Introduction
Rotary International and The Rotary Foundation of Rotary International respect your privacy. We are committed to protecting that privacy through our compliance with this policy (“Policy”) Rotary is committed to protecting the data that has been entrusted to our care by its constituents.
This Policy outlines the types of data that we may collect about you, or that you may give us, and explains our policies and practices regarding collecting, using, and protecting that data.
If you’re located within the European Union or European Economic Area, please also refer to Appendix A: EU Privacy Notification.
This Policy could change from time to time (see the section on Changes to our Privacy Policy section), so make sure to check the Policy regularly for the most recent version. The English-language version is the official text if you have questions about the meaning and interpretation of this Policy.
We collect data about you
There are many types of personal data we collect that can be used to help us identify you (“Personal Information”), such as your:
- Name
- Addresses postal
- Email address
- Telephone number
- Donation History
- Payment cardholder data
- Sensitive authentication data
- Internet connection
- Access to our website and details about the equipment used
We may collect your information depending on how you interact with Rotary.
- Gender
- Year of Birth
- Marital status
- Name of spouse or parent
- Occupation
- Employer
- Wealth data
- Photographs/images
We may, in limited circumstances, collect sensitive personal data such as government ID numbers or health information.
How we collect your data
Personal Data is collected from:
- Our Website Users
- Rotaract and Rotary Club members
- Donors to The Rotary Foundation
- Rotary event attendees
- Participants in Rotary’s programs
This data is collected by us:
- Directly if you give it to us via any interaction offline or in-person
- Our website Rotary.org (our “Website”)
- This Policy is also available on other Rotary websites.
- If you interact with advertising or applications on third-party sites and services, and if those advertisements include links to this Policy
- As you navigate the Website, data is automatically collected. This may include IP addresses and usage details.
- You can become a Rotaract or Rotary club member.
- Our services are available to you
- Participate in our programs and sign up to attend any events we host.
- We contract with third parties to provide services for us, including event organizers, travel service providers (used by Rotary International Travel Service or RITS), payment processor services, email marketing service providers, and software providers. These service providers can change or be added to our list without prior notice.
- If you want to interact with us in a different way, such as by contacting us with an inquiry
- Publicly available resources
We need your data
When you interact with Rotary through our website or offline, we collect the data that you give us. This data includes:
- You may provide personal data when you inquire about or join a Rotary or Rotaract Club. This includes data from My Rotary.
- Participation in our services, including- The Brand Center
- The Grant Center
- The Learning Center
- Rotary Club Central
- Rotary Global Rewards
- Rotary Ideas
- Rotary Shop
- Rotary Showcase
- When you sign up for a contest or promotion sponsored by us, we collect personal data.
- When you report a problem on our website, you may provide personal data
- If you contact us, we will keep records and copies of all correspondence, including email and social media posts.
- We may ask you to respond to surveys for research purposes.
- Register to participate or attend Rotary events
- Donors may provide personal data
- When you submit applications for grants, fellowships, or scholarships, please include personal data.
- We may need biographical data or other information if you wish to run for office in a Rotary club or district.
- Information about transactions through our website and details of the fulfillment of your orders. You may need to provide financial information before placing an order through this Website.
- Search queries for our website
Future features may lead to the collection of additional personal data.
Data that you provide may also be posted or displayed on the public areas of this Website. It can also be transmitted to third-party users or other users (collectively, “User Content”). Your User Content can be posted to the Website and shared with others at your own risk. You can limit your access to specific pages, and you can set privacy settings from your account profile. We cannot monitor the actions of Website users who may share your User Content.
Information about usage, IP addresses, cookies, and other technologies
We may automatically collect data about your browsing habits, equipment, and other patterns as you browse our website.
- Information about your visits to our website, including traffic data and location data as well as logs and other communication data. Also, details of the resources you access and use through our Website.
- Information about your computer, and an internet connection, including your IP address and operating system.
The data that is collected through My Rotary accounts are anonymous if you’re not signed up. This data is used to improve our website and provide a more personal service.
- Calculate our audience size, browser statistics, and popularity of content.
- Accelerate your search
- When you return to our website, we will recognize you
This automatic data collection is done using cookies (or browser cookies). A cookie is a small file that is stored on your computer’s hard drive. By activating the appropriate setting in your browser, you can refuse to accept cookies from browsers. You may not be able to access certain areas of our Website if this setting is selected. Our system will not accept cookies unless you have changed your browser settings to refuse cookies.
