Internet Lodge No 9659
Data Protection Policy
In compliance with the General Data Protection Act 2018 this data protection policy regulates how Internet Lodge processes and stores personal data (which includes photographs) of its members. It applies to all officers, members of the lodge and all applicants to join the lodge. Its purpose is to ensure that the Lodge complies with the law and with high data protection standards.
In this policy “personal data” means any recorded information which identifies a living individual.
As a membership organisation the Lodge processes, retains and shares personal data of members for the purposes set out in the Data Protection Notice.
The Lodge shall not collect or store personal data of members for any other purposes.
2. Appointment of a Data Controller
The Lodge shall appoint a Data Controller, currently the Lodge Secretary, who will oversee compliance with data protection law and will act as a point of contact for members and the Information Commissioner’s Office (the “ICO”).
3. Members’ data rights
A member may request that the Data Controller:
- provides him with a copy of all personal data that the Lodge holds about him. The Data Controller shall promptly provide a copy of all information required to be disclosed by law.
- rectifies any incorrect personal data held by the Lodge about him. The Data Controller shall promptly consider such a request and respond to it in accordance with the law.
- requests the Lodge stop processing some or all of his personal data. The Data Controller shall promptly consider such an objection and respond to it in accordance with the law
4. Deletion of personal data
A member may resign from the Lodge at any time. After it has processed such resignation(s) the Lodge shall delete personal data that it holds about that member as set out in the Data Protection Notice.
5. Sharing data with third parties
As a membership organisation the Lodge shares:
- personal data of its members with the United Grand Lodge of England; and
- personal data of members with the Province of East Lancashire, as required by the Book of Constitutions or bodies it sanctions from time to time. It will not share personal data of members for any other reason unless it has the consent of the relevant member.
6. Data Protection Notice
The Lodge shall publish a Data Protection Notice so that it is available to members. The Notice shall comply with the requirements of data protection law and among other things shall inform members how their personal data will be used by the Lodge and how they may contact the Lodge’s Data Controller.
7. Data security
The Lodge shall periodically review the security of its records and processing activities and shall take appropriate steps to ensure the confidentiality, integrity and availability of personal data that it holds.
8. Registration with ICO
The Lodge is exempt from registration with the ICO.
9. Reporting breaches to the Data Controller
Actual or potential breaches of this policy, or of data protection law by the Lodge, shall be reported immediately to the Data Controller. Breaches shall be reported if required by the Data Controller to the ICO or to the member(s) whose data is affected. Normally the Data Controller shall not report breaches without prior consultation with the Provincial Grand Master and Provincial Grand Secretary.
In this document “Book of Constitutions” means the General Laws and Regulations for the Government of the Craft of the United Grand Lodge of England from time to time.