Privacy

v4.0 – 22 July 2025

Scouting is all about experiences, learning and growing. The World Organization of the Scout Movement (WOSM) is committed to creating the right and safe conditions for scouting. In doing so, WOSM contributes to the development of young people in achieving their full physical, intellectual, emotional, social and spiritual potentials as individuals, as responsible citizens and as members of their local, national and international communities. In order to further this purpose and to protect the privacy of our Scouts, our leaders and affiliates worldwide, the World Scout Bureau (WSB) takes data privacy of everyone affiliated with WOSM very seriously.

Scope

This General Privacy Policy applies to the collection, processing, storage or sharing of all personal data by or on behalf of WOSM, regardless of the medium used, including all WOSM-operated digital platforms, including websites, mobile applications and official social media accounts.

Certain processing of personal data, such as processing operations related to human resources, are governed by specific covenants.

Privacy as a human right

Privacy is a human right. Each person has the right to be left alone, to develop him/herself within the proper private life and to keep others from mingling in such private life. Data protection is a legal exception on the general human right to privacy. Otherwise, data processing would not be possible.

Compliance with data protection legislation

At WOSM we collect, process, and store personal data in support of our activities. In doing so, we observe the relevant privacy legislation, more specifically the European General Data Protection Regulation 2016/679 of April 27th 2016. Depending on your specific situation, other legal frameworks may apply, such as the Swiss Federal Act on Data Protection of September 25th 2020 (FADP), and the UK GDPR.

When transferring personal data across borders, WOSM ensures that appropriate safeguards are in place. These may include reliance on adequacy decisions where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised mechanisms to ensure the security and lawfulness of data transfers. Additionally, we implement technical and organizational measures to safeguard data against unauthorised access or misuse.

WOSM has entered into proper covenants, binding WSB Staff, volunteers, affiliates and third parties, performing certain processing operations on behalf of WOSM.

This Privacy Policy

This General Privacy Policy gives you thorough transparency on our processing of your personal data. We invite you to carefully read through this document, as it contains valuable information on who we are, what personal data we hold, why we are processing your personal data, on which legal grounds we base our processing operations on and whom we are transferring your data to. We also inform you on your rights as a data subject and the ways and means to invoke your rights.

We may amend our General Privacy Policy from time to time to reflect changes in legal requirements, organizational practices, or technological advancements. When we make significant changes with regard to subscription services or processing on the basis of prior consent, we will notify you through appropriate channels, such as email, website announcements, or other direct communications, to ensure you remain informed about how we process your personal data and, if applicable, to ask you for your renewed consent. We encourage you to review this policy periodically to stay updated on our data protection practices.

Please have a look at the current General Privacy Policy's version and date. For the version history, refer to the Top of this page.

Data Controller

The Data Controller of the processing operations stated in this General Privacy Policy is:

World Organization for the Scout Movement

represented by World Scout Bureau Association

Rue Henri-Christiné 5

CH-1211 Geneva 4 Plainpalais

Switzerland

Geneva Registry of Commerce Registration No. CH-660.0.195.970-0

The present General Privacy Policy is applicable to all processing operations for which WOSM has determined the means and purposes. These terms are not applicable to those processing operations for which WOSM operates as a processor.

Protection of Personal Data

WOSM takes all reasonable precautions in how your personal data is collected, stored, processed and managed so that you may enjoy the services provided to you without your personal data being compromised.

By providing your personal information to WOSM in whatever your capacity, you can rest assured that security measures are in place and operational standards are being adhered to so that your personal data is kept safe and that they are only used for the purposes for which they were intended.

Your personal data is always treated in accordance with the applicable privacy regulations. Processing of personal data is limited to the intended objective. Access to your personal data is also limited to personnel on a need-to-know basis. We may share your data with independent service providers acting as “processor”. s..

WOSM engages trusted third-party service providers (data processors) for specific data-processing activities.

Examples of processors include:

Cloud storage and hosting providers
Newsletter/email distribution services
Recruitment services/platform and selection consultants
Event management service providers

All processors are contractually bound by strict Data Processing Agreements (DPAs) in compliance with art. 28 GDPR, ensuring data security, confidentiality, and compliance with applicable data protection regulations. Despite all WOSM’s efforts to ensure an appropriate level of security, incidents may happen.

Certain incidents may be identified as data breaches, compromising the confidentiality, integrity and/or the availability of personal data. WOSM has adopted procedures to handle these incidents, to make sure that data breaches are duly notified and that data subjects are informed, if their rights and liberties would be at risk due to the incident.

Unless specifically stated otherwise, your personal data will not be disclosed to third parties and will not be used for direct marketing, unless you have agreed to this yourself via an 'opt in'.

