Data Protection
Data Protection Policy Pursuant to
General Data Protection Regulation (GDPR) (Regulation (EU)
2016/679)
Definitions
a) ORDER
means The Great Priory of Scotland of The United, Religious and
Military Orders of the Temple and St. John of Jerusalem, Palestine,
Rhodes and Malta.
b) PERSONAL
DATA means any recorded information which identifies a living
individual.
c)
HEAD OF THE ORDER means the Grand Master.
d)
UNIT(S) OF THE ORDER means Preceptory (Preceptories)
e) ADMINISTRATION
means administrative Officers of Great Priory, Districts and
Preceptories.
f)
REGULATIONS means the Statutes and Disciplinary Procedures for the
Government of the ORDER in force from time to time
g) YEAR
BOOK means the Kalendar and Liber Ordinis Templi in Scotia and
Statutes published each year.
This data protection policy
regulates how the ORDER processes and stores PERSONAL DATA of its
members by the ADMINISTRATION. It applies to all officers, members and
volunteers of the ORDER. Its purpose is to ensure that the ORDER
complies with the law and with high data protection standards.
1.
Purposes
As a membership
organisation the ORDER processes, retains and shares PERSONAL DATA of
members for the purposes set out in the Data Protection Notice. Where
the ORDER employs or contracts with a member it may also process,
retain and share PERSONAL DATA of that member for all lawful purposes
related to that employment or contractual relationship.
The ORDER shall not
collect or store PERSONAL DATA of members for any other purposes.
2.
Appointment of a Data Protection Officer
The ORDER shall appoint a
Data Protection Officer who will oversee compliance with data
protection law and will act as a point of contact for members and the
Information Commissioner's Office (the "ICO"). The Data Protection
Officer shall have a direct line of communication with the HEAD OF THE
ORDER and shall have, or shall undergo training to ensure that he has,
knowledge of data protection law and practices.
3.
Members' data rights
A member may request that the Data Protection Officer:
a.
Provides him with a copy of all PERSONAL DATA that the ORDER holds
about him. The Data Protection Officer shall promptly provide a copy
of all information required to be disclosed by law.
b.
Rectifies any incorrect PERSONAL DATA held by
the ORDER about him. The Data Protection Officer shall promptly
consider such a request and respond to it in accordance with the law.
c.
Stop the ORDER from some or all of its
processing of his PERSONAL DATA. The Data Protection Officer shall
promptly consider such an objection and respond to it in accordance
with the law.
4.
Deletion of PERSONAL DATA
A member may resign from
all UNITS OF THE ORDER at any time. After it has processed such
resignation(s) the ORDER shall archive the PERSONAL DATA for
historical reference purposes and will stop the PERSONAL DATA from
being used that it holds about that member as set out in The Data
Protection Notice (Attachment A).
5.
Sharing data with third parties
As a membership organisation the ORDER shares PERSONAL DATA of its members within the ADMINISTRATION as required by the REGULATIONS or bodies it sanctions from time to time. It will not share PERSONAL DATA of members for any other reason unless it has the consent of the relevant member.
6.
Data Protection Notice
The ORDER shall publish a Data
Protection Notice (Appendix A) so that it is available to members. The
Data Protection Notice shall comply with the requirements of data
protection law and among other things shall inform members how their
PERSONAL DATA will be used by the ORDER and how they may contact the
Data Protection Officer.
7.
Data security
The ORDER shall
periodically review the security of its records and processing
activities and shall take appropriate steps to ensure the
confidentiality, integrity and availability of PERSONAL DATA that it
holds.
8.
Registration with ICO
The ORDER as a not-for-profit organisation is exempt from registration with the ICO.
9.
Reporting breaches to the Data Protection
Officer
Actual or potential
breaches of this policy, or of data protection law by the PERSONAL
DATA, shall be reported immediately to the Data Protection Officer.
Breaches shall be reported if required by the Data Protection Officer
to the ICO or to the member(s) whose data is affected. Normally the
Data Protection Officer shall not report breaches without prior
consultation with the HEAD OF THE ORDER.

Grand Master
|