This Data Privacy Policy describes the categories of personal data The Scout Association – Isle of Man processes and for what purposes. The Scout Association – Isle of Man is committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and the Data Protection Bill, the law that encompasses the GDPR.
This Privacy Policy applies to members, parents/guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with The Scout Association – Isle of Man.
The Scout Association – Isle of Man is a registered charity in the Isle of Man, charity number 430. It fulfils the duties and responsibilities of both a County and District Council as set out in the Policy Organisation and Rules.
The Data Controller for The Scout Association – Isle of Man is the Executive Committee who are appointed at an Annual General Meeting and are Charity Trustees. The Chair of the Charity Trustees is shown on here.
From this point on The Scout Association – Isle of Man will be referred to as “we”.
Being a small charity, we are not required to appoint a Data Protection Officer.
The majority of the personal information we hold, is provided to us directly by you or by the parents or legal guardians of youth members verbally or in paper form, digital form or via our online membership system Compass. In the case of adult members and volunteers, data may also be provided by third parties, such as the Disclosure and
Barring Service.
Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person
We may collect the following personal information:
We comply with our obligations under the GDPR and the Data Protection Bill, the law that encompasses the GDPR, by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
In most cases the lawful basis for processing will be through the performance of a contract for personal data of our adult volunteers and legitimate interest for personal data of our youth members. Sensitive (special category) data for both adult volunteers and our youth members will mostly align to the lawful basis of legitimate activities of an association. Explicit consent is requested from parents/guardians to take photographs of our members. On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.
We use personal data for the following purposes:
We use personal sensitive (special) data for the following purposes:
We will retain your personal information, throughout the time you/your child(ren) are a member of The Scout Association – Isle of Man or are partaking in an activity being run or attended by us.
We will retain your full personal information for a period of one year after you have left us.
Personal data collected in support of an event/activity will be destroyed within one month of the event/activity taking place
We will normally only share personal information with adult volunteers holding an appointment in The Scout Association – Isle of Man.
We will share the personal data of youth members and their parents/guardians with The Scout Association Headquarters for the purpose of managing safeguarding cases. The privacy and security notice for The Scout Association can be found here:
https://www.scouts.org.uk/DPPolicy.
We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for The Scout Association – Isle of Man as well as with The Scout Association Headquarters as data controllers in common.
We will however share your personal information with others outside of The Scout Association – Isle of Man where we need meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes.
We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.
We will never sell your personal information to any third party.
Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation.
Where personal data is shared with third parties we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and the Data Protection Bill, the law that encompasses the GDPR.
We generally store personal information in the following ways:
Compass – is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.
Online Scout Manager – is the online membership system of Online Youth Manager, this system is used for the collection and storage of youth member personal data.
Office 365 – email and storage held on enterprise class redundant servers, and subject to the Scout Association – Isle of Man’s Communication Policy.
Local spreadsheets/databases – In addition, adult volunteers will hold some personal data on local spreadsheets/databases/emails.
Printed records and data held while attending events – paper is sometimes used to capture and retain some data for example:
Paper records for events are used rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available. We will minimise the use of paper to only what is required for the event.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
A link to this website page is provided to those whose data is being processed by us. A printed version is also available on request via the contact page here.
As a Data Subject, you have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the Information Commissioner.
Unless subject to an exemption under the GDPR and the Data Protection Bill, the law that encompasses the GDPR, you have the following rights with respect to your personal data:
When you submit data through a form such as those found on our contact pages or comment forms, cookies may be set to remember you your user details for future correspondence.
Our website uses the WordPress JetPack plug-in, which records analytics data.
If you have any queries relating to this Privacy Notice or our use of your personal data, please contact the Island Secretary via the contact page here.
This policy was reviewed and approved by the Island Executive Committee on 26 May 2021.
Version 1.0