PRIVACY POLICY – ROTARY

The Rotary Club Management System (hereinafter referred to as the « Polaris ») also known as Harmony is an initiative of:

Media Association of Rotary Switzerland-Liechtenstein(hereinafter referred to as the « MAR »)
c/o Juris Treuhand AG
Industriestrasse 47
6304 Zug
SWITZERLAND
+41 (0)43 299 66 25
info@rotary.ch
 

1  Definitions

In this Privacy Policy, we mean:

  • « Rotary International » : Rotary's central organization that provides logistical and structural support to national divisions;

  • « Rotary » : Rotary organizations within the territory of a district using the Polaris (hereinafter "Rotary" and "We");

  • « User » : Any member (including, if applicable, the aspiring member or other non-Rotarian guest) of a Rotary club registered on the Polaris platform and is therefore granted a right of use;

  • « Personal data » : any information relating directly or indirectly to an identified or identifiable natural person;

  • « Processing » : Any operation or set of operations carried out or not using automated processes and applied to data or sets of personal data, such as collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction;

  • « Limitation of processing » : the marking of personal data held in order to limit their future processing;

  • « Controller » means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or by the law of a Member State, the controller may be designated or the specific criteria applicable to his appointment may be provided for by the law of the Member State Union or by the law of a Member State; in this case, it is "Rotary";

  • « Processor » means the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller; in this case, it is "MAR".

 

2  Why this privacy policy?

Any person (hereinafter referred to as the « User ») visiting and / or using the Polaris website (hereinafter referred to as the « Site ») or our Services disclose a certain amount of personal data. Personal data is information that allows us to identify you directly or indirectly as a natural person.

Rotary collects and processes your personal data in accordance with the relevant legal provisions, namely the European Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data. (« Regulation » or « GDPR »).

By using the Site, the User declares having read this Privacy Policy and expressly accepts the collection and processing of his personal data in the manner described in this document.

Rotary reserves the right to make changes to our Privacy Policy at any time. Any substantial change will always be clearly communicated to Users. Rotary nevertheless advises you to consult this document regularly.
 

3  Who is responsible for the processing of your personal data?

3.1 Controller

Rotary is the Controller (« Decision maker ») and determines, alone or jointly with others, the personal data that is collected, the purposes and means of the processing.

As Controller, Rotary ensures compliance with the principles of lawfulness and proportionality when collecting personal data. Rotary will collect and process personal data only to the extent that the above data are adequate, relevant and not excessive in relation to the purpose of the treatment.

Rotary undertakes to take all necessary steps to ensure the secure processing of personal data. As a result, Rotary places a high priority on ensuring the necessary safeguards with respect to the technical and organizational safeguards for treatment. Rotary applies this commitment in all its relationships with processors. The User may, upon written request, take note of the measures taken as part of the protection requirements.
 

3.2 Processor(s)

Rotary is free to use processors. The processor is a natural or legal person who processes your personal data at the request and on behalf of the controller. The processor is required to ensure the security and confidentiality of your data and always acts on instruction of the controller.

MAR, as the main Processor, uses third parties, for example the developer of Polaris and SEMDA. Both are subprocessors, each depending on their respective activity.

The MAR cannot therefore be held responsible for failures of the de facto subprocessors to comply with the technical and organizational protection measures required. And this, except in case of serious negligence occurred in the head of the MAR during the mission of the de facto subprocessor.

The MAR is also not responsible for the accidental or unlawful destruction, accidental loss, alteration, access and any other unauthorized processing of personal data provided the necessary technical and organizational measures have been taken.
 

4  On what legal grounds are your personal data processed?

In accordance with the GDPR Regulations, Rotary processes your personal data based on the following legal grounds:

  • As a member of a Rotary Club

  • Based on the execution of the contract to which you are a party or contractual measures taken at your request for the use of our Site and the provision of our services and / or products.

  • On the basis of our legal obligations for all matters relating to the management of the contractual relationship, including invoicing.

  • Based on our legitimate interest in sending information and newsletters to our members as well as for the "in memoriam" directory after the death of members.
     

5  Which personal data is processed?

In the first place, a large part of the personal data is obtained directly from the Rotary member concerned. This collection of data will be done in two ways, namely by the club to which the member is affiliated or by the user himself when he adds, modifies or deletes data in his profile on Polaris. The heads of the individual clubs and districts of which the user is a member, are in charge of the collection of data, and decide which data will in turn be transmitted to Rotary International. This collection of data is an integral part of Rotary membership and is necessary for the proper functioning of the organization.

Thus, the following relevant identification data will be collected, the list is not exhaustive.
The Access to these data is only granted to limited number of persons.

