Privacy Policy

Privacy and Data Protection Policy

2.2.1.1
The Scout Association takes the protection of privacy and personal data very seriously and all adults operating within the Scouts, whether at UK Headquarters or within local Scout units such as Groups, Districts, Counties, Areas, Regions (Scotland) or Countries, must comply with data protection law which includes the UK General Data Protection Regulation (UK GDPR).

2.2.1.2
The Scout Association's Data Protection Policy provides important definitions and details of how it protects personal information along with guidance to staff and volunteers on how to deal with personal information that they handle.

2.2.2 Responsibilities within the Privacy and Data Protection Policy

2.2.2.1
UK Headquarters and each local Scout unit operate as separate charities in their own right within the federation of charities under the Royal Charter. UK Headquarters and each local Scout unit collects and handles personal data and is responsible, as a separate data controller, for how that data is collected, stored and used.

UK Headquarters offer guidance material to Scout units to assist with compliance to data protection law and best practice.

2.2.2.2
As a larger organisation, The Scout Association is registered with the Information Commissioner’s Office (ICO) as a data controller. However, data protection law applies to all data controllers, whether registered with the ICO or not, and therefore applies to each local Scout unit.

2.2.2.3
All adults in the Scouts have a responsibility to comply with data protection law when handling or dealing with any personal data. However, ultimate responsibility for ensuring that adequate data protection systems are in place lies with the relevant charity trustees as follows:

  1. at UK Headquarters, the Board of Trustees of The Scout Association is responsible for ensuring that adequate data protection systems are in place in respect of UK Headquarters based at Gilwell Park, Chingford, London E4 7QW.
  2. at local level, the local Scout unit’s Trustee Board, as the charity’s Trustees, is responsible for ensuring that adequate data protection systems are in place.

2.2.2.4
Whilst the charity Trustees and Trustee Boards are responsible for ensuring that adequate data protection systems are in place, each adult operating within the Scouts, whether as staff or a volunteer, is also responsible for ensuring that they handle all personal data in compliance with those procedures and the law.

2.2.2.5
All adult members of The Scout Association are required to have at least one unique e-mail address, not one shared with another person or persons. This unique e-mail address must be recorded on the membership system. This unique e-mail address may be in addition to any shared email address, such as may be in place for shared roles.

Meeting this requirement ensures that each member receives the information relevant to them and prevents them from receiving information intended for another individual. This is in line with the Data Protection and UK GDPR requirements.

2.2.2.6
In compliance with the six key principles of the UK GDPR (Article 5), personal data in the Scouts must be:

  1. Processed lawfully, fairly and in a transparent manner.
    Clear and accessible information must be provided to individuals about what personal data is collected, how it will be processed and how they may exercise rights over it, such as the right to request a copy of their personal data by making a Subject Access Request (SAR) or to have incorrect data corrected or deleted. This information should be provided both at the initial point of contact in the form of a Privacy Statement or Notice and also be made regularly accessible to the individual. See The Scout Association’s Privacy Statement.
  2. Collected and processed for specified, explicit and legitimate purposes only.
    Personal data should only be collected and used for activities directly relating to the Scouts or a person’s membership or association with the Scouts.
  3. Adequate, relevant and limited to what is necessary for the purposes it is collected and processed.
  4. Accurate and, where necessary, kept up to date.
    Every reasonable step must be taken to ensure that the data is kept as accurate and up to date as possible for the purposes for which it is being held.
  5. Kept for no longer than necessary for the purposes for which it was collected and processed.
  6. Kept secure using appropriate technical or organisational measures, to prevent the data from being used in an unauthorised or unlawful way, or against accidental loss, destruction or damage.

2.2.2.7
As data controllers, the relevant charity Trustees and Trustee Boards are responsible for demonstrating compliance with the above principles.

Data Controller

Andrew Hunter

admin@11thwellingboroughscouts.onmicorsoft.com

 

 

©Copyright. All rights reserved. 2025

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.

Privacy Settings

Website Translator

Google Maps

YouTube Video

Privacy Settings

This tool helps you to select and deactivate various tags / trackers / analytic tools used on this website.

Select all services
Website Translator
More
Google Maps
More
YouTube Video
More
Save Settings