Rotary Club of Carnegie Dunfermline Privacy Notice

General Data Protection Regulation

Carnegie Dunfermline Rotary Club

Carnegie Dunfermline Rotary Club Charitable Trust

Privacy Notice

 

Carnegie Dunfermline Rotary Club and Carnegie Rotary Club Charitable Trust (“we”) promise to respect the confidentiality of any personal data you share with us, or that we have access to through Rotary International, to keep it safe. We will always take every effort to protect your privacy.

 

We collect information in the following ways:

 

When you give it to us directly

·         When you contact us for information, enquire about membership, join as a member, begin volunteering, make a donation, or communicate with us, in writing, including through the website, by email or in person.

·         When you participate in our activities such as our services, competitions or fund-raising activities.

 

Via Social Media

Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.

 

Via information available publicly

This may include information found in places such websites (club, charity, action groups) and information that has been published in articles/newspaper.

 

What personal information we collect and how we use it

We will capture the minimum amount of information that we need to in relation to your enquiry, membership, donation, services or activities that you take part in and we promise to keep your information secure. The personal data we will usually collect is:

 

·         Your name

·         Your contact details

·         Donations made and gift aid status

·         In certain circumstances and with your explicit permission, your photograph

 

Where it is appropriate, we may also ask for additional information.

 

For some of our activities we may collect information about young people who are under age 18. We will always ensure that we have consent from a parent, guardian or school official to collect and hold this information. Information about young people who are under 18 will not be stored on our website or shared on social media unless we have explicit consent from a parent, guardian or school official.

 

We do not collect any personal information on members classified as ‘sensitive’ under GDPR.

 

How we will use your data

We will use the personal data of members for the legitimate interest of conducting our Club activities. This will include:

·         Administering your membership or donation, including processing Gift Aid

·         Communicating organisational messages and information to members

·         Facilitating meetings and event planning

·         Supporting The Rotary Foundation and the Rotary Foundation United Kingdom

·         Preparation of member contact lists

·         Appointments to committees, club and district offices, task forces and other assignments within the Rotary organisation

 

We will use personal data in respect of some of our service activities and fund raising activities. This will include:

·         Informing you about forthcoming events and activities

·         The organisation of our activities such as community services, youth competitions and fund-raising activities such as the Swimarathon or Rotary Ride

·         Publicising our activities through our website, social media and press releases

·         In any other way we may describe when you provide the information

·         For any other purposes with your consent

 

Data Sharing

In the course of our legitimate activities, there may be a need for us to share, or give access to, your personal data to third parties:

·         Banking organisations

·         HMRC – for Gift Aid

·         Our website development and support provider

·         Rotary International

·         Rotary International in Great Britain and Ireland

·         Rotary International District 1010

 

We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service providers.

 

Sharing within the Rotary organisation

The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK) and the RIBI Donations Trust. Our Rotary Club is a member of Rotary District 1010 within Rotary International in Great Britain and Ireland.

 

When you give information to us it will be shared within the wider organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation.  We may also pass data to Rotary International in Great Britain and Ireland and Rotary District 1010 as part of competitions and activities that take place in the wider Rotary organisation. We will ensure that data processing agreements, compliant to GDPR, are in place before sharing your data within the wider organisation.

 

Sharing with third parties

We will never commercially sell your personal data to anyone else.

We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.

 

How we keep your information safe and who has access to it

We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored, our online forms are encrypted and our network is protected and routinely monitored.

 

We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by Rotary members and essential service providers.

 

We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach.  If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.

 

Where we store your information

Your personal information will be hosted securely within the UK or the EU by our Rotary Club, by Rotary District 1010 and by Rotary International in Great Britain & Ireland.

 

Rotary International runs its operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you understand your personal data will be transferred, stored and processed at a location outside the EEA.        

 

How long we retain your information and how we keep it up to date

We will keep your information for as long as we need it to assist you with your enquiry, process your membership, donation, event registration or other services associated to your Rotary membership or your participation in our activities.

 

If you participate in any of our activities, we may retain your contact details so that we may contact you again about similar future activities. You can ask to be removed from any such contact lists at any time.

 

There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, financial records must be kept for 7 years, and information associated with Health & Safety for three years after an event. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.

 

Individual members are responsible for keeping their own personal data up to date and have access to the RIBI Data Management System (DMS) or My Rotary on the RIBI website for this purpose. In addition, where necessary, we will keep your information accurate and up-to-date.

 

Your rights

The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

·         You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.

 

·         You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data.  Members and donors have access to their personal data via self-service systems such as the RIBI Data Management System (DMS) or My Rotary via the RI website.  You can also request a copy of the information which we hold on you.

 

·         You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.

 

·         You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.

 

·         You have a right in certain circumstances to data portability.

 

In certain situations, these rights may not apply, for example if you are a valid member we will need to communicate with you about your membership and those services afforded to you as part of that membership. If you hold a club or district office, we may need to communicate with you in relation to that office, in which case you will not be able to unsubscribe from these communications.

 

We collect and process your personal data through legitimate interests or because you have provided it to us.  We will only process your personal data as you would reasonably expect us to. Members can opt out of general member mailings at any time. Members of the public can ask to be deleted from our records at any time by contacting the Secretary (contact details below)

 

Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.

 

Changes to this privacy notice

We may change this privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website www.rotarygbi.org or by notifying you directly.

 

Our contact details

Club Secretary

Dr Janet Lowe

42 Gamekeepers Road

Kinnesswood

Kinross

KY13 9JR

 

Tel: 01592 840277

Email: secretary@carnegie.rotary1010.org

 

Complaints

If you are unhappy with how we have processed your personal information, please firstly contact the Club Secretary, details above. If you are still unhappy you may contact the following:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire, SK9 5AF

 

Helpline: 0303 123 1113 (local rate) or ++44 1625 545 745

 

 

This document was last reviewed and updated 24 May 2018 

Cookies:

Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.