PRIVACY POLICY

The Rotary Club Management System (hereinafter «Polaris» or «Platform») is an initiative of:

Media Association of Rotary Switzerland-Liechtenstein (hereinafter the «MAR»)
Seefeldstrasse 69
8008 Zürich
SWITZERLAND
+41 (0)43 299 66 25
info@rotary.ch


1. Definitions

In this Privacy Policy, we mean:

  • «Rotary International»: Rotary's central organization that provides logistical and structural support to national divisions;
  • «Rotary»: Rotary organizations within the territory of a district using Polaris (hereinafter "Rotary" and "We");
  • «User»: Any member (including, if applicable, the aspiring member or other non-Rotarian guest) of a Rotary club registered on the Polaris platform and is therefore granted a right of use;
  • «Personal data»: any information relating directly or indirectly to an identified or identifiable natural person;
  • «Processing»: Any operation or set of operations carried out or not using automated processes and applied to data or sets of personal data, such as collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction;
  • «Limitation of processing»: the marking of personal data held in order to limit their future processing;
  • «Controller»: Means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or by the law of a Member State, the controller may be designated or the specific criteria applicable to his appointment may be provided for by the law of the Member State Union or by the law of a Member State; in this case, it is "Rotary";
  • «Processor»: Means the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller; in this case, it is "MAR".

 

2. Why this privacy policy?

Any person (hereinafter referred to as the «User») visiting and / or using the Polaris website (hereinafter referred to as the «Site») or our Services disclose a certain amount of personal data. Personal data is information that allows us to identify you directly or indirectly as a natural person.

Rotary collects and processes your personal data in accordance with the relevant legal provisions, namely the European Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data («Regulation» or «GDPR»).

Rotary reserves the right to make changes to our Privacy Policy at any time. Any substantial change will always be clearly communicated to Users. Rotary nevertheless advises you to consult this document regularly.
 

3. Who is responsible for the processing of your personal data?

3.1 Controller

Rotary is the Controller («Decision maker») and determines, alone or jointly with others, the personal data that is collected, the purposes and means of the processing.

As Controller, Rotary ensures compliance with the principles of lawfulness and proportionality when collecting personal data. Rotary will collect and process personal data only to the extent that the above data are adequate, relevant and not excessive in relation to the purpose of the treatment.

Rotary undertakes to take all necessary steps to ensure the secure processing of personal data. As a result, Rotary places a high priority on ensuring the necessary safeguards with respect to the technical and organizational safeguards for treatment. Rotary applies this commitment in all its relationships with processors. The User may, upon written request, take note of the measures taken as part of the protection requirements. 

3.2 Processor(s)

Rotary is free to use processors. The processor is a natural or legal person who processes your personal data at the request and on behalf of the controller. The processor is required to ensure the security and confidentiality of your data and always acts on instruction of the controller.

MAR, as the main Processor, uses third parties, for example the developer of Polaris and SEMDA. Both are sub-processors, each depending on their respective activity.

The MAR cannot therefore be held responsible for failures of the de facto sub-processors to comply with the technical and organizational protection measures required.

The MAR is also not responsible for the accidental or unlawful destruction, accidental loss, alteration, access and any other unauthorized processing of personal data provided the necessary technical and organizational measures have been taken.
 

4. On what legal grounds are your personal data processed?

To the extent that the personal data of members is necessary to manage membership (both within the context of Rotary International or the Rotary district and within the context of the respective local club), this processing takes place on the basis of the resulting contractual relationship between the member and the member Club (Rotary, Rotaract). If further personal data of the member is determined and used in addition to these required data, this is done based on the member's express consent. This consent may be revoked at any time.

5. Which personal data is processed?

In the first place, a large part of the personal data is obtained directly from the Rotary member concerned. This collection of data will be done in two ways, namely by the club to which the member is affiliated or by the user himself when he adds, modifies or deletes data in his profile on Polaris. The heads of the individual clubs and districts of which the user is a member, are in charge of the collection of data, and decide which data will in turn be transmitted to Rotary International. This collection of data is an integral part of Rotary membership and is necessary for the proper functioning of the organization.

Thus, the following relevant identification data will be collected, the list is not exhaustive.
The Access to these data is only granted to limited number of persons.

