Data Protection Policy
1.1 The purpose of this Policy is to lay out how data is used, managed and stored for the purpose of implementing JOTA-JOTI.
1.2 Jamboree On The Air - Jamboree On The Internet (JOTA-JOTI) is the largest of WOSMs events and involves over a million participants who take part at thousands of locations around the world.
1.3 JOTA-JOTI is co-ordinated by the World JOTA-JOTI Team (WJJT); a group of volunteers supported by World Scout Bureau (WSB) staff, consultants, Member Organizations, and affiliates of WOSM.
1.5 All data received from Data Subjects to support JOTA-JOTI is processed, shared and used by the WJJT. Data Subject is a natural person who can be identified, directly or indirectly, via an identifier such as name, identification number, email address, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
1.6 The legal entity for WOSM, and thus the Data Controller for the personal data held for JOTA-JOTI, is the World Scout Bureau, an Association registered under Swiss law, in Switzerland. Processing of JOTA-JOTI data accordingly must comply with Swiss Federal Data Protection Act (DPA) and other relevant data protection laws.
2. Data Held
2.1 A registration / sign up system which includes the collection of Personal Data is used to assist with the administration, management and evaluation of JOTA-JOTI event.
2.2 Personal Data being held includes any information related to a natural person that can be used to directly or indirectly identify the person. The JOTA-JOTI platform collects the following Personal Data: username, name, email address, password, cookies, country, photo (optional), associated NSO (required for certain functions), Scouting interest or history (optional), title (optional), preferred primary platform language (optional), known language (optional), location on google map (optional).
2.3 The Personal Data held is submitted for groups and individuals that are part of Member Organisations (MOs) of WOSM and the World Association of Girl Guides and Girl Scouts (WAGGGS).
3. How data is held
3.1 Personal data is held in a variety of methods including a database maintained on WSB controlled server and Mailchimp mailing list(s). Data is held on WSB owned computers and devices as well as on those of WJJT.
3.2 Personal Data must be held securely. This means that data files must be password protected.
5. Data Sharing
5.1 All data is shared within WJJT.
5.2 Member Organizations may request extracts from the JOTA-JOTI database relevant to their country / NSO. Data will only be provided to the official contact of the requesting Member Organization. The official contact will receive data only relevant to their country / NSO and will not receive a full set of all data held.
5.3 Personal Data shared must be shared securely over SmartSheet limited information be given within WJJT members.
5.4 When data is sent to the official contact, the recipient must be advised:
This data has been provided to you as an authorised representative of your National Scout Organization (NSO). The data was provided to the World Organization of the Scout Movement for the sole purpose of the administration, management and evaluation of JOTA JOTI; the data can only be used by you and your NSO for the same purpose. The personal data must be processed and stored in accordance with the Policies and requirements of your NSO. You are now responsible for the safe storage of the data and for its secure deletion when it is no longer needed for the administration, management and evaluation of JOTA-JOTI.
6. Security Breach
6.1 In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the WSB shall promptly assess the risk to people's rights and freedoms and, if appropriate, report this breach to the supervisory authority.
6.2 Upon discovering a data breach, the WJJT member must:
- Report the data breach to firstname.lastname@example.org immediately so that the situation can be assessed and remedied.
- In the email, the WJJT member should disclose all known facts surrounding the incident and provide any recommendations (if able)
- The WJJT member will liaise directly with the WSB and will act on the matter only if instructed.
- The WSB will liaise with the relevant authorities as and when necessary.