Effective: February 12, 2020
This privacy policy describes why and how we collect and process information provided to or collected by us through the websites and applications where this privacy policy is posted. We take great pride in the relationship of trust we have built with our members, leaders, volunteers, donors and others over many years and we are dedicated to treating your personal information with care and respect. We follow this policy in accordance with local law in the places where we operate. This policy is effective as of the date above and may be changed by us in accordance with the procedures described in the Changes section.
Who We Are
As used in this privacy policy, “we”, “us” or “our” refers to the Boy Scouts of America National Council and its affiliated entities, not including our local councils. Our main headquarters are located at 1325 West Walnut Hill Lane, Irving, Texas 75038. We offer various programs, activities, products and services in the United States under various brand names, including the following: Boy Scouts of America, Cub Scouts, Scouts BSA, STEM Scouts, Sea Scouting, Exploring, Learning for Life, Venturing, Scout Shop, Boys’ Life, Scouting, Eagles’ Call, Scoutbook, National Scout Jamboree, Order of the Arrow, National Eagle Scout Association (NESA), Scouting Alumni and Friends, Summit Bechtel Reserve, Philmont Scout Ranch, Northern Tier High Adventure, and Florida Sea Base.
Note regarding the General Data Protection Regulation (GDPR): We do not contemplate offering goods or services to individuals in the European Union except to U.S. service members and Department of Defense personnel and their families who are stationed in Europe and choose to participate in our programs through the BSA Transatlantic Council based at U.S. Army Garrison Benelux in Brussels, Belgium.
To the extent we collect or process personal information of individuals in the European Union, we will do so in accordance with this policy. Should you have questions or concerns regarding your personal information, or to submit a data subject request regarding your personal information please send an email to privacy@scouting.org. For further information consistent with the requirements of GDPR, please see the Region-Specific Disclosures section below.
Note regarding definitions: The following terms, as used in this policy, have the following meanings:
- “Personal information” means information that identifies (whether directly or indirectly) a particular individual, such as the individual’s name, postal address, email address, telephone number, and birth date. When anonymous information is directly or indirectly associated with personal information, the resulting information also is treated as personal information.
- “Anonymous data” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, an individual person.
- “Aggregate data” means information about groups or categories of people, which does not identify and cannot reasonably be used to identify an individual person.
What We Collect
We collect two basic types of information – personal information and anonymous data – and we may use personal information and anonymous data to create a third type of information, aggregate data. For example, we collect:
- Membership information you provide when you join the Boy Scouts of America, either as a youth member or adult volunteer, including your first name and last name, physical address, email address, phone number, birth date, and gender
- Registration information you provide when you create an account or sign up to participate in one of our events or activities, including your first name and last name, physical address, email address, username and password, and, in some cases, health and medical information
- Transaction information you provide when you request information, purchase a product, service or subscription from us, or make a monetary donation to us, whether on our sites or through our applications, including your postal address, telephone number and payment information
- Information about awards, advancements, recognition, and training you have received in connection with your participation in our programs
- Information you provide in public forums on our sites and applications
- Information sent by you either one-to-one or within a limited group using our message, chat, post or similar functionality, where we are permitted by law to collect this information
- Information you provide to us when you use our sites and applications, our applications on third-party sites or platforms such as social networking sites, or link your profile on a third-party site or platform with your registration account
- Location information when you visit our sites or use our applications, including location information either provided by a mobile device interacting with one of our sites or applications (including through beacon technologies), or associated with your IP address, where we are permitted by law to process this information
- Usage, viewing and technical data, including your device identifier or IP address, when you visit our sites or use our applications, how much time you spend on our sites or using our applications, and when you open emails we send
How we Collect Information
We collect your personal information when you provide it to us in the course of requesting or ordering products, services or information from us, registering with us (e.g., for a program, an event, or an activity), entering a contest or promotion, subscribing to our services, participating in public forums on our sites and applications, responding to surveys, or otherwise interacting with us through our websites and applications. We collect anonymous data through technology, such as cookies, and Web beacons, that we use to operate our websites and applications. For further information about those technologies, please see the Your Controls and Choices section of this policy.
