Privacy and Data Protection Policy

FINCHLEY GOLF CLUB
(Agreed by the Directors of the Club on 30/11/2020)

1.  Introduction

Finchley Golf Club (the "Club") is a Company Limited by Guarantee (CLG), registered with Companies House.

The Club is deemed to be a data “controller” under the General Data Protection Regulation and the Data Protection Act 2018. The Directors of the Club will jointly be responsible for undertaking the "Data Protection Officer" role, albeit they have the power to delegate that responsibility to a member of staff if they so wish.

The Club will ensure that an up to date version of the Policy will be available on the Club's web site and hard copies will be made available to any person who makes such a request.

Members of the Golf Club ("Members") are either deemed to be those people who have completed (and signed) all relevant membership forms and have paid their membership fees to the Club or are potential members in discussion with the Club for a paid-up membership.

2.  The personal data collected, stored and processed by the Club

Data will only be collected and stored by the Club for legitimate reasons, which are required to ensure that processes and communications agreed by the Club and its Members, staff, apprentices, consultants, volunteers, partners, hirers and other parties, can be carried out.

The following personal data will be collected and stored by the Club:

(i) personal data that is required to ensure the effective management and use of the “Intelligent Golf” system and web site (see Appendix 1);

(ii)personal data which is directly relevant to the management and marketing of the Club and the golf course:

(iii) personal data of Members (see section 3 below);

(iv) personal data of Members relatin to England Golf's World Handicap System (see setion 4 below); 

(v) personal details of visitors to the Club, where consent has been given, including contact details for persons booking tee times, for Golf Societies and for hirers;

(vi) personal data that is directly relevant to the supply of goods and services to the Club;

(vii) personal data that is directly relevant to the employment and remuneration of staff, apprentices and consultants;

(viii) personal data that is directly relevant to the deployment of volunteers;

(ix) personal data that is relevant to the effective governance of the Club, including Directors' personal details.

The personal data that will be collected includes:

(i) Personal details of Members, staff, apprentices, consultants, volunteers, partners, hirers and other parties, including name, address, phone numbers,  email addresses and date of birth;

(ii) Personal details of principal contacts of organisations the Club is in contact with, including name, address, phone numbers and email addresses;

(iii) Financial details, such as bank account details;

(iv) Employment details.

The Club will ensure, as far as it reasonably can, that all personal data is accurate and up to date. The Club will not accept responsibility if a third party provides then with inaccurate personal data; but will rectify any mistakes immediately if such mistakes are brought to the Club's attention.

If personal data provided to the Club is, or appears to be incorrect, the relevant person will be contacted to check the relevant details.

3. The personal data relating to Members of the Club that is collected, stored and processed by the Club

The following Members' personal data will be collected and stored by the Club:

(i) personal contact details that will allow the Club to make direct contact with Members, including phone numbers and email addresses;

(ii) next of kin and emergency contact details (NB. it is the Member's responsibility to inform the relevant people that he / she has provided their personal details to the Club);

(iii) any letters of application, references, CVs, cover letters and other information relating to the application process to become a Member;

(iv) any health related information that Members have willingly provided to the Club, including health information relating to the use of buggies and electric trolleys; as well as information that the emergency services would need to protect Members' "vital interests";

(v) membership start and end dates;

(vi) records of Members interactions with the Club, including emails, letters, formal complaints, phone conversations, entries in to the comments book and attendance at events / meetings;

(vii) credit, debit and other payment details that Members provide to make payments to the Club, as well as details of any other financial transaction between the Club and Members;

(viii) records of Members use of the web site, on-line portals, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information;

(ix) personal data and information secured through electronic means, including via the Member swipe card;

(x) records of Members' scores, competition results, handicaps, rankings, gradings and/or ratings; as well as attendance at Club and other golf related events;

(xi) details of County membership and other golf related membership scheme that the Club needs to be aware of;

(xi) CCTV footage, video footage, photographs and voice recordings;

(xii) any disciplinary or grievance related records and information;

(xiii) personal data relating to the “Intelligent Golf” and World Handicap System (Member email address and date of birth).

The Club will provide the English Golf Union with Member details relating to name, date of birth and gender.

In addition the Club may ask Members to provide socio demographic information relating to age, gender, ethnicity and/or disability, to ensure that the Club can better understand how to market its activities within the Club and in the wider community.

The Club will not include Members' personal data in any publication that could be accessed by the general public (eg in the Club's diary). Such data will only be available on the Members secure log-in area on the Club web site. 

4. The personal data relating to Members that is provided to England Golf by the Club.

The Club will provide England Golf (EG) with limited personal information about Members, in order that EG can verify information about individual Members and so they can be included in and benefit from the World Handicap System (WHS). The information that will be provided to EG will be the Members' email address and date of birth.