Access to these data is granted to  > The Club The Community e.g the District Rotary International Public
Last name and first name X X X -
Nominative, quality and function X X - -

Address, landline and mobile number, email address

X

X X -
Date of birth, first and last name of spouse, portrait (text), languages ​​spoken, professional data, classification, date of entry to Rotary and club, distinctions, first and last names of sponsors, links URL to personal social networks


X


X


X


-

Information collected as a result of positive operations from Users. Users are free, as part of this type of information gathering, to mention other users or members of Rotary. These are confirmations of attendance or apologies for absence from meetings, but are not limited to

 

X

 

-

 

-

 

-

Information from personal correspondence exchanges taking place within the framework of the platform X - - -
Historical data X - - -

 

In addition, the matter also concerns data collection through the use of the Polaris, which is necessary for the optimal functioning of the platform both with respect to the direct user and for future changes.

  • Hardware and software information used to access the Polaris;

  • Information relating to the log (log file), that is to say the information collected as part of the actions taken when using the platform for example:

  • Content accessed on the platform, including the keywords used;

  • Device Event Information: hardware configurations, choice of language, dates and times, outages;

  • Internet Protocol (IP) address;

  • Cookies that identify the user;

  • Information from tracking technologies.

  • Location information, derived from different variables;

  • Local storage: information about the platform, saved on the user's system.

It is not excluded that new features and add-ons will be added to the platform in the future. These future operations will also be considered as relevant for data collection, as long as they take place within the original purpose of Polaris.
 

6  For which purposes is your personal data used?

Rotary collects your personal data for the sole purpose of providing you with an optimal, personalized and safe use experience. The processing of your personal data is therefore essential to the proper functioning of the site and the provision of our services. If data is missing, incorrect or incomplete, Rotary reserves the right to suspend or cancel certain operations.

Rotary agrees to treat your Personal data exclusively for the following purposes:

  • Management of the members: administration, management of the activities, invoicing, provision of support, sending of newsletters.

  • Protection against fraud and offenses.

By visiting our Site, certain data is collected for statistical purposes. These data allow us to optimize your user experience. This is your IP address, geographic area of ​​access, day and time of access, and pages viewed. By visiting the Site, you expressly agree to the collection of such data for statistical purposes.

 

7  Who receives your personal data?

The personal data entered by the user himself is in principle visible to all other Users of Polaris, this only if the user allows it. In addition, this data may be published in the monthly magazine for members, the directory and your Rotary club's communications.

Personal data collected through the use of Polaris is only visible to the parties who collaborate on the platform. This data is rigorously processed as part of the smooth operation (technical) of the platform.

Rotary is part of the Rotary International organization, which has an influence on local operations. Any member of a local Rotary club is in the first place a member of Rotary International. Part of the personal data is transmitted to these general structures.

All data collected via the Polaris, are in principle made available to the following third parties, within the framework of the above objectives:

  • Rotary International in Evanston;

  • The MAR and its processors

Given the location of the aforementioned third parties, the transfer to third parties also implies a transfer to third countries, which does not guarantee a level of protection similar to that in force in the EU. However, Rotary takes all necessary measures to ensure an adequate level of protection.

Your personal data will not be sold, transmitted or communicated to other third parties, except with your prior consent.
 

8  How long do we store your personal data?

Your data is kept as long as necessary to achieve the purposes pursued. They will be erased from our database as soon as they are no longer necessary for the purpose pursued or if you validly exercised your right to erasure.
 

9  What are your rights?

9.1 Guarantee of a legitimate and secure process of your personal data

Your personal data is solely processed for the legitimate purposes explained in Article 4. Your personal is collected and processed in an appropriate, relevant and non-excessive manner, and is not kept longer than necessary to achieve the intended purposes.

9.2 Right to access

If you can prove your identity, you have the right to obtain information about the processing of your personal data. Thus, you have the right to know the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data is transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your personal data.

9.3 Right to rectification

Inaccurate or incomplete personal data may be corrected. It is primarily the responsibility of the User to make the necessary changes in his "user account" himself, but you can also request this in writing.

9.4 Right to erasure (or « right to be forgotten»)

You also have the right to obtain the erasure of your personal data under the following cases:

  • Your personal data is no longer necessary for the intended purposes;

  • You withdraw your consent to the processing and there is no other legal ground for processing;

  • You have validly exercised your right of opposition;

  • Your personal data has been unlawfully processed;

  • Your personal data must be deleted to comply with a legal obligation.

9.5 Right to limitation of processing

In certain cases, you have the right to request the limitation of the processing of your personal data, in particular in case of dispute as to the accuracy of the data, if the data are necessary in the context of a judicial procedure or the time necessary to Rotary to verify that you can validly exercise your right to erasure.

