Subscribe to our mailing list

* indicates required

Donate   Join  |  Log In

Translate Website

Member Data Privacy: Rights and Obligations

Member Data Privacy:  Rights and Obligations

The General Data Protection Regulation (GDPR) is a regulation regime for companies and other organisations that gather personal data, introduced by the EU in April 2016.  The regulations become effective 25 May 2018.  

ESRAG is in the process of developing the materials to demonstrate compliance with GDPR.  This page will provide links to our corporate compliance information.

Current Personal Data and Privacy Practices

ESRAG respects and secures the privacy and security of individuals' personal data.  ESRAG uses Members personal data for internal administrative purposes only.  ESRAG does not share individuals' information without an individual's explicit permission.

ESRAG collects personal information including name, email address, Rotary affilitations, location and interests to support its mission.  

ESRAG posts the names, clubs and districts of individuals who submit project data with the intention of having that information shared.

ESRAG does not collect information related to birth dates.

All financial credentials are encrypted and submitted directly through ESRAG's Merchant Service Agreement to Stripe.  No financial credentials are ever received by ESRAG systems. 

Terms of Service:  Responsibilities of Members

By using ESRAG's online resources, ESRAG members agree to maintain safe computing practices, including password security practices.  ESRAG members with access to corporate data agree explicitly to follow safe computing practices and non-sharing of membership personal data without the explicit consent of the individual involved.  

Data Rights of Individuals

The GDPR legislates several data rights for individuals:

  • Right to be informed – You must be clearly informed when your data is collected and the purpose for which it is intended.
  • Right of access – You must be allowed to view the data companies have gathered on you.
  • Right to rectification – You have the right to correct erroneous information about yourself in a company’s data records.
  • Right of erasure – Also known as the “right to be forgotten”. You have the right to request the deletion of personal data held on you, although this right is not absolute.
  • Right to restrict processing – You can request the suppression of your personal data file, or restrict its processing.
  • Right to data portability – You have the right to take the data a company has collected on you and share it elsewhere, eg. to get a better customer deal.
  • Right to object – You have the right to object and prevent your data being used for particular purposes, eg. for direct marketing. This right is superseded by legal claims.
  • Rights related to automatic decision-making – You may only be profiled with your explicit consent, where this is necessary to enter into a contract or where such processing is authorised by the state.

Links to information will be added below to explain how ESRAG complies with the data rights of individuals, and to provide transparent access for you to exercise your rights.  If you have questions or a request, please write to gdpr@esrag.org .