Southend Estuary District Privacy Policy

Our Fair Processing Notice describes the categories of personal data we process and for what purposes.
We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection
Regulations (GDPR).

Who we are
Southend Estuary Scout Council and are a member of The Scout Association,
which is incorporated by Royal Charter; we are registered with the UK Charity Commission in England (302606) and Scotland
(SC039650). See http://scouts.org.uk for more information on our charitable status.

Your rights
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes
delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection
regulator.

Please contact a leader or the group scout leader for more information, in the first instance.
You can view and edit your personal information directly on our online membership systems Online Scout Manager and Compass.
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at
the following contact details.

Contact details
Our full details are:
Full name of legal entity: Southend Estuary Scout Council
Name of DPO: Brian Dawbarn
Email address: dc@southendestuarydistrictscouts.org.uk
Postal address: Southend Estuary, 191 Eastern Ave, Southend-on-Sea SS2 4BU

You have the right to make a complaint at any time to your country’s supervisory authority for data protection issues. In the United
Kingdom, this is the Information Commissioners Office (ICO), details of which can be found via the following link: www.ico.org.uk.
We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so
please contact us in the first instance using the contact details above.

How we gather personal information
The majority of the personal information we hold on you, is provided to us directly by yourself or by parents / legal guardian in
either paper form or via our online membership systems, in the case of an adult member, data may also be provided by third party
reference agencies, such as the Disclosure and Barring Service (DBS).

Where a member is under the age of 13, this information will only be obtained from a parent / guardian and cannot be provided by
the young person, however we will accept and potentially record any personal information, such as about any ongoing medical
treatment from any member no matter their age.

How we use your personal information
We collect your personal and medical information for the protection and identification of that person whilst in the care of
Hertfordshire Scouts, this could be while attending an event as part of their usual group or individually, or attending one of our
training courses or expeditions in the same way.

We process the data to have the ability to contact the member, parents and guardians, to inform them of meetings, events and
training courses that Hertfordshire Scouts itself may be running or attending that may be relevant to the you.

Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal
information where:
a) We need to use the information to comply with our legal obligations.
b) We need to use the information legitimately to contact with you, regarding meetings, events, training courses etc. i.e. for
the day to day running of Hertfordshire Scouts
c) It is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it
is in our interests to contact you about products or services within scouting.

Sharing and transferring personal Information
We will only normally share personal information within our County Team and Executive members.

We will however share your personal information with others outside Scouting where we (or an affiliate processing
your data on our behalf) are required to do so by law, obligation, regulation or legal proceedings. This may also include organisers
of events and camps the member is attending, such as The Scout Association or other Scout Counties where we are jointly
organising and activity etc. so they may fulfil any legal obligations although generally such an event will have its own data
collection form which will be securely held and disposed of after the event.

We may also share personal detail with The Scout Association and its insurance subsidiary “Unity”, along with any other insurance
company or insurance agent Hertfordshire Scouts has contracted to provide services.

We would also share details in response to a valid, legally compliant request by a relevant public authority or law enforcement
agency. We would also share details during an emergency when we believe physical safety is at risk if not sharing the details
would cause harm or distress. In all cases we will only share personal information to the extent needed for those purposes.
Sometimes we may nominate a member for national award, (such as a Scouting or Duke of Edinburgh award) such nominations
would require we provide contact details to that organisation.

We will never sell your personal information to any third party for any reason without your explicit consent.
Third Party Data Processors

Southend Estuary Scouts employs the services of the following third-party data processors: –
The Scout Association via its membership system “Compass” which is used to record the personal information of leaders, adults
and parents who have undergone a Disclosure and Barring Service (DBS) check.
Unity Insurance (The Scout Association Insurance company)

Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and
attendance records etc, we have a data processing agreement in place with online youth manager, more information is available at
https://www.onlinescoutmanager.co.uk/security.php

Microsoft – Office 365 products – occasionally used for secure transfer of limited personal information

Dropbox inc occasionally used for secure transfer of limited personal information for events.

Google occasionally used for secure transfer of limited personal information for events.

How long we keep your personal information for
We will retain your personal information, throughout the time you are a member of Hertfordshire Scouts, one of its Districts or
Groups, or for the relevant duration needed for administration of an Event, Activity, Expedition or Training Course Hertfordshire
Scouts is organising that you are taking part in.

We may retain your full personal information for a period of six months after you have left Hertfordshire Scouts, its Districts or
Group, and after the end of any Event, Activity, Expedition or Training Course, and in a much more limited form (just name and
attendance records) for a period of up to 15 years (until age 21) to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC (which may be beyond age 21)

Automated decision making
Southend Estuary Scouts does not have any automated decision-making systems.

Transfers outside the UK
Southend Estuary Scouts will not transfer your personal information outside of the UK, with the exception where an Event is taking
place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally
such an event will have its own data collection form which will be securely held and disposed of after the event.

Data Storage
Southend Estuary Scouts is committed to the protection of your personal information.
We generally store personal information in one of two secure digital online database systems, where access to that data is
restricted and controlled.

Compass: – is the online membership system of The Scout Association, this system is used for the collection and storage of Adult
personal data.

Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database
where we store the personal information of Adults and Youth members for the day to day running of the group.

Printed records and Event data
Paper is still used within Southend Estuary Scouts to capture and retain some data for example the following: –
• Event sign up forms
• Health and contact records forms for events.
• Gift Aid Collection forms.
• Events consent from parents.
• Events coordination with event organisers.
• Award notifications/nominations
In the case of these forms, this information is securely held by the leader or event organiser, and transferred to our secure digital
systems as soon as possible (where this is allowed) before the paper form is destroyed.
Gift Aid collection forms will be securely held by the County Treasurer or by the relevant scout group to aid in the collection of Gift Aid for donations we receive,
we have a legal obligation to retain this information for 7 years after our last claim.

Events
Where it is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal
information, such as printouts of personal contacts and medical information, (including specific event contact forms), rather than
relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will
minimise the use of paper to only what is required for the event/camp.
We will ensure:
a) Transfer of paper is secure, such as physical hand to hand transfer or registered post.
b) Paper forms are securely destroyed after use.
c) Secure destruction will be through a shredding machine or securely burned.
d) Always keeping the paper records secure, especially when in transit, by using:
i. A lockable brief case.
ii. A lockable filing cabinet if long term stored.
e) If transferred to somebody, we will audit that they return them when the event is complete.

Photography
The law on image use and GDPR needs further clarification, the position of Southend Estuary Scouts is as follows: –
Photographs / images (which can be classed as personal information when the subject is identified) of yourself or your child may
be taken during activities and be used within a Scouting context and in particular publicity material for example Scouting
publications and the media. Images may be published to official Scout websites and scouting affiliated social media and our public
display boards or in news papers (but will never identify individuals in line with Scout Association guidelines).
We cannot ask for explicit consent “Yes/No” for photo as consent presumes that it can be revoked, as is your right to do so under
the GDPR regulations.

Under GDPR consent is invalid if people cannot easily withdraw consent, which would be the case with publishing to any publicly
accessible system, therefore if you do not wish your son/daughter to appear in these then please confirm, in writing, to your Scout Group or Unit and we will not publish any photographs of you or your child on a public forum such as social media from that point
forward, we will be unable to confirm full removal of images and photographs from the historical record online or otherwise stored.

Please note that the groups cannot control or stop images being taken by other individuals, parents or organisations not connected
with Southend Estuary Scouts.