Rotary Club of Ipswich Wolsey Privacy Notice
Privacy Notice
(c) The Rotary Club of Ipswich Wolsey 2018
The Rotary Club of Ipswich Wolsey (“the Club”) promise to respect the confidentiality of any personal data that you share with us, to keep it safe and to always take every effort to protect your privacy.
“The Club” prides itself on its honesty and openness and will always be clear how, when and why “the Club” collects and processes your information. “The Club” promises that it will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members, supporters and donors is crucial, and your personal data allows us to manage your membership and/or support of “the Club” and provide the services you are entitled to.
Who are we?
The Rotary Club of Ipswich Wolsey “the Club” is the Data Controller (contact details below). This means that it decides how your personal data is processed and for what purposes.
“The Club” collects information in the following ways:
When you give it to “the Club” DIRECTLY
There are many ways you may give us your information. For example, if you join as a member, begin volunteering or supporting “the Club”, communicate with “the Club” either by phone, in writing, including email or in person. “The Club” is responsible for your data at all times.
When you give it to “the Club” INDIRECTLY
Your information may be shared with “the Club” by independent organisations, for example sites like Virgin Money Giving or BT MyDonate or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give “the Club” permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such as websites, Companies House and information that has been published in articles/newspapers.
Cookies
Like most websites the website used by “the Club” uses “cookies” to help make our website and the way you may use it, better. No personal data is stored in the “cookies” that are used.
Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access the Club’s website or apps and the settings on that device may provide “the Club” with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to “the Club”.
The type and quantity of information collected by “the Club” and how “the Club” uses it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.
“The Club” uses Google Analytics to analyse the use of the Club’s websites by generating statistical and other information.
Details captured during your visit to the Club’s websites will include, but are not limited to, traffic data, location data, weblogs and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.
Google, not “the Club”, stores this activity information. You can view Google’s privacy notice at https://policies.google.com/privacy
To opt out of being tracked by Google Analytics across all websites visit their website at https://tools.google.com/dlpage/gaoptout
What personal information “the Club” collects and how it uses it
“The Club” will only ever capture the minimum amount of information that it needs to, in relation to your membership, support, donation or services “the Club” provides to you and “the Club” promises to keep your information secure. The personal data “the Club” will usually collect is:
- Your name
- Your contact details
- For Club members only - the club may also collect bank details, National Insurance numbers and dates of birth.
Where it is appropriate, “the Club” may also ask for additional information
How “the Club” will use your data
“The Club” will use your personal data for the legitimate interest of conducting core business activities, these will include:
- Administer your membership, support or donation, including processing Gift Aid
- Provide you with the services, products or information you asked for
- Communicating organisational messages and information
- To present “the Club” website and its contents to you and to allow you to participate in interactive features on “the Club” website
- Keep a record of your relationship with us
- To produce an annual “Club Member List”. Each Rotary year the club will produce a Club Member List. This includes member’s names, postal and email addresses and telephone numbers (mobile and home). The list will also include details of member’s spouses/partners (where applicable and where consent has been given). The list will be available to all members in either electronic or paper versions. Members cannot pass or sell any of the data included in the Club Member List to anyone else and members can only use the data for club related communication. Prior to production club members will be asked to confirm that the data the club holds for them is accurate. An electronic version of the Club Member List will be available on the “members only” section of the club website. Club members must securely shed the paper version of the previous year’s list once the list for the new year has been compiled. If members hold any details from the Club Member List on their mobile phones, those members must have a Remote Data Wipe on their mobile in case this is lost or stolen.
- Understand how “the Club” can improve its services, products or information
- In any other way “the Club” may describe when you provide the information
- For any other purposes with your consent
Sensitive information
“The Club” does not collect any personal information from members, volunteers or supporters classified as ‘sensitive’ under GDPR.
Under 18’s data
The Club receives data for children and young people under the age of 18 who are participating in various Rotary Competitions. Separate Polices are held for each competition and are available on request.
