Somerset County Scout Council Data Privacy Notice

Our Privacy and Fair Processing Notice “Data Privacy Notice” describes the categories of
personal data we process and for what purposes. We are committed to collecting and using
such data fairly and in accordance with the requirements of the General Data Protection
Regulations “GDPR”.

1. Scope
The Somerset County Scout Council (SCSC) / “we” / “us” has a responsibility for all the adult
volunteers and any paid employees appointed throughout the Districts and Groups within the
County. SCSC is part of The Scout Association which is incorporated by Royal Charter. SCSC is
registered with the Charity Commission.
From time to time SCSC collects information from Young People relative to events it organises
The County Board of Trustees is the data controller for the information we collect from its
members and others / “you”/ “yours”. Any personal data that we collect will only be in relation
to the work we do with our members and volunteers.
Scouting within the County is also carried out by Scout Districts and Groups, who being
semiautonomous are responsible for the control and management of their own data

2. Personal Data
‘Personal data’ means any information relating to an identified or identifiable natural person
(‘data subject’). The processing of personal data is governed by the General Data Protection
Regulation (the “GDPR”).

3. How we gather personal data
The personal data held by SCSC is usually provided directly by Adults and the Parents/Legal
Guardians of the Young People in either paper or electronic form, by direct entry into their
membership records and by exception verbally.
Where a member is under the age of 18, this information will usually be obtained from a parent
/guardian and would not ordinarily be provided by the young person.

4. How do we process your personal data?
In accordance with article 5 of the GDPR personal data regulations the processes shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject
(‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a
manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they
are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to
ensure that personal data that is inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for
the purposes for which the personal data is processed;
f) processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against accidental loss,
destruction or damage, using appropriate technical or organisational measures.
We process the data to have the ability to contact adult members and parents and guardians of
young people, to inform them of meetings and events that SCSC itself may be running or
attending, or to pass on information
We use personal data for the following purposes: –
• we collect protected characteristic , information for the protection and welfare of that person
whilst in the care of SCSC
• To enable us to provide a voluntary service for the benefit of the public in a particular
geographical area as specified in our constitution
• To administer membership records
• To fundraise and promote the interests of SCSC
• To manage our volunteers
• To maintain our own accounts and records (including the processing of gift aid applications);
• To inform you of news, events, activities and services running in the SCSC.

5. What is the legal basis for processing your / your child(ren)’s personal data?
We only use your personal information where that is permitted by the laws that protect your
privacy rights. We only use personal information as follows:
a) Child’s Protected characteristic details, Address, Photograph, Emergency Contact Details are
kept in order to satisfy the legitimate interests of the SCSC for purposes of administration,
Financial Organisation and well-being of the child. The data is also passed onto event
organisers to allow them to safely organise the event concerned.
b) Adult Volunteer’s details are accessible to the SCSC via the Digital membership system
operated by the TSA. Access to this data is controlled by the TSA based on the role of viewer.

6. How we store personal data:
We are committed to the protection of your personal information.
We generally store personal information in secure digital online database systems, where
access to that data is restricted and controlled.
Digital Membership System: – is the online membership system of The Scout Association, this
system is used for the collection and storage of Adult personal data. It is the volunteers
responsibility to ensure it is correct and kept up to date at all times.
Events: – Young people data will be stored using a system or method approved by the County
Board of Trustees (or their delegate) as appropriate to the event.
Paper may be used to capture some data for example the following: –
Gift Aid forms. They will be securely held by the County Treasurer to aid in the collection of Gift
Aid for, we have a legal obligation to retain this information for 7 years after our last claim.
Events
As a volunteer of SCSC it is hoped you will take up the opportunity to attend events and camps.
Only information required to the facilitate the event will be shared with the event management
team.
Awards
Sometimes we may nominate a member for national award, such nominations would require
we provide contact details to the awarding organisation, this is now done via the digital
membership system.

