Data Protection Notice

St Winnold Lodge is a Masonic lodge constituted under the United Grand Lodge of England (UGLE). We meet at The Masonic Hall, Downham Market, Norfolk.

For the purposes of data protection law, St Winnold Lodge is the data controller for the personal data described in this notice. If you have questions about how we handle your data, you can contact us through the form on our Contact page or in writing to The Masonic Hall, Downham Market, Norfolk.

We collect personal data in the following circumstances:

Enquiry and contact forms: when you submit a form on this website (for example, the "I'm curious" form or the Contact page), we receive your name, email address, and the message you provide. We may also collect which page you submitted the form from.

Membership applications: if you express interest in joining the lodge, we may collect additional information as part of the application and interview process, including your profession, address, and the name of any proposer or seconder. This is handled directly between you and lodge officers.

Member login: if you are a lodge member with an account on this website, we hold your email address and an encrypted password, managed through Supabase (our database and authentication provider).

Enquiry form data is used solely to respond to your message. We do not add you to any mailing list without your explicit consent.

Membership application data is used to assess whether joining St Winnold Lodge is suitable for you, to arrange interviews, and to communicate about the application process.

Member account data is used to provide access to the members-only area of this website.

Website analytics data (see Cookie Policy) is used in aggregate to understand how visitors use the site, for example which pages are most visited. This data is not used to identify individual visitors.

Enquiry form submissions: we process this data on the basis of your consent (you chose to submit the form) and our legitimate interest in responding to people who contact us.

Membership applications: legitimate interests of the lodge as a membership organisation, and consent where you provide optional information such as religious belief.

Member accounts: performance of a contract (your membership of the lodge) and legitimate interests.

Website analytics: legitimate interests (understanding how our public website is used), subject to your cookie consent choice.

We use the following third-party services that may process your personal data on our behalf:

Supabase (Supabase Inc., USA): our database and authentication provider. Your account credentials and any data you submit through the members area are stored in Supabase's infrastructure. Supabase is SOC 2 Type II certified. See supabase.com/privacy.

Brevo (Sendinblue SAS, France): our email delivery service. When you submit a contact or enquiry form, your name, email address, and message are transmitted via Brevo to reach our lodge officers. See brevo.com/legal/privacypolicy.

Vercel (Vercel Inc., USA): our website hosting provider. All website traffic passes through Vercel's infrastructure. Vercel also provides our privacy-friendly analytics (no cookies, no fingerprinting of individuals). See vercel.com/legal/privacy-policy.

The United Grand Lodge of England: as the governing body of Freemasonry in England and Wales, UGLE maintains records of lodge membership. Member data relevant to your Masonic career is shared with UGLE in accordance with their data protection notice at ugle.org.uk/data-protection-notice.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Enquiry form data: we retain messages for up to two years, after which they are deleted unless an ongoing relationship has been established.

Membership application data: retained for up to two years if an application is not completed, or for the duration of membership (and ten years thereafter) if it is.

Member account data: retained for the duration of your membership and for ten years after resignation or lapse, in accordance with UGLE's record-keeping requirements.

We do not retain analytics data in a form that identifies individual users.

Under UK data protection law, you have the right to:

Request access to the personal data we hold about you. Request that we correct inaccurate data. Request that we delete data held on the basis of your consent. Object to processing based on legitimate interests. Withdraw consent at any time (this does not affect the lawfulness of processing before withdrawal). Request that your data be provided to you in a portable format.

To exercise any of these rights, please contact us using the form on our Contact page or in writing to The Masonic Hall, Downham Market, Norfolk. We will respond within one month.

If you are unhappy with how we have handled your personal data, you have the right to complain to the UK Information Commissioner's Office (ICO):

ICO website: ico.org.uk ICO helpline: 0303 123 1113 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

We would ask that you contact us first so that we have the opportunity to address your concern directly.

We may update this notice from time to time to reflect changes in our practices or applicable law. The current version will always be available on this page. This notice was last reviewed in April 2026.