Note: The information you provide to BSA local councils through their websites and applications is collected separately by them and is subject to their privacy practices and those of their service providers. Privacy choices you have made on a local council’s website or application will not apply to our use of information we have collected directly through our websites and applications.
How we Use Information
Consistent with applicable law and choices and controls that may be available to you, we may use information collected from you, or from devices associated with you, to:
- Provide you with the products, services, and/or information you have requested, purchased, or won (e.g., in a contest or promotion)
- Communicate with you about your membership (or your expressed interest in membership), your account, or transactions with us and to send you information about features on our sites and applications or changes to our policies
- Manage, accommodate and administer your needs (e.g., medical treatment, physical limitations) and choices (e.g., programming) as a participant in our events
- Deliver relevant offers and promotions for our programs, events, products and services or those of a third party, based on your activity on our websites or applications
- Personalize content and experiences for you that reflect your choices and preferences
- Provide useful features to simplify your experience when you return to our sites and applications
- Operate, understand, optimize, develop or improve our products, services, events, programs, communications, and operations
- Administer and enforce our policies concerning health and safety, including our Youth Protection Training requirements and our Annual Health and Medical Record requirements
- Detect, investigate and prevent activities that may violate our policies or be illegal
- Send you information related to your charitable contributions, as set forth in our Donor Privacy Policy
Sharing Your Information with Others
We may share your personal information with our chartered local councils for their administrative purposes, including the proper and efficient administration of our programs and replying to members’ and volunteers’ requests for information.
We may share personal information you provided when joining one of our affinity groups (e.g., the National Eagle Scout Association, Scouting Alumni & Friends) with carefully selected providers of membership benefits, for the sole purpose of such providers communicating with you about such benefits to you. However, we do not share any lists of current or former registered members or leaders of the BSA or lists of BSA donors with any third party for its direct marketing purposes.
In addition, we may share your personal information:
- With third parties providing services for us or on our behalf, such as order and prize fulfillment, package delivery, customer service, event registration management, payment processing, financing and advertising, marketing, or data analytics services; however, such service providers are prohibited from using your personal information for their marketing purposes or any other purpose not specified by us or required by law.
- With others associated with your Scouting unit, including approved users of our application programming interfaces (APIs), for the purposes of efficient unit administration. This might include sharing information about the awards, advancements, recognition, and training you have received in or through our programs.
- With third parties to enforce our policies and regulations, to ensure the safety and security of our members, volunteers, donors, employees and third parties, to protect our rights and property and the rights and property of our members, volunteers, donors, employees and third parties, to comply with legal process or in other cases if we believe in good faith that disclosure is required by law.
Your Controls and Choices
You always have the choice to not provide your personal information to us or change your communication choices, but consequently you may not be able to receive certain goods or services or participate in certain programs or activities. Certain communications are mandatory for all registered adult volunteers and others attending or participating in certain Scouting events, as explained below. Depending on the Internet browser and device you use to interact with us, you may have the ability to control the use of certain tracking technologies through which we gather anonymous data. For further information about exercising these choices and controls, please see below.
- Mandatory Communications. As long as you are registered adult leader of the BSA, you may not choose whether or not to receive non-commercial notifications related to the safety and operations of BSA’s programs, such as messages about Youth Protection Training and the health and safety policies of the BSA.
- Account Management. You can update your profile and the contact information you gave us, reset your password, and manage your subscriptions and reservations by following instructions provided in communications sent to you or logging into your account at one of our websites, as applicable, such as:
- My.scouting.org
- ScoutShop.org
- Scoutbook.com
The list above is not an exhaustive list of all BSA websites. You may have created an account through a BSA website not listed here. If you need assistance accessing a BSA website not listed here, please contact BSA Member Care by calling 972-580-2000 or submitting a request at membercare.scouting.org.
