Rotary Club of Guildford Privacy Notice
The Rotary Club of Guildford ‑ Privacy Notice
The Rotary Club of Guildford (the Club) is committed to safeguarding the privacy of our members. The Club will only use the information that we collect about you lawfully and will keep it secure in accordance with the Data Protection Act 1998 as amended or supplemented by law or regulation from time to time (the “Act”).
Changes to Data Protection Legislation
Data Protection legislation and regulation are likely to change over time. The bringing into force of the General Data Protection Regulations (GDPR) is the basis of significant change. This Privacy Notice is therefore intended to comply with the Act and GDPR but may change over time.
Member’s Terms & Conditions
This Privacy Notice, forms part of the Terms & Conditions for being a member of the Club. In legal terms, members are “Data Subjects,” i.e. “you.” However, we may also under this collect personal information regarding your partner. This will be subject to their separate consent.
The Data Controller
The Club is from a legal perspective classed as the ‘Data Controller.”
The formal mechanism for members to raise concerns regarding the processing of personal data is primarily to email the Club Secretary. However, verbal enquiries will be treated appropriately, although a written follow up may be requested, if appropriate.
For certain financial matters (e.g. late payment of Annual Subscription or for an event you have attended) the Club reserves the right to contact you as it will have a legitimate interest on behalf of all members.
Type of Data Held
The Club holds some or all of the following information on members of the Club in a password controlled electronic format, with some on hard copy file:
1. Name: Title, first name, surname, any post nominal;
2. Membership details: Joining date, category (Rotarian, Honorary Club Member, Club Friend),
3. Personal information: Date of birth, brief CV, dietary and access constraints,;
4. Contact details: Address, phone number, email address;
5. Photograph: Head & shoulders photograph.
Partners and Guests
Subject to separate consent, we will store similar information about a member’s partner.
The names, gender and dietary requirements of any guests invited to a function will also require explicit consent for storage and use which will normally be sought at the time of booking.
The Club will keep photographs taken at Club events for archive and publicity purposes.
Equally, minutes of meetings and records of decisions may include your name and other information about you.
Purpose of Processing Personal Data.
The Club uses the information mentioned above for the purposes of communicating with members of the Club via email and other postal or electronic deliveries. We do this primarily to promote, support, and encourage the sharing of fellowship and other Rotary events. Information as to dietary and access constraints allow us to provide suitable meals and access to events.
Lawful Basis of Processing Personal Data
The lawful bases of processing your personal data are as follows:
Consent. Once you have agreed to this Privacy Notice of our Terms & Conditions, you will be registered for the processing of your personal data, based upon your Consent.
Legal obligation. We may be required to retain certain data for a prescribed period to satisfy, for example, HMRC requirements or other legislation or regulations.
Information Held after Leaving
Upon leaving the Club as a member, we will request your consent to continuing to hold your name and relevant details to support our historical records.
Personal data will be held until the end of the subscription year in which a member leaves, unless express permission to hold it longer has been obtained. At that point data will be reduced to a “stub” record and such as is required for legal purposes (eg. HMRC audit).
Data Subject’s Rights
You have a number of Rights, outlined below:
Right of Access. You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
• Confirmation that your data is being processed (held)
• Access to your personal data (a copy) and
• Other supplementary information that corresponds to the information permitted in this privacy notice.
Fees and Timings. Under GDPR and from 25 May 2018, this information will be provided without charge; without delay and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular, because they are repetitive, we may choose to: charge a reasonable fee, taking into account the administrative costs of providing the information; or refuse to respond. The reasons for this will be formally notified to you and your rights to appeal to the appropriate Supervisory Authority, i.e. the UK Information Commissioner’s Office (ICO) will be highlighted.
Identify Verification. To protect your personal data, we will seek to verify your identity before releasing any information; this information will normally be [released] in electronic format.
As a member this will normally be a simple process, however if the SAR is made from a member living overseas, or former member, or by the relative of a deceased member, then additional verification steps are likely.
Right of Rectification. You are entitled to have personal data rectified if it is inaccurate or incomplete. We will respond within one month of your request. In the unlikely event the Club does not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.
Right of Erasure. You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’. However, you do have a right to have personal data erased and to prevent processing in specific circumstances:
• Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
• When you withdraw consent;
• When you object to the processing and there is no overriding legitimate interest for continuing the processing;
• The personal data was unlawfully processed;
• The personal data has to be erased in order to comply with a legal obligation;
Right to Restrict Processing. Under the Act, you have a right to ‘block’ or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, the Club is permitted to store the personal data, but not further process it. In this event exactly what is held and why will be explained to you.
Right to Data Portability. You may request to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
• To personal data you have provided to the Club
• Where the processing is based on your consent or for the performance of a contract and
• When processing is carried out by automated means.
In these circumstances we will provide a copy of your data in CSV format or PDF free of charge, without undue delay and within one month. If there is a delay to this, you will be informed.
Right to Object. You have the right to object to:
• Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• Direct marketing (including profiling) and
• Processing for purposes of scientific/historical research and statistics.
We do not participate in the first and third activities. We do, however, conduct marketing activities as explained above.
Automated Decision Making and Profiling. The Club does not employ any automated decision-making or conduct profiling of Data Subjects. However, if you have consented to your information being held on our database, we may periodically send you marketing information so that you are informed of forthcoming events. These will be automated but they do not involve automated decision-making or profiling.
Any queries concerning this notice should be addressed to the Club Secretary on firstname.lastname@example.org
Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.