Privacy Notice

Rotary Club of Ayr (“we”/”us”/”club”) promise to respect the confidentiality of any personal data you share with us, or that we have access to through the Data Management System (DMS), the RGBI Template System, Rotary International in Great Britain & Ireland (RGBI) (including The Rotary  Foundation of the United Kingdom [RFUK]), or Rotary International (RI) (including The Rotary Foundation [TRF]), to keep it safe, and we will always take every effort to protect your privacy. [For the purpose of this privacy notice, Rotary Club of Ayr also includes the Rotary Club of Ayr Benevolent Fund – A Registered Charity No SC013822]

We pride ourselves on our honesty and openness and will always be clear how, when, and why we collect and process your information; we promise we will never do anything with your details that you would not reasonably expect.

Developing a better understanding of our members and donors is crucial, and your personal data allows us to manage your membership and provide the services to which you are entitled.

It is expected that club members and district officers may also process member personal data on behalf of the club and the Rotary organisation and they too will also be bound by this privacy notice. RGBI (website: www.rotarygbi.org) and RI (website: www.rotary.org) may also process member personal data in accordance with their privacy notices published on their respective websites.

We collect information in the following ways:

When you give it to us directly

There are many ways you may give us your information. For example, when you join as a member, participate in an event organised by the Rotary Club of Ayr (including by teleconferencing tools such as ZOOM), begin volunteering, donate, purchase our products, or communicate with us either by phone, email or in person. We are responsible for your data at all times.

When you give it to us indirectly

Your information may be shared with us by independent organisations, for example sites like Virgin Money Giving, BT MyDonate, JustGiving, GoFundMe, Eventbrite, or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.

Via Social Media

Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn, or Twitter, etc., you might give us permission to access information from those accounts or services.

Via information available publicly

 This may include information found in places such as websites (club, district, action groups etc.), Companies House and information that has been published in articles/newspapers.

 

What personal information we collect and how we use it

We will only ever capture the minimum amount of information that we need to in relation to your membership, donation, or services we provide to you and we promise to keep your information secure. The personal data we may collect includes:

  • Your name
  • Your contact details (address, email, and telephone number as appropriate) Your date of birth
  • Gender
  • Photographs and online identifiers
  • Details of the enquiry, service, or product

Where it is appropriate, we may also ask for additional information, and this will be made clear to you at the time the personal information is requested.

How we will use your data

 We will use your personal data for the legitimate interest of conducting core club or district activities, these will include:

  • Administer your membership, or donation, including processing Gift Aid where applicable
  • Provide you with the services, products, or information you would reasonably expect to receive as part of your membership or
  • Providing services, products, guidance, or information to members for their general activities, including Disclosure and Barring Service checks
  • Communicating organisational messages and information to members, district, and club officers, and with their consent, non-members, and friends of the club. facilitate club and district meetings, club and district training events, district conference, and other special event planning. Video or audio recording of a meeting is permitted but only with advance notice and opportunity to opt out of video/audio participation. There is implied consent by downloading and installing e.g., the ZOOM software. The host will attempt to notify participants in advance (e.g., via the invitation) that the call will be recorded, and that participation constitutes consent to record.
  • Supporting club and district newsletters, district magazine and ‘The Rotarian’ and ‘Rotary’ magazines
  • Supporting the Rotary Foundation (TRF) and the Rotary Foundation United Kingdom (RFUK)
  • Providing information and updates to club members on RI and RGBI programmes and service projects
  • Preparation of Handbooks (member lists) for club, district, RGBI and RI as appropriate
  • Appointments to club and district offices, committees, task forces and other assignments within the Rotary organization
  • To present our websites and its contents to you and to allow you to participate in interactive features on our websites and Facebook pages
  • Keep a record of your relationship with the club and within the Rotary Organisation
  • Understand how we can improve our services, products, or information
  • Club publicity by printed and digital means
  • In any other way we may describe when you provide the information
  • For any other purposes with your consent

We will always seek to pursue these legitimate interests in a way that does not unduly infringe

on your legal rights and freedoms and your right to privacy.

Sensitive information

We do not collect any personal information classified as ‘sensitive’ under GDPR. For example, information about an individual’s: race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation.

Interact, Rotakids and under 18’s data

We do not collect information from under 18’s without the consent of their parent/guardian. The Ayr Club does not have Interact and Rotakids clubs.

Youth competitions and Rotary Youth Leadership Award (RYLA)

Personal information is required by way of entry to the competition or event for its successful running. Winners data will need to be shared with other parts of Rotary when they proceed to the next stage of a competition. Each Youth competition will have its own Privacy Notice. Where appropriate (e.g., RYLA) medical information will be sought for use in an emergency where medical care may be required. RYLA will have its own Privacy Notice. The RGBI District Youth Exchange Association operates as a separate entity to RGBI and RI and is responsible for the organisation of Rotary youth exchange programmes. Their privacy notice is available by visiting their website here.

Data Sharing

1)  Our service/host providers

In the course of our legitimate club activities, there may be a need for us to share, or give access to, your personal data to third parties that provide us with services or host our applications/software that you may access, for instance:

  • Rotary district 1020
  • Rotary International, including TRF
  • Rotary International in Great Britain & Ireland, including RFUK RGBI Template Designer and

RGBI Template Administrators

  • Heart Internet – our RGBI Template database, Data Management System (DMS)

and rotarygbi.org secure hosting service provider

We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers outside of the Rotary organisation.