- Marketing. As a matter of BSA policy, lists of current and former registered members and leaders of the BSA and lists of BSA donors may not be used for commercial purposes, such as selling or renting such lists to other businesses for their direct marketing purposes. We may send you offers and promotions for our products, programs, and events, or those that we think may be of interest to you, and you may opt-out or unsubscribe from such offers by either following the instructions provided in our communications to you or changing your preferences in your account.
NOTE: If you have separately joined one of our affinity groups, such as Scouting Alumni & Friends, you may receive as a benefit of membership targeted offers and promotions for products and services from carefully selected third parties. You may exercise your choice to not receive such offers or promotions at any time by following the third party’s opt-out procedures or contacting us at the address listed below.
- Tracking Technologies. We use cookies to track user activity on our websites and online services, but we do not collect personal information about your online activities over time as you move across other websites and online services. Web browsers can transmit Do Not Track (“DNT”) signals that indicate that a user does not wish to have activity tracked. Currently, no universally accepted standard exists for how to interpret such signals, and we do not respond to Do Not Track signals. Thus, whether or not you have turned on your DNT setting should not affect your experience or interaction with our websites or online services. Learn more about Do Not Track.
Children’s Privacy
Digital privacy is a component of BSA’s commitment to youth protection and safety. As such, we do not collect the personal information of children under the age of 13 unless a child’s parent or legal guardian provides it to us through the online membership registration process or a child provides it to us to enter a contest or promotion. In any event, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), a parent may review or have deleted their child’s personal information, and prohibit its further collection or use. If you have a request in relation to the personal information of your child below the age of 13, please send an email to privacy@scouting.org.
For contests and promotions, we typically require only the information necessary for a child to enter, such as first name (to distinguish among family members) and his or her online contact information. We will only use the child’s online contact information to enter him or her into the contest or promotion and contact him or her once when the contest ends. If a contest or sweepstakes asks the child to submit his or her own created content with the entry and that content contains the child’s personal information, then we will either pre-screen the submission to remove any personal information or seek parental consent by email for the collection. To facilitate delivery of the contest’s prize, we may ask a child at the time of entry to also provide her or her parent or legal guardian’s online contact information, which we will only use to notify the parent or legal guardian if the child wins the contest or promotion.
Our sites and applications that are age-gated are not intended for use by children, and we do not knowingly collect personal information from children under 13 through those sites and applications. In the unlikely event we discover that we have collected personal information from a child other than as described in this section, we will either delete the information immediately or promptly seek the parent or legal guardian’s consent to use the information.
Data Security, Integrity and Retention
The security, integrity and confidentiality of your information are extremely important to us. We have implemented technical, administrative and physical security measures that are designed to protect guest information from unauthorized access, disclosure, use and modification. From time to time, we review our security procedures to consider appropriate new technology and methods. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable. We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law.
Mobile Device Data
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
Changes
From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material, either by direct notice or posting an announcement on the websites where this policy is posted, and, if required by applicable law, we will obtain your consent.
Comments and Questions
If you have a comment or question about this policy or our treatment of your information, you may email us at privacy@scouting.org, write to us at Boy Scouts of America, Attn: Privacy Compliance-Legal Department, 1325 West Walnut Hill Lane, Irving, Texas 75038, or contact our Member Care Center at (972) 580-2000. Our sites and applications may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our sites or applications and to read the privacy policies of other sites that may collect your personal information.
Region-Specific Disclosures
Notice to California Residents: If you are a California resident, you may have certain additional rights.
California Civil Code § 1798.120 may permit you to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the California Consumer Privacy Act). As described above in this policy, we do not sell or lease our lists of BSA members or leaders, or of BSA donors, though we may share lists of those who have separately joined one of our affinity groups with carefully selected third parties for their direct marketing purposes.
