Data Protection

Data Protection Notice

This notice explains how White Ensign Gillingham Lodge No. 4180 collects, uses, protects, shares, and retains personal data for candidates, members, former members, website visitors, and member portal users in line with UK GDPR and the Data Protection Act 2018.

We have written this notice to be easier to navigate while keeping complete coverage of our current website, admin, API, and member-app data processing.

Full Notice

UK GDPR

1. Scope

This notice applies to candidates, members, former members, website visitors, contact-form enquirers, and users of our member-facing digital services.

It explains what personal data we process, why we process it, how long we keep it, who we share it with, and the rights available to data subjects.

2. Data Controllers

White Ensign Gillingham Lodge No. 4180 is the data controller for the processing described in this notice.

Other Masonic organisations, including the Province of East Kent and the United Grand Lodge of England (UGLE), may process data as separate controllers under their own notices.

3. Candidate Data

For initiation, joining, or re-joining activity, we may process:

  • Identity and contact details
  • Application and membership progression records
  • Referee/proposer/seconder details where provided
  • Correspondence and decision records

Typical lawful bases are consent and legitimate interests for lodge governance and membership administration. Where criminal offence data is processed, we apply the relevant UK GDPR and Data Protection Act 2018 conditions.

4. Member and Former Member Data

We process member data for:

  • Membership administration and communications
  • Meeting, event, attendance, and governance workflows
  • Role, degree, and access-control management
  • Operational continuity, audit, and safeguarding controls

Some records are retained after resignation or cessation where required for legal, constitutional, safeguarding, historical, or anti-fraud reasons.

5. Website and Contact Form

If you use the contact form, we process submitted fields such as:

  • Name, email, phone, enquiry type, subject, and message
  • Consent confirmation
  • Security metadata used for spam and abuse prevention

Contact form anti-abuse controls include:

  • Consent check
  • Challenge token verification
  • Honeypot field checking
  • Rate-limiting and monitoring events
  • Hashed monitoring fields (for example ip_hash and subject hash)

Lawful basis is primarily legitimate interests in operating safe lodge communications and responding to enquiries.

6. Member Portal and Mobile App

Our digital member services may process data for:

  • Authentication, session handling, logout, password reset, and MFA workflows
  • Member files, events, attendance responses, and protected book access by degree
  • Push notification registration (token, platform, app version, device label)
  • Feedback submissions from signed-in users

Device-side member app behavior may include:

  • Offline storage of downloaded protected book packages on the user device
  • Optional biometric quick-unlock managed by device-native security
  • Local preference storage for app behavior and onboarding choices

7. Cookies, Analytics, and Third Parties

Website pages include Google Analytics (Google Tag), Google Fonts, and embedded Google Maps on contact pages. These services may process technical data such as IP address, browser/device characteristics, and usage events under their own policies.

Member-session security also uses a secure HTTP-only session cookie (member_session) with SameSite=Lax behavior and HTTPS-only transport when the site is served over HTTPS.

Third-party privacy terms: Google Privacy Policy.

8. Data Sharing

We may share limited data where necessary with:

  • Relevant Masonic entities for administration and governance checks
  • Technical service providers used to operate communications and platform services
  • Legal, regulatory, safeguarding, or law-enforcement bodies where required

We do not sell personal data.

9. Retention

Retention periods vary by purpose and legal basis. As examples in current operation:

  • Contact monitoring events are configured with a default retention of 90 days
  • Session and security records are retained according to operational and security needs
  • Membership and governance records may be retained longer where justified

We periodically review retention to remove or anonymise data that is no longer required.

10. Security

We apply technical and organisational safeguards, including:

  • HTTPS enforcement for protected endpoints
  • Access controls and role checks
  • Session management and token hashing
  • Rate-limiting and anti-abuse controls
  • Audit logging for administrative actions

No internet-connected service can be guaranteed completely secure, but we implement controls appropriate to the risk profile of our systems.

11. Your Rights

Under UK GDPR, you may have the right to:

  • Access personal data held about you
  • Request correction of inaccurate or incomplete data
  • Request erasure where legal conditions are met
  • Request restriction of processing in applicable cases
  • Object to processing based on legitimate interests
  • Request portability in applicable cases
  • Complain to the Information Commissioner's Office (ICO)

ICO: https://ico.org.uk

12. Contact and Updates

For data protection queries or rights requests, contact White Ensign Gillingham Lodge No. 4180 through the lodge contact route.

Lodge address: Franklin Rooms, Franklin Road, Gillingham, ME7 4DG.

This notice is reviewed and updated to reflect operational, legal, regulatory, and security changes.

Contact White Ensign Lodge

Return to top