Your Data
At Solar Explorer Scout Unit we collect a certain amount of Data pertaining to our Youth members, their parents and our adult leaders in order that we can effectively run the group and communicate with parents. We have taken steps to ensure that any data we hold is held for a lawful purpose and is correctly secure,
As of the 25th of May 2018 the new General Data Protection Rules (GDPR) came into force across the whole of the EU. These rules apply to all organisations and charities, as a member of the Scout Association Solar ESU has reviewed how we collect and store the data of our members to ensure compliance with GDPR.
As of the 25th of May 2018 the new General Data Protection Rules (GDPR) came into force across the whole of the EU. These rules apply to all organisations and charities, as a member of the Scout Association Solar ESU has reviewed how we collect and store the data of our members to ensure compliance with GDPR.
Solar Explorer Scout unit Fair Processing Notice
Updated 31/12/2018
Our Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
Who we are
Solar ESU is a member of The Scout Association which is incorporated by Royal Charter. We are not required to be registered with the UK Charity Commission as we are classed as a sub branch in the Royal Charter, See http://scouts.org.uk for more information
Your rights
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator. Please contact a leader or the group scout leader for more information, in the first instance.
You can view and edit your personal information directly on our online membership systems Online Scout Manager and Compass.
How we gather personal information.
The majority of the personal information we hold on you, is provided to us directly by yourself or by parents / legal guardian in either paper form or via our online membership systems. In the case of an adult member, data may also be provided by third party reference agencies, such as the disclosure and barring service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person; however we will accept and potentially record any personal information, such as about any ongoing medical treatment from any member no matter their age.
How we use your personal information
We collect your personal and medical information for the protection and identification of that person whilst in the care of the Unit
The collection a person’s religion data is necessary to respect their beliefs with regards to activities, food and holidays.
The collection of bank account details is necessary to enable online payments, e.g. expenses for Leaders and to outside agencies. .
Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
We will only normally share personal information within our unit.
We will however share your personal information with others outside Solar ESU where we need to meet or enforce a legal obligation. This may include organisers of events and camps the member is attending, so they may fulfil any legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
We may also share a member’s personal details with The Scout Association and its insurance subsidiary “Unity”, local authority services and law enforcement, along with any other insurance company Solar ESU has contracted to provide services. We will only share your personal information to the extent needed for those purposes.
If you move from Solar ESU, to another scout group or explorer group we will transfer your personal information to them.
If you are a Young Leader we may share your details with the District Young Leaders Group, via OSM.
We will never sell your personal information to any third party for the purposes of marketing.
Sometimes we may nominate a member for a national award, such as Scouting or Duke of Edinburgh awards. Such nominations would require us to provide contact details to that organisation.
Third Party Data Processors
Solar ESU, employs the services of the following third-party data processors: -
The Scout Association via its membership system “Compass” which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service ( DBS) check.
Unity Insurance, the Scout Association Insurance company
Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records etc, we have a data processing agreement in place with online youth manager, more information is available at https://www.onlinescoutmanager.co.uk/security.php
Barclays Bank which provides our Banking facilities
Dropbox is occasionally used for secure transfer of limited personal information for events.
Weebly hosts our group website and has an archive of stored photographs (see final part of this document) and is used for the initial collection of the following; Waiting List Applications and subject access forms.
How long we keep your personal information for
We will retain your personal information, throughout the time you are a member of Solar ESU.
We will retain your full personal information for a period of six months after you have left Solar ESU, and in a much more limited form (just name, badge and attendance records until age 21 to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC
Automated decision making
Solar ESU does not have any automated decision-making systems.
Transfers outside the UK
Solar ESU will not transfer your personal information outside of the UK, with the exception where an Event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
Data Storage
Solar ESU is committed to the protection of your personal information.
We generally store personal information in secure digital online database systems, where access to that data is restricted and controlled.
Compass: - is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the group.
Barclays Bank – our online banking facility holds account details for those to whom we have made online payments.
Go Cardless - our payment facilitator and means by which we take payments through Online Scout Manager. Solar ESU does not have access to your account details through Go Cardless.
Printed records and Event data
Paper is still used within Solar ESU to capture a very limited amount of data.
Weebly - Our HTTPS hosted group website holds contact forms and photographs (without names) and is secured by password.
