Rotary Club of Shrewsbury Privacy Notice

Rotary Club of Shrewsbury Privacy Statement

The Rotary Club of Shrewsbury (“we”) promise to respect the confidentiality of any personal data you share with us, to keep it safe, and always take every effort to protect your privacy.

We pride ourselves on our honesty and transparency so we will always be clear how, when and why we collect and process your information; we promise we will never do anything with your details that you would not reasonably expect.

This Privacy Statement is intended to lay out how we will use any personal information we collect about you for any events and competitions, or from membership of the club - received online or offline, as well as in any electronic, written or oral communications.  

There are many ways you may give us information. For example:

·       if you join as a member

·       if you begin volunteering

·       if you make a donation

·       if you become a Friend of Rotary

·       if you communicate by phone, in writing (including email) or in person

·       to collect information about you to ensure the smooth running of any event we are organising or for protection reasons

·       to track payment of an event entry fee or sponsorship money.

We are responsible for your data at all times.

 

What personal information we collect and how we use it


We will only ever capture the minimum amount of information that we need to in relation to your membership or donation or processing your application to be involved in any event or activity.

The personal data we will usually collect in relation to membership is:

  • Your name & spouse/partner
  • Your contact details
  • Your date of birth
  • Your email address
  • Your bank or credit card details (as relevant to the service provided)
  • Details of the enquiry, service or product

Where it is appropriate and proportionate, we may also ask for additional information

 

How we will use your data


We will use your personal data for the legitimate interest of conducting core business/organisational activities, these will include:

  • Administering your membership or donation, including processing Gift Aid
  • Provide you with the services, products or information you have asked for
  • Communicating organisational messages and information to members, Rotary district and club officers
  • Supporting The Rotary Foundation (“TRF”) and the Rotary Foundation United Kingdom (“RFUK”)
  • Preparation of Rotary handbooks.
  • Appointments to committees, club and district offices, task forces and other assignments within the Rotary organisation
  • To present the club website and its contents to you and to allow you to participate in interactive features on our website
  • Keep a record of your relationship with the club
  • In any other way we may describe when you provide the information & with your consent

Sensitive information


We do not collect any personal information on members classified as ‘sensitive’ under the General Data Protection Regulation (“GDPR”).

 

Sharing within the Rotary organisation


The Rotary organisation is made up of Rotary International, TRF, Rotary International in Great Britain and Ireland (Rotary GB&I ), RFUK and the Rotary GB&I Donations Trust.   When you, as a member, give information to us it will be shared within the wider Rotary organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation. We will ensure that data processing agreements, compliant to GDPR, are in place before sharing your data within the wider organisation.

Rotary clubs and districts within Rotary GB&I are data processors for some of your personal information associated with your membership and will process your data in accordance with the Rotary GB&I  privacy notice. Rotary clubs and districts also collect personal data for their individual club and district activities and are therefore also independent data controllers. This means they are also legally responsible for protecting your data under GDPR legislation whilst in their safekeeping and may have their own privacy notices in this respect.

Sharing with third parties


We will never commercially sell your personal data to anyone else.  We would only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection.

 

How we keep your information safe and who has access to it


We will ensure that there are appropriate physical and technical systems in place to protect your personal details. For example, confidential information held by us in digital format is protected by password and paper based information is securely stored in folders in a locked cupboard, any online forms are password protected and confidential paper waste is shredded.    We will review who has access to information that we hold to ensure that your personal information is only accessible by appropriate, Rotary members and officers and our service/host providers.   We will check the GDPR policies of any companies we are dealing with for Rotary business, regarding how they manage the personal data they may have access to.

We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.

 

 

How long we retain your information and how we keep it up to date


We will only keep your information for as long as we need it to assist you with your membership, donation, event registration or other services associated with your Rotary membership. There are statutory timescales on how long we should keep your information. For example, gift aid transactions must be retained indefinitely, financial records must be kept for 7 years, information associated with Health & Safety for three years after an event. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.

 

Your rights


The GDPR gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioner’s website

  • You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.

You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. Members and donors have access to their personal data via self-service systems such as the RIBI Data Management System (DMS) or My Rotary via the RI website. You can also request a copy of the information which we hold on you. The application should be made in writing, by letter or email to Edward Rees, c/o Lanyon Bowdler, Kendal Court, Ironmasters Way, Telford TF3 4DT  or edward.rees@lblaw.co.uk  

Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113

Changes to this policy document

We will keep our Privacy Statement under regular review and any changes to the Privacy Statement will be published on our website and referred to in our monthly club bulletin.

Further Guidance for Club Members

·       At Rotary year’s end, on receipt of the new club members handbook, please confidentially destroy the previous year’s handbook (shredding etc).

·       Any information reasonably received and retained during the course of organising specific club activities and events must (where there is no good reason for it to be retained for any longer period) be deleted after the activity or event has concluded.

·       All club committee coordinators must have due regard to club data protection policies when leading the organisation of events and activities and when liaising with 3rd parties.

·       Any email concerning the club or club activities that you send to three or more recipients should be sent in blind copy (“bcc”) format.

·       You should take care with any data concerning club members that you have at home. For example, any such paper based information should be filed away and not left so that is generally visible to non-members. Moreover, any computer or digital device you use which holds or can access data concerning Rotary members should be secure and password protected.

Cookies:

Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.