Privacy Policy

Vitruvian Lodge is committed to protecting the privacy and security of your personal information. This Privacy Notice explains in details the types of data we may collect about you. It will also explain how your data is stored and processed, in accordance with the General Data Protection Regulations (GDPR). Vitruvian Lodge is known as a “Data Controller”. This means we are responsible for deciding how we hold and use your personal information. We are required under the Data Protection legislation to notify you of the information contained in this Privacy Notice. The Vitruvian Lodge Secretary is the designated Data Protection Officer (DPO).

DATA PROTECTION PRINCIPLES
We will comply with Data Protection law, in which the personal information we hold about you must be:-

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that have been clearly explained to you and not in a way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes mentioned.
  • Kept securely.

INFORMATION WE HOLD ABOUT YOU
Personal data/information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are “special categories” of sensitive data which require a higher level of security. Vitruvian Lodge does not currently hold sensitive data about its members.
We will collect, store and use the following categories of personal information about you:-

  • Personal contact details such as name, title, addresses, telephone numbers and email addresses etc.
  • Date of birth
  • Occupation
  • Masonic contact details such as rank, style, offices held, roles and responsibilities and Lodge/Chapter information.
  • In some instances, photographs

This list is not exhaustive.

HOW PERSONAL INFORMATION IS COLLECTED
We will collect personal information about London Freemasons from the registration forms submitted for new memberships, as well as updates accumulated through the Installation and Annual Returns process. We may also ask for further information as part of the honours nomination process.
The new Registration Form M includes a consent section, previous submissions currently remain valid under the legitimate interest basis. However Vitruvian Lodge reserves the right to request members who joined before 2005 to sign a consent form to ensure complete compliance with GDPR.

HOW WE USE YOUR INFORMATION
Your personal information will only be used when the law allows us to. Most commonly, we will use information in the following circumstances:-

  • Where we need to adjust your central membership record due to a change in circumstance. This may be a change in address, membership etc.
  • Where we need to comply with legal obligation.
  • Where we have your consent.

If you fail to provide certain information when requested, we may be prevented from complying with our legal obligations, or we may be unable to discharge our obligations which may be in the public interest or for official purposes.

Personal information will only be used for the purposes in which we collected it, unless we reasonably consider that it is needed for another reason, and that reason is compatible with the original purpose. If by chance we need your personal information for an unrelated purpose, you shall be notified and we will explain the legal basis which allows us to do so.
Please note we may process your personal data without your knowledge or consent; in compliance with the above rules, where this is required or permitted by law.

MASONIC CHARITIES
Masonic Charities need to keep their databases accurate and up to date for the purpose of claiming gift aid on donations. Masonic entities may permit those Charities to verify their donor database against your name and address.
The legal basis for this processing is legitimate interest for that charity.
Masonic charities provide, among other work support to Masons, former Masons and their relatives. Masonic entities may share your personal data with recognised Masonic Charities, so they can process:-

  • On receipt of an application for relief, to determine whether you or your relatives are eligible beneficiaries.
  • Where you have separately consented to a Masonic Charity contacting you with fundraising materials, to allow that Charity to update your contact details.

INFORMATION ABOUT CRIMINAL CONVICTIONS
We may only use information relating to criminal convictions where we are allowed by law. This is usually to evaluate prospective members’ suitability where such processing is necessary to carry out our obligations, and provided we do so in accordance with our Data Protection Policy.
Less commonly, information may be used if it relates to criminal convictions that comes to light and/or is already in the public domain where it is pertinent in relation to possible Masonic disciplinary action.

AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be made about you using automated means, however if in the future this does change, we will notify you in writing.

DATA SHARING
The vast majority of data is held on the central United Grand Lodge of England (UGLE) database (Adelphi2). Vitruvian Lodge does not have access to this database, as only UGLE and Metropolitan Grand Lodge (MetGL) who have a formal data sharing agreement together.
This data may be shared with the Masonic Charitable Foundation where you have given your express consent. Extracts of the central data may be uploaded onto Porchway for the information of members of the Lodge as well as the Visiting Officer structure in its entirety.
Third parties are required to respect the security of your data and to treat it in accordance with the law. Some of the organisations referred to above are joint Data Controllers, and means we are all responsible for how your data is processed.
Your personal data may be transferred outside of the EU, if it is, you can expect a similar level or protection in respect of your personal data.

WHY YOUR PERSONAL INFORMATION MAY BE SHARED WITH THIRD PARTIES
Your personal information may be shared with third parties where required by law, where it is needed in the public interest, for official purposes and where we have your consent.

