights in relation to automated decision making and profiling – this protects you in cases where decisions are being made about you based entirely on automated processes rather than a human input, it’s highly unlikely that this will be used by us.

Exercising your rights as a youth member is typically done by your parent/guardian and may impact your participation in 1st Woodley activities if essential data is deleted.

13. How to exercise your rights

To exercise any of your rights please contact your young person’s leader, or our Lead Volunteer for more information, in the first instance.

If these are unknown to you, or you have any queries relating to this Privacy Notice or our use of your personal data, please contact us at [email protected].

14. Version number and date of the last review

2, reviewed June 2025.