Data Protection Policy
This data protection policy regulates how the Provincial Grand Lodge of Surrey processes and stores personal data of its members. It applies to all employees, officers, members and volunteers of the Province. Its purpose is to ensure that the Province complies with the law and with high data protection standards.
In this policy “personal data” means any recorded information which identifies a living individual.
As a membership organisation the Province processes, retains and shares personal data of members for the purposes set out in the Data Protection Notice. Where the Province employs or contracts with a member it may also process, retain and share personal data of that member for all lawful purposes related to that employment or contractual relationship.
The Province shall not collect or store personal data of members for any other purposes.
The Province shall appoint a Data Protection Officer who will oversee compliance with data protection law and will act as a point of contact for members and the Information Commissioner’s Office (the “ICO”). The Data Protection Officer shall have a direct line of communication with the Provincial Grand Master and shall have, or shall undergo training to ensure that he has, knowledge of data protection law and practices.
A member may request that the Data Protection Officer:
A member may resign from all lodges in a Province at any time. After it has processed such resignation(s) the Province shall delete personal data that it holds about that member as set out in the Data Protection Notice.
As a membership organisation the Province shares:
as required by the Book of Constitutions or bodies it sanctions from time to time. It will not share personal data of members for any other reason unless it has the consent of the relevant member.
The Province shall publish a Data Protection Notice so that it is available to members. The Notice shall comply with the requirements of data protection law and among other things shall inform members how their personal data will be used by the Province and how they may contact the Province’s Data Protection Officer.
The Province shall periodically review the security of its records and processing activities and shall take appropriate steps to ensure the confidentiality, integrity and availability of personal data that it holds.
The Province shall maintain its annual registration with the ICO.
Actual or potential breaches of this policy, or of data protection law by the Province, shall be reported immediately to the Data Protection Officer. Breaches shall be reported if required by the Data Protection Officer to the ICO or to the member(s) whose data is affected. Normally the Data Protection Officer shall not report breaches without prior consultation with the Provincial Grand Master and Provincial Grand Secretary.
Date policy adopted – 7th March 2018