Privacy and Cookies Policy
Introduction
The Southend Duke of Edinburgh Open Group (hereafter referred to as the "Open Group", "we", "us" or "our") recognises that your privacy is important and is committed to protecting it. This Privacy Policy explains what personal information we process about you, how we use your personal information, and your rights regarding the personal information we hold about you.
This privacy policy applies to personal information we process as a data controller when you enrol and undertake the Duke of Edinburgh award with us and when you use our web sites.
It does not apply to any information that is stored in eDofE. eDofE is owned by the Duke of Edinburgh organisation and they are the data controller for that. Please see their Privacy Policy for further information on how they process your personal information.
How to contact us about this Privacy Policy
You can contact us about this Privacy Policy via the Contact Us page on our website. Alternatively, if you are already in contact with one of our Leaders you can ask them any questions you may have.
Contents
Personal information we process and what we use it for
Who do we share your personal data with?
How long do we keep your information for?
Consequences of not providing us with your personal data
Personal information we process and what we use it for
Enrolling with us
When you enrol with us we ask you to complete our “Participant Enrolment Form” which collects:
· Personal details (name, email address, contact telephone number and date of birth). We input your name, email address and date of birth into eDofE to create your user account. We also keep your name, email address and telephone number in our own records so we can contact you about training, expeditions and anything else to do with your award.
· Enrolment level and previous DofE experience. We collect this information in order to enrol you at the correct level (bronze/silver/gold) and to ensure that you have completed any previous levels before graduating to the next level.
· Emergency Point of contact details (name, relationship, telephone number, email). We keep this information in our own records so we are able to contact your emergency point of contact in an emergency situation. We have a legitimate interest in being able to communicate with your parent or guardian in the event of an emergency.
· Disability information. The Equalities Act 2010 places a legal obligation on us to make reasonable adjustments for people with disabilities so they can access our services. Consequently, we ask for the details of any disabilities you may have when you enrol.
· Medical information. We have a duty of care for all participants when they attend our training evenings / events and expeditions. We ask you to provide details of any relevant medical conditions you may have to enable us to administer appropriate first aid or inform the emergency services of any relevant medical conditions in the event of a medical emergency. We rely on your explicit consent for this.
Attending our training evenings and events
We maintain attendance registers for all of our training evenings and events. We have a legitimate interest in monitoring attendance at training evenings and events to ensure participants have undertaken the necessary training for their expeditions.
We hold our meetings at the Southend Borough Council Civic Centre. The Council operates a CCTV system at the Civic Centre details of which can be found on their website.
Going on expedition with us
We do not collect any new information from you when we you go on expedition with us. However, we will ask you to confirm that the emergency point of contact and medical details you provided when you enrolled are still up-to-date.
On expedition we make take photos and videos for use on our website and in our promotional material. Please note that we will only do this where you have given your consent.
Social media and marketing
Our social media sites i.e. Facebook and Instagram, are private sites. In other words, you can only access these sites if you proactively request to follow them and we approve your request. We use our social media sites to publicise the group. This may include the publication of new blog posts or other content on our websites, details on any offers or promotions we may run, updates to key policies (such as this one). By requesting access to our private sites, you are giving your consent for us to process your personal data in those ways. We may also publish photos from training events or expeditions on our social media sites but only where we have the consent of all those in the photograph.
We may also market our services to you via email but only where we have your consent. For example, we may obtain your contact details from your school or college where they have specifically asked you if you would like to hear form us. If you have completed an award with us previously, we may also contact you about moving on to the other levels.
You can always withdraw your consent by unfollowing our social media sites or by asking us to remove you.
Information our website collects from you
This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:
· Information about your browser, network and device
· Web pages you visited prior to coming to this website
· Your IP address
Squarespace needs this data to run our website, and to protect and improve its platform and services. Squarespace analyses the data in a de-personalized form.
Cookies
The Open Group website only uses cookies that are essential for the running of the site and that allow Squarespace, our hosting platform, to securely serve the website to you.
Squarespace provides a list of these essential cookies. However, as our website is not an ecommerce site and does not require users to log in, the only cookie we use is functional and required "crumb" cookie.
Squarespace does enable us to use analytics and performance cookies to view site traffic, activity, and other data however, at present, these cookies are disabled on our website.
We do not require your consent for essential cookies and as such you will not see a cookie consent banner on our website.
Automated Decision-making and profiling
The Open Group does not conduct any automated decision-making or profiling activities.