We collect usage data when you sign in to a My Rotary Account. This data is used to improve site functionality, and tailor site content, and behavior to you. We process this personal data according to this Policy.
Third-party Advertisers Use Cookies and Other Tracking Technology
Third-party advertisers, networks, and servers serve some advertisements and offer Rotary Rewards. Third-party owners may also own some applications that are accessible via our Website. These third parties might use cookies in combination with other tracking technologies to collect information about our users. We don’t have any control over the tracking technologies used by these third parties. You can contact the advertiser directly if you have questions about any advertisement or offer on Rotary Rewards.
How we use your personal data
We may use any data we have about you, or you give us, including personal data.
- Our Website and its contents are available to you
- We will provide the information, products, and services to you that you have requested.
- To fulfill our core business goals, which include:
- Fulfilling Rotary’s obligation to Rotarians and Rotaractors as well as other individuals
- Financial processing
- Contributing to The Rotary Foundation, which includes fundraising efforts
- Facilitating special event and convention planning
- Communication of key messages within an organization through Rotary publications and other materials
- Rotary Membership and Program Support
- Respecting any legal obligations
- Preservation of Rotary’s Legacy by creating and maintaining accurate archives that accurately document Rotary’s history
- To be used for any other purpose
- To fulfill our obligations and enforce our rights arising out of any contracts between you and me, including billing and collection
- We will notify you of any changes to our website or products or services that we offer through it
- You can participate in interactive features of our website
- We store your preferences to allow us to personalize our website according to your interests.
- Help us to develop and test updates for this website and other Rotary applications that support Rotary’s core business purposes.
- We may also describe the reasons you give us your personal data in any other way.
- Any other purpose for which we have your permission
Disclosure of Personal Data
We may share aggregated data about users and data that can’t be used to identify anyone, without restriction.
As described in this Policy, we may share personal data that you have provided or that we collect.
- If applicable, to the Rotary club/Rotaract club of which you are a member.
- Contractors, service providers, and any other third parties that support our business.
- They are required by contract to protect personal data and keep it confidential.
- Providers of travel services, such as hotels, airlines, ground transport, and travel agencies
- Companies that publish, ship, or produce Rotary publications, as well as Rotary-branded merchandise and goods,
- Online shop vendor
- Payment processing vendors
- When processing financial transactions such as expense reimbursements, financial institutions, and fiscal agents should be notified.
- Software and applications used for administrative functions such as providing online forms/surveys/applications, newsletter services, online lear webinar/teleconference services, electronic voting
- Cloud-based databases are used to perform administrative functions
- Rotary Convention host committees, other event organizers, and vendors
- Email distribution services
- If you consent to such disclosures, third parties may use your personal data to promote Rotary and/or market their products and services to you. These third parties are contractually required to protect your personal data and only use it for the purpose for which it was disclosed to us.
-If you do not want us to share your personal data (even when anonymized) with unaffiliated or non-agent third parties for advertising or promotional purposes, you can send an email stating your request to rotarysupportcenter@rotary.org.
- To serve the purpose you gave it
- For any other purpose, we disclose to you when you give us the data
- Your consent
We might also share your personal data.
- To comply with any court order or law or legal process, as well as to respond to any regulatory or governmental request.
- If disclosure is required or appropriate to protect the rights, property, or safety of Rotary, Rotarians and Rotary clubs, Rotary district, or other organisations. This includes exchanging personal information with other organizations and companies for fraud protection or credit risk reduction.
Personal Data of Rotary Foundation Donors
Rotary will not share, trade, or give out personal data of Rotary Foundation donors, including their name and phone number, email address, or physical address with any non-Rotary entities. It will also not send mailings to donors on behalf of other unrelated organizations. This policy applies to all donor information received by Rotary online and offline. It also covers any electronic, written, or oral communication. Sometimes, Rotary uses third-party vendors for the management and processing of donor data. These vendors must adhere to strict confidentiality agreements.
Accessing and correcting your personal data
You can access your data and make corrections by:
- If you are registered on My Rotary, visit your account profile page. For more information, see Rotary’s Frequently Asked Question
- Emailing rotarysupportcenter@rotary.org to request access to, correct, or delete any personal data that you have provided.
If we feel that the request to modify or delete data would be contrary to any law, or legal requirement, or cause the data incorrectly to be inaccurate, we may decline to accommodate it.
