Provincial Grand Chapter Hampshire and Isle of Wight
Data Protection Policy
This data protection policy regulates how Provincial Grand Chapter of the Province of
Hampshire and Isle of Wight processes and stores personal data of its members. It applies to
all employees, officers, members and volunteers of the Province. Its purpose is to ensure that
the Province complies with the law and operates to high data protection standards. ‘Province’
for these purposes includes Provincial Grand Chapter, Group Committees and individual
In this policy “personal data” means any recorded information which identifies a living
As a membership organisation the Province processes, retains and shares personal data of
its members for the purposes set out in the Data Protection Notice – Province, which is
attached to this Policy. Where the Province employs or contracts with a member it may also
process, retain and share personal data of that member for all lawful purposes related to that
employment or contractual relationship.
The Province shall not collect or store personal data of members for any other purposes.
2. Appointment of a Data Protection Officer
The Province has appointed a Data Protection Officer, who will oversee compliance with data
protection law and will act as a point of contact for members and the Information
Commissioner’s Office (the “ICO”). The Data Protection Officer has a direct line of
communication with the ME Grand Superintendent and shall have, or shall undergo, training
to ensure that he has knowledge of data protection law and practices.
The Data Protection Officer in this Province is the Provincial Grand Scribe E.
3. Members’ data rights
A member may request that the Data Protection Officer:
a. Provides him with a copy of all personal data that the Province holds about him. The Data
Protection Officer shall promptly provide a copy of all information required to be disclosed
b. Rectifies any incorrect personal data held by the Province about him. The Data Protection
Officer shall promptly consider such a request and respond to it in accordance with the law.
c. Stops the Province from processing some or all of his personal data. The Data Protection
Officer shall promptly consider such an objection and respond to it in accordance with the
4. Deletion of personal data
A member may resign from all Chapters in the Province at any time. After it has processed
such resignation(s), the Province shall delete personal data that it holds about that member
as set out in the Data Protection Notice.
5. Sharing data with third parties
As a membership organisation the Province shares:
a. Personal data of its members with the Supreme Grand Chapter of England.
b. Personal data of members of each Chapter in the Province with that Chapter.
as required by the Book of Regulations or bodies it sanctions from time to time. Province will
not share personal data of members for any other reason unless it has the consent of the
6. Data Protection Notice
The Province shall publish a Data Protection Notice so that it is available to members. The
Notice shall comply with the requirements of data protection law and among other things shall
inform members how their personal data will be used by the Province and how they may
contact the Province’s Data Protection Officer.
7. Data Security
The Province shall periodically review the security of its records and processing activities and
shall take appropriate steps to ensure the confidentiality, integrity and availability of personal
data that it holds.
8. Registration with ICO
The Province shall maintain its annual registration with the ICO.
9. Reporting breaches to the Data Protection Officer
Actual or potential breaches of this policy, or of data protection law by the Province, shall be
reported immediately to the Data Protection Officer. Breaches shall be reported if required via
the Data Protection Officer to the ICO or directly to the member(s) whose data is affected.
Normally the Data Protection Officer shall not report breaches without prior consultation with
the ME Grand Superintendent. All breaches should be reported to MEGSupt and in cases of
alleged Disciplinary matters to the DepGSupt in the first instance.
Further information on Data Protection legislation can be obtained at the ICO
Date policy adopted: 27 March 2018
7th April 2018