Rotary Club of Bloxwich Phoenix Privacy Notice (including use of Cookies)
The Rotary Club of Bloxwich Phoenix (“we”) promise to respect the confidentiality of any personal data you share with us, or that we have access to through Rotary International (RI), Rotary International in Great Britain & Ireland (RIBI), Rotary Foundation United Kingdom (RFUK) or Rotary District 1210, to keep it safe, and we will always take every effort to protect your privacy.
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise we will never do anything with your details that you wouldn’t reasonably expect.
We collect information in the following ways:
When you give it to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, begin volunteering, make a donation, or communicate with us either by phone, in writing, including email or in person. We are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, for example sites like Virgin Money Giving, Just Giving, BT MyDonate or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such as websites (club, district, action groups etc), Companies House and information that has been published in articles/newspapers.
Cookies
Like most websites, we use “cookies” to allow some functionality and improve performance.
When browsing the site session based cookies are used to route traffic to optimise server performance. These cookies do not identify users or record any personal information.
A session based cookie is also used if you access any of the ‘contact-us’ pages of the website. This allows the data to be preserved across page requests, which means that the information you submit can be sent to us as an e-mail.
Session based cookies are erased when you close your web browser. We do not record or analyse any web traffic for analytics. All cookies used on our website only pass data to servers in the United Kingdom.
What personal information we collect and how we use it
We will only ever capture the minimum amount of information that we need to in relation to your membership, donation or services we provide to you and we promise to keep your information secure. The personal data we will usually collect is:
- Your name
- Your contact details
- Details of the enquiry or service
Where it is appropriate, we may also ask for additional information, and will provide details of why we require that additional information. For example, members are requested to provide gender and date of birth details for statistical purposes.
How we will use your data
We will use your personal data for the legitimate interest of conducting core activities, these will include:
- Managing your membership
- Provide you with the services or information you asked for
- Providing services, guidance or information to you
- Providing regular newsletter and updates by e-mail
- Communicating organisational messages and information to members
- Preparation of Rotary handbooks
- To present our website and its contents to you and to allow you to participate in interactive features on our website
- Keep a record of your relationship with us
- In any other way we may describe when you provide the information
- For any other purposes with your explicit consent
Sensitive information
We do not collect any personal information on members classified as ‘sensitive’ under GDPR. (See the Information Commissioner’s Office website for more information).
Interact, Rotakids and under 18’s data
We do not collect information from under 18’s.
For some of our competitions and events we may collect information about under 18’s from their legal guardian or parent.
Where this is the case, it will be clearly identified, and the information will be held alongside the legal guardian or parent’s identity.
For our Santa letters we record the child’s name as provided and additional information supplied for the purpose of personalising the letter produced. We do not use this information for any additional purpose, nor do we share it. Santa letter information is stored alongside the requesting (adult) e-mail address, and will be kept for reference for up to three years.
Recording Telephone Calls
We use a phone to email service to answer calls to our 0870 458 1696 number. The recorded calls may be passed to the relevant club officer for a reply if one is required. The recorded calls are only kept for the duration of the enquiry and response.
Data recorded by the telephone voice recording system will only be used for the purposes set out above. The data shall be held securely and accessed by authorised users only.
Data Sharing
1) Our service/host providers
In the course of our legitimate business activities, there may be a need for us to share, or give access to, your personal data to third parties that provide us with services or host our applications/software that you may access, for instance:
Namesco – our website hosting provider
HMRC – for Gift Aid on donations
We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers.
2) Sharing within the Rotary organisation
The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK), the RIBI Donations Trust and our Rotary District 1210.
When you give information to us it will be shared within the wider organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation. We will ensure that data processing agreements, compliant to GDPR, are in place before sharing your data within the wider organisation.
For members, the following information is shared:
Rotary International and Rotary in Great Britain & Ireland
Member data is collected by us and entered onto the RI Global Database. This information is then shared with RIBI and their Data Management System (DMS).
Members can login to both systems and set visibility for the data they have provided.
District 1210 and clubs within District 1210 may access names and contact details which are shared via the DMS for the purposes of Rotary business only.
3) Sharing with third parties
We will never commercially sell your personal data to anyone else.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored whilst in use, and shredded once the information has been recorded in our computer systems.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate Rotary members and our service/host providers.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
Where we store your information
Your personal information will be hosted securely by us within the UK or the EU.
However, Rotary International run its operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you understand your personal data may be transferred, stored and processed at a location outside the EEA. This will only occur if you become a member of the club. You can view Rotary International’s privacy notice by visiting their website here
Information on the RI database is synchronised to the DMS hosted by RIBI. Their privacy notice can be viewed on their website here
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, process your membership, donation, event registration or other services associated to your Rotary membership. There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, financial records must be kept for 7 years, information associated with Health & Safety for three years after an event. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Individual members are responsible for keeping their own personal data up to date and have access to the RIBI Data Management System (DMS) and My Rotary on the RI website for this purpose. In addition, where necessary, we will keep your information accurate and up-to-date.
Your rights
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website
You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. Members and donors have access to their personal data via self-service systems such as the RIBI Data Management System (DMS) or My Rotary via the RI website. You can also request a copy of the information which we hold on you. This information will be provided free of charge, unless the request is found to be manifestly unfounded or excessive then a reasonable fee will be charged. The application should be made in writing, by letter or email, and addressed to the Club Secretary, contact details shown below, enclosing two proofs of identification. Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because they are repetitive, we can:
- charge a reasonable fee taking into account the administrative costs of providing the information; or
- refuse to respond.
You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply, for example if you are a valid member we will need to communicate with you about your membership and those services afforded to you as part of that membership.
We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to. You can opt out of our general mailings at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to this privacy notice
We may change this privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website www.bloxwichphoenix.net or by notifying you directly.
Our contact details
GDPR Compliance Officer
Rotary Club of Bloxwich Phoenix
28a Lister Street
Willenhall
West Midlands
WV13 2HQ
Tel: 0845 458 1696
Email: compliance@bloxwichphoenix.net
Complaints
If you are unhappy with how we have processed your personal information, please firstly contact the GDPR Compliance Officer, details above. If you are still unhappy you may contact the following:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or ++44 1625 545 745