Rotary Club of Blandford Privacy Notice
ROTARY CLUB OF BLANDFORD
The Rotary Club of Blandford (we) promise to respect the confidentiality of any personal data you share with us and keep it safe, and we will always take every effort to protect your privacy.
We pride ourselves in our honesty and openness and will always be clear how, when, and why we collect and process your information: we promise we will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members, business partners, donors, supporters and customers is crucial and your personal data allows us to manage membership details and provide the services you have asked for and are entitled to.
It is expected that District and Rotary in Great Britain and Ireland (RIBI) officers may also process Club members’ personal data on behalf of Rotary International in Great Britain and Ireland and the Rotary organisation and they too will be bound by this privacy notice.
We collect information in the following ways:
When you give it to us DIRECTLY
There are many ways you give us this information. For example, when you join us as a member, do any volunteering, donate to us, become a Business partner or communicate with us by phone, in writing, including email or via the Club website or in person. We are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, by medical organisations, social services, other charitable bodies with which we have links with the Club. You should check their Privacy Notice when you provide information to them. When such details are received by our Club we will protect it as above and not pass it to any other party without your consent.
Information available publicly
This may include information found in places such as other websites (Club, district, action groups etc), Companies House and information that has been published in articles or newspapers.
What personal information we collect and how we use it
We will only ever gather and retain the minimum amount of information that we need in relation to your membership, donation, support or goods or services we provide to you, or support you provide for us, and we promise to keep your information secure. The personal data we normally collect is:
· Your contact details
· Your date of birth (club members only)
· Your enquiry details
· Your project details (for those seeking support)
· Your bank details (club members and successful grant applicants only)
If it is essential, we may seek other appropriate information.
How we use your data
We will use your personal data for the legitimate interest of conducting core business activities which will include:
· Administering Club members or donations received
· Providing you with the services products or information you asked for
· Communicating organisational messages and information to members, entrants and supporters of any Club events.
· Promoting future events to previous entrants
· Preparation of Rotary directories
· To present our website and its contents to you
· Keeping a record of your relationship with us
· Understanding how we can improve our services, products or information
· For any other purpose for which you give us your consent
We do not collect any personal information classifies as “sensitive” under the terms of GDPR
Under 16s Data
Should the Club mount an event involving under 16s, we will collect and retain only the minimum amount of data to allow us to manage the event
We do not share personal information with anyone else. We only share your personal information in other circumstances if we have your explicit and informed consent at the time of collection. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisers.
Sharing within the Rotary organisation (relates to Club members only)
The Rotary organisation is made up of Rotary International, The Rotary Foundation, Rotary International in Great Britain and Ireland, The Rotary Foundation United Kingdom and the RIBI Donations Trust.
When you give your information to us it will be shared within the wider Rotary organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation.
Rotary clubs and districts within RIBI are data processors for some of your personal information associated with your membership and will process your data in accordance with the RIBI privacy notice. Clubs and Districts also collect personal data for their individual club and district activities and are therefore also independent data controllers. This means that they are also legally responsible for protecting your data under GDPR legislation whilst in their safekeeping and will have their own privacy notices in this respect.
Sharing with third parties
We will never commercially sell your data to anyone else.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or legal advisors.
How we keep your information safe and who has access to it
We will ensure that there are appropriate physical and technical controls in place to protect your personal details.
We undertake regular reviews of those who have access to information that we hold to ensure that your personal information is only accessible by Rotary members and any service/host providers that we may employ to manage our data. We would do comprehensive checks on such organisations before we would work with them.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority and, where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
Where we store your information
Your personal information will be hosted securely by specified club members and by any associated service host providers within the UK or the EU. Club members’ personal details will also be hosted within the UK or the EU by RIBI.
However, Rotary International runs its operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection laws. By submitting your personal information to us, you understand your personal data might be transferred, stored and processed at a location outside the EEA. You can review Rotary International’s privacy notice by visiting their website: https://my.rotary.org/en/privacy-policy.
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, process your membership, donation, event registration or other services provided by the Club. There are statutory timescales on how long we should keep your information, for example gift aid transactions must be retained indefinitely, financial records must be kept for 7 years, information associated with Health and Safety for 3 years after an event. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Individual Club members are responsible for keeping their own personal data up to date and have access to the RIBI Data Management System (DMS) or My Rotary on the RIBI website for this purpose. In addition, where necessary, we will keep your information accurate and up to date.
The General data Protection Regulations give you certain rights and these are listed below for your convenience. Further clarification of your rights is available on the Information Commissioners website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual rights
You have a right to be informed when your personal data is being collected, what is collected and how it is to be used and shared.
You have the right of access to your personal data: the right of access allows you to be aware of, and verify the lawfulness, of the processing of your personal data. Members and donors have access to their personal data via the Club members who hold the data, including the website controller, or via RIBI DMS or My Rotary via the RI website. You can also request a copy of the information we hold on you. Thus information will be provided free of charge, unless the request is found to be manifestly unfounded or excessive then a reasonable fee might be charged. The application should be made in writing, by letter or email, and addressed to the RIBI General Secretary, contact details provided below, enclosing two proofs of identification.
Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because e they are repetitive, our Club can
· Charge a reasonable fee taking into account the administrative costs of providing the information, or
· Refuse to respond
You have the right in certain circumstances to have inaccurate personal data corrected, blocked, erased or destroyed.
You have the right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling: although we can confirm that we make no decisions on you using an automated process.
You have a right in certain circumstances to data portability
In certain circumstances, these rights may not apply, for example if you are a valid Club member and we need to communicate with you about your membership and those services afforded to you as part of your membership or if you have purchased a service or product from us and we need to contact you about that service or product, in which case you will not be able to unsubscribe from these communications.
We collect your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to. You can opt out of our general mailing at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, Wycliffe House, Water Lane,Wilmslow, Cheshire SK9 5AF (Helpline: 0303 123 1113 or 01625 545 745)
Changes to this privacy notice
We may change this privacy notice from time to time. If we make any significant changes
significant changes in the way we treat your personal information we will make this clear on our website or by notifying you directly.
This document was reviewed and updated on 21 May 2018
Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings. Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.