Practical guide to data protection (GDPR)

Monday, March 13, 2023

Team Polaris

Data protection refers to member data or to personal data of other persons involved such as guests, visitors or the speakers.

Protection of member data

The following principles must be observed:

  1. Each person must have their own credentials (user name + password). Credentials may not be shared with other persons.
  2. The term "personal data" includes all data of the person, i.e. name, first name, date of birth, address, e-mail, telephone no. profession, company, place of work, partner name, etc.
  3. Publication of personal data outside Rotary or Rotaract is only allowed with the explicit consent of the person. It must be stated which data will be passed on to whom and for what purpose.
Practical examples:
  • A non-rotarian assistant to the club secretary can be registered as "Other contact" in the club, have his/her own credentials and can have corresponding administration rights.
  •  A widow can be registered as an "Other Contact" in the club, have her own access and thus participate in club life.
  • A restaurant can be registered as an "Other Contact" in the Club, have its own access and receive by e-mail the registration/cancellation notifications for a lunch/diner, with the corresponding menu selection,  or check the registrations on the event web page.
  • The distribution of the member list within the club, for internal purposes, is possible without the express consent of the members. The same applies to the District.
  • The disclosure of member data to a non-Rotarian organisation or to a company (also to a member's company) is only permitted with the express consent of the members.

Protection of other personal data

Such persons are guests and speakers who participate in Rotary events. The following principles must be observed:

  1. Publication of guest and speaker data outside of Rotary (i.e. publicly) is only permitted with the explicit consent of the person. It must be stated which data will be passed on to whom and for what purpose.
  2. The term "personal data" includes all data about the person, i.e. name, first name, date of birth, address, e-mail, telephone number, occupation, employer, place of work, position, etc.
Practical examples:
  • A club lecture by Dr. Hans Mustermann from the University of Basel on the topic "Drug research without animal testing" may only be published publicly with Dr. Mustermann's consent. It must be clear which information is published where.
  • A club lecture by Dr. Hans Mustermann from the University of Basel on the topic "Drug research without animal testing" may, without his consent, be announced only to Rotarians and Rotaractors, i.e. accessible on Web after login, with release for at most "All members (all units)".
  • A district event such as PETS, district conference, seminar, etc. shall be visible only to Rotarians and Rotaractors, i.e. after login, with visibility to no more than "All members (all units)".
  • A Rotary benefit concert or golf tournament may be published publicly. Consent should be sought from performers and/or organisers who are named.

Visibility "Board members (own unit)" and "Board and Committee members (own unit)" depends on the club's internal privacy policy and has nothing to do with data protection. The recommendations are as follows:

  • An event in which only club members can participate should be visible only to club members.
  • An event that only Board and Committee members can attend may be visible for all members of the club or only to the Board and Committee members, depending on club constitution. RI recommends that Board minutes be available to club members.

Definition of the visibility levels

  • Board => visible only after login for board members
  • Board and committees => visible only after login for board and committee members.
  • All members of own unit => visible only after login for club members, guests, prospects and other contacts
  • Own district => visible only after login for Rotarians + Rotaracters from their own district
  • All members => visible only after login for Rotarians + Rotaracters in CH&FL, resp. France, resp. Belux, etc...
  • Teaser => first 3 lines visible without login, the rest only after login for all members.
  • Members and anonymous visitors = everybody, visible without login

_____________________________

Practical use:

  • Board meetings: Visibility => Board
  • Board meetings with committees: Visibility => Board and committees
  • Annual club meeting, general assembly: Visibility => All members of own unit
  • Christmas event or restricted club event: Visibility => All members of own unit
  • Club lunch with or without speaker: Visibility => All members
  • Newsletter / report / minutes: Visibility => All members
  • Photo Galleries: Visibility => All members
  • Club project: Visibility => Everybody
  • District event: Visibility => Own district
  • Public event such as benefit concert or golf tournament: Visibility => Everybody

Visibility levels