Access to these data is granted to

The Club

The Community
e.g the District

Rotary
International

Public

Last name and first name

✔︎
✔︎
✔︎

-

Nominative, quality and function

✔︎
✔︎

-

-

Address, landline and mobile number, email address

✔︎
✔︎
✔︎

-

Date of birth, first and last name of spouse, portrait (text), languages spoken, professional data, classification, date of entry to Rotary and club, distinctions, first and last names of sponsors, links URL to personal social networks


✔︎


✔︎


✔︎


-

Information collected as a result of positive operations from Users. Users are free, as part of this type of information gathering, to mention other users or members of Rotary. These are confirmations of attendance or apologies for absence from meetings, but are not limited to

 

✔︎

 

-

 

-

 

-

Information from personal correspondence exchanges taking place within the framework of the platform

✔︎

-

-

-

Historical data

✔︎

-

-

-

 

In addition, the matter also concerns data collection through the use of the Polaris, which is necessary for the optimal functioning of the platform both with respect to the direct user and for future changes.

  • Hardware and software information used to access the Polaris;
  • Information relating to the log (log file), that is to say the information collected as part of the actions taken when using the platform for example:
    • Content accessed on the platform, including the keywords used;
    • Device Event Information: hardware configurations, choice of language, dates and times, outages;
    • Internet Protocol (IP) address;
    • Cookies that identify the user;
    • Information from tracking technologies.
  • Location information, derived from different variables;
  • Local storage: information about the platform, saved on the user's system.

It is not excluded that new features and add-ons will be added to the platform in the future. These future operations will also be considered as relevant for data collection, as long as they take place within the original purpose of Polaris.
 

6. For which purposes is your personal data used?

Rotary collects your personal data for the sole purpose of providing you with an optimal, personalized and safe use experience. The processing of your personal data is therefore essential to the proper functioning of the site and the provision of our services. If data is missing, incorrect or incomplete, Rotary reserves the right to suspend or cancel certain operations.

Rotary agrees to treat your Personal data exclusively for the following purposes:

  • Management of the members: administration, management of the activities, invoicing, provision of support, sending of newsletters.


By visiting our Site, certain data is collected for statistical purposes. These data allow us to optimize your user experience. This is your IP address, geographic area of access, day and time of access, and pages viewed. By visiting the Site, you expressly agree to the collection of such data for statistical purposes.

 

7. Who receives your personal data?

The personal data entered by the user himself is in principle visible to all other Users of Polaris, this only if the user allows it. In addition, this data may be published in the monthly magazine for members, the directory and your Rotary club's communications.

Personal data collected through the use of Polaris is only visible to the parties who collaborate on the platform. This data is rigorously processed as part of the smooth operation (technical) of the platform.

Rotary is part of the Rotary International organization, which has an influence on local operations. Any member of a local Rotary club is in the first place a member of Rotary International. Part of the personal data is transmitted to these general structures.

All data collected via the Polaris, are in principle made available to the following third parties, within the framework of the above objectives:

  • Rotary International in Evanston;
  • The MAR and its processors

Given the location of the aforementioned third parties, the transfer to third parties also implies a transfer to third countries, which does not guarantee a level of protection similar to that in force in the EU. However, Rotary takes all necessary measures to ensure an adequate level of protection.

Your personal data will not be sold, transmitted or communicated to other third parties, except with your prior consent.
 

8. How long do we store your personal data?

Your data is kept as long as necessary to achieve the purposes pursued. They will be erased from our database as soon as they are no longer necessary for the purpose pursued or if you validly exercised your right to erasure.
 

9. What are your rights?

9.1 Guarantee of a legitimate and secure process of your personal data

Your personal data is solely processed for the legitimate purposes explained in Article 4. Your personal is collected and processed in an appropriate, relevant and non-excessive manner, and is not kept longer than necessary to achieve the intended purposes.

9.2 Right to access

If you can prove your identity, you have the right to obtain information about the processing of your personal data. Thus, you have the right to know the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data is transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your personal data.

9.3 Right to rectification

Inaccurate or incomplete personal data may be corrected. It is primarily the responsibility of the User to make the necessary changes in his "user account" himself, but you can also request this in writing.

9.4 Right to erasure (or « right to be forgotten»)

You also have the right to obtain the erasure of your personal data under the following cases:

  • Your personal data is no longer necessary for the intended purposes;
  • You withdraw your consent to the processing and there is no other legal ground for processing;
  • You have validly exercised your right of opposition;
  • Your personal data has been unlawfully processed;
  • Your personal data must be deleted to comply with a legal obligation. 

9.5 Right to limitation of processing

In certain cases, you have the right to request the limitation of the processing of your personal data, in particular in case of dispute as to the accuracy of the data, if the data are necessary in the context of a judicial procedure or the time necessary to Rotary to verify that you can validly exercise your right to erasure.