If you are a member of an affinity group, you may exercise your choice to opt-out using the methods described in the Controls and Choices section of this policy or by sending us an email at privacy@scouting.org. In addition, pursuant to California Civil Code § 1798.83, you may request information regarding the disclosure of your personal information to third parties for the third parties’ direct marketing purposes. To submit such a request, please send an email to privacy@scouting.org.
Furthermore, California Civil Code §§ 1798.100 and 1798.105 may permit you to make requests to access categories and specific pieces of personal information about you, as well as to request to delete personal information about you. California Business and Professions Code § 22581 permits registered users who are minors to request and obtain removal of content they have publicly posted. To submit such requests, please send an email to privacy@scouting.org with a detailed description of the specific content or information at issue. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
General Data Protection Regulation:
Article 13 of the General Data Protection Regulation (GDPR) requires those who collect personal information from individuals in the European Union to provide certain information to such individuals at the time their personal information is collected. In GDPR parlance, those who collect and direct the use of such personal information are referred to as “data controllers” or simply “controllers”, and such individuals are referred to as “data subjects”. The terms “processing”, “profiling”, and “recipient” are defined in Article 4 of the GDPR, as is the term “personal data”, which is analogous to the term “personal information” used in this policy. Much of the information required by Article 13 is set forth elsewhere in this policy. For ease of reference, below we have indexed the contents of this policy to the specific requirements of Article 13 and included additional commentary as appropriate:
GDPR Article 13 requirement | Relevant section of this policy and additional commentary |
The identity and the contact details of the controller and, where applicable, of the controller’s representative | “Who We Are” identifies the controller and “Comments and Questions” provides the contact details of the controller’s representative |
The contact details of the data protection officer, where applicable | Not applicable |
The purposes of the processing for which the personal data are intended as well as the legal basis for the processing | “How We Use Information” describes why we collect, store and use personal information, and “Sharing Your Information with Others” describes why we disclose personal information to third parties. We process personal information because it is necessary to either (a) perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, (b) protect against threats to health and provide medical treatment, (c) serve our legitimate interests in the safe and proper administration of our programs, activities, events, and advancements, or (d) comply with legal requirements. With respect to the personal data of employees of the BSA Transatlantic Council based in Brussels, Belgium, at U.S. Army Garrison Benelux, we process such personal information for internal administrative purposes. |
The recipients or categories of recipients of the personal data, if any | “Who We Are” and “Sharing Your Information with Others” identifies the recipients of personal information |
Where applicable, the fact that the controller intends to transfer personal data to a third country or international organization | Not applicable |
The period for which the personal data will be stored | “Data Security, Integrity and Retention” describes how long we store personal information |
The existence of certain rights of the data subject | Pursuant to GDPR, data subjects (i.e., individuals in the European Union) have the right to (a) request access to their personal information; (b) rectify or correct inaccurate personal information; (c) have their personal information erased in certain circumstances; (d) restrict the processing of their personal information in certain circumstances; (e) object to the processing of their personal information in certain circumstances, such as processing for direct marketing purposes; and (f) the right to receive, in a structured, commonly used and machine-readable format, the personal information he or she has provided to us under certain circumstances and the right to transmit such data to another controller. |
The right to complain to a supervisory authority | Pursuant to GDPR, data subjects (i.e., individuals in the European Union) have the right to lodge a complaint with one of the independent public authorities established by the countries in the European Union (each such public authority is referred to as a “supervisory authority” in GDPR parlance). |
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; | “Your Controls and Choices” describes your options for providing personal information to us and the potential consequences of your choices. The provision of personal data by you, the data subject, is your choice and not a statutory requirement, unless indicated otherwise at the point of collection. |
The existence of automated decision-making, including profiling | We use automated processes, such as data analytics, to analyze your personal preferences, interests, and location with respect to our programs, products and services, and we use such analyses to deliver to you offers, promotions and other information we believe you would find interesting or useful. |