2)  Sharing within the Rotary organisation

 The Rotary Club of Ayr – Club ID 1340 is part of the Rotary organisation which is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK), the RGBI Donations Trust. This includes The Rotary Club of Ayr Benevolent Fund – A Registered Charity No. SC013822

When you give information to us it may be shared within the wider organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation.

On occasion, the club may collect personal data for our individual activities (such as an event requiring personal information for registration) and are therefore independent data controllers. The club may also act as a data processor for some of your personal information associated with your membership via the RGBI Template, DMS and My Rotary. This means that we are also responsible for protecting your data under GDPR legislation whilst it is in our safekeeping and we will process your data in accordance with the privacy notices of the club, district, RGBI and RI as appropriate.

3)  Sharing with third parties

 We will never commercially sell your personal data to anyone else.

We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection.

However, we may need to disclose your details if required to by the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.

How we keep your information safe and who has access to it

 We ensure that there are appropriate physical and technical controls in place to protect your personal details and we work within good practice, for example, confidential paper records are securely stored, or securely disposed of as appropriate. The club and its members ensure that PCs/devices holding   personal information on behalf of the club are protected with appropriate anti-virus and malware protection and this is routinely monitored by the club.

Any recordings of online meetings by the host will be stored for possible future reference in a secure facility, not distributed to any parties and will be destroyed when no longer required.

We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate members, Rotary officers, Rotary staff and members and our service/host providers. We do comprehensive checks on the companies we use before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.

We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.

Where we store your information:

The club may hold your information in various ways depending on your relationship with us, for instance:

  • Members’ personal information is stored via the DMS, RGBI Template System and My Rotary and in some instances may held by individual club officers or members for the purpose of specific club activities.
  • As an Associate or as a ‘Friend of Rotary’, with your consent, your personal information may be stored on the DMS and RGBI Template System and in some instances may be held by individual club officers or members for the purpose of specific club activities.
  • As a non-member of Rotary, with your consent, your personal information will be held by individual club officers or members for the purpose of specific club activities.

Apart from Associates and ‘Friends of Rotary’ personal information held on the DMS/RGBI Template System is synchronised with RI’s My Rotary when updated through the DMS. Likewise, your personal information held on My Rotary can be synchronised to the DMS/RGBI Template System through the DMS.

Your personal information held on the DMS and RGBI Template System will be held securely within the UK or the EU by Rotary Great Britain & Ireland and their secure hosting service provider. You can view Rotary Great Britain & Ireland’s privacy notice by visiting their website.

However, Rotary International run its operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, RGBI take steps to make sure RI provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you understand your personal data will be transferred, stored, and processed at a location outside the EEA. You can view Rotary International’s privacy notice by visiting their website.

How long we retain your information and how we keep it up to date 

We will only keep your information for as long as we need it to assist you with your enquiry, process your membership, with either membership of this club, volunteering, any enquiry you make to us, donations, event registrations or other services as part of your membership, club activity or as requested by you. There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, financial records must be kept for 7 years, information associated with Health & Safety can be retained for up to three years after an event etc. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner, or guidance issued at the time the personal information is collected.

Individual members are responsible for keeping their own personal information up to date and have access to the self-service systems within RGBI Data Management System (DMS) or My Rotary for the purpose of updating their profile.

Relevant officers of this club (such as the Club Secretary) can also assist you in keeping your information up to date. In addition, where necessary, the Club will also keep your information accurate and up to date and will regularly review this with you.

Non-members of Rotary (including Associates and ‘friends of this club’) should also keep their personal information held by the club up to date and this can be done via the Club Secretary.

Your rights

 The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website:

  • You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
  • You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. Members and donors have access to their personal data via self-service systems such as the RGBI Data Management System (DMS) or My Rotary via the RI website. You can also request a copy of the information which we hold on you. This information will be provided free of charge unless the request is found to be manifestly unfounded or excessive then a reasonable fee will be charged. The application should be made in writing, by letter or email, and addressed to the club, contact details shown below, enclosing two proofs of identification. Applicants should be aware that where requests are manifestly unfounded or excessive, because they are repetitive, the club can:
  • charge a reasonable fee considering the administrative costs of providing the information; or refuse to
  • You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
  • You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
  • You have a right in certain circumstances to data portability.

In certain situations, these rights may not apply, for example if you are a valid member, we will need to communicate with you about your membership and those services afforded to you as part of that membership; you hold a club or district office and we need to communicate with you in relation to that office, in which case you will not be able to unsubscribe from certain communications.

We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to. You can opt out of general member mailings at any time.

Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.

Changes to this privacy notice

We may change this privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by notifying you directly.

(This privacy notice was last updated on 6 December 2020)

Our contact details

Rotary Club of Ayr

Email: Colin.vooght@outlook.com

Complaints

If you are unhappy with how we have processed your personal information, please firstly contact the Club Secretary, details above. If you are still unhappy you may contact the following:

Scottish Information Commissioner

Kinburn Castle
Doubledykes Road
St Andrews
Fife
KY16 9DS

Telephone: 01334 464610
Email: enquiries@itspublicknowledge.info

Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use.

Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

In addition, the type of device you are using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you are using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings.

Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.

We use Google Analytics to analyse the use of our websites by generating statistical and other information.

Details captured during your visit to our websites will include, but are not limited to, traffic data, location data, weblogs and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.

Google, not the Association, stores this activity information. You can view Google’s privacy notice here. To opt out of being tracked by Google Analytics across all websites visit their website here.

Every effort has been made to ensure that the original template pages for this site are W3C (World Wide Web Consortium) compatible. However, as the content of pages is supplied by the club, such content may not be compatible.