You can delete User Content from the website, but copies of it may still be viewable on cached or archived pages. Other Website users might also have copied or stored them. Our Terms of Use govern the proper access to and use of data on our Website, including User content. However, this does not affect your EU/EEA-based mandatory rights under EU Protection Law (see Annex A: EU Privacy Notice).
Children under 16 years of age
Our website is not designed for children younger than 16 years. Without parental consent, we do not intend to collect personal data from anyone under 16. Our Website does not allow anyone under 16 to provide personal data.
Do not contact anyone under 16 years old.
- You can use or give any personal data through our website or any of its features.
- Register on our website, and make purchases via our website.
- You can use any interactive or public comment feature on our website.
- We need to know your personal information, including your name and address.
We will erase any personal data that we discover we have received or collected from a child younger than 16 years without parental consent. If you believe we might have any personal data from or about a child under 16, please contact us at rotarysupportcenter@rotary.org
Data Security
We have taken technical and operational precautions to protect your personal data against accidental loss, unauthorized access, use, and alteration. Additionally:
- Rotary ensures that data security is maintained throughout all data processing operations, whether it’s developing new systems or improving existing ones.
- We store all personal data on secure servers behind firewalls. Secure Sockets Layer is used to protect sensitive data that is being transmitted for contributions and payments.
- Employees are taught about data security and have a special focus on protecting personal data from unauthorized disclosure.
- A documented incident response plan has been developed to promptly respond to any incidents that may violate Rotary’s privacy or security policies. This plan is regularly reviewed and updated.
Your safety and security depend on your actions. You are responsible for protecting the passwords that we have given to you or that you have chosen for certain areas of our website. To protect your data from unauthorized access, the passwords you create on our website are protected with encryption.
Unfortunately, internet transmissions of personal data are not always secure. While we make every effort to protect your personal information, we can’t guarantee its security. You are responsible for any transmission of personal data. We are not responsible for any violation of privacy settings or security measures found on our website.
Modifications to our Privacy Policy
Rotarians may modify, amend, or delete any part of this Policy at any time. These changes shall take effect immediately after they are posted on this page. At the bottom of each policy is the date that the Policy was last updated. You are responsible for reviewing this Policy to ensure that any changes have been made. You agree to all changes to the Policy by continuing to use our website, maintaining your membership in our clubs, and using our services.
Contact Information
Rotary’s headquarters is in Illinois, USA. Please email privacy@rotary.org if you have questions about Rotary’s privacy policies and practices.
Last modified: 25 June 2019
Appendix A: EU Privacy Note
The following information is applicable to residents of the European Union (EU), or the European Economic Area (EEA), whose personal data we collect.
INTRODUCTION
If you are a resident of the EU or EEA and Rotary knowingly obtains your personal information, we will comply with applicable laws regarding data protection and privacy. This includes the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as the national laws of EU member states that regulate or implement the collection, processing, and privacy of personal data (collectively, “EU Data Protection Law”).
This EU Privacy Notice (“EU Privacy Note”) should be read together with Rotary’s Privacy Policy. It provides additional information required by EU Data Protection Law about how we handle and process personal data that we collect, as well as whom it may be shared with.
This Privacy Notice provides information about your rights under EU Data Protection Law, and how to exercise them.
What personal data is collected?
Rotary’s global nature and the clubs it serves may mean that Rotary can store and process personal data from clubs, districts, and partner organizations all over the globe, as well as within the EU/EEA.
If you contact Rotary and are a resident of the EU/EEA, your personal information may be transferred to Rotary headquarters in the United States. It may also be accessed from Rotary’s international offices located in Australia, Brazil, and India.
The U.S. data privacy laws do not currently meet the same legal standards for the protection of personal data as the EU Data Protection Law. To protect personal data from the EU/EEA we only transfer it to the U.S. under an approved contract, or to another suitable mechanism, that is legal under EU Data Protection Law.
This is done to ensure that the personal data Rotary receives (as it relates to residents of EU/EEA) are properly protected in accordance with similar privacy standards provided by EU Data Protection Law.
Direct Marketing
Direct marketing communications by Rotary to EU/EEA residents regarding events and services will be in compliance with the EU Data Protection Law. Direct marketing communications to individuals by SMS, email and fax to them regarding services or events that may be of interest to them will only take place with their consent. This also applies to similar services that they have purchased from Rotary previously.
Individuals can also withdraw their consent to receive direct mail from us at any given time by contacting privacy@rotary.org
Legal Grounds for Collecting and Processing Personal Data
For the purposes outlined above, we process personal data on the basis of one or more legal grounds under the EU Data Protection Law.
