- About Rotary
- Get Involved
- Our Causes
- News & Media
Rotary International in Great Britain and Ireland (“we”) promise to respect the confidentiality of any personal data you share with us, or that we have access to through Rotary International, to keep it safe, and we will always take every effort to protect your privacy. [For the purpose of this privacy notice, Rotary International in Great Britain & Ireland (Rotary GB&I) also includes Rotary Foundation United Kingdom (RFUK) and the Rotary GB&I Donations Trust].
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise we will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members and donors is crucial, and your personal data allows us to manage your membership and provide the services you are entitled to.
It is expected that club and district officers may also process member personal data on behalf of Rotary International in Great Britain and Ireland and the Rotary organisation and they too will also be bound by this privacy notice.
When you give it to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, begin volunteering, make a donation, purchase our products or communicate with us either by phone, in writing, including email or in person. We are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, for example sites like Virgin Money Giving or BT MyDonate or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such websites (club, district, action groups etc), Companies House and information that has been published in articles/newspapers.
We will only ever capture the minimum amount of information that we need to in relation to your membership, donation or services we provide to you. The personal data we will usually collect is:
Where it is appropriate, we may also ask for additional information which will be explained to you at the time.
We will use your personal data for the legitimate interest of conducting core business activities, these will include:
We do not collect any personal information on members classified as ‘sensitive’ under GDPR.
We will collect all personal information required to comply with employment legislation, including where necessary sensitive information. This may include medical information and where additionally appropriate we will perform a criminal record search. To prevent discrimination and to ensure diversity, we shall request information from the employee on religion, sexuality and ethnicity.
We do not collect information from under 18’s. Interact and Rotakids clubs are managed through the identified Rotarian member contact.
The Rotary GB&I District Youth Exchange Association operates as a separate entity to Rotary GB&I and RI and is responsible for the organisation of Rotary youth exchange programmes. You can view their privacy notice by visiting their website here.
In order to prevent and detect crime, and to ensure the safety of our members and staff, we operate CCTV systems at the Rotary Support Centre, Kinwarton Road, Alcester, Warwickshire, B49 6PB. These cameras record footage in real-time and are operated and controlled by our own staff. We would only share this information when requested to do so as required by law, police investigation, or if pertinent to judicial or governmental investigation.
We use a voice-telephony system at the Rotary Support Centre office. From time to time we may record calls for the purposes of:
If recording is in operation, callers will be informed that their calls are being recorded for these purposes by a pre-recorded opening greeting message when they call the Support Centre.
Data recorded by the telephone voice recording system will only be used for the purposes set out above. The data shall be held securely and accessed by authorised users only. Within the scope of usage described above, we may export data from the voice recorder. Exported data shall be stored in secure locations but be deleted within 12 months of capture.
1) Our service/host providers
In the course of our legitimate business activities, there may be a need for us to share, or give access to, your personal data to third parties that provide us with services or host our applications/software that you may access, for instance:
• AWS – supporting Rotary View
• Babble – our IT development, management and support
• Banking organisations – those that provide our banking/payment services
• Beacon – to support Rotary Foundation UK
• Contently Limited and associated publishing and distribution providers – our magazine consultant and publishers and distributors
• EventsAir – our event management software provider
• Heart Internet – our Rotary GB&I Template database, Data Management System (DMS) and rotarygbi.org secure hosting service provider
• HMRC – for Gift Aid, tax and employment details
• HROC – our website development and support provider
• KEP – our print on demand and online shop provider
• MailChimp – our communication mailing software service provider
• Rotary International
• Snap Surveys Limited – our survey software support and host provider
• Stripe – our credit/credit card payment facility
• Xero – our accounts system
We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers.
2) Sharing within the Rotary organisation
The Rotary organisation is made up of Rotary International, The Rotary Foundation (TRF), Rotary International in Great Britain and Ireland, the Rotary Foundation United Kingdom (RFUK) and the Rotary GB&I Donations Trust.
When you give information to us it will be shared within the wider organisation to facilitate your membership or donations and to provide the service afforded to you as part of that membership/donation. We will ensure that data processing agreements, compliant to GDPR, are in place before sharing your data within the wider organisation.
Rotary clubs and districts within Rotary International in Great Britain and Ireland are data processors for some of your personal information associated with your membership and will process your data in accordance with the Rotary GB&I privacy notice. Clubs and districts also collect personal data for their individual club and district activities and are therefore also independent data controllers. This means they are also legally responsible for protecting your data under GDPR legislation whilst in their safekeeping and will have their own privacy notices in this respect.
3) Sharing with third parties
We will never commercially sell your personal data to anyone else.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored, our online forms are encrypted and our network is protected and monitored. Confidential paper waste is shredded at our premises by on-site secure document disposal contractors.
We review who has access to information that we hold to ensure that your personal information is only accessible by appropriate staff, Rotary members and our service/host providers. We do comprehensive checks on the companies we use before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
Your personal information will be hosted securely within the UK or the EU by Rotary International in Great Britain & Ireland.
However, Rotary International run its operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you understand your personal data will be transferred, stored and processed at a location outside the EEA. You can view Rotary International’s privacy notice by visiting their website here:
Individual members are responsible for keeping their own personal data up to date and have access to the Rotary GB&I Data Management System (DMS) or My Rotary on the RI website for this purpose. In addition, where necessary, we will keep your information accurate and up to date.
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website here.
Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because they are repetitive, Rotary GB&I can:
In certain situations, these rights may not apply, for example if you are a valid member we will need to communicate with you about your membership and those services afforded to you as part of that membership; you hold a club or district office and we need to communicate with you in relation to that office, in which case you will not be able to unsubscribe from these communications whilst holding that office.
We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to. You can opt out of our general member mailings at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
We may change this privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website www.rotarygbi.org or by notifying you directly.
If you are unhappy with how we have processed your personal information, please firstly contact the General Secretary, details above. If you are still unhappy you may contact the following:
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745