7. Sharing and transferring personal Information
We will only normally share personal information within our County leadership and Trustee
members.
We will however share your personal information with others outside SCSC where we need to
meet or enforce a legal obligation, this may include, The Scout Association and its insurance
subsidiary “Unity”, local authority services and law enforcement, we will only share your
personal information to the extent needed for those purposes.
We will never sell your personal information to any third party.
Your personal data will be treated as strictly confidential. We will only share your data with third
parties outside of the organisation where there is a legitimate reason to do so. We will take steps
to anonymise the data we provide (i.e. collective reporting on gender, ethnicity, age, etc.). If
identifiable data is to be shared, we will seek your consent.
Third Party Data Processors
The SCSC uses the services of the following third-party data processors: –
• The Scout Association via its adult membership system which is used to record the personal
information of leaders, adults and parents who have undergone a Disclosure and Barring
Service (DBS) check in conjunction with “Atlantic” software for DBS.
• Online Youth Manager Ltd (Online Scout Manager) when deemed appropriate is used to record
information for events.
https://www.onlinescoutmanager.co.uk/security.php
• Office 365 (Somersetscouts.org.uk)
Automated decision making
SCSC does not have any automated decision-making systems.
Transfers outside the UK
SCSC will not transfer your personal information outside of the UK, with the exception where an
Event is taking place outside of the UK and it is necessary to provide personal information to
comply with our legal obligations, although generally such an event will have its own data
collection form which will be securely held and disposed of after the event.

8. How do we protect personal data?
We take appropriate measures to ensure that the information discussed to us is kept secure,
accurate and up to date and kept only for as long as necessary for the purpose for which it is
used.

9. How long do we keep your personal data?
We will retain your personal information, throughout the time you are a volunteer with SCSC, or
your Young person is enrolled on an event coordinated by SCSC.
We will retain your full personal information after you have left SCSC, in accordance with Policy
Organisation & Rules “POR”.
We will also keep any Gift Aid Claim information for the statutory 7 years as required by HMRC

10. Your rights and your personal data
You have the right to object to how we process your personal information. You also have the
right to access, correct, sometimes delete and restrict the personal information we use. In
addition, you have a right to complain to us and to the data protection regulator.
Unless subject to an exemption under GDPR, you have the following rights with respect to your
personal data: –
• The right to be informed – you have a right to know how your data will be used by us. The right
to access your personal data – you can ask us to share with you the data they have about you!
• The right to rectification – this means you can update your data if it’s inaccurate or if
something is missing. You can view and edit some of your personal information directly on the
Digital Membership system. You can request other information is updated by following the links
and via direct conversation/exchange with the Scout Headquarters.
• The right to erasure – this means that you have the right to request that we delete any personal
data they have about you. There are some exceptions, for example, some information can be
held for legal reasons.
• The right to restrict processing – if you think there’s something wrong with the data being held
about you, or you aren’t sure if we are complying to rules, you can restrict any further use of your
data until the problem is resolved.
• The right to data portability – this means that if you ask us, we will have to share your data with
you in a way that can be read digitally – such as a pdf. This makes it easier to share information
with others.
• The right to object – you can object to the ways your data is being used. This should make it
easier to avoid unwanted marketing communications and spam from third parties.
• Rights in relation to automated decision making and profiling – this protects you in cases
where decision are being made about you based entirely on automated processes rather than a
human input.
Please contact in the first instance
• in the case of a young person, the event coordinator/leader;
• for adults, your line manager (e.g. Section leader, Group, District or County lead volunteer) or
our Data Protection Lead for more information.
Whether or not you exercise your new rights is up to you – the main thing to remember is that
they’re there if you need them.

11. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection
Notice, then we will provide you with a new notice explaining this new use prior to commencing
the processing and setting out the relevant purposes and processing conditions. Where and
whenever necessary, we will seek your prior consent to the new processing.

12. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact our Data
Protection Lead at SCSC Tangier Scout & Guide Centre, Castle Street, Taunton TA1 4AS or
email privacy@somersetscouts.org.uk

You can contact the Information Commissioners Office on 0303 123 1113 or via
email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s
Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Reviewed & approved by the SCSC on 8th July 2025
Adrian Ashford
Chair, Board of Trustees