GDPR Privacy Notice
GDPR Privacy Notice
To see Our Data Protection Policy click on Related Page above
(c) The Rotary Club of Ipswich Wolsey 2018
The Rotary Club of Ipswich Wolsey (“the Club”) promise to respect the confidentiality of any personal data that you share with us, to keep it safe and to always take every effort to protect your privacy.
“The Club” prides itself on its honesty and openness and will always be clear how, when and why “the Club” collects and processes your information. “The Club” promises that it will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members, supporters and donors is crucial, and your personal data allows us to manage your membership and/or support of “the Club” and provide the services you are entitled to.
Who are we?
The Rotary Club of Ipswich Wolsey “the Club” is the Data Controller (contact details below). This means that it decides how your personal data is processed and for what purposes.
“The Club” collects information in the following ways:
When you give it to “the Club” DIRECTLY
There are many ways you may give us your information. For example, if you join as a member, begin volunteering or supporting “the Club”, communicate with “the Club” either by phone, in writing, including email or in person. “The Club” is responsible for your data at all times.
When you give it to “the Club” INDIRECTLY
Your information may be shared with “the Club” by independent organisations, for example sites like Virgin Money Giving or BT MyDonate or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give “the Club” permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such as websites, Companies House and information that has been published in articles/newspapers.
Like most websites the website used by “the Club” uses “cookies” to help make our website and the way you may use it, better. No personal data is stored in the “cookies” that are used.
Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access the Club’s website or apps and the settings on that device may provide “the Club” with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to “the Club”.
The type and quantity of information collected by “the Club” and how “the Club” uses it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.
“The Club” uses Google Analytics to analyse the use of the Club’s websites by generating statistical and other information.
Details captured during your visit to the Club’s websites will include, but are not limited to, traffic data, location data, weblogs and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.
Google, not “the Club”, stores this activity information. You can view Google’s privacy notice at https://policies.google.com/privacy
To opt out of being tracked by Google Analytics across all websites visit their website at https://tools.google.com/dlpage/gaoptout
What personal information “the Club” collects and how it uses it
“The Club” will only ever capture the minimum amount of information that it needs to, in relation to your membership, support, donation or services “the Club” provides to you and “the Club” promises to keep your information secure. The personal data “the Club” will usually collect is:
- Your name
- Your contact details
- For Club members only - the club may also collect bank details, National Insurance numbers and dates of birth.
Where it is appropriate, “the Club” may also ask for additional information
How “the Club” will use your data
“The Club” will use your personal data for the legitimate interest of conducting core business activities, these will include:
- Administer your membership, support or donation, including processing Gift Aid
- Provide you with the services, products or information you asked for
- Communicating organisational messages and information
- To present “the Club” website and its contents to you and to allow you to participate in interactive features on “the Club” website
- Keep a record of your relationship with us
- To produce an annual “Club Member List”. Each Rotary year the club will produce a Club Member List. This includes member’s names, postal and email addresses and telephone numbers (mobile and home). The list will also include details of member’s spouses/partners (where applicable and where consent has been given). The list will be available to all members in either electronic or paper versions. Members cannot pass or sell any of the data included in the Club Member List to anyone else and members can only use the data for club related communication. Prior to production club members will be asked to confirm that the data the club holds for them is accurate. An electronic version of the Club Member List will be available on the “members only” section of the club website. Club members must securely shed the paper version of the previous year’s list once the list for the new year has been compiled. If members hold any details from the Club Member List on their mobile phones, those members must have a Remote Data Wipe on their mobile in case this is lost or stolen.
- Understand how “the Club” can improve its services, products or information
- In any other way “the Club” may describe when you provide the information
- For any other purposes with your consent
“The Club” does not collect any personal information from members, volunteers or supporters classified as ‘sensitive’ under GDPR.
Under 18’s data
The Club receives data for children and young people under the age of 18 who are participating in various Rotary Competitions. Separate Polices are held for each competition and are available on request.
