Privacy Policy Who we are Our website address is: https://1stsouthgate.cdscouts.org.uk. 1st Southgate Scout Group are a registered charity with the Charity Commission of England and Wales, charity number: 305881. The Data Controller for 1st Southgate Scout Group is the Executive Committee who are appointed at an Annual General Meeting and are Charity Trustees. Being a small charity, we are not required to appoint a Data Protection Officer. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. Media If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Contact forms Any data collected by contact forms will be handled in line with the group privacy policy/notice. For more information please view the group privacy policy/notice in the Group Policies section of this website. Cookies If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. Embedded content from other websites Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. Analytics At the present time the website does not collect any analytic date. If this changes in the course of development this section will be updated with the appropriate privacy policies. Who we share your data with Any data shared by 1st Southgate Scout Group will be handled in line with the group privacy policy/notice. For more information please view the group privacy policy/notice in the Group Documents section of this website. How long we retain your data If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. Any data that is entered into the website and subsequently stored by 1st Southgate Scout Group will be handled in line with the group privacy policy/notice. For more information please view the group privacy policy/notice in the Group Documents section of this website. What rights you have over your data If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Any data that is entered into the website and subsequently stored by 1st Southgate Scout Group will be handled in line with the group privacy policy/notice. For more information please view the group privacy policy/notice in the Group Documents section of this website. Where we send your data Visitor comments may be checked through an automated spam detection service. Any data that is entered into the website and subsequently stored by 1st Southgate Scout Group will be handled in line with the group privacy policy/notice. For more information please view the group privacy policy/notice in the Group Documents section of this website. Your contact information If you have any queries relating to this privacy policy or our use of your personal data, please contact our Executive Committee Chair at [email protected] Additional information How we protect your data 1st Southgate Scout Group is committed to collecting and using data fairly and securely in line with UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA 2018). Since 2018 every adult holding a formal role in Scouting has been required to undertake training in the new General Data Protection regulation, and they undertake to only use compliant systems, online and offline depending on need, follow best practice for use, processing, security and retention. When Adults stop volunteering or change roles we undertake a process to ensure any data is no longer accessible by the retiring adult. What data breach procedures we have in place Any actual or suspected date breach will be reported to the 1st Southgate Scout Group executive committee who will act in line with UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA 2018). Website Hosting This website is hosted by Microsoft Azure in the UK South Region. Microsoft designs, builds, and operates datacenters in a way that strictly controls physical access to the areas where data is stored. Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. Layers of physical security are: Access request and approval. You must request access prior to arriving at the datacenter. You’re required to provide a valid business justification for your visit, such as compliance or auditing purposes. All requests are approved on a need-to-access basis by Microsoft employees. A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.Facility’s perimeter. When you arrive at a datacenter, you’re required to go through a well-defined access point. Typically, tall fences made of steel and concrete encompass every inch of the perimeter. There are cameras around the datacenters, with a security team monitoring their videos at all times.Building entrance. The datacenter entrance is staffed with professional security officers who have undergone rigorous training and background checks. These security officers also routinely patrol the datacenter, and monitor the videos of cameras inside the datacenter at all times.Inside the building. After you enter the building, you must pass two-factor authentication with biometrics to continue moving through the datacenter. If your identity is validated, you can enter only the portion of the datacenter that you have approved access to. You can stay there only for the duration of the time approved.Datacenter floor. You are only allowed onto the floor that you’re approved to enter. You are required to pass a full body metal detection screening. To reduce the risk of unauthorized data entering or leaving the datacenter without our knowledge, only approved devices can make their way into the datacenter floor. Additionally, video cameras monitor the front and back of every server rack. When you exit the datacenter floor, you again must pass through full body metal detection screening. To leave the datacenter, you’re required to pass through an additional security scan. Microsoft requires visitors to surrender badges upon departure from any Microsoft facility.