Website Privacy Notice

Who we are

Our Scout Group, 2nd Penrith Scout Group, is a youth charity. Our mission is to actively engage and support young people in their personal development, empowering them to make a positive contribution to society. We are incorporated by royal charter and are regulated as a member of The Scout Association, (see www.scouts.org.uk for more information.) We are registered with the UK Charity Commission, number 503217.

We are based at The Scout Hut, Folly Lane, Penrith, Cumbria CA11 8BT. 

Our Group Executive Committee is the data controller for the information we collect from you. Any personal data that we collect will only be in relation to the work we do with our members and through our relationship with supporters, donors and funders.

Our website address is: https://2ndpenrithscouts.org.uk.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Should you choose to contact us using the contact form on our Contact us page, Join us page or an email link we will collect personal data from you. Personal data we collect on forms include yours (and/or your child’s) name, date of birth, address, telephone number and email address.

This data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.

We use Office365 hosted within the European Economic Area to provide our email services.

We will also store the data on our online management system; Online Scout Manager. You can access their Privacy Policy at: https://www.onlinescoutmanager.co.uk/security.html

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Facebook Feed WD Plugin: This website makes use of Facebook API to receive public data for facebook feed. You may request us to delete your Facebook data if it is accidentally cached in your website database with feed data. Facebook will load content which may track visitors. Facebook embeds are regulated under terms of Facebook Privacy Policy

Analytics

Like most websites, this site uses Google Analytics (GA) and Jetpack (Automatic) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.

GA makes use of cookies, details of which can be found on Google’s developer guides. Our website uses the analytics.js implementation of GA.

Disabling cookies on your internet browser will stop GA and Jetpack from tracking any part of your visit to pages within this website.

WooCommerce

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. Administrators can access all information provided.

Administrators, Shop Managers, Treasurers and volunteers who order items for the Group, can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

Who we share your data with

We share information with third parties who help us provide our orders and store services to you:

  • We will share your order information with our clothing supplier; Sam Scotts of Penrith (as of 2018)
  • We will process personal data for new members using Online Scout Manager and share this data with The Scout Association (UK).

Payments

We accept payments through GoCardless. When processing payments, some of your data will be passed to GoCardless, including information required to process or support the payment, such as the purchase total and billing information.

Please see the GoCardless Privacy Policy for more details.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service, our email servers hosted with Office365 and Online Scout Manager.

How we protect your data

Email Systems

We use Office 365 for email accounts and Office 365, Online Scout Manager and TSOHost for storage of personal data. All email addresses using @2ndpenrithscouts.org.uk are covered by this service.

Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. They believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. They are committed to GDPR compliance across their cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in their contractual commitments.

Website Hosting

This website is hosted by TSOHost within a UK data centre located just outside London, in Slough.

Located in the same facility as their UK office, their 9,300 sq ft data hall uses 3m perimeter fencing, 25+ CCTV cameras, 24×7 personnel and electronic access control systems to safeguard their data hall from unauthorised access.

What data breach procedures we have in place

A breach is defined as any event which “leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”. If a breach occurs, our Data Protection Lead will be immediately informed groupleader@2ndpenrithscouts.org.uk

Our Data Protection Lead  will need to consider if the breach is likely to “result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage”. If it does, the ICO should be informed within 72 hours of the breach occurring.

If the breach results in a high risk to the rights of the individuals involved, they should also be informed directly.

Disclosure of data by order of a Court and Security

We reserve the right to communicate a Member’s personal information as we hold to third parties who are empowered by regulation, statute or order of a court.

We have security measures in place to protect our customer database. Access to this database is restricted internally. However, it remains each Member’s responsibility:

  • to keep their password secret
  • to protect against unauthorised access to your personal details
  • to log off from the service when not using it; and
  • to search and obtain only the data specifically required and allowed for relating to their role.

Due to our size and charitable status, we are exempt from appointing a data protection office however if you have any questions regarding our policy above, please us our Contact Us page to contact us.

Cookie Policy

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers