Data protection (GDPR)

Practical guide to data protection (GDPR)

Data protection (GDPR) refers to member data or to personal data of other persons involved such as guests, visitors or the speakers.

Protection of member data

The following principles must be observed:

• Each person must have their own credentials (user name + password). These login details must not be disclosed to others.

• The term "personal data" refers to all information related to an individual, such as their last name, first name, birth date, home address, email address, phone number, occupation, employer, workplace, partner's name, and so on.

• Publication of personal data outside Rotary, Rotaract or Interact (also InnerWheel) is only allowed with the express consent of the person. It must be stated which data will be passed on to whom and for what purpose.

Practical examples

• A non-Rotarian assistant to the club secretary or other club officer can be registered as an "Other contact" in the club, have his/her own credentials and can have corresponding administration rights.

• A widow or widower can be registered as an "Other Contact" in the club, have his/her own access and thus participate in club life.

• A restaurant can be registered as an "Other Contact" in the club, have its own access and receive by email the registration/cancellation notifications for a lunch/diner, with the corresponding menu selection, or check the registrations on the event web page.

• The distribution of the member list within the club, for internal purposes, is possible without the express consent of the members. The same applies to the district.

• The disclosure of member data to a non-Rotarian organization or to a company (also to a member's company) is only permitted with the express consent of the members.

Protection of other personal data

Such persons are guests and speakers who participate in events. The following principles must be observed:

• Publication of guest and speaker information outside of Rotary (i.e. publicly) is only allowed with the clear permission of the individual. It must be stated which data will be passed on to whom and for what purpose.

• The term "personal data" refers to all information related to an individual, such as their last name, first name, birth date, home address, email address, phone number, occupation, employer, workplace, partner's name, and so on.

Examples

• A club lecture by Dr. Hans Mustermann from the University of Basel on the topic "Drug research without animal testing" may only be published publicly with Dr. Mustermann's consent. It must be clear which information is published where.

• A club lecture by Dr. Hans Mustermann from the University of Basel on the topic "Drug research without animal testing" may, without his consent, be announced only to members, i.e. after login, with release for at most "All members".

• A district event such as PELS (PETS), district conference, seminar, etc. shall be visible only to members, e.g. after login, with visibility to no more than "All members".

• A Rotary benefit concert or golf tournament should be publicly announced. Consent should be sought from performers and/or organizers who are named.

Visibility "Board” (own unit) and "Board and Committees” (own unit) depends on the club's internal privacy policy and has nothing to do with data protection. The recommendations are as follows:

• An event in which only club members can participate, e.g. assembly, should be visible only to all members of the club.

• An event that only board and committee members can attend may be visible for all members of the club or only to the board and committee members, depending on club constitution. Rotary International recommends that board meeting minutes be available to club members.

Definition of the visibility levels

• Board > visible only after login for board members

• Board and Committees > visible only after login for board and committee members.

• All members of own unit > visible only after login for club members, guests, prospects and other contacts

• Own district > visible only after login for Rotarians, Rotaracters and Interacters of the own district (the same applies to the organization InnerWheel)

• All members > visible only after login for Rotarians, Rotaracters and Interacters + members of special clubs and committees (the same applies to the organization InnerWheel)

• Teaser title only > first three lines visible for everybody without login, the rest visible only after login for Rotarians, Rotaracters and Interacters + members of special clubs and committees (the same applies to the organization InnerWheel)

• Public (everyone) > everybody, visible without login

Practical use

• Board meetings: Visibility > Board

• Board meetings with committees: Visibility > Board and committees

• Annual club meeting, general assembly: Visibility > All members of own unit

• Christmas event or restricted club event: Visibility > All members of own unit

• Statutory meetings, lunches with or without speaker: Visibility > All members

• Replacement meetings in the club premises due to away meetings: Visibility > All members of own unit

• District events: Visibility > Own district or All members

• President’s letter: Visibility > All members of own unit or Own district

• Newsletters, reports, minutes: Visibility > All members

• News: Visibility depending on content in the range from All members of own to Public (everyone)

• Photo galleries: Visibility > All members of own unit or All members

• Projects: Visibility > Public (everyone)

• Public event such as benefit concert or golf tournament: Visibility > Public (everyone)