6. Conditions for collecting personal data

6.1 Keeping to the law 

We must keep to the law when processing personal data. To achieve this, we have to meet at least one of the following conditions: 

  • you have to give (or have given) your permission for us to use your information for one or more specific purposes 
  • we need to process the information to meet the terms of any contract you have entered into 
  • processing the information is necessary to keep to our legal obligations as data controller 
  • processing the information is necessary to protect your vital interests 
  • processing the information is necessary for tasks in the public interest or for us as the data controller to carry out our responsibilities 
  • processing the information is necessary for our legitimate interests (see below) Also, information must be: 
  • processed fairly and lawfully 
  • collected for specified, clear and legitimate purposes 
  • adequate, relevant and limited to what is necessary 
  • accurate and, where necessary, kept up to date 
  • kept for no longer than is necessary 
  • processed securely 
  1. Information that we share 

We may have to share your personal data within appropriate levels of the Association and with local Scouting, as long as this is necessary and directly related to your role within Scouting. We do not share personal data with companies, organisations and people outside the Association, unless one of the following applies; 

6.2 All data subjects 

  • We have clear permission from you to do so. 
  • If we have to supply information to others (for example payroll providers) for processing on our behalf. We do this if we are asked and to make sure that they are keeping to the GDPR and have appropriate confidentiality and security measures in place. 
  • For safeguarding young people or for other legal reasons. 
  • We will share the personal data of youth members and their parents/guardians with The Scout Association Headquarters including for the following purposes: 
  • managing safeguarding cases. 
  • anonymous data for reporting including census information 
  • The privacy and security notice for The Scout Association can be found here: https://www.scouts.org.uk/DPPolicy. The sharing of this data will be via the Online Scout Manager platform which is used by 10th Leicester (Syston) Scout Group to manage adult and youth membership. The privacy and security notice for OSM can be found here: https://www.onlinescoutmanager.co.uk/security.html 
  • We will however share your personal information with others outside of 10th Leicester (Syston) Scout Group where we need to meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement.  We will only share your personal information to the extent needed for those purposes. 
  • We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so. 
  • We will never sell your personal information to any third party. 
  • Sometimes we may nominate a member for national / county or district awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation. 
  • Where personal data is shared with third parties, we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018 

A list of the most common third parties we share personal data with can be found below: 

3rd Party Data Category Purpose 
Atlantic Data Personal and Special Disclosure management services 
Disclosure and Barring Service Personal and Special Criminal records check (England and Wales) 
Police Personal and Special Police information requests 
Online Scout Manager (OSM) Personal and Special Member management system 
Microsoft Personal and Special Data storage and email. Teams, SharePoint, Exchange etc