GDPR Data Protection Policy
About this Policy
This Policy outlines when, how and why we collect personal data about non-member visitors to our website: and how we use that data and keep it secure. We reserve the right to amend this Policy from time to time without prior notice. You can check our club website for amendments: www.rotarysandersteadandselsdon.com. We will only share your personal data with third parties in the circumstances set out below. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found on the website of the Information Commissioner (www.ico.gov.uk).
For the purposes of the GDPR, The club Secretary will be the “controller” of all personal data we hold about club members and others. The Secretary is responsible for making sure that the club complies with the GDPR. We will review all our holdings of personal data at least once a year to establish whether we remain entitled to process them.
You have rights under the GDPR:
To access your personal data;
To be provided with information about how your personal data are processed;
To have your personal data corrected;
To have your personal data erased in certain circumstances;
To restrict how your personal data are processed in certain circumstances.
For more details, please address any questions, comments and requests about our data processing practices to the secretary @rotarysandersteadandselsdon.com
Specific use and sharing of personal information
Your personal data will be used by us to make any notifications required by law, and for the purposes of club management, and if you have agreed to their being so used your personal data may be used by us also for communications to you about our events and activities and for connected purposes. Your personal data will not be passed to anyone outside the club unless we have your permission to provide them or a lawful reason for disclosing them without your prior consent.
Lawful reasons for processing your personal data
We have three lawful bases for processing your personal data, which are in short that:
(a) Processing is necessary for compliance with our legal obligations;
(b) Processing is necessary for the effective administration of the club;
(c) You have given your express consent to our processing your personal data.
We will make every effort to ensure that your personal data are shared only with organisations that are GDPR compliant in those instances where we have your agreement to sharing it with third parties or are otherwise permitted by law to share it.
How we will protect your personal data
We will process your personal data electronically and hold the information on a database on a secure computer and/or securely on a cloud server. Copies and a backup of the information will be held on other secure computers. Paper copies of data will be held at the Secretary’s home address in a locked cabinet. If it is necessary to transport or relocate data, it will be kept secure.
For any online payments which we take from members or others we will use a recognised online secure payment system.
In the event of a breach of the security of personal data we will notify affected persons promptly, and except as set out above we will not pass on your personal data to third parties without your prior consent.
Request to see your personal information
If you wish to know what personal data the club holds on you, please email us on secretary @rotarysandersteadandselsdon.com we will do our best to respond to you within 7 days of receiving your request.
Accuracy and retention of data
You may update at any time the personal data you have provided to us, and by updating you will be agreeing to the club holding such data and processing it in accordance with your previously-provided consents.
Your personal data will normally be kept for up to 6 years. They may be kept for a longer period for reasons of legal or other ongoing action or required management.