Data Sharing
Our service/host providers
In the course of “the Club’s” legitimate business activities, there may be a need for “the Club” to share, or give access to, your personal data to third parties that provide “the Club” with services or host “the Club’s” applications/software that you may access, for instance:
- Arden Group – “the Club’s” IT development, management and support
- Banking organisations – those that provide banking/payment services for “the Club”
- Bucks.net – the payment facility for EventsAir
- Contently Limited and Warners – the magazine publishers and distribution providers
- EventsAir – The event management software provider used by Rotary International in Great Britain& Ireland (RIBI)
- Heart Internet – the RIBI Template database, Data Management System (DMS) and rotarygbi.org secure hosting service provider
- HMRC – for Gift Aid, tax and employment details
- HROC – the website development and support provider
- MailChimp – the communication mailing software service provider used by RIBI
- One Advance – the donations database provider used by RIBI
- Rotary International
- Snap Surveys Limited – the survey software support and host provider used by RIBI
“The Club” will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers.
Sharing within the Rotary organisation The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK) and the RIBI Donations Trust.
When you give information to “the Club” it may be shared within the wider organisation to facilitate your membership, support or donations and to provide the service afforded to you as part of that membership/support/donation. “The Club” will ensure that data processing agreements, compliant to GDPR, are in place before sharing any of your data within the wider organisation.
Sharing with third parties
“The Club” will never commercially sell your personal data to anyone else.
“The Club” will only ever share your personal data in other circumstances, not listed above, if it has your explicit and informed consent at the time of collection. However, “the Club” may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How “the Club” keep your information safe and who has access to it
“The Club” will ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored. The online forms provided by RIBI are encrypted and the network is protected and routinely monitored. Confidential paper waste is shredded.
“The Club” undertakes regular reviews of who has access to information that it hold to ensure that your personal information is only accessible by Club members, Rotary members and our service/host providers. RIBI carries out comprehensive checks on the companies “the Club” uses before working with them and put a contract in place that sets out the expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
“The Club” has a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, it will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, “the Club” will inform you without undue delay.
Where “the Club” stores your information
Your personal information will be hosted securely within the UK. “The Club” uses Sync.Com for this purpose.
How long “the Club” retain your information and how it keeps it up to date
“The Club” will only keep your information for as long as it needs it to assist you with your enquiry, process your membership, donation, event registration or other services associated to your support of “the Club”. There are statutory timescales on how long “the Club” should keep your information, for example, gift aid transactions must be retained indefinitely, employment records for 6 years after an employee leaves, financial records must be kept for 7 years, information associated with Health& Safety for three years after an event. “The Club” shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Your rights
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website.
- You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
- You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. You can also request a copy of the information which “the Club” holds on you. This information will be provided free of charge, unless the request is found to be manifestly unfounded or excessive then a reasonable fee will be charged. The application should be made in writing, by letter or email, and addressed to the Club Secretary, contact details shown below, enclosing two proofs of identification.
Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because they are repetitive, “the Club” can:
- charge a reasonable fee taking into account the administrative costs of providing the information; or
- refuse to respond.
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
- You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
- You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply.
“The Club” collects and process your personal data through legitimate interests or because you have provided it to “the Club” to enable “the Club” to deliver a service to you. “The Club” will only process your personal data as you would reasonable expect it to. You can opt out of “the Clubs” general member mailings at any time.
Finally, if you are unhappy with how “the Club” has processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to this privacy notice
“The Club” may change this privacy Notice from time to time. If it makes any significant changes in the way it treats your personal information it will make this clear on “the Club” website www.ipswichwolsey.org.uk, or by notifying you directly.
Club contact details
To exercise all relevant rights, raise queries or make complaints please in the first instance contact the Club Secretary via the “contact” menu on the Club’s website.
