Privacy and Accessibility

Every effort has been made to ensure that the original template pages for this site are W3C compatible.

However, as the content of pages is supplied by the club, such content may not be compatible.


We do not use cookies on this site to identify individuals, other than when a member logs into the members area. These are 'Session Cookies' which are destroyed when a member logs out of the site or closes the browser window - they are not stored long term on the user's computer. These are used so that a member can only log into his/her club etc.

We use Google Analytics to make sure our statistics are reliable.

Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

We have some pages that link to external tools such as Google Maps and YouTube. These tools sit on Google’s web servers and you can find more information on Google's Privacy Policy here.

Some pages may have cookies used to integrate with Social Media sites, so that, for example, if you are logged into Facebook, you can 'like' pages.

We do not collect personal data in the public area of the site - if you complete a contact form, for example, your email address is not stored in a database for re-use, nor is any information passed to third parties.



Implementing the new General Data Protection Regulation (GDPR) with effect from 25 May 2018


The GDPR comes into force on 25 May 2018 and replaces the current Data Protection Act 1998. The GDPR will apply to all organisations that process data, regardless of size, legal or tax status (e.g. charity). There are no exemptions from compliance with the Regulation and clubs should note the fines for getting it wrong could be huge.

While the Club (referred to as ‘we’throughout this document) awaits for RI and RIBI to provide advice and guidance to districts and clubs, we have put in place, as a key requirement, this Privacy Notice, which is a policy statement or a legal document(in privacy law) that discloses some or all of the ways in which the Club gathers, uses, discloses, and manages the personal data that it holds for members and other individuals.

Most, if not all, of the information that individuals give on their membership application forms, event entry forms and the information that the Club collects from visitors, suppliers and volunteers, will be classed as ‘personal data’.

1.    Your personal data – what is it?

Personal data is any information relating to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. A person is identifiable if they ‘ can be identified, directly or indirectly, in particular by reference to an identifier such as full name, date of birth, gender, bank account or credit card details, an identification number, address, email address, phone number, and emergency contact details. 

The policy does not address the issues which may arise if the Club collects any “sensitive” personal data (which includes amongst others, health information, race, political and religious beliefs). The rules relating to those issues are more onerous than for non-sensitive personal information, so the Club should only collect such information if it is really necessary for it to do so. The processing of all personal data is governed by the GDPR.

2.    Who are we? 

The Rotary Club of Dumfries Devorgilla (“the Club”) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3.    How do we process your personal data?

The Club complies with its obligations under the “GDPR” by keeping personal data up to date and accurate; by erasing it in certain circumstances, by storing and destroying it securely; by not collecting or retaining inappropriate or excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

To enable us to run events and activities;

To administer membership records;

To fundraise for charitable purposes;

To manage our volunteers;

To maintain our own accounts and records (including the processing of gift aid applications);

To inform you of news, events, activities and services run by the Club.

4.    What is the legal basis for processing your personal data?

(a)  Your explicit consent to us for using your personal data for the purposes above, and

(b)  Processing your data is necessary for carrying out legal obligations; 

5.    Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the Club in order to carry out the purposes above. We will only share your data with third parties with your prior consent.


6.    How long do we keep your personal data?

We keep data until we believe you no longer wish to be involved with the purposes above or you tell us you no longer want us to hold it.

Specifically, we retain gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.

7.    Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

The right to request a copy of your personal data which the Club holds about you;

The right to request that the Club corrects any personal data if it is found to be inaccurate or out of date;

The right to request your personal data is erased where it is no longer necessary for the Club to retain such data;

The right to withdraw your consent to the processing at any time

The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)

The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

The right to object to the processing of personal data (where applicable)

The right to lodge a complaint with the Club or Information Commissioner’s Office

8.    Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9.    Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the Club Secretary at  or  c/o The Station Hotel, 49 Lovers Walk, Dumfries.

You can contact the Information Commissioners Office on 0303 123 1113 or via email at the Information Commissioner’s Office in Scotland at 45 Melville Street, Edinburgh EH3 7HLยท 0131 244 9001