Rotary International in Great Britain and Ireland (Rotary GB&I)
General Data Protection Privacy Policy Notice
Rotary International in Great Britain and Ireland (“we”) promise to respect the confidentiality of any personal
data you share with us, or that we have access to through Rotary International, to keep it safe, and we will always
take every effort to protect your privacy. [For the purpose of this privacy notice, Rotary International in Great
Britain & Ireland (Rotary GB&I) also includes Rotary Foundation United Kingdom (RFUK) and the Rotary GB&I Donations Trust].
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and
process your information; we promise we will never do anything with your details that you wouldn’t reasonably
expect.
Developing a better understanding of our members and donors is crucial, and your personal data allows us to
manage your membership and provide the services you are entitled to.
It is expected that club and district officers may also process member personal data on behalf of Rotary
International in Great Britain and Ireland and the Rotary organisation and they too will also be bound by this
privacy notice.
We collect information in the following ways:
When you give it to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, begin
volunteering, make a donation, purchase our products or communicate with us either by phone, in writing,
including email or in person. We are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, for example sites like Virgin Money Giving
or BT MyDonate or other such services. These independent third parties will only share your information when
you have consented. You should check their Privacy Notice when you provide your information to understand
fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook,
WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or
services.
Via information available publicly
This may include information found in places such websites (club, district, action groups etc), Companies House
and information that has been published in articles/newspapers.
Cookies
Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store
any personal data in the cookies that we use.
Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or
phone or tablet). They make interacting with a website faster and easier – for example by automatically filling
your name and address in text fields.
Page 2 of 6
In addition, the type of device you’re using to access our website or apps and the settings on that device may
provide us with information about your device, including what type of device it is, what specific device you have,
what operating system you’re using, what your device settings are. Your device manufacturer or operating system
provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it. You
should be able to control what cookies are placed on your device through your browser settings. Go to
https://www.aboutcookies.org/ to find out more about cookies, including how to see what cookies have been set
and how to manage and delete them.
We use Google Analytics to analyse the use of our websites by generating statistical and other information.
Details captured during your visit to our websites will include, but are not limited to, traffic data, location data,
weblogs and other communication data and the resources you access. However, all data collected is anonymous
and will not identify you as an individual.
Google, not the Association, stores this activity information. You can view Google’s privacy notice at
http://www.google.com/privacypolicy.html.
To opt out of being tracked by Google Analytics across all websites visit
https://tools.google.com/dlpage/gaoptout.
What personal information we collect and how we use it#
We will only ever capture the minimum amount of information that we need to in relation to your membership,
donation or services we provide to you and we promise to keep your information secure. The personal data we
will usually collect is:
• Your name
• Your contact details
•
Your date of birth
•
Your bank or credit card details (as relevant to the service provided)
• Details of the enquiry, service or product
Where it is appropriate, we may also ask for additional information
How we will use your data
We will use your personal data for the legitimate interest of conducting core business activities, these will
include:
• Administer your membership or donation, including processing Gift Aid
• Provide you with the services, products or information you asked for
• Providing services, products, guidance or information to clubs and districts for their general activities,
including Disclosure and Barring Service checks
• Communicating organisational messages and information to members, district and club officers
• Facilitate conference, training seminars, meetings and other special event planning
• Supporting ‘The Rotarian’ and ‘Rotary’ magazines
• Supporting The Rotary Foundation (TRF) and the Rotary Foundation United Kingdom
• Providing information and updates to district and club officers on RI and Rotary GB&I programmes and service
projects
• Preparation of Rotary directories
• Identifying candidates for Presidential and Foundation appointments to conferences
.
• Appointments to committees, club and district offices, task forces and other assignments within the Rotary
organisation
• To present our website and its contents to you and to allow you to participate in interactive features on our
website
Page 3 of 6
• For HR/Employment records for staff
• Keep a record of your relationship with us
• Understand how we can improve our services, products or information
• In any other way we may describe when you provide the information
• For any other purposes with your consent
Sensitive information
We do not collect any personal information on members classified as ‘sensitive’ under GDPR.
