| Rotaract in Great Britain & Ireland |  |
||
| |||
 |
|
RGBI Council Only
|
|
|
Data Protection Policy
You are here: Home » Data Protection Policy
|
|
1. Introduction 1.1. The Data Protection Act 1998 and the Data Protection Acts 1998 and 2003 set out data protection responsibilities in the UK and Ireland, respectively. Under these Acts, organisations that process personal data (i.e. obtain, record, hold or carry out operations upon data which relate to a living individual who can be identified by that data) must comply with certain provisions, including registering as a Data Controller with the Information Commissioner (UK) or Data Protection Commissioner (Ireland) in certain cases. 2. Data Protection and Rotaract in the United Kingdom 2.1. RGBI has established that is does not need to notify [register] as a Data Controller with the Information Commissioner in the UK under the provisions of the Data Protection Act 1998 as it is exempt as a not-for-profit organisation. This exemption applies if: Your processing is only: • For the purposes of establishing or maintaining membership or support for a body or association not established or conducted for profit, or providing or administering activities for individuals who are either members of the body or association or have regular contact with it. Your data subjects are restricted to: • Any person the processing of whose personal data is necessary for this exempt purpose (examples are: past, existing or prospective members or those who have regular contact with the organisation). Your data classes are restricted to: • Data which are necessary for this exempt purpose (examples are: names, addresses, identifiers or eligibility for membership). Your disclosures other than those made with the consent of the data subjects are restricted to: • Those third parties which are necessary for this exempt purpose Retention of the data: • The personal data are not kept after the relationship between you and the data subject ends, unless and for so long as it is necessary to do so for the exempt purpose 2.2. All Rotaract districts in GB&I and all Rotaract clubs in the UK are legal entities and therefore must establish for themselves if they need to register as a Data Controller under the Act. A self-assessment guide is available in the Data Protection section at www.informationcommissioner.gov.uk. 2.3. Even if districts and clubs in the UK do not need to notify as a Data Controller, they, along with RGBI, still need to comply with the eight data protection principles: Data must be: 1. Fairly and lawfully processed; 2. Processed for limited purposes; 3. Adequate, relevant and not excessive; 4. Accurate; 5. Not kept for longer than is necessary; 6. Processed in line with your rights; 7. Secure; and, 8. Not transferred to countries without adequate protection. 3. Data Protection and Rotaract in the Republic of Ireland 3.1. RGBI has established that it does not need to register as a Data Controller with the Data Protection Commissioner in Ireland under the provisions of the Data Protection Acts 1998 and 2003. 3.2. District 1160 and Rotaract clubs in D1160 are legal entities and therefore must establish for themselves if they need to register as a Data Controller under the Acts. Looking at the provisions this is unlikely, but the district and clubs should confirm this for themselves (go to www.dataprivacy.ie for more details). 3.3. However, RGBI, District 1160 and Rotaract clubs in the Republic of Ireland still have eight legal responsibilities under the Acts, as follows: You must: 1. Obtain and process the information fairly. 2. Keep it only for one or more specified and lawful purposes. 3. Process it only in ways compatible with the purposes for which it was given to you initially. 4. Keep it safe and secure. 5. Keep it accurate and up-to-date. 6. Ensure that it is adequate, relevant and not excessive. 7. Retain it no longer than is necessary for the specified purpose or purposes. 8. Give a copy of his/her personal data to any individual, on request. 4. RGBI Policy Statement on Data Protection 4.1. The Council of Rotaract in Great Britain & Ireland adopted the following policy statement at its meeting on 29 August 2004: RGBI Collection and Use of Personal Membership Data As part of its efforts to assist clubs and districts, and facilitate communication with Rotaractors and Rotarians, Rotaract in Great Britain & Ireland (RGBI) collects personal data about Rotaract and Rotary club members and people who have taken part in Rotary programmes to be used solely for the purpose of conducting the following activities: • Assisting Rotary International in Great Britain & Ireland (RIBI) with preparing the annual Rotaract Directory. • Preparing the directory of clubs and districts held on the RGBI website. • Notifying Rotaract districts and clubs of people who have taken part in Rotary programmes and may be interested in Rotaract membership. • Notifying Rotary districts and clubs of Rotaractors who are leaving Rotaract and may be interested in Rotary membership. • Providing guidance to clubs and districts in their general activities and publicity efforts. • Communicating key organisational messages and information to district leaders and to clubs for dissemination at the club level. • Facilitating conference and special event planning. RGBI may disclose personal membership data as required by law or if pertinent to judicial or governmental investigations. |
RSS Feeds
