Data Protection Notice for the Province of West Kent

See below for FAQ

Your data
This notice is for all candidates and Freemasons of the Province of West Kent. It applies to the processing of your personal data by the Province.
Section 1 sets out the purposes for which your data will be used by the Province if you are a candidate to become a Freemason.
Section 2 sets out the purposes for which your data will be used by the Province if you are a Freemason.
Please note that your personal data will also be processed by your Lodge(s) and the United Grand Lodge of England as separate data controllers and so you are also referred to their respective Data Protection Notices.
1. Use of your data during your application to become a Freemason
As a candidate to become a Freemason, you consent to the processing, retention and sharing of your personal data for the purpose of assessing your membership application and any other Masonic applications you may make.
You can withdraw your consent and request erasure of your data at any time prior to your initiation by notifying your proposer and seconder that you wish to cancel your application.
2. Use of your data after you become a Freemason
As a Freemason your data will be processed, retained and shared for any reasonable purposes required by the Book of Constitutions or the bodies it sanctions from time to time. These purposes include, but are not limited to, the following purposes:
1. Assessing any Masonic applications you make;
2. Registering you as a member of Freemasonry;
3. Receiving communications to which you are entitled as a Mason;
4. Recording the progress of your career in Freemasonry; and
5. Masonic disciplinary processes.
You may stop your data from being used by the Province by resigning from all Lodges in the Province.
The Province is at Oakley House, Bromley Common, Kent BR2 8HA. Please contact its data protection officer by post or email to PGSec@freemasons-westkent.org.uk if you wish to:
1. Object to the Province processing your data;
2. Request access to your data; or
3. Request rectification of your data.
The legal bases on which your personal data will be used in accordance with this Section II are:
1. The legitimate interests of the Province as a not for profit membership organisation; and
2. The fulfilment of contractual obligations owed to you by your Lodge supported by the Province.
In this notice “Book of Constitutions” means the General Laws and Regulations for the Government of the Craft of the United Grand Lodge of England from time to time.
________________________________________
Data Protection Policy
This data protection policy regulates how the Province of West Kent processes and stores personal data of its members. It applies to all employees, officers, members and volunteers of the Province. Its purpose is to ensure that the Province complies with the law and with high data protection standards.
In this policy “personal data” means any recorded information which identifies a living individual.
1. Purposes
As a membership organisation the Province processes, retains and shares personal data of members for the purposes set out in the Data Protection Notice. Where the Province employs or contracts with a member it may also process, retain and share personal data of that member for all lawful purposes related to that employment or contractual relationship.
The Province shall not collect or store personal data of members for any other purposes.
2. Appointment of a Data Protection Officer
The Province shall appoint a Data Protection Officer who will oversee compliance with data protection law and will act as a point of contact for members and the Information Commissioner’s Office (the “ICO”). The Data Protection Officer shall have a direct line of communication with the Provincial Grand Master and shall have, or shall undergo training to ensure that he has, knowledge of data protection law and practices.
3. Members’ data rights
A member may request that the Data Protection Officer:
a. provides him with a copy of all personal data that the Province holds about him. The Data Protection Officer shall promptly provide a copy of all information required to be disclosed by law.
b. rectifies any incorrect personal data held by the Province about him. The Data Protection Officer shall promptly consider such a request and respond to it in accordance with the law.
c. stop the Province from some or all of its processing of his personal data. The Data Protection Officer shall promptly consider such an objection and respond to it in accordance with the law.
4. Deletion of personal data
A member may resign from all lodges in a Province at any time. After it has processed such resignation(s) the Province shall delete personal data that it holds about that member as set out in the Data Protection Notice.
5. Sharing data with third parties
As a membership organisation the Province shares:
a. personal data of its members with the United Grand Lodge of England; and
b. personal data of members of each Lodge in the Province with that Lodge,
as required by the Book of Constitutions or bodies it sanctions from time to time. It will not share personal data of members for any other reason unless it has the consent of the relevant member.
6. Data Protection Notice
The Province shall publish a Data Protection Notice so that it is available to members. The Notice shall comply with the requirements of data protection law and among other things shall inform members how their personal data will be used by the Province and how they may contact the Province’s Data Protection Officer.
7. Data security
The Province shall periodically review the security of its records and processing activities and shall take appropriate steps to ensure the confidentiality, integrity and availability of personal data that it holds.
8. Registration with ICO
The Province shall maintain its annual registration with the ICO.
9. Reporting breaches to the Data Protection Officer
Actual or potential breaches of this policy, or of data protection law by the Province, shall be reported immediately to the Data Protection Officer. Breaches shall be reported if required by the Data Protection Officer to the ICO or to the member(s) whose data is affected. Normally the Data Protection Officer shall not report breaches without prior consultation with the Provincial Grand Master and Provincial Grand Secretary.
Date policy adopted: 21 May 2018
________________________________________
Data Protection Notice for Lodges