Our service/host providers
In the course of “the Club’s” legitimate business activities, there may be a need for “the Club” to share, or give access to, your personal data to third parties that provide “the Club” with services or host “the Club’s” applications/software that you may access, for instance:
- Arden Group – “the Club’s” IT development, management and support
- Banking organisations – those that provide banking/payment services for “the Club”
- Bucks.net – the payment facility for EventsAir
- Contently Limited and Warners – the magazine publishers and distribution providers
- EventsAir – The event management software provider used by Rotary International in Great Britain& Ireland (RIBI)
- Heart Internet – the RIBI Template database, Data Management System (DMS) and rotarygbi.org secure hosting service provider
- HMRC – for Gift Aid, tax and employment details
- HROC – the website development and support provider
- MailChimp – the communication mailing software service provider used by RIBI
- One Advance – the donations database provider used by RIBI
- Rotary International
- Snap Surveys Limited – the survey software support and host provider used by RIBI
“The Club” will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers.
Sharing within the Rotary organisation The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK) and the RIBI Donations Trust.
When you give information to “the Club” it may be shared within the wider organisation to facilitate your membership, support or donations and to provide the service afforded to you as part of that membership/support/donation. “The Club” will ensure that data processing agreements, compliant to GDPR, are in place before sharing any of your data within the wider organisation.
Sharing with third parties
“The Club” will never commercially sell your personal data to anyone else.
“The Club” will only ever share your personal data in other circumstances, not listed above, if it has your explicit and informed consent at the time of collection. However, “the Club” may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How “the Club” keep your information safe and who has access to it
“The Club” will ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored. The online forms provided by RIBI are encrypted and the network is protected and routinely monitored. Confidential paper waste is shredded.
“The Club” undertakes regular reviews of who has access to information that it hold to ensure that your personal information is only accessible by Club members, Rotary members and our service/host providers. RIBI carries out comprehensive checks on the companies “the Club” uses before working with them and put a contract in place that sets out the expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
“The Club” has a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, it will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, “the Club” will inform you without undue delay.
Where “the Club” stores your information
Your personal information will be hosted securely within the UK. “The Club” uses Sync.Com for this purpose.
How long “the Club” retain your information and how it keeps it up to date
“The Club” will only keep your information for as long as it needs it to assist you with your enquiry, process your membership, donation, event registration or other services associated to your support of “the Club”. There are statutory timescales on how long “the Club” should keep your information, for example, gift aid transactions must be retained indefinitely, employment records for 6 years after an employee leaves, financial records must be kept for 7 years, information associated with Health& Safety for three years after an event. “The Club” shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website.
- You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
- You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. You can also request a copy of the information which “the Club” holds on you. This information will be provided free of charge, unless the request is found to be manifestly unfounded or excessive then a reasonable fee will be charged. The application should be made in writing, by letter or email, and addressed to the Club Secretary, contact details shown below, enclosing two proofs of identification.
Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because they are repetitive, “the Club” can:
- charge a reasonable fee taking into account the administrative costs of providing the information; or
- refuse to respond.
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
- You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
- You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply.
“The Club” collects and process your personal data through legitimate interests or because you have provided it to “the Club” to enable “the Club” to deliver a service to you. “The Club” will only process your personal data as you would reasonable expect it to. You can opt out of “the Clubs” general member mailings at any time.
Finally, if you are unhappy with how “the Club” has processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to this privacy notice
“The Club” may change this privacy Notice from time to time. If it makes any significant changes in the way it treats your personal information it will make this clear on “the Club” website www.ipswichwolsey.org.uk, or by notifying you directly.
Club contact details
To exercise all relevant rights, raise queries or make complaints please in the first instance contact the Club Secretary via the “contact” menu on the Club’s website.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or ++44 1625 545 745
[This privacy notice was last reviewed and updated 21 May 2018]