Rotary Club of Cuckfield & Lindfield Privacy Notice


1. Introduction

 This policy is designed to meet the requirements of EU Regulation 2016/679 General Data Protection Regulation (GDPR) following guidelines issued by RIBI. The Club holds basic personal data in digital form for the purposes of communication in order for it to carry out its purpose of service to the community. A confidential printed Membership List is produced for reference by members. Various officers and members of the Club may hold contact lists of members to facilitate communication in the pursuit of their roles within the Club.

 2. Personal Data Held

 2.1. All members of the Rotary Club of Cuckfield & Lindfield understand and accept that the personal data they provide to the Club is, during the full term of their membership, fully available to all other members of the Club.

 2.2. When a person applies to become a member, their application form and brief description of themselves is filed by the Secretary. The information on the form is: name, address, telephone numbers, email address, date of birth, classification and partner’s name if applicable. This information, excluding date of birth, is distributed in confidence to all Club members to give them the opportunity to consider, or comment on the application.

 2.3. The Membership List is normally issued at the start of each Rotary year, i.e. 1st July. As well as containing the information listed in 2.2, again excluding date of birth, it lists the officers and the make-up of the committees. It may also contain some historical information for interest, such as a list of award recipients. There is a statement on it that the Membership List is confidential and should not be divulged outside the membership.

 2.4. The Secretary has a digital contact list of the entire membership for purposes of general communication.

 2.5. The Treasurer holds a financial account for each member which is subject to the terms of this policy.

 3. Security

 3.1. Holders of the Personal Data are responsible for keeping it secure.

 3.2. All members are responsible for ensuring that any Personal Data they have of Club members is kept secure and that it is not passed to any outside body which could compromise security.

 4. Communication

 4.1. There is considerable communication within the Club, between members. All members must give their written/email consent to receiving communications in writing, by email, by telephone or personal contact.

 4.2. Communication within the Rotary organisation, i.e. RI, RIBI, District and other Rotary Clubs will be subject to their own policies which meet GDPR.

 4.3. In order to carry out its work of Service to the Community, the Club needs to communicate with many other people and organisations. The list is inexhaustible and may include: Charities, Schools, Local Councils, local businesses, speakers, potential new members, etc. It is the responsibility of the member doing the communication to ensure that any personal data communicated will not be used in a harmful way.

 4.4. Emailing is a potentially high risk method of inadvertently passing on members’ personal data.

4.4.1 Any email sent by a member to all Club members (or copied to other members) needs to have all other members’ email addresses removed if in turn it is to be forwarded to a non-member or other body outside the Club.

 4.4.2 A member replying to such an email should generally do so only to the Sender of the email. The facility in an email program to Reply to All should only be used where it is considered entirely appropriate or necessary to show the inclusion other members in the communication.

 4.4.3 Unless there is a good reason for doing otherwise, the addresses of email recipients should be placed in the Blind Copy section (BCC) and not the Copy section (CC). It is then good practice to indicate in the body of the email the other recipients of the message.

 4.4.3. Some email programs join successive emails into string which can become quite long, often with entire distributions included with each message. Excessively long strings can be avoided by starting a new message, or by quoting a snippet to remind the addressee of the relevant content.

 5. Transfer and Deletion of Personal Data

 5.1. Officers and other post holders change from year to year. The outgoing person should, as part of their handover to the new incumbent, pass on the files necessary to ensure continuity. Any files which are no longer needed should be safely destroyed.

 5.2. Certain data, such as documents or digital files of Club historical interest, may be retained in secure archives.

 5.3. There may be cases where personal records may be need to be retained for statutory requirements, such as the Charity Account. These should be held securely and deleted safely when the statutory period has expired.

 6. Responsibility and Review

 6.1. The Compliance Officer is responsible for ensuring that this policy has been received by all members of the Club.

 6.2. This policy will be reviewed from time-to-time for accuracy and relevance and will be revised in the light of any new relevant legislation or guidance.

 7. Matters Arising

 The entire GDPR is complex and comprehensive so as to apply to all kinds of organisations large and small. This is a brief and simple policy designed to cover the specific requirements of the Rotary Club of Cuckfield and Lindfield. If there are any queries, please refer to the Club’s Compliance Officer.

 Revision 0 issued by the Compliance Officer, 18 May 2018


Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.