The EG Privacy Policy confirms:

(i) that Members' personal information will only be used for the legitimate interests of EG in operating and maintain the integrity of the WHS's and to provide the member services that are necessary for its operation;

(ii) no Member data will be used for marketing purposes;

(iii) Member data will only be supplied to third parties where those parties supply EG with products and services that it needs to provide services to clubs and members, such as software providers or web hosting services. Those parties will not be permitted by EG to send marketing material by Members.

The Club cannot be held responsible for any breaches of the General Data Protection Regulation and the Data Protection Act 2018 by EG. In the event that such a breach occurs the Club will support the Member(s) affected by raising the matter with EG, if the Member(s) request that course of action to be taken by the Club, with the aim of ensuring that it (EG) resolves the breach that has occured.      

5.  The Club's basis for collecting, storing and processing Data

The basis upon which the Club collects, stores and processes personal data will relate to one or more of the following:

(i) it is in the Club's legitimate interests to do so;

(ii) it is necessary for the Club to comply with a legal obligations;

(iii) it is necessary to ensure that Members are kept fully informed about the Club's activities and so that they can fully benefit from everything the Club has to offer;

(iv) it has been has been set out in a contract and/or a formal agreement with a third party;

(v) relevant consent has been given.

6.  How the Club will use personal data

The Club will use personal data for the following purposes:

(i) to effectively manage and market the Club and the golf course, for the benefit of the Members, other users and visitors;

 (ii) to receive good and services;

(iii) to ensure the effective employment of staff and consultants;

(iv) to ensure the effective deployment of volunteers;

(v) to ensure effective two way communications with all partners and other third parties;

(vi) to ensure compliance with auditing and regulatory requirements;

(vii) to ensure Members benefit from the “Intelligent Golf” and World Handicap system.

7.  Who the Club will share personal data with

The Club will only share personal data with external parties in the following circumstances:

(i) in order that the Club can comply with its legal obligations as an employer, including sharing personal data with accountants, payroll processors, book-keeping staff, HMRC and pension providers;

(ii) if the Club has to recover income or debts, personal data may be shared with solicitors and any agency that the Club might use to recover the income / debt;

(iii) if auditors, Companies House and /or other regulatory bodies require access to personal data to comply with their statutory duties;

(iv) if the Club is required to respond to any legal claims by external bodies, employees or consultants then personal data may be shared with an external party acting on behalf of the Club;

(v) in relation to England Golf, to ensure that Members are included in and beneift from the World handicap System.

The Club will not share personal data with third parties for the purposes of advertising or marketing goods, products or services.

Although the Club will not be "sharing" data with IT companies, such companies will have the ability to access to personal data when updating and /or installing software and/or hardware. The Club shall ensure that such IT companies treat personal data as being private and confidential information that cannot be accessed by such companies for any purpose other than where it is legitimate and essential to do so to carry out the work they have been employed to do. 

8.  External marketing

The Club will only send out marketing material, including advertising, publicity and promotional material, to generic contact addresses (including email addresses) of third parties and external organisations that do not include the personal details of an individual within the organisation that the material is being sent to.

The Club will send marketing material to contact addresses that are publically advertised on third party and external organisations web sites (or in other ways), even where the contact address (including email address) which might include reference to a person’s name. This is on the basis that the individuals concerned will have given their permission to have the contact address (including email address) included on the relevant web sites, so that they can be legitimately contacted by third parties or external organisations.

The Club will not send marketing material, including advertising, publicity and promotional material, to individuals who are not Members, unless the individual concerned has given their prior written consent to receiving such material.   

      

9.  How long will the Club keep personal data for

Members' personal data, personal information and records will be kept by the Club for a period of 6 years after the end of the member's membership, or after the last contact made by the Member; except for:

(i) Unsuccessful membership applications, where personal data, information and records will be held for 12 months;

(ii) incidences of personal injury or discrimination, which may be subject to a claim or other form of legal action, where personal data, information and records will be held for a period deemed to be appropriate in the sole view of the Club;

(iii) CCTV records, which will be held no more than 30 days, unless the Club needs to preserve the records for the prevention or detection of crime or anti-social behaviour.

Personal data relating to external organisations will be kept for a period of up to 6 years.

Personal data relating to the employment of staff and consultants will be kept for the period of employment. Once that employment period has come to an end the Club will review what data it is necessary to continue to hold, and may hold that data for a period of up to six years where the Club is required to do so by Law.

10.  Security arrangements

The Club will ensure that all personal data which a person gives to them is kept secure at all times, using all appropriate technical and organisational measures.

