Privacy

v4.0 – 22 July 2025

Scouting is all about experiences, learning and growing. The World Organization of the Scout Movement (WOSM) is committed to creating the right and safe conditions for scouting. In doing so, WOSM contributes to the development of young people in achieving their full physical, intellectual, emotional, social, and spiritual potentials as individuals, responsible citizens, and members of their local, national, and international communities. To further this purpose and to protect the privacy of our Scouts, our leaders and affiliates worldwide, the World Scout Bureau (WSB) takes the data privacy of everyone affiliated with WOSM very seriously.

 

Scope 

This General Privacy Policy applies to the collection, processing, storage or sharing of all personal data by or on behalf of WOSM, regardless of the medium used, including all WOSM-operated digital platforms, including websites, mobile applications and official social media accounts.

Specific processing of personal data, such as processing operations related to human resources, is governed by specific covenants.

 

Privacy as a human right

Privacy is a human right. Each person has the right to be left alone, to develop himself/herself within the proper private life, and to keep others from mingling in such private life. Data protection is a legal exception to the general human right to privacy. Otherwise, data processing would not be possible.

 

Compliance with data protection legislation

At WOSM, we collect, process, and store personal data to support our activities. In doing so, we observe the relevant privacy legislation, more specifically, the European General Data Protection Regulation 2016/679 of April 27th 2016. Depending on your specific situation, other legal frameworks may apply, such as the Swiss Federal Act on Data Protection of September 25th 2020 (FADP) and the UK GDPR.

When transferring personal data across borders, WOSM ensures appropriate safeguards are in place. These may include reliance on adequacy decisions where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised mechanisms to ensure the security and lawfulness of data transfers. Additionally, we implement technical and organisational measures to safeguard data against unauthorised access or misuse.

WOSM has entered into proper covenants, binding WSB staff, volunteers, affiliates, and third parties, and has performed certain processing operations on behalf of WOSM.

 

This Privacy Policy

This General Privacy Policy gives you thorough transparency on our processing of your personal data. We invite you to carefully read this document, as it contains valuable information on who we are, what personal data we hold, why we are processing your personal data, on which legal grounds we base our processing operations, and to whom we are transferring it. We also inform you of your rights as a data subject and the ways and means to invoke your rights.

We may occasionally amend our General Privacy Policy to reflect changes in legal requirements, organisational practices, or technological advancements. When we make significant changes to subscription services or processing based on prior consent, we will notify you through appropriate channels, such as email, website announcements, or other direct communications, to ensure you remain informed about how we process your personal data and, if applicable, to ask you for your renewed consent. We encourage you to review this policy periodically to stay updated on our data protection practices. 

Please look at the current General Privacy Policy's version and date. For the version history, refer to the top of this page. 

 

Data Controller

The Data Controller of the processing operations stated in this General Privacy Policy is:

            World Organization for the Scout Movement

            Represented by the World Scout Bureau Association 

            Rue Henri-Christiné 5 

            CH-1211 Geneva 4 Plainpalais 

            Switzerland 

            Geneva Registry of Commerce Registration No. CH-660.0.195.970-0

 

The present General Privacy Policy applies to all processing operations for which WOSM has determined the means and purposes. These terms do not apply to those processing operations for which WOSM operates as a processor.

 

Protection of Personal Data

WOSM takes all reasonable precautions regarding how your personal data is collected, stored, processed, and managed so that you may enjoy the services provided to you without your personal data being compromised. 

By providing your personal information to WOSM in whatever capacity, you can rest assured that security measures are in place and operational standards are being adhered to so that your personal data is kept safe and that they are only used for the purposes for which it was intended.

Your personal data is always treated in accordance with the applicable privacy regulations. Processing of personal data is limited to the intended objective. Access to your personal data is also limited to personnel on a need-to-know basis. We may share your data with independent service providers acting as a “processor”.

WOSM engages trusted third-party service providers (data processors) for specific data-processing activities. 

Examples of processors include:

  • Cloud storage and hosting providers
  • Newsletter/email distribution services
  • Recruitment services/platform and selection consultants
  • Event management service providers

All processors are contractually bound by strict Data Processing Agreements (DPAs) in compliance with art. 28 GDPR, ensuring data security, confidentiality, and compliance with applicable data protection regulations. Despite all WOSM’s efforts to ensure an appropriate level of security, incidents may happen. 

Certain incidents may be identified as data breaches, compromising the confidentiality, integrity, and/or availability of personal data. WOSM has adopted procedures to handle these incidents to ensure that data breaches are duly notified and that data subjects are informed if their rights and liberties are at risk due to the incident. 

Unless specifically stated otherwise, your personal data will not be disclosed to third parties and will not be used for direct marketing unless you have agreed to this yourself via an 'opt-in'. 

