Privacy & Terms

HGAS and The Scout Association take the issue of privacy very seriously and are committed to protecting and respecting our users' privacy.

The UK stopped being a member of the European Union (EU) on 31 January 2020, when the UK Data Protection legislation effectively replaced the GDPR. The Data Protection Act 2018, also known as the UK-GDPR has been implemented into UK law and remains in line with the European GDPR requirements. The GDPR is the General Data Protection Regulation (EU) 2016/679, the data protection legislation that applies to most UK businesses and organisations. The Data Protection Act 2018 is the UK’s implementation of the GDPR, which also forms part of UK law.

This Data Privacy Notice describes the categories of personal data 20th Stourbridge (Halfpenny Green) Air Scouts, known as HGAS, process and for what purposes. HGAS are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

This Privacy Notice applies to members, parents or guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with HGAS.

HGAS is a registered charity with the Charity Commission for England & Wales (Charity number 1042613). The Data Controller for HGAS is the Executive Committee who are appointed at an Annual General Meeting and are Charity Trustees. The Chair of the Charity Trustees is Adrian Perry,

Being a small charity, we are not required to appoint a Data Protection Officer.

Data Processing

HGAS appreciates the sensitive nature of the data which it holds and processes on behalf of Beavers, Cubs, Scouts, Explorers, their families, leaders and volunteers. As both a Data Controller and Data Processor, we take our responsibilities towards our Data Subjects very seriously.

  • As a Data Controller, HGAS only collects data for specified purposes. The intended uses of the data will be explicit and lawful.
  • As a Data Controller, we ensure that the data collected is:
    • Adequate, relevant and not excessive.
    • Accurate and kept up-to-date.
    • Not kept longer than is appropriate or necessary for the purposes for which it is being processed.
    • Appropriate technical and physical measures will be taken to prevent the unauthorised access, accidental loss, destruction or damage to data and any unauthorised disclosure or processing.


Most of the personal information we hold is provided to us directly by the parents or legal guardians of youth members verbally, or in paper or digital form. In the case of adult members and volunteers, data may also be provided by third parties, such as the Disclosure and Barring Service (DBS). Where a member is under the age of 18, this information is only obtained from a parent or guardian and cannot be provided by the young person.

Data Subjects

  • Beavers.
  • Cubs.
  • Scouts.
  • Explorer.
  • Leaders.
  • Members of the Executive Committee.
  • Volunteers.
  • The families of our young people.
  • Prospective members.
  • Contractors and suppliers.
  • Supporters.

Lawful Basis

The lawful basis for processing is legitimate interest for the personal data of our youth members and through the performance of a contract for the personal data of our adult volunteers.

We use personal data for the following purposes:

  • To provide information about Scout meetings, activities, training courses and events to our members and other volunteers in HGAS.
  • To provide a voluntary service for the benefit of the public, as specified in the HGAS Constitution.
  • To administer membership records.
  • To fundraise and promote the interests of Scouting.
  • To manage our volunteers.
  • To maintain our own accounts and records (including the processing of gift aid applications).
  • To inform you of news, events, activities and services being run or attended by HGAS.
  • To ensure and evidence your suitability if volunteering for a role in Scouting.
  • To contact your next of kin in the event of an emergency.
  • To ensure you have and maintain the correct qualifications and skills.

Storing Personal Data

Online Scout Manager (OSM) is an online software platform designed for Scouting leaders to manage all administrative tasks that can be accessed on a tablet or mobile device. It requires a username and password to access the site. The site is safe, secure and GDPR compliant. All data is stored within the UK.

It allows a leader to:

  • Organise records and correspondence securely. Maintain records on the young people involved in the Group, including progress and badges earned.
  • Record payments for events and subscriptions.
  • Communicate securely with the Group members, including parents.
  • Plan programmes and activities.
  • Manage the Attendance Register.
  • Maintain the waiting list.


Details of our young people are maintained on Online Scout Manager and kept for as long as the young person belongs to the Group or wishes to join. The details of each young person are checked for accuracy when they move from one section to the next. Once a young person leaves the Group, their records are deleted from Online Scout Manager and any paper forms, such as consent forms, securely destroyed.

Personal Information

The personal information that stored about each young person includes:

  • Personal contact details such as name, address, telephone numbers and personal email addresses – so that we can contact you.
  • Date of birth – so that young people are in the correct section for their age and adults are old enough to take on an appointment with Scouting.
  • Gender – so that we can address individuals correctly and accommodate specific needs.
  • Contact details for parent or guardian – so that we may communicate with them or contact them in an emergency.
  • Bank account details and tax status information – for subscriptions and Gift Aid purposes.
  • Health records – to enable us to make suitable arrangements.
  • Permission to take and display photographs for use in Scouting promotional and publicity material.


All of our Leaders, members of the Executive Committee and volunteers are subject to a standard Disclosure and Barring Service (DBS) check when they join HGAS. Everyone must undertake the mandatory Scout Association training for their position, including safeguarding, safety and GDPR. Training records are maintained on Online Scout Manager. Personal details of our adult participants include:

  • Contact details such as name, address and telephone numbers - so that we can contact you.
  • Training records - to track progress.
  • Government identification numbers – to process volunteer criminal record checks.