Gmail - forms submitted through our group website are automatically emailed to a secure Gmail email address secured by both password and 2 factor authentication.
Gift Aid collection of data, via Online Scout Manager where it will be held securely. Historical (paper and web) declarations have been digitized and are held within Dropbox.
Events
As a member of Solar ESU it is hoped you will take up the opportunity to attend events and camps, where is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available.
We will minimise the use of paper to only what is required for the event/camp.
We will ensure
Transfer of paper is secure, such as physical hand to hand transfer or registered post.
Paper forms are securely destroyed after use.
Secure destruction will be through a shredding machine or securely burned.
We will keep any paper record in a locked contained and where possible on our person.
Where possible we will also attempt to use secure digital systems and either use offline modes or temporarily downloaded data onto mobile devices, which will have security measures in place.
Awards
Sometimes we may nominate a member for national award, (such as Queens Scout or Duke of Edinburgh award) such nominations would require we provide contact details to the awarding organisation, this is most often done on paper via registered post.
Photography
Solar ESU will take photographs of your child and store them with Online Scout Manager to aid the leaders identify your child.
This usage is covered under the legitimate interest principle of GDPR so we do not require your explicit consent in order to obtain, retain and make use of this information.
We also have a website where we upload photographs of each section so that parents can see the activities their child has been involved in.
We have activated a tool within Online Scout Manager which will allow you to give your consent for us to show identifiable photos of your child on our website. Without this consent we will not post an identifiable photograph of your child on the group website.
Withdraw of consent
You have the right to withdraw your consent at any time. This can be done by updating your preferences via Online Scout Manager and informing the section leader to which your child belongs that you no longer wish for photos of your child to appear on the website.
If you withdraw your consent we will no longer post photos of your child on the website, but we will not remove photos already posted (subject to the below)
What is an identifiable photograph
It is not always possible to ensure that the backs of people’s heads, hands, feet, etc are not caught on camera. While uploading photos of group activities we will not publish any photo of your child's face, but if it’s just a minor part of them or the back of their head we may still use the photo.
Photos in Public
Please note that the group cannot control or stop images being taken by other individuals, parents or organisations not connected with the Solar ESU leadership team.
Safeguarding
If there is a safeguarding reason that no photos of your child can appear online we would ask that you contact your section leader to inform them of this. Where there is a safeguarding issue we will undertake to remove any existing photos from the website.
Social Media
Solar ESU maintains a closed Facebook group to which only the leaders and current youth members have access. Both the young people and adult members have the ability to upload photos into this group. As of 31/12/2018 we are reviewing how our policy relates to this group and will update this page ASAP.
Press
Should there be a request for a photograph for press publications we will seek explicit consent form your before providing a photo of your child to the requesting party.
Limits of our control
Parents should be aware that we have no control over who views our website and cannot control what a member of the public may do with a photo of your child which they download from our website.
General notes on photos on our website
Unless we have specifically requested your permission we will not post your child’s photo along with their name in a solitary photo.
If there is a group photo we might state the names of those in the photo, but not in the order they appear in the photo.
Who we are
Solar ESU is a member of The Scout Association which is incorporated by Royal Charter. We are not required to be registered with the UK Charity Commission as we are classed as a sub branch in the Royal Charter, See http://scouts.org.uk for more information
Your rights
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator. Please contact a leader or the group scout leader for more information, in the first instance.
You can view and edit your personal information directly on our online membership systems Online Scout Manager and Compass.
How we gather personal information.
The majority of the personal information we hold on you, is provided to us directly by yourself or by parents / legal guardian in either paper form or via our online membership systems. In the case of an adult member, data may also be provided by third party reference agencies, such as the disclosure and barring service (DBS).
Where a member is under the age of 18, this information will only be obtained from a parent / guardian and cannot be provided by the young person; however we will accept and potentially record any personal information, such as about any ongoing medical treatment from any member no matter their age.
How we use your personal information
We collect your personal and medical information for the protection and identification of that person whilst in the care of the Unit
The collection a person’s religion data is necessary to respect their beliefs with regards to activities, food and holidays.
The collection of bank account details is necessary to enable online payments, e.g. expenses for Leaders and to outside agencies. .
Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
- We need to use the information to comply with our legal obligations.