 

Data Protection Officer

WOSM has appointed a Data Protection Officer who supports a privacy-friendly policy at WOSM and guides us in complying with the data protection legislation.

If you have any questions, remarks or complaints about your privacy and our processing of your personal data, you may contact our DPO at: dpo@scout.org. Our Data Protection Officer typically responds within one month, subject to the complexity of your request.

 

Data, Purpose, Legal Basis, Transfer and Retention Time

As a data subject, your personal data may be involved in one or more processing operations conducted by WOSM. For each operation, we provide full transparency regarding:

  • The categories of data processed.

  • The specific purposes for which the data is being processed.

  • The legal basis for processing.

  • The recipients or categories of recipients with whom the data may be shared.

  • Any data transfers to third-party recipients, including applicable safeguards when those transfers would be international (e.g., SCCs, adequacy decisions).

  • The retention period applies to each processing operation or the criteria used to determine it.

Where personal data is transferred internationally outside the European Economic Area (EEA), the United Kingdom, or Switzerland, WOSM applies appropriate transfer mechanisms to ensure consistent data protection. These include:

  • Adequacy decisions (EU GDPR Art. 45, UK GDPR Art. 45, FADP Art. 16)
  • Standard Contractual Clauses (SCCs) approved by the European Commission, the Swiss FDPIC, or the UK ICO (EU GDPR Art. 46, FADP Art. 16, UK GDPR Art. 46)

  • Other legally recognised safeguards, where appropriate.

     

  1. As our visitor when visiting our websites:

Whenever you visit our website, our servers automatically collect certain technical information and metadata from your device. 

Data: Data collected may include

  • IP address
  • Device type (e.g., desktop, smartphone, tablet)
  • Operating system (e.g., Windows, iOS, Android)
  • Browser type and version (e.g., Chrome, Firefox, Safari)
  • Geolocation information (based on IP address)
  • Device identifiers, such as the IMEI number (only if accessing via a cellular-connected mobile device)

Purpose:

  • To present the website correctly and optimally on your device
  • To ensure a secure and stable connection with your device
  • To adapt website content based on approximate geographic location
  • To maintain overall website security and functionality

Legal basis: Our legitimate interest in ensuring the security, functionality, and optimal presentation of our website (Art. 6.1.f GDPR, UK GDPR Art. 6.1.f, FADP Art. 31).

Transfer: Your personal data collected through website visits is not transferred to third parties.

Retention: Data collected during your visit (session data) is retained only for the duration of your browsing session and deleted or anonymised immediately afterwards.

For session-based data, retention is limited to the duration of the session. For other types of personal data, WOSM follows a retention review mechanism, as stated in the WOSM Retention Policy, ensuring that data is periodically assessed and securely deleted or anonymised when no longer needed.

Data retention periods are determined based on legal, contractual, and operational requirements. Where applicable, we apply predefined retention schedules and conduct regular reviews to prevent unnecessary data storage. 

Our website also uses cookies and similar technologies. For more information, we refer to our <Cookie Policy>.

 

  • As our visitor when visiting us in person:

Whenever you decide to visit us in person, we keep track of you as our visitor for security reasons.

Data: Name, contact details, WOSM staff member(s) you are visiting, date of visit, time in and time out.

Purpose: Keeping track of third parties visiting our offices and premises for security purposes and to allow for forensic investigations in case of eventual security incidents.

Legal basis: Our legitimate interest (art. 6.1.f GDPR) in securing our offices and investigating potential security incidents.

Transfer: Your data may be shared with law enforcement, judicial bodies, adversaries, data protection authorities and other official authorities.

Retention time: Your data is stored for 3 months after your visit, to allow for discovery.

 

  • Member account:

Several services on our website require a member account. When opening an account, you are required to submit several data. After opening an account, you can add additional information to your profile, such as a profile picture and your connected accounts. We also keep track of certain activities on our website, such as your sessions. When you log in through other (social) media accounts, specific data is shared with us; you receive this information upon logging in.

Data: Names/identity, username and login credentials, country, national scout organisation and national scout association, preferred and spoken languages, Scouting interests, date of birth, and adherence to the applicable terms of service, profile picture, and sessions.

Purpose: Member account administration.

Legal basis: Your prior and informed consent (art. 6.1.a GDPR).

Transfer: Your data is not transferred to third parties.

Retention time: We keep your data until your withdrawal of your consent.

 

  • Scouts for SDGs:

WOSM adheres to the Sustainable Development Goals of the United Nations.

Data: Name, contact details, thematic orientation of the question, question/remark, correspondence.

Purpose: Responding to your requests.

Legal basis: Our legitimate interest (art. 6.1.f GDPR) in responding to your requests, managing all requests and accounting for our response to requests.

Transfer: Your data is not transferred to third parties.