Download Lodge GDPR Form HERE

Data Protection Notice – [LODGE NAME]
Your data
This notice is for all candidates and Freemasons of [LODGE NAME]. It applies to the processing of your personal data by the Lodge.
Section I sets out the purposes for which your data will be used by the Lodge if you are a candidate.
Section II sets out the purposes for which your data will be used by the Lodge if you are a member.
Please note that your personal data will also be processed by the United Grand Lodge of England and the Province of West Kent as separate data controllers and so you are also referred to their respective Data Protection Notices.
I. Use of your data during your application to become a Freemason
As a candidate to become a Freemason, you consent to the processing, retention and sharing of your personal data for the purpose of assessing your membership application and any other Masonic applications you may make.
You can withdraw your consent and request erasure of your data at any time prior to your initiation by notifying your proposer and seconder that you wish to cancel your application.
II. Use of your data after you become a Freemason
As a Freemason your data will be processed, retained and shared for any reasonable purposes required by the Book of Constitutions or the bodies it sanctions from time to time. These purposes include, but are not limited to, the following purposes:
1. Assessing any Masonic applications you make;
2. Registering you as a member of Freemasonry;
3. Receiving communications to which you are entitled as a Mason;
4. Recording the progress of your career in Freemasonry; and
5. Masonic disciplinary processes.
You may stop your data from being used by the Lodge by resigning from the Lodge.
The Lodge is at [postal address]. Please contact the Lodge Secretary by post or email to [Lodge Secretary’s email address] if you wish to:
1. Object to the Lodge processing your data;
2. Request access to your data; or
3. Request rectification of your data.
The legal bases on which your personal data will be used in accordance with this Section II are:
1. The legitimate interests of the Lodge as a not for profit membership organisation; and
2. The fulfilment of contractual obligations owed to you by your Lodge.
In this notice “Book of Constitutions” means the General Laws and Regulations for the Government of the Craft of the United Grand Lodge of England from time to time.

________________________________________
Data Protection Notice for Chapters

Download Chapter GDPR Form HERE

Data Protection Notice – [CHAPTER NAME]
Your data
This notice is for all candidates and Royal Arch Freemasons of [CHAPTER NAME]. It applies to the processing of your personal data by the Chapter.
Section (I) sets out the purposes for which your data will be used by the Chapter if you are a candidate.
Section (II) sets out the purposes for which your data will be used by the Chapter if you are a member.
Please note that your personal data will also be processed by the Supreme Grand Chapter of Royal Arch Masons of England and the Province of West Kent as separate data controllers and so you are also referred to their respective Data Protection Notices.
I. Use of your data during your application to become a Royal Arch Freemason
As a candidate to become a Royal Arch Freemason, you consent to the processing, retention and sharing of your personal data for the purpose of assessing your membership application and any other Masonic applications you may make.
You can withdraw your consent and request erasure of your data at any time prior to your initiation by notifying your proposer and seconder that you wish to cancel your application.
II. Use of your data after you become a Royal Arch Freemason
As a Freemason your data will be processed, retained and shared for any reasonable purposes required by the Royal Arch Regulations or the bodies it sanctions from time to time. These purposes include, but are not limited to, the following purposes:
1. Assessing any Masonic applications you make;
2. Registering you as a member of Royal Arch Freemasonry;
3. Receiving communications to which you are entitled as a Royal Arch Mason;
4. Recording the progress of your career in Royal Arch Freemasonry; and
5. Masonic disciplinary processes.
You may stop your data from being used by the Chapter by resigning from the Chapter.
The Chapter is at [postal address]. Please contact the Chapter Scribe E by post or email to [Chapter Scribe E’s email address] if you wish to:
1. Object to the Chapter processing your data;
2. Request access to your data; or
3. Request rectification of your data.
The legal bases on which your personal data will be used in accordance with this Section II are:
1. The legitimate interests of the Chapter as a not for profit membership organisation; and
2. The fulfilment of contractual obligations owed to you by your Chapter.
In this notice “Royal Arch Regulations” means the General Regulations of the Supreme Grand Chapter of England from time to time.