- We need to use the information legitimately to contact with you, regarding meetings and events, and for the day to day running of the Unit (including its financial management).
- It is fair to use the personal information in your interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services within scouting.
We will only normally share personal information within our unit.
We will however share your personal information with others outside Solar ESU where we need to meet or enforce a legal obligation. This may include organisers of events and camps the member is attending, so they may fulfil any legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
We may also share a member’s personal details with The Scout Association and its insurance subsidiary “Unity”, local authority services and law enforcement, along with any other insurance company Solar ESU has contracted to provide services. We will only share your personal information to the extent needed for those purposes.
If you move from Solar ESU, to another scout group or explorer group we will transfer your personal information to them.
If you are a Young Leader we may share your details with the District Young Leaders Group, via OSM.
We will never sell your personal information to any third party for the purposes of marketing.
Sometimes we may nominate a member for a national award, such as Scouting or Duke of Edinburgh awards. Such nominations would require us to provide contact details to that organisation.
Third Party Data Processors
Solar ESU, employs the services of the following third-party data processors: -
The Scout Association via its membership system “Compass” which is used to record the personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service ( DBS) check.
Unity Insurance, the Scout Association Insurance company
Online Youth Manager Ltd (Online Scout Manager) which is used to record the personal information, badge records, event and attendance records etc, we have a data processing agreement in place with online youth manager, more information is available at https://www.onlinescoutmanager.co.uk/security.php
Barclays Bank which provides our Banking facilities
Dropbox is occasionally used for secure transfer of limited personal information for events.
Weebly hosts our group website and has an archive of stored photographs (see final part of this document) and is used for the initial collection of the following; Waiting List Applications and subject access forms.
How long we keep your personal information for
We will retain your personal information, throughout the time you are a member of Solar ESU.
We will retain your full personal information for a period of six months after you have left Solar ESU, and in a much more limited form (just name, badge and attendance records until age 21 to fulfil our legal obligations for insurance and legal claims.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC
Automated decision making
Solar ESU does not have any automated decision-making systems.
Transfers outside the UK
Solar ESU will not transfer your personal information outside of the UK, with the exception where an Event is taking place outside of the UK and it is necessary to provide personal information to comply with our legal obligations, although generally such an event will have its own data collection form which will be securely held and disposed of after the event.
Data Storage
Solar ESU is committed to the protection of your personal information.
We generally store personal information in secure digital online database systems, where access to that data is restricted and controlled.
Compass: - is the online membership system of The Scout Association, this system is used for the collection and storage of Adult personal data.
Online Scout Manager is an online membership system run by Online Youth Manager Ltd, this is a secure membership database where we store the personal information of Adults and Youth members for the day to day running of the group.
Barclays Bank – our online banking facility holds account details for those to whom we have made online payments.
Go Cardless - our payment facilitator and means by which we take payments through Online Scout Manager. Solar ESU does not have access to your account details through Go Cardless.
Printed records and Event data
Paper is still used within Solar ESU to capture a very limited amount of data.
Weebly - Our HTTPS hosted group website holds contact forms and photographs (without names) and is secured by password.
Gmail - forms submitted through our group website are automatically emailed to a secure Gmail email address secured by both password and 2 factor authentication.
Gift Aid collection of data, via Online Scout Manager where it will be held securely. Historical (paper and web) declarations have been digitized and are held within Dropbox.
Events
As a member of Solar ESU it is hoped you will take up the opportunity to attend events and camps, where is necessary to fulfil our legal obligations we will be required to potentially have a less secure means to access personal information, such as printouts of personal contacts and medical information, rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available.
We will minimise the use of paper to only what is required for the event/camp.
We will ensure
Transfer of paper is secure, such as physical hand to hand transfer or registered post.
Paper forms are securely destroyed after use.
Secure destruction will be through a shredding machine or securely burned.
We will keep any paper record in a locked contained and where possible on our person.
Where possible we will also attempt to use secure digital systems and either use offline modes or temporarily downloaded data onto mobile devices, which will have security measures in place.
Awards
Sometimes we may nominate a member for national award, (such as Queens Scout or Duke of Edinburgh award) such nominations would require we provide contact details to the awarding organisation, this is most often done on paper via registered post.