Complaints
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or ++44 1625 545 745
[This privacy notice was last reviewed and updated 21 May 2018]
Data Protection Policy
Data Protection Policy for The Rotary Club of Ipswich Wolsey
1. RIBI has established that is does not need to notify [register] as a Data
Controller with the Information Commissioner in the UK under the provisions
of the Data Protection Act 1998 as it is exempt because it is a not-for-profit
organisation.
2. The Rotary Club of Ipswich Wolsey has adopted the same approach as it
is a not-for-profit organisation and can therefore claim the relevant exemption.
3. Under the terms of this exemption, The Rotary Club of Ipswich Wolsey agrees that:
i. It holds personal information only for the purposes of increasing or
maintaining membership or support for the club
ii. Any personal information held will only be for those who are either
members of the club or who have regular contact with the club
iii. The only persons whose personal data is held will be those for whom the
personal information is necessary in order to meet point (i) e.g. past,
existing or prospective members or those who have regular contact with
the club
iv. The only data held will be that necessary to meet point (i) above e.g.
names, addresses, phone numbers, email addresses, eligibility for
membership
v. The club will not disclose any personal information, other than that made
with the consent of the individual(s) concerned, to any third party other
than providing members' details to other Rotary organisations e.g. RIBI,
District 1180
vi. The Rotary Club Of Ipswich Wolsey will not keep personal information once the relationship between the club and the individual(s) concerned ends.
4. The Rotary Club of Ipswich Wolsey agrees to hold and process personal data in accordance with the eight basic Data Protection Principles, namely that data must be:
-
Fairly and lawfully processed;
-
Processed for limited purposes;
-
Adequate, relevant and not excessive;
-
Accurate;
-
Not kept for longer than is necessary;
-
Processed in line with your rights;
-
Secure.
General Data Protection Regulations (GDPR) – Privacy Notice for Children and Young Person’s under the age of 18 participating in the Rotary Young Writers Competition
1. Your personal data – what is it?
The Club will only ever capture the minimum amount of information that it needs to in relation to your participation in the Rotary Young Writer Competition. This will be
- Your name
- Your age on 31 August (of the year the competition is being run)?
- Your signature to certify that the entry is your own work
- Authorisation to participate, from a parent, guardian or carer (if under 18 on 31 August)
2. Who are we?
The Rotary Club of Ipswich Wolsey (“the Club”) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
The Club complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate physical and technical controls are in place to protect your personal data.
We use your personal data for the following purposes:
- To mark your entry in the Rotary Young Writer Competition
- To ensure that all entries are placed in the appropriate age group
- To record the consent of a parent, guardian or carer
- To confirm that entry is entirely your own work
4. What is the legal basis for processing your personal data?
- Your explicit consent to us using your personal data for the purposes above.
- Processing is necessary for carrying out legal obligations;
5. Sharing your personal data
The Club will not share your data with anyone other than club members and your school.
The Club will never commercially sell your personal data to anyone.
6. How long do we keep your personal data
All stories will be returned to your school and no copies will be kept.
7. Your rights and your personal data
- Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
- The right to request a copy of your personal data which the Club holds about you;
- The right to request that the Club corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Club to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, known as the right to data portability, (where applicable);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable); and
- The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose not covered by this consent form, we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, raise queries or make complaints please in the first instance contact the Club Secretary via the “Contact” button on the Club website. www.ipswichwolsey.org.uk
You can contact the Information Commissioners Office on 0303 123 1113 or by post to the Information Commissioner’s Office, the current address being Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If aged under 18 on 31 August, the declaration below should be signed by a Parent, Guardian/Carer. If aged over 18 on 31 August the entrant should sign below.
I……………………………………………………………………………………………………………….. (Name – please print)
Hereby consent to the Rotary Club of Ipswich Wolsey using my personal data as outlined above.
Signed………………………………………………………………….
Date……………………………………………………………………..
[This consent form was last reviewed and updated 29 April 2018]
Cookies:
Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.