Employees
We will collect all personal information required to comply with employment legislation, including where
necessary sensitive information. This may include medical information and where additionally appropriate we will
perform a criminal record search. To prevent discrimination and to ensure diversity, we shall request information
from the employee on religion, sexuality and ethnicity.
Interact, Rotakids and under 18’s data
We do not collect information from under 18’s. Interact and Rotakids clubs are managed through the identified
Rotarian member contact.
The Rotary GB&I District Youth Exchange Association operates as a separate entity to Rotary GB&I and RI and is responsible for the
organisation of Rotary youth exchange programmes. You can view their privacy notice by visiting their website:
https://www.youthexchange.org.uk/
CCTV
In order to prevent and detect crime, and to ensure the safety of our members and staff, we operate CCTV
systems at the Rotary Support Centre, Kinwarton Road, Alcester, Warwickshire, B49 6PB. These cameras record
footage in real-time and are operated and controlled by our own staff. We would only share this information
when requested to do so as required by law, police investigation, or if pertinent to judicial or governmental
investigation.
Recording Telephone Calls
We use a voice-telephony system at the Rotary Support Centre office. From time to time we may record calls for
the purposes of:
• providing clarification and confirmation of information given or received
• enabling quality monitoring of Support Centre staff
• effective staff training
If recording is in operation, callers will be informed that their calls are being recorded for these purposes by a prerecorded opening greeting message when they call the Support Centre.
Data recorded by the telephone voice recording system will only be used for the purposes set out above. The data
shall be held securely and accessed by authorised users only. Within the scope of usage described above, we may
export data from the voice recorder. Exported data shall be stored in secure locations but be deleted within 12
months of capture.
Data Sharing
1) Our service/host providers
In the course of our legitimate business activities, there may be a need for us to share, or give access to, your
personal data to third parties that provide us with services or host our applications/software that you may access,
for instance:
• Arden Group – our IT development, management and support
• Banking organisations – those that provide our banking/payment services
• Bucks.net – our payment facility for EventsAir
• Contently Limited and Warners – our magazine publishers and distribution providers
Page 4 of 6
• EventsAir – our event management software provider
• Heart Internet – our Rotary GB&I Template database, Data Management System (DMS) and rotarygbi.org secure
hosting service provider
• HMRC – for Gift Aid, tax and employment details
• HROC – our website development and support provider
• MailChimp – our communication mailing software service provider
• Midshire Communications Limited – our digital archiving support provider
• One Advance – our donations database provider
• Rotary International
• Shred-it – our confidential paper disposal provider
• Snap Surveys Limited – our survey software support and host provider
• Steamdesk – our online shop service provider
• Turning Technologies – provider of voting delegate services
We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving
access to, your data with any of our service/host providers.
2) Sharing within the Rotary organisation
The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in
Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK) and the Rotary GB&I Donations Trust.
When you give information to us it will be shared within the wider organisation to facilitate your membership or
donations and to provide the service afforded to you as part of that membership/donation. We will ensure that
data processing agreements, compliant to GDPR, are in place before sharing your data within the wider
organisation.
Rotary clubs and districts within Rotary International in Great Britain and Ireland are data processors for some of
your personal information associated with your membership and will process your data in accordance with the
Rotary GB&I privacy notice. Clubs and districts also collect personal data for their individual club and district activities and
are therefore also independent data controllers. This means they are also legally responsible for protecting your
data under GDPR legislation whilst in their safekeeping and will have their own privacy notices in this respect.
3) Sharing with third parties
We will never commercially sell your personal data to anyone else.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and
informed consent at the time of collection. However, we may need to disclose your details if required to the
police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For
example, confidential paper records are securely stored, our online forms are encrypted and our network is
protected and routinely monitored. Confidential paper waste is shredded at our premises by on-site secure
document disposal contractors.
