Kiwanis International European Federation

Serving the children of the World.

GDPR Instructions for Districts and Clubs

The text here under is copied from the minutes of th General Assembly of the 51St KI*EF Convention in Baveno.

It relates to the speech of Manfred PUCHNER, KI-EF Bylaws advisor

According to the GDPR the “data subject” (=member of a club) has a fundamental right to
the protection of his personal data.

In order to ensure this fundamental right, the GDPR requires that the data subject
(=member) has actively provided his or her consent, when data is stored.

1. Data controller:
The organization, that stores the data is referred to or known as the “Data controller” in
the GDPR. The data controller must have received the required declaration of consent, when storing
data. If the data controller shares the data with a third party, which then processes this data, the
data subject must first be informed in the active consent form that his or her data will be
shared with a third party. The data subject must be in agreement.

2. Data processor:
If the data subject agrees that the data is to be disclosed, the data controller must
conclude a written “order processing agreement” with the third party (referred to in the
GDPR as Processor”).

3. Order processing agreement:
The order agreement shall specify exactly which data and the reasons for which the processor 

may store them and the duration thereof and further thathe guarantees the technical safety

and confidentiality of such stored data.
In our case, this means that each club, represented by the president or his/her database
manager with the district, represented by the governor or its database manager must
conclude such an order processing agreement in writing.

However, before this type of order processing agreement is reached, the database
manager has to enter the data in a data processing directory! On the basis of the data
subject`s consent (member).

4. Data processing directory:
This date processing directory will list
– the data of the data controller (or his representative)
– the purposes of the data processing
– the details, such as the categories of the data subjects, i.e. club members, the legal
basis, that refers specifically to membership in this case or if the club has already amended
the statutes accordingly to include consent in the club statutes.

The district, which has stored the data subject`s data, wishes to share them with any District

database, the district also has to conclude an order processing agreement with
the operator of the District server in the same manner as between the club and the
district. Likewise, such an order processing agreement is to be concluded when the district
agrees to a data transfer with KIEF.

5. Data transfer to KI:
If, however, the data is to be forwarded to Kiwanis International, i.e. to the US, the
district or, provided it has been agreed, KIEF has to conclude a special US data transfer
agreement with the US based on the standard clauses approved by the EU Commission.
This is because the US is considered a non-secure third country in terms of data protection.

If such agreements are not concluded according to the standard clauses laid down by the
EU, these agreements shall be deemed avoid.

6. Conclusion
Through the secretary I have sent some formulars to all the governors of the districts of KI
EF. I kindly ask all governors to send this formulars to their clubs to inform the members so they
can work with the new legislation. It is up to the districts to put the provided texts in conformity

with their local rules and legislations.

The basic documents are the following and be downloaded here

The General Data Protection Regulation (GDPR) Basics

Data collection – Member

Agreement on order processing (Art. 28 GDPR)

Data processing directory (Art. 30 GDPR)



KI-EF Bylaws Advisor

As with many websites, our Website uses a technology called “cookies.” more information

A cookie is a unique, random number that is stored in the browser on your computer. The cookie doesn’t actually identify you, just the computer that is used to visit the site. Cookies automatically identify your browser to the Website whenever your computer is used to visit the Website. Cookies also let us know how many people visit the Website and where visitors go on the Website. In addition, cookies can let us know non-personally identifiable information, like what web browser is being used to access the Website. For registered users, cookies can make using the Website easier for you by saving information such as your passwords or preferences. By tracking how and when you use the Website, cookies help us determine which areas are popular and which are not. Many improvements and updates to the Website are based on data obtained from cookies. Accepting cookies allows you, among other things, to personalize your experience on the Website. Cookies may also allow the Website to present to you advertising that may be of special interest to you. If you do not want information collected through the use of cookies, your browser should contain an option that allows you to disable or delete cookie data at any time. Some areas of the Website, however, may not provide you with a personalized experience if you have disabled the use of cookies. The cookies are not tied to personal information.