- Rotary will only process your personal data if you have given explicit, informed, and unambiguous permission.
- We agree to provide services for you to establish and fulfill our contractual obligations to and/or enforce rights.
- We may need to use and process your personal data to fulfill our legitimate interests. This includes the need to manage and operate our global company in a consistent manner across all regions. These legitimate interests will be pursued in a manner that doesn’t unduly violate your legal rights or freedoms, and in particular your privacy.
- We are required to comply with a legal obligation, to exercise, defend, or establish legal claims
Also, please note that some personal data that we receive or process could include sensitive or special category personal data. This includes data concerning your ethnic origin and political, philosophical, or religious beliefs. Although this is not the data Rotary collects on a regular basis, it may be used in cases where:
- We have your express consent to use it
- This data must be processed in compliance with the EU Data Protection Law.
- It is necessary to protect your vital interests or those of others, such as in an emergency situation.
- This information has been clearly made public by you.
- It is required in connection to a legal claim we may have or could be subject to
Not disclosing your personal data to third parties
Your personal data may be disclosed to third-party organizations who are processing it in accordance with our instructions (“Data Processors”): companies and/or organizations that support our business and operations (e.g., providers of web hosting, IT support, and payment providers, event organizers, fraud check agencies, mail management service providers, and professionals such as accountants, lawyers, auditors, auditors or auditors). Only Data Processors who can provide us with assurances about the security of the personal data they process for us is used. These guarantees are made by entering data processing agreements that include appropriate data transfer mechanisms, such as “Standard Contractual Clauses” or provisions that state that the Data Processors are certified under the EU Privacy Shield Framework.
We may disclose personal data to “Data Controllers” in certain situations, such as if you travel for Rotary business. These third parties could include hotels, travel agencies, car rental agencies, and airlines. Due to the nature of their business, the Data Controllers will make their own decisions about how they handle your personal data. They are Data Controllers and must comply with the EU Data Protection Law. They are also required to provide notice to you if they process your personal data in a way that is not permitted by Rotary. These external third-party Data controllers may process your personal data according to their own procedures. To understand how they might use your personal information, you should review the privacy policies of these organizations or companies.
Except as stated above, your personal data will be treated as confidential and we will not routinely reveal it to third parties without you being aware. Only exceptions apply to legal proceedings and where we are legally required or permitted to tell you (such a criminal investigation). We will always ensure that your personal information is only used by lawful third parties who adhere to the EU Data Protection Law.
How long we keep your personal data
Rotary keeps your personal data as long as it is necessary for specific circumstances, such as:
- You can join a club, or establish a relationship with the network, as long as you are a member.
- We will send you information about our programs, donations, and marketing materials within a reasonable time frame if we are in regular contact with your organisation.
- All that is necessary to defend or enforce contract claims, or as required by law.
Rotary has adopted a Records Management Policy, which we may make available to anyone who requests it. We use a variety of EU regulations and guidelines to determine the appropriate retention and disposal periods.
The above retention policy will apply to personal data we no longer require. They will be destroyed and/or anonymized so that you cannot be identified.
Archive and History
Rotary keeps historical and archival information regarding its clubs. This may include some personal data about its members to preserve Rotary’s legacy and history.
Your Personal Data Rights
You have the right to a subject access request under EU Data Protection Law. This allows you to request information about personal data we hold, how it is used, and who it might be disclosed to.
We usually respond within one month to subject access requests. We reserve the right to verify your identity and may take up to two additional months to respond to complex requests. Administrative time may be charged for any requests that are manifestly unreasonable or too large. When responding to your subject access request, we may need additional information to locate the data you are looking for.
EU Data Protection Law gives EU/EEA residents the following rights. You can also exercise these rights by submitting a written request to us:
- We will correct any inaccuracies or inextricities in your personal data
- If we don’t need it, we will erase your personal data immediately
- You can object to any automated processing that we may carry out with respect to your personal data.
- To oppose our use of personal data for direct marketing
- You can object to or restrict the use of your personal data for any other purpose than those listed above unless there is a compelling reason.
- We may transfer your personal data to another party if the personal data was collected with your consent, is being used under a contract with us, or is being automated.
To ensure that we are able to fully comply with your requests, please also note that third-party processors may be involved in processing personal data for us.
Please contact privacy@rotary.org if you wish to exercise any of these rights.
If you are unhappy with the response or believe we are processing your personal information illegally, you can complain to the Office of the Information Commissioner.