________________________________________

Frequently Asked Questions – Data Protection

With effect from 25th May 2018, the earlier European legislation concerning data protection will be superseded by the General Data Protection Regulation (GDPR).

The Province of West Kent (Craft and Royal Arch) are registered with the Information Commissioner’s Officer (ICO) – and the Data Controller and Data Protection Officer for the Masonic Province of West Kent is the Provincial Secretary/Scribe E.

Below are some of the most commonly raised issues about storing and protecting information.
Additionally, UGLE have compiled its own ‘Frequently Asked Questions’ dated 30th April 2018 – which you may wish to read in conjunction this document (click HERE).

What information about me do you store?

In simple terms, we are a membership organisation – so we only retain and store the minimum information to manage your memberships. The Province only stores the following information about a member:
• name
• date of birth
• home address
• occupation
• telephone numbers
• email address and
• Masonic CV (i.e., offices and ranks held).

No other information is collected or stored and our systems do not have the facility to store any other information or personal comments about any member other than those relating to their membership.

I don’t want you to store certain information.

Any member may withdraw any consent previously given for the storage and processing of their data. This is done by contacting the Provincial Office and completing of a form requesting this change.

How do you obtain and maintain my personal information?

The Province has access to a member’s personal details which they provide when they apply to join the Order – and these are subsequently recorded and updated from time-to-time, by the completion of a further ‘Form P’ when joining or re-joining another Lodge or Chapter.

Another way member information is updated is from the Installation Returns completed by the Secretary/Scribe E or the completion by a member of a form as part of the published Honours system. All of these are used to ensure that members’ details are kept as up to date as possible. Additionally, any application forms for Provincial appointment or promotion will only be stored for a maximum of 12 months and then destroyed.

How else can my information be updated?

A member’s personal information or membership status can be updated by the Secretary/Scribe at any time by competing and submitting form WK90 (downloadable from the Website) to the Provincial Office. Updates are applied usually in a couple of days or immediately by simply contacting the Provincial Office.

The annual return from Grand Lodge and Provincial Grand Lodge – which the Secretary/Scribe E receives – has Masonic information on all Lodge/Chapter members, and requests to view this information can be made by any member at that time. The Secretary/Scribe will also update that information before submitting it.

Where and how is my information stored?

Information is stored securely (password protected user accounts) on a national membership system called Adelphi2, which is managed and maintained by UGLE.

Who can see my information?

Adelphi2 access is granted by UGLE, on application from the Provincial Grand Secretary.

No details of a member, their memberships or the fact they are even a member are shared in any way outside of the organisation.

The Province previously issued and maintained a Provincial Year Book which contained the names and contact details of key Lodge/Chapter office holders and was accessible from the Provincial website as a downloadable PDF file. This has now been removed.

What do I do if I think my personal information has been compromised?

If a member believes their information or the systems storing it have been compromised, they must immediately contact the Provincial Office, and advise the Data Protection Officer (Provincial Secretary/Scribe E).

The Data Protection Officer (Provincial Secretary/Scribe E) will record the fact, investigate the circumstances, ensure that any data breach or loss is secured and where necessary, report the facts within 72 hours to the ICO.

If a breach is discovered by the Data Protection Officer, any member affected will, as a matter of course, be informed immediately – as will be the ICO – and a plan agreed and implemented to investigate and address it.

Who is responsible for any information that my Lodge or Chapter may hold?

