Maintaining protection of the information entrusted to our care by our constituents is of the utmost importance to Rotary.
This Policy describes the types of information we may collect from you or that you may provide when you visit our website www.rotary.org (our "Website") and our practices for collecting, using, protecting and disclosing that information.
Please note that supplementary rules apply in relation to individuals whose data we collect if they are located in the European Union or European Economic Area (in which case, please see the EU Privacy Notice below).
This Policy applies to information we collect:
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website and others, including information:
· We collect this information:
Information You Provide to Us
We collect information you provide when you interact with our Website or when dealing with Rotary or our network offline including:
· You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, "User Content"). Your User Content is posted on and transmitted to others at your own risk. Although we limit access to certain pages and you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Content.
Usage Details, IP Addresses, Cookies and Other Technologies
As you navigate through and interact with our Website, we may automatically collect certain information about your equipment, browsing actions and patterns, including:
· The information we collect in this way is anonymous. It is aggregated into statistical data to help us improve our Website and to deliver a better and more personalized service by enabling us to:
· The technologies we use for this automatic data collection may include:
· We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us, in which case we will process such personal information in accordance with the remainder of this Policy.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information
· To present our Website and its contents to you.
· To provide you with information, products or services that you request from us.
· To offer and fulfill our core business purposes which include:
· We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you. Rotary confirms that it will not sell or trade its membership data without the prior approval of the Rotary Board of Directors. If you do not want us to use your information in this way, you may opt-out of these contacts by notifying us. For more information, see Choices About How We Use and Disclose Your Information section below.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that cannot be used to identify any individual, without restriction.
We may disclose personal information that we collect or you provide as described in this Policy:
· We may also disclose your personal information:
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
· Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, for some third-party advertisers you can opt-out by logging into our Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes. Otherwise you can send us an e-mail stating your request to Contact.Center@rotary.org.
· Promotional Offers. If you do not wish to have your contact information used by Rotary to promote our own or third parties' products or services, for some third parties’ products or services you can opt-out by logging into our Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes. Otherwise you can send us an e-mail stating your request to Contact.Center@rotary.org. If we have sent you a promotional e-mail, you may send us a return e-mail asking to be omitted from future e-mail distributions.
Donor Privacy Information
Rotary will not sell, trade or share a donor's personal information, including their name, phone number, email, or physical address with non-Rotary third parties nor will it send donors mailings on behalf of other unrelated organizations. This policy applies to all information received by Rotary, both online and offline, as well as any electronic, written or oral communication. Rotary occasionally uses third-party vendors to manage and process donor information. These vendors are bound by strict confidentiality agreements.
Accessing and Correcting Your Information
Where you are a registered user on this Website, you can review and change your personal information by logging into our Website and visiting your account profile page on My Rotary.
You may also send us an e-mail at Contact.Center@rotary.org to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to or on our Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on our Website or on or through any of its features/register on our Website, make any purchases through our Website, use any of the interactive or public comment features of our Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at Contact.Center@rotary.org.
California Privacy Rights
California state law permits users of our Website that are California residents to request certain information regarding our disclosure of personal information (if any) to third parties for their direct marketing purposes. To make such a request, please send an e-mail to Contact.Center@rotary.org.
We have implemented technical and operational measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All personal information you provide to us is stored on password-protected databases on our secure servers behind firewalls and we use Secure Sockets Layer (SSL) to ensure that the transmission of sensitive data for payments and contributions is encrypted and appropriately safeguarded. We train our employees on the importance of information security and focus specifically on practices for protecting against unauthorized disclosure of personal data. We have a documented incident response plan for acting upon events that violate Rotary’s security or privacy policies, should they occur, and this plan is reviewed and updated on an ongoing basis.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. Passwords registered with our Website are encrypted to ensure protection against unauthorized access to your personal information. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of our Website. The information you share in public areas may be viewed by any user of our Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website or over any public network. Any transmission of personal information is at your own risk. Without prejudice to any mandatory legal obligations to which we may be subject, we are not responsible for circumvention of any privacy settings or security measures contained on our Website.
Rotary may change, add, modify or remove portions of this Policy at any time, which shall become effective immediately upon posting on this page. The date the Policy was last revised is identified at the bottom of the page. It is your responsibility to review this Policy for any changes. By continuing to use our Website, you agree to any changes in the Policy.
EU Privacy Notice
If you are a resident of the European Union (EU) or European Economic Area (EEA) whose personal information we collect, the following additional information applies to you.
1.1 - Where you are an EU or EEA resident and Rotary knowingly collects your personal information (also called 'personal data'), we will do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and EU member state national laws that implement or regulate the collection, processing and privacy of your personal data (together, 'EU Data Protection Law').
1.3 - This Privacy Notice also provides information on your legal rights under EU Data Protection Law and how you can exercise them.
2 How personal data is collected
2.1 - Because of the global nature of our organization and its club network, Rotary may hold and process personal data that is collected from clubs, districts and partner organizations around the world, including within the EU/EEA.
2.2 - This also means that if you are a member or individual contact of this network resident in the EU/EEA, your personal data may be transferred from the EU/EEA to Rotary headquarters in the United States.
2.3 - US data privacy laws are currently not considered to meet the same legal standards of protection for personal data as set out under EU Data Protection Law. However, in order to safeguard personal data received from the EU/EEA, we only allow such a transfer of personal data to the US or other third countries under an approved contract or another appropriate mechanism which is legally authorized under EU Data Protection Law.