If we are going to camp, the leader needs to know more information about the young person. The information will be securely destroyed once the event has finished. The details requested are:

  • National Health Service number.
  • Date of last tetanus injection.
  • Parent/guardian address and contact details for the duration of the camp.
  • Showering/bathing abilities.
  • Details of family doctor and contact details.
  • Permissions for minor first aid treatment.
  • Recent infectious diseases.
  • Known allergies/sensitivities/disabilities and details of known precautions or remedies (e.g. penicillin, food colourings, travel sickness, bed-wetting, asthma, nut allergies, etc.).
  • Details of medicines/diets/treatments currently being used, including dosage and frequency details.
  • Permission to take and display photographs for use in Scouting promotional and publicity material.


If a young person is going flying, the leader needs to know more information about the young person. The information will be securely destroyed once the event has finished. The details requested are:

  • Emergency contact name, relationship to participant, address and contact details.
  • Details of family doctor and contact details.
  • Date of last tetanus injection.
  • Known allergies.
  • Special medical needs.
  • Special treatment in case of an injury.
  • Details of current medical treatment.
  • Details of fainting, travel sickness, vertigo, pains, breathlessness or disability.
  • Permission to take and display photographs for use in Scouting promotional and publicity material.

Special Information

We may collect sensitive religious and ethnic information about our young people and adult volunteers so that we can make any special arrangements that may be required. The information may also be used for equal opportunity monitoring and reporting purposes for ourselves, West Mercia Scouts and the Scout Association. This information would never be disclosed to any third party and would only be used in an anonymised format, with no personally identifiable data attached.

Explicit consent is requested from parents or guardians to take photographs of our members. On occasion, we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their Data Subject rights.

The Scout Association

The Scout Association’s Data Protection Policy can be found here and the Privacy Policy here.

Attendance Register

At every meeting or event, the leader in charge is obliged for safety reasons to take a register of those attending the session. Attendance is recorded immediately and securely in Online Scout Manager.


Communications with parents and young people are handled through Online Scout Manager in line with the GDPR regulations.

Data Sharing

Young People and Other Data Subjects

We normally only share personal information with adult volunteers holding an appointment in HGAS.

We will share the personal data of youth members and their parents or guardians with The Scout Association Headquarters for the purpose of managing safeguarding cases.

Data is shared using the Online Scout Manager platform which is used by HGAS to manage youth membership. The privacy and security notice for OSM can be found here.


Adult Volunteers

We normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for HGAS as well as with The Scout Association Headquarters, as Data Controllers in common.


All Data Subjects

Your personal information will be shared with others outside of HGAS where we need to meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes.

We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.

We will never sell your personal information to any third party.

Sometimes we may nominate a member for national awards, such as Scouting awards or Duke of Edinburgh awards. Nominations would require us to provide contact details to that organisation.

Where personal data is shared with third parties, we seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.

Rights Under the GDPR

Data Subjects have the right to object to how HGAS process their personal information. You also have the right to access, correct, sometimes delete and restrict the personal information used by us. In addition, you have a right to complain to us and to the Information Commissioner’s Office (ICO).

Unless subject to an exemption under the GDPR and DPA 2018, a Data Subject has the following rights with respect to their personal data. The request must be made in writing to either a section leader, the Group Scout Leader or a member of the Executive Committee, or using the Contact Form on the website.


Right To Be Informed

A Data Subject has the right to know how their data will be used by HGAS.


Subject Access Request

In the event that a member or parent or guardian asks for their data to be deleted, updated or disclosed, the Data Controller has 30 days to complete the request, if it is not deemed excessive. The Data Subject must explain the scope of the request in the submission and allow for their identity to be verified.

The Executive Committee will discover all instances where personal information regarding the Data Subject is recorded (Online Scout Manager, paper records, etc.) and keep records of the request. Confidential information or details of any third party in the information about the Data Subject will be omitted or redacted, or consent will be obtained for disclosure from the third party.

If the requested data falls under one of the following exemptions, it does not have to be provided:

  • Crime prevention and detection.
  • Negotiations with the requester.
  • Information used for research, historical or statistical purposes.
  • Information covered by legal professional privilege.
  • The Executive Committee will respond to the Data Subject by email, if an email address has been supplied, or in writing where it has not.


Right To Rectification

An individual, the Data Subject, has the right to request that incorrect or missing information is updated.


Right To Be Forgotten

The individual, the Data Subject, has the right to request to request that all information held by HGAS on them and their family, including photographs, must be erased. There are some exceptions, for example, some information will be held by The Scout Association for legal reasons.


Right To Restrict Processing

If a Data Subject thinks that HGAS are not processing their data in line with our privacy notice then they have the right to restrict any further use of that data until the issue is resolved.


Right To Data Portability

A Data Subject can ask HGAS to export their personal data. The information will be provided in a way that can be read digitally, such as a pdf.


Right To Object

A Data Subject can object to the way in which their data is being used.


Automated Decision Making and Profiling

This right protects the Data Subject in cases where decisions are being made about them based entirely on automated processes rather than a human input. HGAS do not use automated decision making or profiling systems.

Data Breach

In the event of a breach, via malicious means or through accidental disclosure, the Data Controller is legally obligated to do the following:

  • Remediate the breach.
  • Report the breach to the Data Subject if deemed severe enough.
  • Report the breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, if it is deemed serious enough.

The event of a breach will be reviewed by the Executive Committee once the immediate incident has been resolved to consider follow-up actions and remediations to prevent such a breach happening again.

Website Cookies

Forms-related Cookies

Cookies may be set to remember your contact details for future correspondence when you submit data through a form such as those found on our contact page.

Third Party Cookies

In some special cases, we also use cookies provided by trusted third parties. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.


Please use the Contact Form on the website if you have any queries relating to this Privacy Notice or use of your personal data.