Privacy policy

2nd Kimberley Scout Group / Kettlebrook Lodge

Eastwood Road, Kimberley, Nottingham, NG16 2HZ

Privacy Policy – Version 3.1 (April 2026)

1. Who We Are

This Privacy Notice applies to 2nd Kimberley Scout Group and Kettlebrook Lodge.

For the purposes of data protection legislation, the Trustee Board is the Data Controller.

Named Data Lead: Ed Roberts

2. Purpose of This Privacy Notice

This Privacy Notice explains how we collect, use, store, protect, and share personal data. We are committed to handling personal data lawfully, fairly, and transparently, with particular care where processing involves children or vulnerable individuals.

3. What Personal Data We Collect

We may collect and process personal data and special category data relating to:

Young People

• Name, date of birth and age
• Parent or carer contact details
• Attendance and membership records
• Health and emergency information
• Images and media (where consent has been given)

Parents / Carers

• Names and contact details
• Permissions and consents
• Emergency contact details

Adult Volunteers

• Name and contact details
• Appointment, training and role information
• Attendance and availability data

Customers / Hirers (Kettlebrook Lodge)

• Name and contact details
• Booking and hire information
• Invoicing and payment references

Financial & Fundraising Data

• Gift Aid declarations
• Donation records
• Limited bank reference information via GoCardless
  (Full card or bank details are never stored by us.)

4. Why We Collect Personal Data (Lawful Basis)

We process personal data only where a lawful basis applies, including:

• Public task / charitable purpose – delivery of Scouting activities
• Safeguarding and duty of care – including health and emergency information
• Legitimate interests – administration and coordination of adult volunteers
• Contract – lodge bookings and hire arrangements
• Consent – photography, images, and certain communications
• Legal obligation – Gift Aid and financial records

Legitimate Interests are not relied upon for routine processing of children’s data or special category data.

5. How We Collect Data

Data is collected through:

• Online Scout Manager (OSM)
• Scouts Adult Membership System (Compass)
• Scout Websites forms
• Event, activity and health forms
• Email, telephone or face‑to‑face communications
• Lodge booking system (Hallmaster)

6. Where and How Your Data Is Stored

Personal data is stored securely using approved systems, including:

• Online Scout Manager (OSM)
• Scouts Adult Membership System (Compass)
• Scout Websites
• Microsoft 365

Security controls include:

• Role‑based access
• Password protection
• Encryption where supported
• Acceptable Use requirements for all users

Paper Records

Paper records are minimised and, where required:

• Stored in locked cabinets
• Accessed only by authorised adults
• Securely destroyed when no longer needed

7. Systems and Platforms We Use

Approved platforms include:

• Online Scout Manager (OSM) – section‑level membership and programme management
• Scouts Adult Membership System (Compass) – national volunteer records
• Scout Websites – joining and communication forms
• Microsoft 365 – email, documents and internal collaboration
• Canva – design of Scouting publicity materials only
• WhatsApp – limited, informal operational messaging between adults only
• Hallmaster – lodge bookings and invoicing

Sensitive Personal Data must not be stored or shared via WhatsApp or Canva.

8. Who Has Access to Personal Data

Access is limited to those who need it to fulfil their role, including:

• Trustees
• Group Scout Leader
• Section Leaders
• Treasurer (financial data only)

Access is reviewed regularly and removed promptly when roles end.

9. Data Sharing

We may share personal data where necessary with:

• The Scout Association (including District and County)
• Event organisers and activity partners
• Approved service providers (e.g. OSM, Microsoft, GoCardless, Hallmaster)

We do not sell personal data or share it unnecessarily.

Summary (non‑identifiable) information is shared with The Scout Association for census purposes.

9A. Third‑Party and Partner Organisation Access

Where access to systems or data is provided to third parties, including:

• Scout District teams
• Other Scout Groups
• Girlguiding units or districts

that access is granted solely to support authorised Scouting or Guiding activities.

All third‑party users must comply with this Privacy Policy, safeguarding requirements, and applicable data protection law.

Access is role‑based, time‑limited, and subject to review. Failure to comply may result in restricted or withdrawn access.

9B. Acceptable Use of Scout‑Provided Systems and Platforms

Scout‑provided systems, licences and platforms are provided strictly for uniformed youth organisation purposes.

Permitted Use

Systems may only be used to:

• Support administration of uniformed youth organisations
• Communicate operational information related to Scouting

Prohibited Use

The following are not permitted:

• Personal, commercial, or non‑Scouting use
• Storage or processing of personal data relating to third parties or external organisations
• Uploading or storing photos or data relating to:
  • Non‑Scouting or non‑Guiding activities
  • External services, charities, or businesses
• Use of Scout systems to store Sensitive Personal Data on non‑approved platforms

Images and media must:

• Relate only to Scouting or Guiding activities
• Have a lawful basis and appropriate consent
• Be stored only on approved systems

10. Photography and Media

Images of young people or adults are taken and used only where consent is provided, as far as reasonably practicable. Consent may be withdrawn at any time.

11. Data Retention

We retain personal data only for as long as necessary:

• Membership data – duration of membership plus up to two months
• Gift Aid records – seven years
• Booking records – in line with legal and financial requirements
• Health information – limited to the duration required for the activity

12. Data Breaches

All suspected or confirmed data breaches are managed under our Data Breach Procedure. Where appropriate, Scout Support is informed and further escalation undertaken.

13. Your Rights

You have the right to:

• Access your data
• Request correction of inaccurate data
• Request deletion where appropriate
• Restrict or object to processing
• Withdraw consent
• Request a copy of your data
• Complain to the ICO

Requests should be made via Group Admin.

14. Contact Details

For privacy‑related queries or requests:

[email protected] 

Data Lead
2nd Kimberley Scout Group

15. Review

This Privacy Policy is reviewed:

• At least annually
• Following any material change to systems, activities or risk

External Privacy Policies and Further Information

We use a small number of trusted third‑party systems to support the delivery of Scouting activities, administration, communications, and bookings.
Each of these organisations processes personal data in accordance with their own privacy policies and applicable data protection law.

We encourage you to review the privacy policies of these organisations using the links below.

Scouting‑Related Systems

• Online Scout Manager (OSM) – section‑level membership, programme and attendance management
  https://www.onlinescoutmanager.co.uk/security.html
• The Scout Association – Adult Membership System (Compass)
  https://www.scouts.org.uk/about-us/our-policies/privacy-policy/
• Scout Websites – website hosting, joining and contact forms
  https://www.scout-websites.com/privacy-policy/

Communication and Collaboration Platforms

• Microsoft (Microsoft 365 – email, documents and collaboration)
  https://privacy.microsoft.com/en-gb/privacystatement
• WhatsApp (Meta Platforms Inc.) – limited operational messaging between adults
  https://www.whatsapp.com/legal/privacy-policy

Design, Media and Publicity

• Canva – design of Scouting publicity materials
  https://www.canva.com/policies/privacy-policy/

Bookings, Payments and Finance

• Hallmaster – lodge and facilities booking system
  https://hallmaster.co.uk/privacy-policy/
• GoCardless – payment processing for activities and donations
  https://gocardless.com/legal/privacy/

Important Notes on Third‑Party Use

• These platforms are used only where necessary and in line with our Privacy Policy, Data Security controls, and Acceptable Use requirements.
• Sensitive Personal Data is not stored or shared on platforms that are not designed for that purpose (such as WhatsApp or Canva).
• Third‑party users, including Scout Districts, other Scout Groups, and Girlguiding units, must comply with this Privacy Policy when accessing or handling data linked to 2nd Kimberley Scout Group or Kettlebrook Lodge.
• The inclusion of these links does not reduce our responsibility as Data Controller; we remain accountable for ensuring appropriate safeguards are in place when using external systems.