2.4 - This is to make sure that the personal data that Rotary receives and processes (so far as it relates to residents of the EU/EEA) is properly safeguarded in accordance with similar legal standards of privacy you would eniov under EU Data Protection Law.
3 Direct Marketing
3.1 - If Rotary provides direct marketing communications to individuals in the EU/EEA regarding services and/or events which may be of interest, this will be done in accordance with EU Data Protection Law, and in particular where we contact individuals for direct marketing purposes by SMS, email, fax, social media and/or any other electronic communication channels, this will only be with the individual's consent or in relation to similar services to services that the individual has purchased (or made direct enquiries about purchasing) from Rotary before.
3.2 - Individuals are also free to object or withdraw consent to receive direct marketing from us at any time, by contacting us using the email address below.
4 The lawful grounds on which we collect and process personal data
4.1 - We process your personal data for the above purposes, relying on one or more of the following lawful grounds under EU Data Protection Law:
(a) where you have freely provided your specific, informed and unambiguous consent for Rotary to process your personal data for particular purposes:
(b) where we agree to provide services to you, in order to set up and perform our contractual obligations to you and/or enforce our rights:
(c) where we need to process and use your personal data in connection with our legitimate interests as a global network and being able to effectively manage and operate our organization in a consistent manner across all territories. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right to privacy: and/or
(d) where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims.
4.2 - Please also note that some of the personal data we receive and that we process may include what is known as 'sensitive' or 'special category' personal data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs. This is not the type of data that Rotary or its clubs would routinely collect, but if we process such sensitive or special category data we will only do this in specific situations where:
(a) you have provided this with your explicit consent for us to use it: or,
(b) there is a legal obligation on us to process such data in accordance with EU Data Protection Law
(c) it is needed to protect your vital interests (or those of someone else) such as in a medical emergency: or,
(d) where you have clearly chosen to publicize such information: or,
(e) where needed in connection with a legal claim that we have or may be subject to.
5 Disclosing vour personal data to third parties
5.1 - We may disclose your personal data to certain third party organizations who are processing data solely in accordance with our instructions (called 'data processors') such as companies and/or organizations that support our business and operations (for example providers of web or database hosting, IT support, payment providers, event organizers, agencies we use to conduct fraud checks or mail management service providers) as well as professionals we use such as lawyers, insurers, auditors or accountants. We only use those data processors who can guarantee to us that adequate safeguards are put in place by them to protect the personal data they process on our behalf.
5.2 - We may also disclose your personal data to third parties who make their own determination as to how they process your personal data and for what purpose(s) (called “data controllers”). The external third party data controllers identified above may handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organizations to understand how they may use your personal data.
5.3 - Other than as described above, we will treat your personal data as private and will not routinely disclose it to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you (such as a criminal investigation). We always aim to ensure that your personal data is only used by third parties we deal with for lawful purposes and who observe the principles of EU Data Protection Law.
6 How long we retain your personal data for
6.1 - Rotary retains personal data identifying you for as long as necessary in the circumstances - for instance, as long you are a member of a club or have a relationship with our network: for a reasonable period to send you marketing where we have regular contact with you, or as may be needed to enforce or defend contract claims or as is required by applicable law.
6.2 - Rotary has adopted a data retention policy for EU residents (which we may make available on request) that sets out the different periods we may retain personal data for in respect of relevant purposes in accordance with our duties under EU Data Protection Law. The criteria we use for determining the relevant retention and disposal periods we adopt are based on the purpose for which we hold data and the reasonable expectations of those whose personal data we collect in these circumstances, taking into account various legislative requirements and guidance issued by relevant EU regulatory authorities.
6.3 - In accordance with the above retention policy, the personal data that we no longer need will be disposed of and/or anonymized so you can no longer be identified from it.
7 Your personal data rights
7.1 - In accordance with your legal rights under EU Data Protection Law, you have a 'subject access request' right under which can request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to as well as certain other information.
7.2 - Usually we will have one month to respond to a subject access request. However, we reserve the right to verify your identity and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate the specific information you seek and certain legal exemptions under EU Data Protection Law may apply when responding to your subject access request.
7.3 - Under EU Data Protection Law. EU/EEA residents also have the following rights. which are exercisable by making a request to us in writing:
(a) that we correct personal data that we hold about you which is inaccurate or incomplete:
(b) that we erase your personal data without undue delay if we no longer need to hold or process it:
(c) to object to any automated processing (if applicable) that we carry out in relation to your personal data. for example if we conduct any automated credit scoring:
(d) to object to our use of your personal data for direct marketing:
(e) to object and/or to restrict the use of your personal data for purpose other than those set out above unless we have a compelling legitimate reason: or
(f) that we transfer personal data to another party where the personal data has been collected with your consent or is being used to perform contract with you and is being processed by automated means.
7.4 - So we can fully comply, please note that these requests may also be forwarded on to third party data processors who are involved in the processing of your personal data on our behalf.
7.5 - If you would like to exercise any of the rights set out above, please contact us at the address below.
7.6 - If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the Office of the Information Commissioner in the United Kingdom.
If you have any questions about Rotary’s privacy protection practices or believe we have not adhered to this Policy, please contact us at Contact.Center@rotary.org
Last modified: 9 May 2018