Rotary MK – Privacy Notice

RotaryMK / Rotary MK – Privacy Notice

Introduction and Purpose of this Privacy Notice

This privacy notice describes how RotaryMK collects, processes and protects your personal data e.g. through your club registration and use of the club website under the Data Protection Act 2018 and the General Data Protection Regulations (GDPR UK). It is important that you read this privacy notice and any other privacy or fair processing notice we may provide from time to time so that you are fully aware of how and why we collect and use your data.

RotaryMK is part of Rotary International – District 1260. Your personal details are recorded separately on the main Rotary International website – www.rotary.org in addition to the local RotaryMK club website – www.rotarymk.org following registration. Each website is separate with no data being automatically shared and both are username and password protected.

Rotary International has its own Privacy Notice which can be found by clicking the link: https://my.rotary.org/en/privacy-policy

We endeavour to keep the personal data we hold about you accurate and up to date.  However it’s your responsibility to inform the club secretary if your situation or details change: info@rotarymk.org

Why we Collect Your Personal Information

RotaryMK collects certain personal details directly from you in order to run the club effectively, communicate with members, manage services, events and subscriptions.

How your data is collected through cookies

Please see our separate cookie policy.

What information we hold about you

We collect personal information about you when you register as a RotaryMK club member.

The information you provide is treated in accordance with current UK data protection legislation.  Some personal data is visible to other club members e.g. name and contact details, some data is not visible to other club members e.g. bank and log-in details. The information collected includes:

Contact Data e.g. address, email address, phone number(s)

Identity Data e.g. name, username, date of birth, gender

Consent and Communications

We care about the privacy of our club members. As outlined below, we collect, use and share personally identifiable information and non-personally identifiable information.

By becoming a club member and using the website or using the club services generally, you agree to the collection of such information and to have your personal data collected, used and processed in accordance with this Privacy Policy. This includes being contacted for the purpose that the information was collected for.

You can withdraw or amend your consent for us to contact you and display your personal details at any time by contacting the club secretary: info@rotarymk.org.  However, please note that some consent is required to fulfil the purpose of running the club.

How and when we use your personal data – Legal Basis

We will only use your personal data where we have a legal basis to do so i.e.

Where we fulfil a contract we have entered into with you e.g. to run the club effectively and manage and process subscriptions           

Where it is in our legitimate interest and your rights do not override these interests.

Where we need to comply with legal obligations e.g. to fulfil HMRC requirements

Where we have obtained your consent

Data Sharing

Sharing information

Your personal data is not shared with any third party outside of RotaryMK as a matter of course. In the event that your personal details are requested by a third party partner e.g. to plan an event, then your consent will be sought prior to disclosure.

We may also disclose aggregate, anonymous statistics about visitors to the website (users and transactions) in order to describe our services to prospective partners (sponsors etc) and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.

Sharing information when legally obliged to do so

We are under a duty to disclose or share your personal data in order to comply with legal obligations, e.g. for the purposes of fraud protection or criminal investigation.

Third Party Links

The website may, from time to time, contain links to and from the websites of authorised partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check the policies of these websites before you submit any personal data.

Your personal data is stored securely on servers based in the EU and GDPR UK laws are adhered to.

Your Rights under GDPR (UK)

You have a number of rights as outlined below.  When exercising these rights we will need to validate your identity to ensure the request is from you.  This is a security measure to ensure personal data is not disclosed to an unauthorised third party.  You may exercise your rights by contacting the club secretary.

Right to be Informed

Your ‘Right to be Informed’ encompasses the right to be provided with ‘fair processing information’ to ensure transparency over how your personal data is used.  This is included in this Privacy Notice and the club rules. The information provided should be:

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language, and
  • free of charge.

Right to Restrict Processing

You have the right to ask us not to process your personal data for e.g. marketing purposes. You can exercise your right to prevent such processing by contacting the club secretary.

Right of Access

You have the right to access the information we hold about you. An access request is free of charge unless considered repetitive or excessive when a small admin charge may be made.  A request for access can be made via the club secretary.

Right of Rectification

You are entitled to have your personal data corrected if it is inaccurate or completed if incomplete.  If the personal data in question has been disclosed to third parties, we will inform them of the rectification where possible and confirm with you which third parties the data has been disclosed to.

Right to Erasure

You have the right to request the deletion of personal data where there is no compelling reason for its continued processing.  There are some circumstances where this right may not be met and a request refused e.g. to comply with a legal obligation.

Right to Data Portability

The right to data portability allows you to obtain and reuse your personal data.  It allows you to move, copy or transfer personal data easily in a safe and secure way, without hindrance to usability.

The right to data portability applies to personal data:

  • provided by you;
  • where you have provided consent for processing or the processing is for the performance of a contract; and
  • when processing is carried out by automated means.

Right to Object

You have the right to object to processing based on the performance of a task in the public interest or processing based on a legitimate interest e.g. direct marketing.  An objection must be based on your particular circumstances and processing must cease unless there are compelling reasons otherwise e.g. defence of legal a claim.

Rights Relating to Automated Decision Making and Profiling

Data protection legislation provides safeguards for individuals against the risk that a potentially damaging decision is taken solely based on automated processing i.e. without human intervention. RotaryMK employs no fully automated processes that result in particular individuals being impacted.

Data Security

We have in place appropriate security measures to prevent your data being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. 

Access to your name and contact details is strictly limited to RotaryMK club members and protected by username / password.  Access to other personal data e.g. bank account is reserved for club officers with administrator access.

Usernames and passwords should never be shared with other individuals and remain your responsibility to keep secure. 

Misuse or unauthorised sharing of personal data is strictly prohibited and may result in dismissal from the club and / or prosecution.

All data collected and processed by RotaryMK is stored on servers in the EU.

Data Retention

We will only retain your data for as long as necessary to fulfil the purposes it was collected for and satisfy any legal, accounting or reporting requirements.  For example personal details are generally deleted on leaving the club however HMRC generally requires certain financial records to be retained for 7 years.

Contact us

If you have questions about this privacy notice including requests to exercise your legal rights, please contact the club secretary using the contact details below.

Contact via the website or by email is encrypted and none of the data you supply will be stored by the website or passed to or processed by a 3rd party processor.

To contact us, please visit our website: www.rotarymk.org or e-mail info@rotarymk.org :

Or telephone: (0)1908 XXXXX 

Complaints

Should you have cause to make a complaint or express dissatisfaction regarding a GDPR issue within RotaryMK, please email or telephone the club secretary via the above means. Should you feel that your concern has not been resolved satisfactorily you also have the right to direct your complaint to the supervisory authority – contact details below.

Supervisory Authority and Data Breaches

The relevant supervisory authority for data protection legislation in the UK is the Information Commissioners Office (ICO).  Their contact details are:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF

Tel: 0303 123 1113 (local rate)

Website: https://ico.org.uk  

RotaryMK has designed the protection and security of data protection into its systems, processes and club officer knowledge.  In the event that a breach of data protection is identified, the circumstances are logged and appropriate actions taken including informing the individuals concerned and the supervisory authority.  Each case is considered separately and depends on the risk to the rights and freedoms of the individual(s) impacted.