Photography
Solar ESU will take photographs of your child and store them with Online Scout Manager to aid the leaders identify your child.
This usage is covered under the legitimate interest principle of GDPR so we do not require your explicit consent in order to obtain, retain and make use of this information.
We also have a website where we upload photographs of each section so that parents can see the activities their child has been involved in.
We have activated a tool within Online Scout Manager which will allow you to give your consent for us to show identifiable photos of your child on our website. Without this consent we will not post an identifiable photograph of your child on the group website.
Withdraw of consent
You have the right to withdraw your consent at any time. This can be done by updating your preferences via Online Scout Manager and informing the section leader to which your child belongs that you no longer wish for photos of your child to appear on the website.
If you withdraw your consent we will no longer post photos of your child on the website, but we will not remove photos already posted (subject to the below)
What is an identifiable photograph
It is not always possible to ensure that the backs of people’s heads, hands, feet, etc are not caught on camera. While uploading photos of group activities we will not publish any photo of your child's face, but if it’s just a minor part of them or the back of their head we may still use the photo.
Photos in Public
Please note that the group cannot control or stop images being taken by other individuals, parents or organisations not connected with the Solar ESU leadership team.
Safeguarding
If there is a safeguarding reason that no photos of your child can appear online we would ask that you contact your section leader to inform them of this. Where there is a safeguarding issue we will undertake to remove any existing photos from the website.
Social Media
Solar ESU maintains a closed Facebook group to which only the leaders and current youth members have access. Both the young people and adult members have the ability to upload photos into this group. As of 31/12/2018 we are reviewing how our policy relates to this group and will update this page ASAP.
Press
Should there be a request for a photograph for press publications we will seek explicit consent form your before providing a photo of your child to the requesting party.
Limits of our control
Parents should be aware that we have no control over who views our website and cannot control what a member of the public may do with a photo of your child which they download from our website.
General notes on photos on our website
Unless we have specifically requested your permission we will not post your child’s photo along with their name in a solitary photo.
If there is a group photo we might state the names of those in the photo, but not in the order they appear in the photo.
Steps we have taken
Prior to the launch of GDPR Solar ESU has reviewed all its held data and taken the following steps:
Old/Obsolete data has been removed from our digital databases
We have reviewed any paper records we hold and securely disposed of any that are no longer needed.
We have upgraded our website to https ensuring any data you submit is collected and held securely
Old/Obsolete data has been removed from our digital databases
We have reviewed any paper records we hold and securely disposed of any that are no longer needed.
We have upgraded our website to https ensuring any data you submit is collected and held securely
Request access to the data we hold on you
If you would like to request a copy of the data that we hold on you or your child please complete the below form and we will provide a copy of any data we hold.
What is GDPR
What is GDPR and why do we need it?
As technology develops and our private data is being used and shared in countless new ways, people are understandably becoming increasingly worried about security.
There are two key reasons why GDPR is being introduced – to bring all EU member states under one common regulation, and to update regulations to reflect our new digital age.
Different countries in the EU follow different rules and regulations when it comes to data sharing and privacy, which can get quite confusing when data is being shared between people and companies in different countries. GDPR will be enforced across all 28 EU member states, meaning everyone is following the same rules!
In the UK, companies and charities are still following the 1998 Data Protection Act to ensure the safety of people’s data. But technology and data sharing has developed a lot since 1998. This means that the current regulation may not be entirely suitable for the needs of consumers and the types of technology we’re seeing today. GDPR will replace the Data Protection Act to better protect our data from breaches and hacks.
What data does it protect?
When people talk about technology and digital developments, there’s always a focus on data. But what data do they mean? GDPR aims to protect any personal data a company or charity holds about you – including your name, address, email address, images, social networking accounts, IP address or medical history.
It will also cover more sensitive data such as your sexual orientation, your genetics, your political views or any trade union memberships.
How will it affect UK businesses and charities?
Essentially, GDPR will affect everyone in all 28 EU member states, from businesses and charities big and small, to customers and consumers.
When it comes to implementing GDPR, the biggest changes will be seen by businesses rather than consumers – since they’re the ones who will have to adjust the way they handle data to align with the new legislation.
