May be updated following additional legal advice
1. Who we are
To ensure utmost confidentiality, we have separate storage systems for your story and your other personal information shared with us. If you have any concerns or questions about the storage, protection, or use of your personal information, please contact us at email@example.com. We are committed to addressing your inquiries and safeguarding your privacy to the best of our ability.
3. How we collect your personal data
If you share your story via our website, we will ask for your name, email address and postcode at the time the events happened. We will publish your story to the website, but we will not publish your name, email address or postcode on the website. We use this data solely to confirm the authenticity of the submitted stories. In the future, we may use your postcode to create a map of the UK showing where incidents have occurred, but we won’t link the published stories to the map. The intent is only to show where incidents are happening with the greatest frequency.
We have designed a system to ensure any personal information you share with us (such as name, postcode, email address) is stored securely on one database, and any “Story” information you share with us is stored on an entirely separate database. Each database is hosted by a separate leading technology company, and we use all security measures available to us. We have designed this system to ensure your personal information is kept safe, secure and confidential.
When submitting your story, we collect your name and email address solely for the purpose of establishing the authenticity of submissions and ensuring that the stories are submitted by real individuals. This information will not be used for any other purpose without your explicit permission. We collect the postcode at the time of the event so we can anonymously analyse if there are any spatial trends and ask if this happened before 2014, as it is after this point that The Scout Association made substantial changes to their safeguarding procedures.
Rest assured that we take reasonable steps to protect your personal information and maintain its confidentiality as outlined in this policy. We will not disclose, sell, or share your personal information with any third party unless required by law or with your explicit consent.
We may also obtain personal information from you in other circumstances, such as when you or interact with us. For example, when you:
- Sign the petition or sign up to our mailing list;
- Enquire about our activities via email, Twitter or Instagram;
- Provide us with personal information in any other way.
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
4. Types of personal data we collect
In the circumstances noted above, we may collect the following types of personal data, including:
General personal data types, including:
Age, gender, tthnicity, location, email addresses, names, telephone numbers, social media accounts (Instagram and Twitter). These are processed when we engage in email, phone, or correspondence through social media like Instagram, to respond to media requests and other stakeholders who contact us.
We recognise the importance of protecting your personal information, particularly sensitive data falling under the category of special category data. This includes information such as age, gender and ethnicity. In compliance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), we are committed to processing special category data only when a valid legal basis, as outlined in Article 9 of the GDPR, is present.
We will ensure that any processing of special category data is carried out in strict accordance with applicable data protection laws. Our processing activities will rely on an appropriate legal basis, such as obtaining explicit consent from individuals, fulfilling our legal obligations, protecting vital interests, or processing data for specific purposes related to the campaign.
Under Article 9, Yours in Scouting may process special category data when it is necessary for carrying out our obligations and exercising specific rights related to our non-profit activities. This may include processing data for the purposes of fundraising, providing support services, conducting research or advocacy, or managing volunteer activities.
We will ensure that any processing of special category data is carried out with the utmost care and in compliance with the principles of data protection. We will obtain explicit consent from individuals when necessary and will implement appropriate security measures to protect the confidentiality and integrity of the data.5. The lawful bases for processing your personal data
We process personal data on the following bases:
- Consent – Obtained when signing up for our mailing list.
- Legitimate interest – Pertaining to media and other stakeholders.
In order to process your data lawfully, we rely on various lawful bases as defined by applicable data protection laws, such as the UK General Data Protection Regulation (UK GDPR). These lawful bases may include the necessity of processing for the performance of a contract, compliance with legal obligations, protection of vital interests, consent, the performance of a task carried out in the public interest or in the exercise of official authority, and our legitimate interests as an organisation.
When you sign up for our mailing list or share your personal information with us, we want to ensure that you provide informed consent for such activities. By providing your explicit consent, you acknowledge and agree to the collection, use, and processing of your personal information for the specific purposes outlined at the time of consent. By voluntarily providing this information and subscribing to our mailing list, you consent to receiving marketing communications from us. You have the right to withdraw your consent at any time by using the “unsubscribe” link provided in our email communications or by contacting us directly on firstname.lastname@example.org. By signing up for Good Law Project’s mailing list, you consent to the sharing of your information with them, you can unsubscribe from their mailing list at any time by using the “unsubscribe” link provided in their email communications
We may also engage with media outlets and other stakeholders to inform and engage the public about our campaign. Such engagement may involve the processing of personal data. When we engage with media and stakeholders, we do so with the legitimate interest of promoting transparency, sharing important information, and fostering meaningful discussions. We will always ensure that any personal data shared or processed in these interactions is done with your consent and in a manner consistent with applicable privacy laws and regulations.
