Baden-Powell Scouts’ Association General Data Protection Regulations Policy Statement and Privacy Notice
“The B-PSA conforms to the requirements of the General Data Protection Regulations when collecting and storing personal data of its members. It is the policy of the B-PSA that all personal information will only be used for scouting purposes and only passed outside the organisation with consent from the B-PSA’s Data Controllers.”
The ‘Lawful Basis’ we have for processing personal data is ‘Legitimate Interests’. The ‘Legitimate Interests’ of The B-PSA are to deliver safe, fun and educational Scouting and we will only process data in order to help us achieve these interests.
How we adhere to the 6 principles of Data Protection laid out in Article 5 of GDPR that states that personal data must be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals; Individuals whose personal data is collected by the B-PSA have given that data willingly, and understand it will be kept and used for Scouting purposes outlined under the principle b).
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; The information collected by the B-PSA from potential members and members will only be collected and used for the purposes of the delivery of safe, fun and educational Scouting.
Young People The young people within the B-PSA are central to the organisation, and the B-PSA holds information about them from the Beaver Section up to the Senior Scout Section. The B-PSA also holds information on individuals who have expressed (or whose parents’ have expressed on their behalf) an interest in joining the B-PSA.
The B-PSA may hold any or all of the following pieces of information on young people:
Name, age and contact details
Details of parent/guardian
Details of any conditions relating to health and diet
Details of ethnicity/racial origin and native language
Details of participation in B-PSA events and activities
Photos and videos
Records of achievement
The B-PSA may share information regarding young people within the Association. The B-PSA may also share information about members where required to do so by law or a regulatory requirement, or where it believes it is necessary to do so in order to help safeguard a child.
Adult Members of the B-PSA The B-PSA benefits from the services of a number of volunteers, who give their time both locally and nationally and the B-PSA holds personal data about these volunteers and prospective volunteers in the secure area of the website and securely at Group and Area Level.
The B-PSA may hold any or all of the following pieces of information on Adult Members (and prospective Adult Members) of the B-PSA:
Name, age and contact details
Length and periods of service (and absence from service)
Details of training received by the volunteer
Details of the volunteer’s experience, qualifications, occupation, skills and any national awards received
Details of participation in of B-PSA events and activities
Details of next of kin
Details of any health conditions
Details of DBS checks on the volunteer
Details of reference checks on the volunteer
Any complaints relating to the volunteer
Race/ethnicity and native languages
Religion
Photos and videos
The B-PSA uses this information to effectively manage the Association, to communicate with volunteers regarding the B-PSA, to carry out checks to ensure that the volunteers can work with children, and to update them on new developments within the B-PSA (provided that, where required, the necessary agreement of the volunteer has been obtained).
The B-PSA may share information about Adult Members (and prospective Adult Members) of the B-PSA within the B-PSA. The B-PSA may also share information about Adult Members (and prospective Adult Members) of the B-PSA where required to do so by law or a regulatory requirement, or when it believes it is necessary to do so in order to help safeguard children with whom the volunteers works.
The B-PSA uses the information held about Young people and Adults to administer the individual’s membership and Scouting activities and as such the information may be recorded on any of the following:
Accident records
Indemnity forms
Group registers and attendance forms
Camp permit returns
Members Area of the B-PSA website
Gift aid forms
Sponsor forms
Record cards
Records of achievement
DBS systems
Training records for adults
Hike logs and presentations
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; Only the information needed to ensure the effective running of the B-PSA and that members of all ages feel safe and supported will be kept. This information should be objective and not subjective.
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; Data Controllers must check regularly with the people on which we hold data that the data is correct and up to date.
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
Personal data such as camp medical forms, permission forms etc. should be destroyed immediately after the event they are needed for. The only exception is medical forms where some form of intervention has been needed in which case the form should be retained securely for an indefinite period of time, unless removed at the individuals request.*
Attendance records are kept indefinitely for historical and statistical purposes, unless removed at individuals’ request.*
Membership records are kept indefinitely for historical and statistical purposes, unless removed at individuals’ request.*
Training records are kept indefinitely for historical and statistical purposes, unless removed at individuals’ request.*
*Just because a request is made to the B-PSA is made to remove an individuals’ data does not automatically mean that data will be removed.
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.” The Data Controller is anyone who collects and stores data of individuals within the B-PSA, this could be a Section Master, GSM, AC or Association Secretary. The data controllers must ensure all data whether physical or digital is stored securely and only those authorised to view it can do so. The Data Controller may appoint suitable Data Processors from within the Association to process data.