There are hefty penalties for those who don’t comply, including a fine of up to €20 million or 4% of the company’s total profit. Any data breach also needs to be reported to the relevant authorities within 72 hours, and if there’s a risk involved to the data subject (i.e the people the data concerns) they’ll have to inform their customers too.
How will GDPR affect me?
While businesses and charities will have to make changes to their data policies in preparation for the new regulations, consumers don’t have to do anything in particular to prepare.
That said, individual consumers will probably still notice some changes. You’ll probably find that when you buy products online or sign up to newsletters, there will be more obvious checkboxes relating to how the company can use your data – for example to send you emails, or share data with a third party.
However, GDPR also gives you a number of ‘rights’ when it comes to your data, including:
The right to be informed – you have a right to know how your data will be used by a company.
The right to access your personal data – you can ask any company to share with you the data they have about you!
The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.
The right to erasure – this means that you have the right to request that a company deletes any personal data they have about you. There are some exceptions, for example, some information can be held by employers and ex-employers for legal reasons.
The right to restrict processing – if you think there’s something wrong with the data being held about you, or you aren’t sure a company is complying to rules, you can restrict any further use of your data until the problem is resolved.
The right to data portability – this means that if you ask, companies will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with other companies, such as your bank details when applying for a loan.
The right to object – you can object to the ways your data is being used. This should make it easier to avoid unwanted marketing communications and spam from third parties.
Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input.
Whether or not you exercise your new rights is up to you – the main thing to remember is that they’re there if you need them.
As technology develops and our private data is being used and shared in countless new ways, people are understandably becoming increasingly worried about security.
There are two key reasons why GDPR is being introduced – to bring all EU member states under one common regulation, and to update regulations to reflect our new digital age.
Different countries in the EU follow different rules and regulations when it comes to data sharing and privacy, which can get quite confusing when data is being shared between people and companies in different countries. GDPR will be enforced across all 28 EU member states, meaning everyone is following the same rules!
In the UK, companies and charities are still following the 1998 Data Protection Act to ensure the safety of people’s data. But technology and data sharing has developed a lot since 1998. This means that the current regulation may not be entirely suitable for the needs of consumers and the types of technology we’re seeing today. GDPR will replace the Data Protection Act to better protect our data from breaches and hacks.
What data does it protect?
When people talk about technology and digital developments, there’s always a focus on data. But what data do they mean? GDPR aims to protect any personal data a company or charity holds about you – including your name, address, email address, images, social networking accounts, IP address or medical history.
It will also cover more sensitive data such as your sexual orientation, your genetics, your political views or any trade union memberships.
How will it affect UK businesses and charities?
Essentially, GDPR will affect everyone in all 28 EU member states, from businesses and charities big and small, to customers and consumers.
When it comes to implementing GDPR, the biggest changes will be seen by businesses rather than consumers – since they’re the ones who will have to adjust the way they handle data to align with the new legislation.
There are hefty penalties for those who don’t comply, including a fine of up to €20 million or 4% of the company’s total profit. Any data breach also needs to be reported to the relevant authorities within 72 hours, and if there’s a risk involved to the data subject (i.e the people the data concerns) they’ll have to inform their customers too.
How will GDPR affect me?
While businesses and charities will have to make changes to their data policies in preparation for the new regulations, consumers don’t have to do anything in particular to prepare.
That said, individual consumers will probably still notice some changes. You’ll probably find that when you buy products online or sign up to newsletters, there will be more obvious checkboxes relating to how the company can use your data – for example to send you emails, or share data with a third party.
However, GDPR also gives you a number of ‘rights’ when it comes to your data, including:
The right to be informed – you have a right to know how your data will be used by a company.
The right to access your personal data – you can ask any company to share with you the data they have about you!
The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.
The right to erasure – this means that you have the right to request that a company deletes any personal data they have about you. There are some exceptions, for example, some information can be held by employers and ex-employers for legal reasons.
The right to restrict processing – if you think there’s something wrong with the data being held about you, or you aren’t sure a company is complying to rules, you can restrict any further use of your data until the problem is resolved.
The right to data portability – this means that if you ask, companies will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with other companies, such as your bank details when applying for a loan.
The right to object – you can object to the ways your data is being used. This should make it easier to avoid unwanted marketing communications and spam from third parties.
Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input.
Whether or not you exercise your new rights is up to you – the main thing to remember is that they’re there if you need them.