1. Data Controller
The Provincial Grand Lodge of Berkshire is the data controller for personal information collected through the Cornerstone Charter platform.
2. Information We Collect
We collect and process the following categories of personal data:
- Lodge Information: Lodge name, number, meeting details, and contact information
- Submission Data: Accreditation responses, evidence files, and supporting documentation
- Staff Credentials: Names, email addresses, and encrypted passwords for authorised users
- Technical Data: IP addresses, browser type, and access logs for security purposes
- Audit Logs: Records of actions taken within the platform for accountability
3. Legal Basis for Processing
We process your personal data on the following legal bases:
- Legitimate Interests: Operating the accreditation programme for member lodges
- Consent: Where you have provided explicit consent for specific processing
- Legal Obligation: Where required to comply with applicable laws
4. How We Use Your Information
Your information is used to:
- Process and assess accreditation applications
- Authenticate and authorise access to the platform
- Generate accreditation certificates
- Maintain security and prevent fraud
- Improve our services and user experience
5. Data Sharing
We do not sell or rent your personal data. Information may be shared only with:
- Authorised auditors and secretariat staff for accreditation purposes
- Service providers who assist in operating the platform (under strict data processing agreements)
- Legal authorities where required by law
6. Data Retention
Accreditation records and related data are retained for a minimum of 6 years following the expiry of the accreditation period. Audit logs are retained for 2 years. You may request earlier deletion subject to our legitimate interests and legal obligations.
7. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request rectification of inaccurate data
- Request erasure (subject to legitimate interests)
- Object to processing
- Data portability
- Lodge a complaint with the Information Commissioner's Office (ICO)
8. Security
We implement appropriate technical and organisational measures to protect your data, including: encrypted passwords, secure HTTPS connections, access controls, rate limiting, and comprehensive audit logging.
9. Cookies
For information about how we use cookies, please see our Cookie Policy.
10. Contact
For data protection enquiries, please contact the Provincial Grand Lodge of Berkshire through https://berkspgl.org.uk.