Retention time: Your data is stored for a duration of 1 year after you use the contact form.

 

  • Contact form:

WOSM provides an online contact form to enable visitors to contact us. We process your data to respond to your requests and remarks.

Data: Name, contact details, thematic orientation of the question, question/remark, correspondence.

Purpose: Responding to your requests.

Legal basis: Our legitimate interest (art. 6.1.f GDPR) in responding to your requests, managing all requests and accounting for our response to requests.

Transfer: Your data is not transferred to third parties.

Retention time: Your data is stored for 1 year after you use the contact form.

 

  • Complaints:

WOSM has adopted a complaint addressing procedure (cfr. WOSM Complaints Policy), through which several individuals and entities may lodge a complaint. The complaint and its addressing will involve the processing of specific personal data.

Data: Names/identity, contact details, any information included in the complaint, procedural information, decisions.

Purpose: Responding to your complaints.

Legal basis: Our legitimate interest (art. 6.1.f GDPR) in responding to your complaints and our duty to accountability.

Transfer: Your data is not transferred to third parties. Complaints are accepted by the Ethics Committee and treated by one of its subcommittees. In the event of an appeal against a decision, the data regarding your complaint may be shared with the World Scout Committee.

Retention time: Your data will be processed for as long as the complaint procedure is ongoing. The data will be filed indefinitely in a secure manner. Each complaint will be summarised anonymously and shared with the World Scout Bureau for learning purposes.

 

  • Newsletters:

WOSM sends newsletters with the latest news on relevant topics, international events and our organisation. 

Data: Names/identity, email address, country, preferred language, preferred regional news, preferred international events, preferred topics, options to receive official reports and/or information on scouting projects.

Purpose: Sending out newsletters.

Legal basis: Your prior and informed consent (art. 6.1.a GDPR).

Transfer: Your data is not transferred to third parties. We may appeal to service providers to assist us in managing the distribution list and/or sending out the newsletters.

Retention time: We keep your data until your withdrawal of your consent.

 

  • Response to Subject Access Requests (SARs):

WOSM responds to all Subject Access Requests (SARs) in accordance with the provisions of the GDPR and other data protection legislation that may apply to you. To manage and respond to your requests, we register certain information. We keep this information for a sufficient period of time to enable us to show accountability and, in certain cases, defend ourselves against legal claims.

Data: Names/identity, contact details, type of access request, timings, resulting correspondence.

Purpose: Responding to and managing SARs.

Legal basis: Our legitimate interest (art. 6.1.f GDPR) in responding to your SARs, in demonstrating our accountability and compliance with data protection legislation and in some instances defending ourselves against legal claims.

Transfer: Your data may be transferred to judicial or administrative courts and adversaries in connection with any possible proceedings.

Retention time: Your data will be processed and stored for a period of ten years, starting from the date of submission of your SAR.

 

  • Portrait, voice, likeness, life course & personal characteristics:

WOSM produces content for publication purposes, such as images, video, reels, brochures, and reports in which one or more of your personal characteristics may be involved. Publication may be done on paper, online, social media, or other media outlets.

Data: Portrait, voice, likeness, life course & personal characteristics.

Purpose: Illustrating publications, storytelling, and promotional.

 

Legal basis: As for content in which you are clearly identified or identifiable, we will ask you for your prior and informed consent (art. 6.1.a GDPR). As for content in which you may appear in the masses, acquiring your consent may be problematic, and we invoke our legitimate interest (art. 6.1.f GDPR) to publish and report on our activities. Whenever basing ourselves on our legitimate interests, we will always use your data in a foreseeable way and in accordance with your reasonable expectations of privacy. Consequently, we may use your data in content relating to events you have participated in. Still, we will never sell or otherwise transfer your data to third parties for secondary use.

Transfer: Your data is not transferred to third parties

Retention time: Your data may be stored for as long as the content it was incorporated has a relevant occurrence and may be archived in the public interest thereafter.

 

  • Job applications:

When you apply for a job at WOSM, we process your application data to evaluate your aptness for the job and select the right candidates. 

Data: Names/identity, contact details, your curriculum vitae, your motivation letter, notes, assessments, video calls, recommendations and any other information you decide to share with us in connection with your application

Purpose: Evaluating your application and aptness for a vacant position

Legal basis: The possible entering into a contract at your request (art. 6.1.b GDPR) 

Transfer: Your data is not transferred to third parties. We may appeal to service providers, such as recruitment and selection agencies, to assist us in the recruitment process.

Retention time: Your data will be removed as soon as the vacant position has been filled.

Recruitment reserve: We may keep your job application data in our recruitment reserve for future evaluation when similar positions are vacant. This will be the case when you are not selected for the job opportunity you applied for or when your application is open. We will always ask for your explicit consent prior to including you in our recruitment reserve. You may withdraw your consent at any time.