Effective August 1, 2021
Who We Are
Note regarding the General Data Protection Regulation (GDPR): We do not contemplate offering goods or services to individuals in the European Union except to U.S. service members and Department of Defense personnel and their families who are stationed in Europe and choose to participate in our programs through the Boy Scouts of America, Transatlantic Council based at U.S. Army Garrison Benelux in Brussels, Belgium.
To the extent we collect or process personal information of individuals in the European Union, we will do so in accordance with this policy. Should you have questions or concerns regarding your personal information, or to submit a data subject request regarding your personal information please submit a request. For further information consistent with the requirements of GDPR, please see the Region-Specific Disclosures section below.
Note regarding definitions: The following terms, as used in this policy, have the following meanings:
- “Personal information” means information that identifies (whether directly or indirectly) a particular individual, such as the individual’s name, postal address, email address, telephone number, and birth date. When anonymous information is directly or indirectly associated with personal information, the resulting information also is treated as personal information.
- “Anonymous data” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, an individual person.
- “Aggregate data” means information about groups or categories of people, which does not identify and cannot reasonably be used to identify an individual person.
What We Collect
We collect two basic types of information – personal information and anonymous data – and we may use personal information and anonymous data to create a third type of information, aggregate data. For example, we collect:
- Membership information you provide when you join the Boy Scouts of America, either as a youth member or adult volunteer, including your first name and last name, physical address, email address, phone number, birth date, and gender
- Registration information you provide when you create an account or sign up to participate in one of our events or activities, including your first name and last name, physical address, email address, username, and password, and, in some cases, health and medical information
- Transaction information you provide when you request information, purchase a product, service, or subscription from us, or make a monetary donation to us, whether on our sites or through our applications, including your postal address, telephone number and payment information
- Information about awards, advancements, recognition, and training you have received in connection with your participation in our programs
- Information you provide in public forums on our sites and applications
- Information sent by you either one-to-one or within a limited group using our message, chat, post, or similar functionality, where we are permitted by law to collect this information
- Information you provide to us when you use our sites and applications, our applications on third-party sites or platforms such as social networking sites, or link your profile on a third-party site or platform with your registration account
- Location information when you visit our sites or use our applications, including location information either provided by a mobile device interacting with one of our sites or applications (including through beacon technologies), or associated with your IP address, where we are permitted by law to process this information
- Usage, viewing and technical data, including your device identifier or IP address, when you visit our sites or use our applications, how much time you spend on our sites or using our applications, and when you open emails we send
How We Collect Information
We collect your personal information when you provide it to us while requesting or ordering products, services, or information from us, registering with us (e.g., for a program, an event, or an activity), entering a contest or promotion, subscribing to our services, participating in public forums on our sites and applications, responding to surveys, or otherwise interacting with us through our websites and applications. We collect anonymous data through technology, such as cookies, and Web beacons, that we use to operate our websites and applications. For further information about those technologies, please see the Your Controls and Choices section of this policy.
How We Use Information
Consistent with applicable law and choices and controls that may be available to you, we may use information collected from you, or from devices associated with you, to:
- Provide you with the products, services, and/or information you have requested, purchased, or won (e.g., in a contest or promotion)
- Communicate with you about your membership (or your expressed interest in membership), your account, or transactions with us and to send you information about features on our sites and applications or changes to our policies
- Manage, accommodate, and administer your needs (e.g., medical treatment, physical limitations) and choices (e.g., programming) as a participant in our events
- Deliver relevant offers and promotions for our programs, events, products, and services or those of a third party, based on your activity on our websites or applications
- Personalize content and experiences for you that reflect your choices and preferences
- Provide useful features to simplify your experience when you return to our sites and applications
- Operate, understand, optimize, develop, or improve our products, services, events, programs, communications, and operations
- Administer and enforce our policies concerning health and safety, including our Youth Protection Training requirements and our Annual Health and Medical Record requirements
- Detect, investigate, and prevent activities that may violate our policies or be illegal
Sharing Your Information with Others
We may share your personal information with our chartered local units or districts for their administrative purposes, including the proper and efficient administration of our programs and replying to members’ and volunteers’ requests for information.
We may share personal information you provided when joining one of our affinity groups (e.g., the National Eagle Scout Association, Scouting Alumni & Friends) with carefully selected providers of membership benefits, for the sole purpose of such providers communicating with you about such benefits to you. However, we do not share any lists of current or former registered members or leaders of the Boy Scouts of America or lists of Boy Scouts of America donors with any third party for its direct marketing purposes.
In addition, we may share your personal information:
- With third parties providing services for us or on our behalf, such as order and prize fulfillment, package delivery, customer service, event registration management, payment processing, financing, and advertising, marketing, or data analytics services; however, such service providers are prohibited from using your personal information for their marketing purposes or any other purpose not specified by us or required by law.
