Your Personal Data – What Is It?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation and the current Data Protection Act (the GDPR).
Who Are We?
The Rotary Club of Salisbury (the Club) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How Do We Process Your Personal Data?
The Club complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
• Administer Club affairs
• Run events and activities
• Administer membership records
• Fundraise for charitable purposes
• To manage supporters and volunteers
• Maintain Club accounts and records (including the processing of gift aid applications)
• Provide members with news, and details of events, activities and services run by the Club.
What Is The Legal basis For Processing Your Personal Data?
Your explicit consent to us using your personal data for the purposes above.
Processing is necessary for carrying out legal oblgations.
Sharing Your Personal Data
Your personal data will be treated as strictly confidential and will only be shared with other members of the Club in order to carry out the purposes above. We will only share your data with third parties with your consent.
How long do we keep your personal data?
We keep data until we believe you no longer wish to be involved with the purposes above or you tell us you no longer want us to hold it.
Specifically, we retain gift aid declarations and associated paperwork for up to six years after the calendar year to which they relate.
Your Rights And Your Personal Data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
• The right to request a copy of your personal data which the Club holds about you;
• The right to request that the Club corrects any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for the Club to retain such data;
• The right to withdraw your consent to the processing at any time
• The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable).
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data, (where applicable).
• The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the Club Secretary at sAlan.Corkill43@gmail.com.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise we will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members and donors is crucial, and your personal data allows us to manage your membership and provide the services you are entitled to.
It is expected that club and district officers may also process member personal data on behalf of Rotary International in Great Britain and Ireland and the Rotary organisation and they too will also be bound by this privacy notice.
We Collect Information In The Following Ways
When you give it to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, begin volunteering, make a donation, purchase our products or communicate with us either by phone, in writing, including email or in person. We are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, for example, via charity donation sites or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such websites (club, district, action groups etc), Companies House and information that has been published in articles/newspapers.
The Club does not use “cookies”.
What Personal Information We Collect And How We Use It
We will only ever capture the minimum amount of information that we need to in relation to your membership, donation or services we provide to you and we promise to keep your information secure. The personal data we will usually collect includes:
• Your name
• Your address
• Your contact details
• Your date of birth
• Your Photograph (members only)
• Your bank or credit card details (as relevant to the service provided)
• Details of the enquiry, service or product
Where it is appropriate, we may also ask for additional information.
How We Will Use Your Data
We will use your personal data for the legitimate interest of conducting core business activities, these will include:
• Administering your membership or donation, including processing Gift Aid
• Providing you with the services, products or information you asked for
• Providing services, products, guidance or information to clubs and districts for their general activities, including Disclosure and Barring Service checks
• Communicating organisational messages and information to members, district and club officers
• Facilitating conference, training seminars, meetings and other special event planning
• Supporting ‘The Rotarian’ and ‘Rotary’ magazines
• Supporting The Rotary Foundation (TRF) and the Rotary Foundation United Kingdom
• Providing information and updates to district and club officers on RI and RIBI programmes and service projects
• Preparation of the Club Handbook and Rotary Handbooks
• Identifying candidates for Presidential and Foundation appointments to conferences.
• Appointments to committees, club and district offices, task forces and other assignments within the Rotary organisation
• Presenting our website and its contents to you and to allow you to participate in interactive features on our website
• Understanding how we can improve our services, products or information
• In any other way we may describe when you provide the information
• For any other purposes with your consent
• Financial information for administration of Club accounts, payment of Subscriptions, payment of expenses or registrations for District Conference.
We do not collect any personal information on members classified as ‘sensitive’ under GDPR.
The Club does not have employees.
Youth Competitions and Rotary Youth Leadership Award (RYLA)
Personal information is required by way of entry to the competition or event for its successful running. Winners data will need to be shared with other parts of Rotary when they proceed to the next stage of a competition. Each Youth competition will have its own Privacy Notice.
Where appropriate (eg RYLA) medical information will be sought for use in an emergency where medical care may be required. RYLA will have its own Privacy Notice.
The RIBI District Youth Exchange Association operates as a separate entity to RIBI and RI and is responsible for the organisation of Rotary youth exchange programmes. You can view their privacy notice by visiting their website.
Recording Telephone Calls
The Club does not record phone calls.
The Club does not share data other than within the Rotary organisation.
Sharing within the Rotary organisation
The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK) and the RIBI Donations Trust.
When you give information to us it will be shared within the wider organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation. We will ensure that data processing agreements, compliant to GDPR, are in place before sharing your data within the wider organisation.
Rotary clubs and districts within Rotary International in Great Britain and Ireland are data processors for some of your personal information associated with your membership and will process your data in accordance with the RIBI privacy notice. Clubs and districts also collect personal data for their individual club and district activities and are therefore also independent data controllers. This means they are also legally responsible for protecting your data under GDPR legislation whilst in their safekeeping and will have their own privacy notices in this respect.
3) Sharing with third parties
We will never commercially sell your personal data to anyone else.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How We Keep Your Information Safe And Who Has Access To It
Club Officers (eg Secretary, Treasurer) will ensure that there are appropriate physical and technical controls in place to protect your personal details. Confidential paper waste is shredded. Financial records will be held on a secure pass worded computer system for digital data or in a locked cabinet for paper data. District Conference payments for hotel accommodation is generally made via secure on-line payment systems so no financial details will be held by the District organiser.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by Rotary members and our service/host providers. We do comprehensive checks on the companies we use before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
How Long Do We Retain Your Information And How Do We Keep It Up To Date
We will only keep your information for as long as we need it to assist you with your enquiry, process your membership, donation, event registration or other services associated to your Rotary membership. There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, employment records for six years after an employee leaves, financial records must be kept for seven years, information associated with Health & Safety for three years after an event. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Individual members are responsible for keeping their own personal data up to date and have access to the RIBI Data Management System (DMS) or My Rotary on the RIBI website for this purpose. In addition, where necessary, we will keep your information accurate and up-to-date.
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website
• You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
• You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. Members and donors have access to their personal data via self-service systems such as the RIBI Data Management System (DMS) or My Rotary via the RI website. You can also request a copy of the information which we hold on you. This information will be provided free of charge, unless the request is found to be manifestly unfounded or excessive then a reasonable fee will be charged. The application should be made in writing, by letter or email, and addressed to the RIBI General Secretary, contact details shown below, enclosing two proofs of identification.
Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because they are repetitive, RIBI can:
* charge a reasonable fee taking into account the administrative costs of providing the information; or
* refuse to respond.
• You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
• You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
• You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply, for example if you are a valid member we will need to communicate with you about your membership and those services afforded to you as part of that membership; you hold a club or district office and we need to communicate with you in relation to that office, in which case you will not be able to unsubscribe from these communications.
We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonable expect us to. You can opt out of our general member mailings at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes To This Privacy Notice
We may change this privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website www.rotarygbi.org or by notifying you directly.
Rotary International in Great Britain and Ireland and Rotary District 1180 (“we”) promise to respect the confidentiality of any personal data you share with us, or that we have access to through Rotary International (RI), to keep it safe, and we will always take every effort to protect your privacy.[For the purpose of this privacy notice, Rotary International in Great Britain & Ireland (RIBI) also includes Rotary Foundation United Kingdom (RFUK) and the RIBI Donations Trust].