Who we share your personal data with
The Duke of Edinburgh Organisation. The Open Group delivers the Duke of Edinburgh award on behalf of the Duke of Edinburgh organisation. As part of this The Open Group creates eDofE user accounts for all participants and in order to do this must share some of your personal information with the Duke of Edinburgh organisation.
Other participants. The Open Group encourages participants to communicate with each other outside of the training evenings. In order to facilitate this we may set up a Whatsapp group or share email addresses with other participants. We will always ask you for your consent first.
Third party service providers. In order to provide our services, we may use IT systems, such as email and cloud storage, which are provided to us by other organisations. We have contracts in place with them to ensure that they cannot do anything with your personal information unless we have instructed them. They will not share your personal information with any other organisations and will hold it securely and retain it for the period we instruct.
Southend Borough Council. The Open group operates under Southend Borough Council’s DofE licence. We may therefore share some of your personal information for insurance and record keeping purposes.
Legal and other. We may also share your data with third parties:
(a) if we are under a legal or regulatory duty to do so
(b) if it is necessary to do so to enforce our terms and conditions or other contractual rights
(c) to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity
(d) where such disclosure is necessary to protect the safety or security of any persons i.e. with the emergency services and/or
(e) otherwise as permitted under applicable law.
International data transfers
The Open Group is based in the UK but sometimes your personal information may be transferred outside of the European Economic Area (EEA). For example, some of our third-party suppliers are located outside of the EEA. Where we do transfer your personal data outside of the EEA, we make sure that we put appropriate safeguards in place, for example by using approved contractual agreements or by obtaining your explicit consent for the transfer.
How long do we keep your information for?
Your information is stored on eDofE in the first place and the Duke of Edinburgh organisation's Privacy Policy explains how long the system retains your data for.
Sometimes the Open Group has to store your data outside of eDofE i.e. copies of emergency contact or medical information, your contact details and attendance records. Typically, we only retain this information for the duration of your DofE award.
Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.
Your Rights
You have certain rights in relation to your personal information. If you wish to exercise any of the following rights please contact us.
• Right of access. You have the right to access the data that we hold on you. Please bear in mind that most of the information we process is available to you on eDofE.
• Right to rectification. You can request that we update any of your personal information, which is out of date or incorrect. If the information in question is on eDofE then we will not be able to change or remove it. You are able to update your information on eDofE and it is your responsibility to ensure the data is up to date. However we can update our own records.
• Right to erasure: In some circumstances you can ask for your personal information to be deleted. You should be aware however that this is not an absolute right and there are situations where legally, we will not be able to comply with your request. If we cannot comply with your request, we will clearly explain our reasons.
• Right to object. You can object to our processing of your personal information where we do so in our legitimate interests. If you do object, you should provide specific reasons why you are objecting to the processing of your data. You should be aware that this is not an absolute right, and we can continue processing if we can demonstrate compelling legitimate grounds for the processing or if the processing is for the establishment, exercise or defence of legal claims. If we cannot comply with your request, we will clearly explain our reasons.
• Right to restrict processing. In some circumstances, you have the right to ask us to restrict the processing of your personal data. This may be because you have issues with the content or accuracy of the information we hold and want us to restrict processing whilst these issues are addressed. Where we comply with these requests, we will always inform you before lifting the restriction.
• Consent withdrawal. Where you have given your consent for us to process your personal data for a specific purpose, you have the right to withdraw your consent at any time.
Consequences of not providing us with your personal data
You are not obliged to provide your personal data to us however you should be aware that if you choose not to we may not be able to provide the services you have requested from us. For example, if you do not provide information about any disabilities or medical conditions then we will not be able to make any necessary adjustments to cater for those needs. In some cases, withholding information may result in us deciding not to enrol you as a participant. For example, this may be the case if you withhold the contact details of an emergency point of contact.
Changes to this policy
As the Open Group changes, this Privacy Policy is expected to change as well. We reserve the right to amend this Privacy Policy at any time, for any reason. When we do update it we will contact relevant data subjects and update the Privacy Policy on our websites. You should check our website frequently to see the current Privacy Policy that is in effect and any changes that may have been made to it.
More information & Complaints
Should you have any questions regarding this Privacy Policy or if you wish to make a complaint about how we process your personal information, please contact us.
You are also able to make a complaint to the Information Commissioner’s Office (ICO) if you think your data protection rights have been breached in any way by us. You can do this by contacting the ICO at:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit the ICO website or email casework@ico.org.uk.
Document Metadata
Document Ref: Privacy and Cookies Policy
Version: 1.0
Date of Version: 16/09/2019
Author: Joe Levey
Approved by: Carol Parker