General Data Protection Regulations Frequently Asked Questions
With effect from 25th May 2018, the earlier European legislation concerning data protection will be superseded by the General Data Protection Regulation (GDPR).
The Province of West Kent (Craft and Royal Arch) are registered with the Information Commissioner’s Officer (ICO) – and the Data Controller and Data Protection Officer for the Masonic Province of West Kent is the Provincial Secretary/Scribe E.
Below are some of the most commonly raised issues about storing and protecting information.
What information about me do you store?
In simple terms, we are a membership organisation – so we only retain and store the minimum information to manage your memberships. The Province only stores the following information about a member:
• date of birth
• home address
• telephone numbers
• email address and
• Masonic CV (i.e., offices and ranks held).
No other information is collected or stored and our systems do not have the facility to store any other information or personal comments about any member other than those relating to their membership.
I don’t want you to store certain information.
Any member may withdraw any consent previously given for the storage and processing of their data. This is done by contacting the Provincial Office and completing of a form requesting this change.
How do you obtain and maintain my personal information?
The Province has access to a member’s personal details which they provide when they apply to join the Order – and these are subsequently recorded and updated from time-to-time, by the completion of a further ‘Form P’ when joining or re-joining another Lodge or Chapter.
Another way member information is updated is from the Installation Returns completed by the Secretary/Scribe E or the completion by a member of a form as part of the published Honours system. All of these are used to ensure that members’ details are kept as up to date as possible. Additionally, any application forms for Provincial appointment or promotion will only be stored for a maximum of 12 months and then destroyed.
How else can my information be updated?
A member’s personal information or membership status can be updated by the Secretary/Scribe at any time by competing and submitting form WK90 (downloadable from the Website) to the Provincial Office. Updates are applied usually in a couple of days or immediately by simply contacting the Provincial Office.
The annual return from Grand Lodge and Provincial Grand Lodge – which the Secretary/Scribe E receives – has Masonic information on all Lodge/Chapter members, and requests to view this information can be made by any member at that time. The Secretary/Scribe will also update that information before submitting it.
Where and how is my information stored?
Information is stored securely (password protected user accounts) on a national membership system called Adelphi2, which is managed and maintained by UGLE.
Who can see my information?
Adelphi2 access is granted by UGLE, on application from the Provincial Grand Secretary.
No details of a member, their memberships or the fact they are even a member are shared in any way outside of the organisation.
The Province previously issued and maintained a Provincial Year Book which contained the names and contact details of key Lodge/Chapter office holders and was accessible from the Provincial website as a downloadable PDF file. This has now been removed.
What do I do if I think my personal information has been compromised?
If a member believes their information or the systems storing it have been compromised, they must immediately contact the Provincial Office, and advise the Data Protection Officer (Provincial Secretary/Scribe E).
The Data Protection Officer (Provincial Secretary/Scribe E) will record the fact, investigate the circumstances, ensure that any data breach or loss is secured and where necessary, report the facts within 72 hours to the ICO.
If a breach is discovered by the Data Protection Officer, any member affected will, as a matter of course, be informed immediately – as will be the ICO – and a plan agreed and implemented to investigate and address it.
Who is responsible for any information that my Lodge or Chapter may hold?
Many Lodges/Chapters – based on advice previously circulated – will have appointed a Data Protection Officer/Controller. Current advice is that such a formal appointment is not normally necessary. However, having a specified person responsible for ensuring that member details are kept secure, and up to date, is a practice to be commended. It assists in nurturing a culture which protects the individual, their personal information, and keeps them in control of it. In the first instance, your point of contact should be your Secretary/Scribe E.
By way of summary for all Lodges, Chapters and members, below are some simple points which should have been common practice prior to, and irrespective of, the implementation of GDPR. Some are also referenced in the advice issued by UGLE, but by way of completeness:
• Only record and store the personal information you need to administer and discharge the functions of your Lodge/Chapter or the office you hold within it
• You must keep all personal information secure
• You must keep it up to date when a member notifies you of a change in their details
• Do not share member information with anybody else outside of the Lodge/Chapter
• Do not do anything with a member’s personal information outside or beyond your role unless the member agrees. Remember, it is their personal information.
• If you do retain and store information to carry out your role in your Lodge/Chapter, you must supply a copy of what information you hold if requested by the member
• You must delete the data you hold if a member leaves, it is no longer required, or you leave the role you have
• You must respect the wishes of the member and particularly, those in relation to how they are communicated with. Therefore:
— All ‘group’ emailed communications must, as a matter of course be ‘bcc’ to protect contact information being lost or compromised.
— With this in mind, be very careful about forwarding emails to persons who are not members of your Lodge/Chapter as they may contain personal and/or contact information about your members
• If you think or suspect there has been a data breach or loss, notify the Provincial Office immediately and also your Secretary/Scribe E.
I don’t want the members of my Lodge/Chapter to know certain aspects of my personal information, such as my home telephone number/email address.
Then simply inform your Lodge Secretary/Scribe E. But before taking this step, it is important to bear in mind that ostensibly, we are a membership organisation.
As a membership organisation, it would be very difficult to administer your membership of a Lodge (or even the Order) without storing and processing the bare minimum of contact information – for example, where your Almoner can contact you, if necessary.
However (again), the rights of the member (data subject) must be respected – and the Secretary/Scribe E provides a point of contact for you to query what information is held, how it is used and the ability of the member to withdraw their consent to such processing at any time. This is particularly the case where a member wishes to withdraw from receiving communications. A request to do so must be dealt with in a timely manner, acted upon and respected.
Who do I go to if I want to alter the consent I have given or change my contact preferences with the Province?
In the first instance, simply contact the Provincial Office on: 020 8462 9249 or via email using PAGSec@freemasons-westkent.org.uk
I have concerns regarding my photograph and name being published on a website or on social media.
Some of our members may work in a sensitive role and rightly have concerns about this being compromised. Equally important is the right of all members to control when and how their personal information is posted on any public forum – this is more a matter of common sense and not helped by bringing it into the world of legalities.
There is no issue at a Masonic function or event taking photographs. But, as a matter of courtesy, attendees should be made aware that photographs are being taken and moreover, for what purpose. In addition, the photographer should ask permission of those depicted before taking the photo – and at the same time, inform them of where and how they will be used. Therefore, this is all very simply dealt with by: “I just want to take some photos which may be posted online. If you don’t want to be in them, please step out of shot now.”
If you are unhappy that your photograph and/or name appears online, simply ask the person/s responsible for the site or the post to remove it. Irrespective of anything else, good manners must dictate that we should not be taking photographs which cause any embarrassment or concern for individuals or the Order.
Moreover, in the case of social media (such as Facebook), we must all be very sensitive as to how it is used – and good manners and good taste must be exercised at all times. Remember: you may not have an issue with your photograph or membership being posted online – but others may do – and irrespective of why that is the case, this must be understood and respected.
Who do I contact if I have a complaint concerning the way my personal information has been handled or processed?
If this is at Lodge/Chapter level, in the first instance contact your Secretary/Scribe E – and to try to resolve any issues amicably.
For issues at Provincial level, please contact the Provincial Data Protection Officer (the Provincial Secretary/Scribe E), using the details below.
Provincial Secretary/Scribe E
Masonic Province of West Kent, Provincial Office, Oakley House, Bromley Common BR2 8HA
Tel: 020 8462 9249