Data Protection Officer

WOSM has appointed a Data Protection Officer who supports a privacy friendly policy at WOSM and who guides us in complying with the data protection legislation.

If you have any questions, remarks or complaints with regard to your privacy and our processing of your personal data, you may contact our DPO at: dpo@scout.org, Our Data Protection Officer typically responds within one month, subject to the complexity of your request.

Data, Purpose, Legal Basis, Transfer and Retention Time

As a data subject, your personal data may be involved in one or more of the following processing operations conducted by WOSM. For each operation, we provide full transparency regarding:

The categories of data processed.
The specific purposes for which the data is being processed.
The legal basis for processing.
The recipients or categories of recipients with whom the data may be shared.
Any data transfers to third party recipients, including applicable safeguards when those transfers would be international (e.g., SCCs, adequacy decisions).
The retention period is applicable to each processing operation, or the criteria used to determine it.

Where personal data is transferred internationally outside the European Economic Area (EEA), the United Kingdom, or Switzerland, WOSM applies appropriate transfer mechanisms to ensure consistent data protection. These include:

Adequacy decisions (EU GDPR Art. 45, UK GDPR Art. 45, FADP Art. 16)
Standard Contractual Clauses (SCCs) approved by the European Commission, the Swiss FDPIC, or the UK ICO (EU GDPR Art. 46, FADP Art. 16, UK GDPR Art. 46)
Other legally recognized safeguards, where appropriate.

As our visitor when visiting our websites:

Whenever you visit our website, our servers automatically collect certain technical information and metadata from your device.

Data: Data collected may include

IP address
Device type (e.g., desktop, smartphone, tablet)
Operating system (e.g., Windows, iOS, Android)
Browser type and version (e.g., Chrome, Firefox, Safari)
Geolocation information (based on IP address)
Device identifiers, such as the IMEI number (only if accessing via a cellular-connected mobile device)

Purpose:

To present the website correctly and optimally on your device
To ensure a secure and stable connection with your device
To adapt website content based on approximate geographic location
To maintain overall website security and functionality

Legal basis:our legitimate interest in ensuring the security, functionality, and optimal presentation of our website (Art. 6.1.f GDPR, UK GDPR Art. 6.1.f, FADP Art. 31).

Transfer:Your personal data collected through website visits is not transferred to third parties.

Retention:Data collected during your visit (session data) is retained only for the duration of your browsing session and deleted or anonymised immediately afterward.

For session-based data, retention is limited to the duration of the session. For other types of personal data, WOSM follows a retention review mechanism, as stated in the WOSM Retention Policy, ensuring that data is periodically assessed and securely deleted or anonymised when no longer needed.

Data retention periods are determined based on legal, contractual, and operational requirements. Where applicable, we apply predefined retention schedules and conduct regular reviews to prevent unnecessary data storage.

Our website also uses cookies and similar technologies. For more information, we refer to our <Cookie Policy>.

As our visitor when visiting us in person:

Whenever you decide to visit us in person, we keep track of you as our visitor for security reasons.

Data: name, contact details, WOSM staff member(s) you are visiting, date of visit, time in and time out

Purpose: keeping track of third parties visiting our offices and premisses for security purposes and to allow for forensic investigations in case of eventual security incidents

Legal basis: our legitimate interest (art. 6.1.f GDPR) in securing our offices and investigating eventual security incidents

Transfer: your data may be shared with law enforcement, judicial bodies, adversaries, data protection authorities and other official authorities

Retention time: your data are stored for 3 months after your visit, to allow for discovery

Member account:

Several services on our website require a member account. When opening an account, you are required to submit several data. After opening an account, you can add additional information to your profile, such as a profile picture and your connected accounts. We also keep track of certain activities on our website, such as your sessions. When you log in by means of other (social) media accounts, certain data are shared with us; you receive this information upon logging in.

Data: names/identity, username and login credentials, country, national scout organisation and national scout association, preferred and spoken languages, scouting interests, date of birth and adherence to the applicable terms of service, profile picture, sessions

Purpose: member account administration

Legal basis: your prior and informed consent (art. 6.1.a GDPR)

Transfer: your data are not transferred to third parties

Retention time: we keep your data until your withdrawal of your consent

Scouts for SDGs:

WOSM adheres to the Sustainable Development Goals of the United Nations.

Data: name, contact details, thematic orientation of the question, question/remark, correspondence

Purpose: responding to your requests

Legal basis: our legitimate interest (art. 6.1.f GDPR) in responding to your requests, to manage all requests and to account for our response to requests

Transfer: your data are not transferred to third parties

Retention time: your data are stored for a duration of 1 year after your using the contact form

Contact form:

WOSM provides an online contact form to enable visitors to contact us, We process your data in order to respond to your requests and remarks.