9.6 Right to object

You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing, profiling or for the purposes of the legitimate interest of the controller. Rotary will cease to process your personal data unless it can demonstrate that there are compelling legitimate reasons for the treatment that prevails over your right to object.

9.7 Right to data portability

You have the right to obtain any personal data you have provided us in a structured, commonly used and machine readable format. At your request, this data may be transferred to another provider unless it is technically impossible.

9.8 Right to withdraw your consent

You may withdraw your consent to the processing of your personal data at any time, for example for direct marketing purposes.
 

10. How to exercise you rights?

To exercise your rights, you must make a written request (mail or email) to the manager of your club for your authentication (proof of identity) and informing the club of your request. The club will respond as soon as possible, and no later than one (1) month after receipt of the request.
 

11. Confidentiality

Under the GDPR, Rotary is under an obligation of confidentiality with regard to personal data processed in connection with the service. This confidentiality obligation applies equally to Rotary staff and to Processors and their own personnel.

This obligation of confidentiality takes effect as soon as the storage of the User's backups of data by Rotary is put into service.

This confidentiality obligation does not apply when Rotary is required to disclose personal data to the supervisory authority, by virtue of a legal provision or judicial decision, when the information is already known to the public, or where the communication of personal data has been authorized by the User.
 

12. Security measures

Under the GDPR, Rotary undertakes to implement technical and organizational measures (hereinafter "the security measures") to protect personal data against destruction, either by accident, whether unlawfully, against loss, fraud, dissemination or unauthorized access or against any other form of unlawful processing or use.

These security measures guarantee a level of security taking into account the risk that the treatment entails. In determining the appropriate security measures, the Parties shall take into account the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing as well as the risks to the rights and freedoms of the persons concerned.

Rotary strives to make every reasonable effort to ensure that their processing systems and services meet the requirements of ongoing confidentiality, integrity, availability, and resiliency, taking into account the state of the art and the costs of implementation.
 

13. Data breach notification

Under the GDPR, Rotary notifies the User of any violation of personal data as soon as possible, and no later than 24 hours after having read it. This notification is accompanied by any useful documentation to enable the User, if necessary, to notify this violation to the data protection authority and / or to the persons concerned. Rotary must communicate to the User the following information: the nature of the data breach, the categories and the approximate number of persons involved, the categories and the approximate number of personal data concerned, the likely consequences of the data breach and measures taken to remedy the data breach or to mitigate any negative consequences.

At the request of the User, Rotary notifies the data breach in the name and on behalf of the User to the supervisory authority as soon as possible and, if possible, not later than 72 hours after finding the violation, unless the violation in question is not likely to create a risk for the rights and freedoms of natural persons.

At the request of the User, Rotary notifies the data breach in the name and on behalf of the User to the persons concerned as soon as possible, when this violation is likely to create a high risk for the rights and freedoms of individuals physical.

The decision whether to inform the data protection authority and / or data subjects of a data breach lies with the User.
 

14. Cookies

A cookie is a small text file placed on the hard disk of your computer or mobile device when you visit a website. The cookie is placed on your device by the website itself ("internal cookies") or by partners of the website ("third party cookies"). The cookie recognizes your device when you return to the site with a unique identification number, facilitating access to the site without having to re-enter your username and password, and collect information about your navigation.

On this platform, Rotary has integrated a software tool for web analytics. Web analytics is the collection and evaluation of visitor behavior data from websites thus for improving the efficiency and the quality of the site.

The purpose of the software tool is to analyze visitor flows on the platform. The data controller uses the data and information obtained, in particular to evaluate the use of the platform in order to compile online reports presenting the activities on our Internet pages.

By browsing our website, you expressly agree to the use of cookies. Rotary uses technical cookies to improve your visit to our website and to offer you an experience of optimal use. However, you remain free to delete or limit cookies at any time by changing the settings of your browser.

By enabling or disabling cookies, you must change your browser settings (via the "preferences" or "options" tab). You can also use the "help" tab of your browser.
 

15. Possibility to lodge a complaint

If you are not satisfied with the processing of your personal data by Rotary, you have the right to lodge a complaint with the National Data Protection Authority.
 

16. Applicable law and competent jurisdiction

All legal disputes arising from this data protection policy, including the question of its creation, validity, termination or invalidity, are subject to the exclusive jurisdiction of the court with subject matter jurisdiction at the registered office of the person responsible.

 

Polaris PP-AUT-EN-1.0 - Jan 2024