Rotary Club of Dumfries Devorgilla Privacy Notice


Implementing the new General Data Protection Regulation (GDPR) with effect from 25 May 2018


The GDPR comes into force on 25 May 2018 and replaces the current Data Protection Act 1998. The GDPR will apply to all organisations that process data, regardless of size, legal or tax status (e.g. charity). There are no exemptions from compliance with the Regulation and clubs should note the fines for getting it wrong could be huge.

While the Club (referred to as ‘we’throughout this document) awaits for RI and RIBI to provide advice and guidance to districts and clubs, we have put in place, as a key requirement, this Privacy Notice, which is a policy statement or a legal document(in privacy law) that discloses some or all of the ways in which the Club gathers, uses, discloses, and manages the personal data that it holds for members and other individuals.

Most, if not all, of the information that individuals give on their membership application forms, event entry forms and the information that the Club collects from visitors, suppliers and volunteers, will be classed as ‘personal data’.

1.    Your personal data – what is it?

Personal data is any information relating to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. A person is identifiable if they ‘ can be identified, directly or indirectly, in particular by reference to an identifier such as full name, date of birth, gender, bank account or credit card details, an identification number, address, email address, phone number, and emergency contact details. 

The policy does not address the issues which may arise if the Club collects any “sensitive” personal data (which includes amongst others, health information, race, political and religious beliefs). The rules relating to those issues are more onerous than for non-sensitive personal information, so the Club should only collect such information if it is really necessary for it to do so. The processing of all personal data is governed by the GDPR.

2.    Who are we? 

The Rotary Club of Dumfries Devorgilla (“the Club”) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3.    How do we process your personal data?

The Club complies with its obligations under the “GDPR” by keeping personal data up to date and accurate; by erasing it in certain circumstances, by storing and destroying it securely; by not collecting or retaining inappropriate or excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

To enable us to run events and activities;

To administer membership records;

To fundraise for charitable purposes;

To manage our volunteers;

To maintain our own accounts and records (including the processing of gift aid applications);

To inform you of news, events, activities and services run by the Club.

4.    What is the legal basis for processing your personal data?

(a)  Your explicit consent to us for using your personal data for the purposes above, and

(b)  Processing your data is necessary for carrying out legal obligations; 

5.    Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the Club in order to carry out the purposes above. We will only share your data with third parties with your prior consent.


6.    How long do we keep your personal data?

We keep data until we believe you no longer wish to be involved with the purposes above or you tell us you no longer want us to hold it.

Specifically, we retain gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.

7.    Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

The right to request a copy of your personal data which the Club holds about you;

The right to request that the Club corrects any personal data if it is found to be inaccurate or out of date;

The right to request your personal data is erased where it is no longer necessary for the Club to retain such data;

The right to withdraw your consent to the processing at any time

The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)

The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

The right to object to the processing of personal data (where applicable)

The right to lodge a complaint with the Club or Information Commissioner’s Office

8.    Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9.    Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the Club Secretary at  or  c/o The Station Hotel, 49 Lovers Walk, Dumfries.

You can contact the Information Commissioners Office on 0303 123 1113 or via email at the Information Commissioner’s Office in Scotland at 45 Melville Street, Edinburgh EH3 7HL· 0131 244 9001


Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use.
Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.

We use Google Analytics to analyse the use of our websites by generating statistical and other information.

Details captured during your visit to our websites will include, but are not limited to, traffic data, location data, weblogs and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.

Google, not the Association, stores this activity information. You can view Google’s privacy notice here.

To opt out of being tracked by Google Analytics across all websites visit their website here.


Every effort has been made to ensure that the original template pages for this site are W3C compatible.

However, as the content of pages is supplied by the club, such content may not be compatible.