The Rotary Club of St Albans Verulamium (the “Club”) as a ‘Data Controller’, is very sensitive to the need to make sure that the ‘Personal Data’ it holds about members of the Club and others, or which comes into its possession, is kept securely and is ‘processed’ only for the purposes for which it has been provided. It takes steps to ensure that all Personal Data does not fall into the hands of unauthorised, people or organisations. The purpose of this Notice is to let you know why, and how, the Club uses the Personal Data obtained from the Club members and others, and what steps are taken by the Club to ensure that it is adequately safeguarded. The Club uses this notice to specify items of Personal Information it intends to use and for what purpose.
By ‘Personal Data’ is meant “information that relates to a ‘living person’ whose identity can be revealed by that information by itself or when combined with other information” which the Club has access to. This may be individuals’ names, addresses, telephone numbers and e-mail addresses at one end of the data spectrum, to photographs, films or videos in which individuals may be identified at the other.
All ‘Personal Data’ will be treated by the Club as strictly confidential and will only be shared with other members of the Club where this is necessary for the effective running of the Club, or where needed to provide a service to its members or in relation to activities and events run by or involving the Club However where the Club intends to use ‘Personal data’ - such as, for example, photographs, films or videos - more widely for the purpose of publicising the activities of the Club it will only do so with clear and freely given consent of the individuals involved.
The Club is also concerned, that, when using Personal Data, it will ensure that it is used “lawfully”, (or legally) in compliance with the present law – the General Data Protection Regulation (“GDPR”) - or any future law regarding Data Protection.
The Club would generally only use Personal Data in its possession, or which it acquires, for one or more of the following purposes: -
The Club will provide you with detailed information about the particular purpose(s) that it plans to use specific Personal Data for, and may ask for your consent to use it for that purpose(s) or in the case of children under the age of 16, their parent(s) or guardians.
There are two legal grounds which the Club has resolved to use to justify its legal use of Personal Data:-
When you give your consent for the use of your Personal Data it is conditional and there are a number of rights in law which you may exercise and which may affect the use of the Data. These are as follows:
Except where mentioned above, the Club, in holding your Personal Data undertakes not to share it with any third party - unless required so to do by Law. In any circumstances where it does share your data with a third party, other than at your request, this will only be done after notifying you of this intent and, where necessary, obtaining your consent.
Where the Personal Data that the Club is seeking your consent to use is in the form of photographs taken during a Club, or other Rotary event, which include a child or children no personal details of any child will be included in any use to which the photographs will be put.
If the Club wishes to use Personal Data other than for the purpose(s) for which your consent has been obtained, then the Club will provide a new notice explaining this new purpose before commencing any processing, and, whenever necessary, the Club will seek your prior consent to the new purpose.
The Club is responsible for ensuring that your Personal Data is protected from loss, misuse, unauthorised access and disclosure. It will take appropriate measures to ensure that all Personal Data, whether on paper or in digital form, are kept secure and are protected against unauthorised or unlawful use and to guard against its accidental loss, damage or destruction.
The Club will ensure that all Personal Data is accurate, kept up to data, will take every reasonable step to ensure that inaccurate data is corrected or erased and that such Data is not kept for any longer than is necessary for the purpose for which it was collected or is required by law. When your Personal Data is destroyed this will be done in a secure way.
Should there be a breach in the security of your Personal Data which would put you at a significant risk then, the after it is discovered, the Club will inform you immediately and will inform the Information Commissioners Office within 72 hours .
To exercise all relevant rights, queries or complaints please contact the Club Club Secretary, ..................at ..........................................in the first instance.
You can also contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.