Who we are
Our Scout Group, 2nd Penrith Scout Group, is a youth charity. Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society. We are incorporated by royal charter and are regulated as a member of The Scout Association, (see www.scouts.org.uk for more information.) We are registered with the UK Charity Commission, number 503217.
We are based at The Scout Hut, Folly Lane, Penrith, Cumbria CA11 8BT.
Our Group Executive Committee is the data controller for the information we collect from you. Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders.
Our website address is: https://2ndpenrithscouts.org.uk.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Should you choose to contact us using the contact form on our Contact us page, Join us page or an email link we will collect personal data from you. Personal data we collect on forms include yours (and/or your child’s) name, date of birth, address, telephone number and email address.
This data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
We use Office365 hosted within the European Economic Area to provide our email services.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Like most websites, this site uses Google Analytics (GA) and Jetpack (Automatic) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
Disabling cookies on your internet browser will stop GA and Jetpack from tracking any part of your visit to pages within this website.
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. Administrators can access all information provided.
Administrators, Shop Managers, Treasurers and volunteers who order items for the Group, can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
Who we share your data with
We share information with third parties who help us provide our orders and store services to you:
- We will share your order information with our clothing supplier; Sam Scotts of Penrith (as of 2018)
- We will process personal data for new members using Online Scout Manager and share this data with The Scout Association (UK).
We accept payments through GoCardless. When processing payments, some of your data will be passed to GoCardless, including information required to process or support the payment, such as the purchase total and billing information.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service, our email servers hosted with Office365 and Online Scout Manager.
How we protect your data
We use Office 365 for email accounts and Office 365, Online Scout Manager and TSOHost for storage of personal data. All email addresses using @2ndpenrithscouts.org.uk are covered by this service.
Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. They believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. They are committed to GDPR compliance across their cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in their contractual commitments.
This website is hosted by TSOHost within a UK data centre located just outside London, in Slough.
Located in the same facility as their UK office, their 9,300 sq ft data hall uses 3m perimeter fencing, 25+ CCTV cameras, 24×7 personnel and electronic access control systems to safeguard their data hall from unauthorised access.
What data breach procedures we have in place
A breach is defined as any event which “leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”. If a breach occurs, our Data Protection Lead will be immediately informed firstname.lastname@example.org
Our Data Protection Lead will need to consider if the breach is likely to “result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage”. If it does, the ICO should be informed within 72 hours of the breach occurring.
If the breach results in a high risk to the rights of the individuals involved, they should also be informed directly.
Disclosure of data by order of a Court and Security
We reserve the right to communicate a Member’s personal information as we hold to third parties who are empowered by regulation, statute or order of a court.
We have security measures in place to protect our customer database. Access to this database is restricted internally. However, it remains each Member’s responsibility:
- to keep their password secret
- to protect against unauthorised access to your personal details
- to log off from the service when not using it; and
- to search and obtain only the data specifically required and allowed for relating to their role.
Due to our size and charitable status, we are exempt from appointing a data protection office however if you have any questions regarding our policy above, please us our Contact Us page to contact us.