9.6 Right to object

You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing, profiling or for the purposes of the legitimate interest of the controller. Rotary will cease to process your personal data unless it can demonstrate that there are compelling legitimate reasons for the treatment that prevails over your right to object.

9.7 Right to data portability

You have the right to obtain any personal data you have provided us in a structured, commonly used and machine readable format. At your request, this data may be transferred to another provider unless it is technically impossible.

9.8 Right to withdraw your consent

You may withdraw your consent to the processing of your personal data at any time, for example for direct marketing purposes.
 

10  How to exercise you rights?

To exercise your rights, you must make a written request (mail or email) to the manager of your club for your authentication (proof of identity) and informing the club of your request. The club will respond as soon as possible, and no later than one (1) month after receipt of the request.
 

11  Confidentiality

Under the General Data Protection Regulations, Rotary is under an obligation of confidentiality with regard to personal data processed in connection with the service. This confidentiality obligation applies equally to Rotary staff and to Processors and their own personnel.

This obligation of confidentiality takes effect as soon as the storage of the User's backups of data by Rotary is put into service.

This confidentiality obligation does not apply when Rotary is required to disclose personal data to the supervisory authority, by virtue of a legal provision or judicial decision, when the information is already known to the public, or where the communication of personal data has been authorized by the User.
 

12  Security measures

Under the General Data Protection Regulation, Rotary undertakes to implement technical and organizational measures (hereinafter "the security measures") to protect personal data against destruction, either by accident, whether unlawfully, against loss, fraud, dissemination or unauthorized access or against any other form of unlawful processing or use.

These security measures guarantee a level of security taking into account the risk that the treatment entails. In determining the appropriate security measures, the Parties shall take into account the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing as well as the risks to the rights and freedoms of the persons concerned.

Rotary strives to make every reasonable effort to ensure that their processing systems and services meet the requirements of ongoing confidentiality, integrity, availability, and resiliency, taking into account the state of the art and the costs of implementation. implemented.
 

13  Data breach notification

Under the General Data Protection Regulation, Rotary shall notify the User of any personal data breach as soon as possible and no later than 24 hours after becoming aware of it. This notification is accompanied by all useful documentation to enable the User, if necessary, to notify this violation to the data protection authority and / or to the persons concerned. Rotary must communicate to the User the following information: the nature of the data breach, the categories and the approximate number of persons involved, the categories and the approximate number of personal data concerned, the likely consequences of the data breach and measures taken to remedy the data breach or to mitigate any negative consequences.

At the request of the User, Rotary notifies the data breach in the name and on behalf of the User to the supervisory authority as soon as possible and, if possible, not later than 72 hours after finding the violation, unless the violation in question is not likely to create a risk for the rights and freedoms of natural persons.

At the request of the User, Rotary notifies the data breach in the name and on behalf of the User to the persons concerned as soon as possible, when this violation is likely to create a high risk for the rights and freedoms of individuals physical.

The decision whether or not to inform the data protection authority and / or data subjects of a data breach lies with the User.
 

14  Cookies

A cookie is a small text file placed on the hard disk of your computer or mobile device when you visit a website. The cookie is placed on your device by the website itself ("internal cookies") or by partners of the website ("third party cookies"). The cookie recognizes your device when you return to the site with a unique identification number, facilitating access to the site without having to re-enter your username and password, and collect information about your navigation.

On this platform, Rotary has integrated a software tool for web analytics. Web analytics is the collection and evaluation of visitor behavior data from websites thus for improving the efficeincy and the quality of the site.

The purpose of the software tool is to analyze visitor flows on the platform. The data controller uses the data and information obtained, in particular to evaluate the use of the platform in order to compile online reports presenting the activities on our Internet pages.

By browsing our website, you expressly agree to the use of cookies. Rotary uses cookies to improve your visit to our website and to offer you an experience of optimal use. However, you remain free to delete or limit cookies at any time by changing the settings of your browser.

By enabling or disabling cookies, you must change your browser settings (via the "preferences" or "options" tab). You can also consult the "help" tab of your browser.
 

15  Possibility to lodge a complaint

If you are not satisfied with the processing of your personal data by Rotary, you have the right to lodge a complaint with the National Data Protection Authority.
 

16  Applicable law and competent jurisdiction

This Privacy Policy is exclusively governed by European law, with Belgium being the reference. In case of dispute, the parties agree to seek in the first place an amicable solution. In the absence of an amicable resolution, the dispute will be submitted to the courts of the Canton of Zurich (Switzerland).

 

Polaris PPBLx-EN-1.1.docx - January 2021