- With others associated with your Scouting unit, including approved users of our application programming interfaces (APIs), for the purposes of efficient unit administration. This might include sharing information about the awards, advancements, recognition, and training you have received in or through our programs.
- With third parties to enforce our policies and regulations, to ensure the safety and security of our members, volunteers, donors, employees and third parties, to protect our rights and property and the rights and property of our members, volunteers, donors, employees and third parties, to comply with legal process or in other cases if we believe in good faith that disclosure is required by law.
Your Controls and Choices
You always have the choice to not provide your personal information to us or change your communication choices, but consequently you may not be able to receive certain goods or services or participate in certain programs or activities. Certain communications are mandatory for all registered adult volunteers and others attending or participating in certain Scouting events, as explained below. Depending on the internet browser and device you use to interact with us, you may have the ability to control the use of certain tracking technologies through which we gather anonymous data. For further information about exercising these choices and controls, please see below.
- Mandatory Communications. If you are registered adult leader of the Boy Scouts of America, you may not choose whether to receive non-commercial notifications related to the safety and operations of Boy Scouts of America programs, such as messages about Youth Protection Training and the health and safety policies of the Boy Scouts of America, Catalina Council
- Marketing. As a matter of Boy Scouts of America policy, lists of current and former registered members and leaders of the Boy Scouts of America and lists of Boy Scouts of America donors may not be used for commercial purposes, such as selling or renting such lists to other businesses for their direct marketing purposes. We may send you offers and promotions for our products, programs, and events, or those that we think may be of interest to you, and you may opt-out or unsubscribe from such offers by either following the instructions provided in our communications to you or changing your preferences in your account.
Digital privacy is a component of Catalina Council, BSA’s commitment to youth protection and safety. As such, we do not collect the personal information of children under the age of 13 unless a child’s parent or legal guardian provides it to us through the online membership registration process or a child provides it to us to enter a contest or promotion. In any event, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), a parent may review or have deleted their child’s personal information and prohibit its further collection or use. If you have a request in relation to the personal information of your child below the age of 13, please send us a request.
For contests and promotions, we typically require only the information necessary for a child to enter, such as first name (to distinguish among family members) and his or her online contact information. We will only use the child’s online contact information to enter him or her into the contest or promotion and contact him or her once when the contest ends. If a contest or sweepstakes asks the child to submit his or her own created content with the entry and that content contains the child’s personal information, then we will either pre-screen the submission to remove any personal information or seek parental consent by email for the collection. To facilitate delivery of the contest’s prize, we may ask a child at the time of entry to also provide her or her parent or legal guardian’s online contact information, which we will only use to notify the parent or legal guardian if the child wins the contest or promotion.
Our sites and applications that are age-gated are not intended for use by children, and we do not knowingly collect personal information from children under 13 through those sites and applications. In the unlikely event we discover that we have collected personal information from a child other than as described in this section, we will either delete the information immediately or promptly seek the parent or legal guardian’s consent to use the information.
Data Security, Integrity and Retention
Comments and Questions
If you have a comment or question about this policy or our treatment of your information, you may contact us here.
Notice to California Residents: If you are a California resident, you may have certain additional rights.
California Civil Code § 1798.120 may permit you to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the California Consumer Privacy Act). As described above in this policy, we do not sell or lease our lists of Boy Scouts of America members or leaders, or of Boy Scouts of America donors, though we may share lists of those who have separately joined one of our affinity groups with carefully selected third parties for their direct marketing purposes.
If you are a member of an affinity group, you may exercise your choice to opt-out using the methods described in the Controls and Choices section of this policy or by contacting us. In addition, pursuant to California Civil Code § 1798.83, you may request information regarding the disclosure of your personal information to third parties for the third parties’ direct marketing purposes. To submit such a request, please contact us.
Furthermore, California Civil Code §§ 1798.100 and 1798.105 may permit you to make requests to access categories and specific pieces of personal information about you, as well as to request to delete personal information about you. California Business and Professions Code § 22581 permits registered users who are minors to request and obtain removal of content they have publicly posted. To submit such requests, please contact us with a detailed description of the specific content or information at issue. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
General Data Protection Regulation:
Article 13 of the General Data Protection Regulation (GDPR) requires those who collect personal information from individuals in the European Union to provide certain information to such individuals at the time their personal information is collected. In GDPR parlance, those who collect and direct the use of such personal information are referred to as “data controllers” or simply “controllers”, and such individuals are referred to as “data subjects”. The terms “processing”, “profiling”, and “recipient” are defined in Article 4 of the GDPR, as is the term “personal data”, which is analogous to the term “personal information” used in this policy. Much of the information required by Article 13 is set forth elsewhere in this policy.