In the unlikely event of a personal data breach, the Club will minimise the effects of the breach as far as it reasonably can. The Club will inform the affected person (s) as soon as possible and where there has been a security breach, will report that breach to the Information Commissioner's Office within 72 hours.

11.  Rights under the General Data Protection Regulation (GDPR)

Any person has the right to:

(i) to know what personal data is held about them by the Club;

(ii) to see that personal data (right of access to the data);

(iii) to have any errors or omissions in the personal data rectified;

(iv) to have personal data erased from the Club's records;

(v) to restrict what the Club can use personal data for;

(vi) to object to the Club processing their personal data.

(NB. The above are the rights that the Club believe are most relevant to its use of personal data; but the GDPR provides people with other rights that are not listed. The Club will ensure that those other rights are complied with if any person wishes to exercise any of them).

12.  The right (of access) to see what personal data the Club holds

As set out in point 11 above, any person has the right to see personal data held by the Club.

Should an individual wish to see personal information held by the Club they will be required to submit a written request, together with proof of identity. The Club will deal with the request free of charge and within 28 days; unless the request is complex, in which case the Club may extend the period of time for dealing with the request to 90 days.

The Club  will not respond to a written request if proof of identity has not been provided or the request is deemed to be solely vexatious.

13.  The right to rectification if the personal data is inaccurate or incomplete

As set out in point 11 above, any person has the right to correct personal data if they believe it to inaccurate or incomplete (the right to rectification).

Should an individual wish to correct personal data held by the Club they will be required to submit a written request, together with proof of identity. The Club will deal with the request free of charge and within 28 days; unless the request is very complex, in which case the Club may extend the period of time for dealing with the request to 90 days.

The Club will not respond to a written request if proof of identity has not been provided or the request is deemed to be solely vexatious.

14.  The right to have personal data erased

As set out in point 11 above, any person has the right to erase their personal data (also known as the right to "be forgotten"); albeit that particular circumstances need to apply, as set out in Article 17 of the GDPR, before that can happen.

Should an individual wish to have their personal data erased from the Club's records they will be required to submit a written request, together with proof of identity. The Club will deal with the request free of charge and within 28 days; unless the request is very complex, in which case the Club may extend the period of time for dealing with the request to 90 days.

The Club will consider Article 17 of the GDPR prior to determining whether the personal data that is held can be erased.

The Club will not respond to a written request if proof of identity has not been provided or the request is deemed to be solely vexatious.

15. Changes to this Policy

The Club may amend this Policy from time to time by the Directors of the Club.

Where the Policy has been amended a new date will be recorded at the top of the Policy and the amended Policy will be made available on the Club's web site.

Where required by law, the Club will advise and where necessary seek consent from any persons affected by changes to the Policy, where it has a direct impact on them.   

16.  Further Information and Complaints.

If anyone wants to receive further information about GDPR and /or this Policy, they should contact the Club, either by phone or in writing.

If any person, including a Member, wishes to submit a complaint, he/she should write to the Club setting out the basis of their complaint and what action they believe the Club should be taking to address and /or rectify that complaint. The Club will provide a written response to the complainant within 28 days, unless the request is very complex, in which case the Club may extend the period of time for dealing with the request to 90 days.

If any person, including a Member, is unhappy with the Club's response to his /her complaint he/she will be advised to contact the Information Commissioner's Office's (ICO.) via its help line (0303 123 1113), to seek advice on whether a breach of the General Data Protection Regulation and the Data Protection Act 2018 might have occured. The ICO web site provides details on how an on-line complaint can be submitted, or a report can be submitted about a breach of the Act. Further details are available on the ICO web site.

APPENDIX 1

Intelligent Golf Web Site Privacy Statement

The Website is provided by Intelligent Golf on behalf of Finchley Golf Club. Finchley Golf Club uses this website to provide online information and services, competition management and WHS ratified handicap maintenance, for Playing members of its Golf Clubs.

Access to this website is via Finchley Golf Club's Membership ID and a User managed PIN number and is limited to Golf Club Members and selected staff who need access for the purpose of supplying and maintaining information relative to the primary functions of the website, as stated above.

Finchley Golf Club will transfer from its own membership system only those personal details relevant to Golf Club membership such that a Golf Club Member may utilise this website effectively.

Users of the website are able to specify additional personal details by accessing the 'Preferences' area under the 'My Details' menu option. The details specified here will be used solely for the following purposes:-

1) Communication between members to facilitate the management of matches and competitions;

2) Communication between Golf Club Members and Golf Club Committee Members and Officers to promote accessibility and enable the effective and smooth running of the club;

3) Contact information may be passed to Finchley Golf Club to enable them to maintain up to date contact information.

Cookies are used throughout this website for tracking session data, and this data is discarded after you leave the website automatically. Persistent cookies may also be used to remember your club selection preference.