WHICH THIRD-PARTY SERVICE PROVIDERS PROCESS YOUR DATA
“Third parties” includes third-party service providers, contractors and designated agents. The following activities are carries out by third-party service providers:-

  • Database design and upgrade
  • IT and website management and design

All third-party service providers are required to take appropriate security measure to ensure protection of your personal data in line with our Data Protection Policy. The third-party service providers are not allowed to use your personal data for their own purposes. Third parties such as IT specialists, may be asked to sign a non-disclosure agreement prior to access to personal data. They will only be permitted to process your personal data for specified purposes and also in accordance with our instructions.

From time to time, we may disclose your personal data in response to a data subject access request. We may ask for your consent, but in any event, your personal data will only be disclosed if we are satisfied that it is reasonable to do so in any circumstance. We may refuse to disclose some or all of your personal data following the receipt of such request.

Currently no data is transferred out of the EU.

DATA SECURITY
We understand how important data security is, and will treat your personal data with the utmost care, and take all steps necessary to protect it.
There are in place appropriate security measures to protect your personal information, and have ensured that UGLE and MetGL likewise have the same security measures in place. Access to your personal information is limited to only those who have a specified need to do so. Your information will only be processed under our instruction. Vitruvian Lodge along with UGLE and MetGL have in place procedures to deal with a suspected data security breach, in which case you will be notified, along with any applicable regulator where we are legally required to do so.
UGLE regularly monitors there system for any possible vulnerabilities and attacks, and will update their systems accordingly.

HOW LONG IS INFORMATION USED FOR
Your personal information will only be retained for as long as necessary to fulfil the purposes we collected data in the first place, including the purposes of satisfying any legal or reporting requirements.
In some instances, we may anonymise your information so it cannot be associated to you, in which case that information may be used without further notice to you. Once you are no longer a member of the Craft, we will retain and securely destroy your personal data in accordance with applicable laws and regulations. You should not expect all of your personal data to be completely removed from any systems mentioned in this Privacy Notice, as UGLE and MetGL have back-up copies which there is no direct access, and would only be accessed in the event of data loss or to restore information, access is restricted to essential personal.

RIGHT OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
It is important that the personal information held about you is accurate and up to date. It is your responsibility to inform us of any changes.

Under certain circumstances, by law you have the right to:-

  • Request access to your personal information (data subject access request). This enables you to receive a copy of the information held on you and to check it is being lawfully processed.
  • Request correction of the personal information that is held on you. This enable you to have any incomplete or inaccurate data corrected.
  • Request erasure of your personal data. This enable you to ask for your personal information to be deleted/removed, where there is no eligible reason for us to continue processing. You also have the right to ask for your personal information to be deleted where you have exercised your right to object to processing.
  • Object to processing your personal information where we are relying on a legitimate interest and there is something about your particular situation which may make you wish to object to processing on this ground. You also have the right to object to the processing of your personal information for any direct marketing purposes.
  • Request the restriction of processing your personal data. This enables you to ask to suspend the processing of personal information, for example – if you want us to establish its accuracy or the reason for the processing.
  • Request the transfer of your data to another party.

If you want to review, verify, correct or request erasure of your personal data, object to the processing, or request a transfer, please contact your Data Protection Officer in writing.

The legal timescale for your DPO to respond to a Subject Access Request, is one calendar month.

You no longer are required to pay a fee to access your personal information (or to exercise any other rights). However if your request for access is manifestly unfounded or excessive, you may be charged a reasonable fee. Alternatively, we reserve the right to refuse to comply with the request is such circumstances.
We may need specific information from you to help us confirm your identity and ensure your right to access. This is another security measure to ensure personal information is protected.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of data, you have the right to withdraw your consent for that specific processing. To withdraw your consent please contact your DPO. Once notification has been received we will no longer process your information unless we have another legitimate basis for doing so in law.

DATA PROTECTION OFFICER
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice, how we handle your data, or if you wish to see the Vitruvian Lodge Data Protection Policy, please contact your DPO by using the Contact Form.
You have the right to make a complaint at any time, and if you feel your DPO has not resolved the issue for you, you can contact the Information Commissioner’s Office (ICO) www.ico.org.uk

CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice at any time, and we will make available a new Privacy Notice whenever we make any substantial updates.

This Privacy Notice has been designed for Vitruvian Lodge No.87 with the aid of United Grand Lodge of England, and the Metropolitan Grand Lodge.