We undertake regular reviews of who has access to information that we hold to ensure that your personal
information is only accessible by appropriate staff, Rotary members and our service/host providers. We do
comprehensive checks on the companies we use before we work with them and put a contract in place that sets
out our expectations and requirements, especially regarding how they manage the personal data they may have
access to as part of providing those services.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and
where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely
to result in a high risk of adversely affecting you, we will inform you without undue delay.
Where we store your information
Page 5 of 6
Your personal information will be hosted securely within the UK or the EU by Rotary International in Great Britain
& Ireland.
However, Rotary International run its operations outside the European Economic Area (EEA). Although they may
not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure
they provide an adequate level of protection in accordance with UK data protection law. By submitting your
personal information to us you understand your personal data will be transferred, stored and processed at a
location outside the EEA. You can view Rotary International’s privacy notice by visiting their website:
https://my.rotary.org/en/privacy-policy
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, process your
membership, donation, event registration or other services associated to your Rotary membership. There are
statutory timescales on how long we should keep your information, for example, gift aid transactions must be
retained indefinitely, employment records for 6 years after an employee leaves, financial records must be kept for
7 years, information associated with Health & Safety for three years after an event. We shall delete your
information according to these statutory limits, or according to guidance issued by the Information
Commissioner.
Individual members are responsible for keeping their own personal data up to date and have access to the Rotary GB&I
Data Management System (DMS) or My Rotary on the Rotary GB&I website for this purpose. In addition, where necessary,
we will keep your information accurate and up-to-date.
Your rights
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience,
further clarification of your rights is available on the Information Commissioners website https://ico.org.uk/fororganisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
• You have a right to be informed when your personal data is being collected, what is collected and how it will
be used or shared.
• You have a right of access to your personal data: the right of access allows you to be aware of and verify the
lawfulness of the processing of your personal data. Members and donors have access to their personal data
via self-service systems such as the Rotary GB&I Data Management System (DMS) or My Rotary via the RI website.
You can also request a copy of the information which we hold on you. This information will be provided free
of charge, unless the request is found to be manifestly unfounded or excessive then a reasonable fee will be
charged. The application should be made in writing, by letter or email, and addressed to the Rotary GB&I General
Secretary, contact details shown below, enclosing two proofs of identification.
Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because
they are repetitive, Rotary GB&I can:
- charge a reasonable fee taking into account the administrative costs of providing the information;
or - refuse to respond.
• You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict
processing), erased (right to be forgotten), or destroyed.
• You have a right in certain circumstances to object to the processing of your personal data for such reasons as
direct marketing, automated decision making, profiling; although we can confirm we make no decisions on
you using an automated process.
• You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply, for example if you are a valid member we will need to
communicate with you about your membership and those services afforded to you as part of that membership;
Page 6 of 6
you hold a club or district office and we need to communicate with you in relation to that office, in which case
you will not be able to unsubscribe from these communications.
We collect and process your personal data through legitimate interests or because you have provided it to us to
enable us to deliver a service to you. We will only process your personal data as you would reasonable expect us
to. You can opt out of our general member mailings at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint
with the Office of the Information Commissioner, contact details below.
Changes to this privacy notice
We may change this privacy Notice from time to time. If we make any significant changes in the way we treat
your personal information we will make this clear on our website www.rotarygbi.org or by notifying you directly.
Our contact details
Rotary GB&I General Secretary
Rotary International in Great Britain and Ireland
Kinwarton Road
Alcester
Warwickshire
B49 6PB
Tel: 01789 765411
Email: secretary@rotarygbi.org
Complaints
If you are unhappy with how we have processed your personal information, please firstly contact the Rotary GB&I General
Secretary, details above. If you are still unhappy you may contact the following:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or ++44 1625 545 745
Rotary International in Great Britain and Ireland
This document was last reviewed and updated 29Mar 2018