5. How we use your personal data
We process your personal data for the following purposes:
- Enhancing our research or undertaking additional research with trusted parties to provide insights and produce speciality knowledge to advocate for change;
- Undertaking awareness raising to advocate for policy reformations and to increase awareness through media publications;
- Promoting our message and mission (marketing);
- Complying with legal and regulatory obligations;
- External parties must obtain explicit consent from us before using or analysing any data.
6. Security measures for personal data processing
We have implemented appropriate technical and organisational security policies and procedures in place to protect personal data,including sensitive personal data),from loss, misuse, alteration or destruction. Access to your personal data is password and multi-factor protected, and only authorised individuals with a need to access it can do so. Those individuals are required to maintain the confidentiality of such information. While we strive to protect the security of your personal data during transmission, please note that no method of data transmission over the Internet is entirely secure.
7. Sharing personal data with third parties
We will never exchange, sell or rent your personal information to another person or organisation.
The information you provide is used to deliver our services to you and we work in collaboration with a few selected external organisations to help us process your data. We may occasionally share personal data with trusted third parties to help us develop research and deliver efficient and quality services. Before sharing the data, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we actually share the data. All third parties we work with to help us process your information work in line with our expectations and have agreements with us that include details of how they keep your data secure. We may engage with several or all of the following categories of recipients:
- Service providers supporting us in providing our services (e.g., cloud-based software services such as Google Drive)
- Our professional advisers, including lawyers, auditors and insurers
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with applicable law or regulation
8. Transferring personal data outside the European Economic Area (EEA)
In certain circumstances, it may be necessary to transfer your data outside the United Kingdom (UK) and the European Economic Area (EEA) to fulfill our services or to engage with third-party service providers located in non-EEA countries. We want to assure you that any transfer of personal data outside the UK and EEA will be conducted in compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
We store personal data on servers located in the European Economic Area (EEA) and outside of the EEA, particularly in the United States. We transfer personal data to reputable third-party service providers, namely MailChimp, Smartraise and Kuala, situated both inside and outside the EEA. Please refer to their websites for further information about their personal data handling practices. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
When transferring your data to a non-EEA country, we will ensure appropriate safeguards are in place to protect your privacy and security. These safeguards may include entering into Standard Contractual Clauses approved by the UK Information Commissioner’s Office or obtaining your explicit consent to the transfer. We will take all necessary measures to ensure that your personal data receives a level of protection that is consistent with UK and EU data protection laws.
You can turn off cookies through your browser settings at any time if you do not want your browser to accept cookies. You can also delete existing cookies in your browser settings.
10. Your data protection rights
You have the following rights in relation to your personal data that we process. You can exercise your rights by emailing us at organiser@yoursinscouting, including:
- Right to withdraw consent – You can withdraw consent previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before your withdrawal. However, it may mean we are not able to provide certain services to you and we will advise you if this is the case.
- Right to rectification and erasure – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing, or when we no longer need it for the purpose it was originally collected
- Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction
- Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision making. However, we may need to keep some minimal information (e.g., email address) to comply with your request to cease marketing to you
- Right to make a complaint – You have the right to lodge a complaint to the UK Information Commissioner’s Office (https://ico.org.uk/concerns/handling/) if you have concerns about our data handling practices. We may request specific information from you to ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.
11. Retention period for personal data
We retain personal data to comply with applicable laws, regulations, and professional obligations . Unless a different time frame applies as a result of business needs or specific legal, regulatory, or contractual requirements, we retain personal data for a period of five years.
12. Links to other websites
Our website may contain links to other sites. Please review the destination websites’ privacy policies before submitting personal data on those sites. Although we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
14. Contact us
If you have any concerns as to how your data is processed, you can contact us by email: email@example.com. We will respond to your queries within 30 days from when we receive them.