Many Lodges/Chapters – based on advice previously circulated – will have appointed a Data Protection Officer/Controller. Current advice is that such a formal appointment is not normally necessary. However, having a specified person responsible for ensuring that member details are kept secure, and up to date, is a practice to be commended. It assists in nurturing a culture which protects the individual, their personal information, and keeps them in control of it. In the first instance, your point of contact should be your Secretary/Scribe E.

By way of summary for all Lodges, Chapters and members, below are some simple points which should have been common practice prior to, and irrespective of, the implementation of GDPR. Some are also referenced in the advice issued by UGLE, but by way of completeness:

• Only record and store the personal information you need to administer and discharge the functions of your Lodge/Chapter or the office you hold within it
• You must keep all personal information secure
• You must keep it up to date when a member notifies you of a change in their details
• Do not share member information with anybody else outside of the Lodge/Chapter
• Do not do anything with a member’s personal information outside or beyond your role unless the member agrees. Remember, it is their personal information.
• If you do retain and store information to carry out your role in your Lodge/Chapter, you must supply a copy of what information you hold if requested by the member
• You must delete the data you hold if a member leaves, it is no longer required, or you leave the role you have
• You must respect the wishes of the member and particularly, those in relation to how they are communicated with. Therefore:
—  All ‘group’ emailed communications must, as a matter of course be ‘bcc’ to protect contact information being lost or compromised.
—  With this in mind, be very careful about forwarding emails to persons who are not members of your Lodge/Chapter as they may contain personal and/or contact information about your members
• If you think or suspect there has been a data breach or loss, notify the Provincial Office immediately and also your Secretary/Scribe E.

I don’t want the members of my Lodge/Chapter to know certain aspects of my personal information, such as my home telephone number/email address.

Then simply inform your Lodge Secretary/Scribe E. But before taking this step, it is important to bear in mind that ostensibly, we are a membership organisation.

As a membership organisation, it would be very difficult to administer your membership of a Lodge (or even the Order) without storing and processing the bare minimum of contact information – for example, where your Almoner can contact you, if necessary.

However (again), the rights of the member (data subject) must be respected – and the Secretary/Scribe E provides a point of contact for you to query what information is held, how it is used and the ability of the member to withdraw their consent to such processing at any time. This is particularly the case where a member wishes to withdraw from receiving communications. A request to do so must be dealt with in a timely manner, acted upon and respected.

Who do I go to if I want to alter the consent I have given or change my contact preferences with the Province?

In the first instance, simply contact the Provincial Office on: 020 8462 9249 or via email using PAGSec@freemasons-westkent.org.uk

I have concerns regarding my photograph and name being published on a website or on social media.

Some of our members may work in a sensitive role and rightly have concerns about this being compromised. Equally important is the right of all members to control when and how their personal information is posted on any public forum – this is more a matter of common sense and not helped by bringing it into the world of legalities.

There is no issue at a Masonic function or event taking photographs. But, as a matter of courtesy, attendees should be made aware that photographs are being taken and moreover, for what purpose. In addition, the photographer should ask permission of those depicted before taking the photo – and at the same time, inform them of where and how they will be used. Therefore, this is all very simply dealt with by: “I just want to take some photos which may be posted online. If you don’t want to be in them, please step out of shot now.”

If you are unhappy that your photograph and/or name appears online, simply ask the person/s responsible for the site or the post to remove it. Irrespective of anything else, good manners must dictate that we should not be taking photographs which cause any embarrassment or concern for individuals or the Order.

Moreover, in the case of social media (such as Facebook), we must all be very sensitive as to how it is used – and good manners and good taste must be exercised at all times. Remember: you may not have an issue with your photograph or membership being posted online – but others may do – and irrespective of why that is the case, this must be understood and respected.

Who do I contact if I have a complaint concerning the way my personal information has been handled or processed?

If this is at Lodge/Chapter level, in the first instance contact your Secretary/Scribe E – and to try to resolve any issues amicably.

For issues at Provincial level, please contact the Provincial Data Protection Officer (the Provincial Secretary/Scribe E), using the details below.

Paul Christopher
Provincial Secretary/Scribe E
Masonic Province of West Kent, Provincial Office, Oakley House, Bromley Common BR2 8HA

Tel: 020 8462 9249

I would like to acknowledge, and thank the Masonic Province of East Lancashire, for their consent in publishing some of their Q&As