Data: name, contact details, thematic orientation of the question, question/remark, correspondence

Purpose: responding to your requests

Legal basis: our legitimate interest (art. 6.1.f GDPR) in responding to your requests, to manage all requests and to account for our response to requests

Transfer: your data are not transferred to third parties

Retention time: your data are stored for a duration of 1 year after your using the contact form

Complaints:

WOSM has adopted a complaint addressing procedure (cfr. WOSM Complaints Policy), through which several individuals and entities may lodge a complaint. The complaint and the addressing thereof will involve the processing of certain personal data.

Data: names/identity, contact details, any information included in the complaint, procedural information, decisions

Purpose: responding to your complaints

Legal basis: our legitimate interest (art. 6.1.f GDPR) in responding to your complaints and our duty to accountability

Transfer: your data are not transferred to third parties. Complaints are accepted by the Ethics Committee and treated by one of its subcommittees. In the event of an appeal against a decision, the data regarding your complaint may be shared with the World Scout Committee.

Retention time: your data will be processed for as long as the complaint procedure is ongoing. The data will be filed indefinitely in a secure manner. For learning purposes, each complaint will be summarized in an anonymous manner and share with the World Scout Bureau.

Newsletter:

WOSM sends out newsletter with the latest news on relevant topics, international events and our organisation.

Data: names/identity, email address, country, preferred language, preferred regional news, preferred international events, preferred topics, options to receive official reports and/or information on scouting projects.

Purpose: sending out newsletters

Legal basis: your prior and informed consent (art. 6.1.a GDPR)

Transfer: your data are not transferred to third parties. We may appeal to service providers to assist us in managing the distribution list and/or sending out the newsletters.

Retention time: we keep your data until your withdrawal of your consent

Response to Subject Access Requests (SARs):

WOSM responds to all Subject Access Requests (SARs) in accordance with the provisions of the GDPR and other data protection legislation that may be applicable to you. In order for us to manage and respond to your requests, we register certain information with regard to such requests. We keep this information for a sufficient period of time to enable us to show accountability and in certain cases defending ourselves against legal claims.

Data: names/identity, contact details, type of access request, timings, resulting correspondence

Purpose: responding to and managing of SARs

Legal basis: our legitimate interest (art. 6.1.f GDPR) in responding to your SARs, in demonstrating our accountability and compliance with data protection legislation and in certain cases defending ourselves against legal claims

Transfer: your data may be transferred to judicial or administrative courts and adversaries in connection with any possible proceedings

Retention time: your data will be processed and stored for a period of ten years, starting from the date of submission of your SAR

Portrait, voice, likeness, life course & personal characteristics:

WOSM produces content for publication purposes, such as images, video, reels, brochures and reports in which the use of one or more of your personal characteristics may be involved. Publication may be done on paper, online, on social or other media outlets.

Data: portrait, voice, likeness, life course & personal characteristics

Purpose: illustrating publications, storytelling, promotional

Legal basis: as for content in which you are clearly identified or identifiable we will ask you for your prior and informed consent (art. 6.1.a GDPR) . As for content in which you may appear in the masses, acquiring your consent may be problematic, and we invoke our legitimate interest (art. 6.1.f GDPR) to publish and report on our activities. Whenever basing ourselves on our legitimate interests, we will always use your data in a foreseeable way and in accordance with the reasonable expectations of privacy that you may have. Consequently, we may use your data in content relating to events you have participated in, but we will never sell or otherwise transfer your data to third parties for secondary use.

Transfer: your data are not transferred to third parties

Retention time: your data may be stored for as long as the content in which it was incorporated has relevance occurrence and may archived in the public interest thereafter.

Job applications:

Whenever applying for a job at WOSM, we process your job application data for the purposes of evaluating your aptness for the job and for selecting the right candidates.

Data: names/identity, contact details, your curriculum vitae, your motivation letter, notes, assessments, video calls, recommendations and any other information you decide to share with us in connection with your application

Purpose: evaluating your application and aptness for a vacant position

Legal basis: the possible entering in a contract at your request (art. 6.1.b GDPR)

Transfer: your data are not transferred to third parties. We may appeal to service providers, such as recruitment and selection agencies, to assist us in dealing with the recruitment process.

Retention time: your data will be removed as soon as the vacant position has been filled in

Recruitment reserve: we may keep your job application data in our recruitment reserve, for our future evaluation when similar positions are vacant in the future. This will be the case when you are not selected for the job opportunity you applied for, or when your application is an open application. We will always ask for your explicit consent prior to including you in our recruitment reserve. You may withdraw your consent at any time.