Issued to comply with General Data Protection Regulation (GDPR)
South Bradford Golf Club treats the privacy of its members, employees and web-site users seriously and takes appropriate security measures to safeguard and keep private any information regarding these groups. This policy explains how we protect and manage any personal data* you share with the club and that we hold about you.
Personal data means any information that may be used to identify an individual which may include but is not limited to, a first and last name, a home or other physical address, a telephone number and an email address or other contact information, whether at home or where appropriate at work.
How we collect your personal data* – Information provided by you
Data has been provided to the club historically on application forms either by the club in paper form or by downloading the form from the club’s website. This includes personal data* but also date of birth and gender.
We may also keep and store information contained in any correspondence you may have with the club, whether by post, email, fax, text message or telephone conversation.
A record is maintained of subscriptions paid whether by up-front payment by cheque, cash or BACs or by authorised monthly standing order payments. The club does not keep a record of any related bank details.
For members who have requested a bar card, we keep a unique record of related transactions on our EPOS system, a record that includes the amount of money put on the card, corresponding spend and the account balance.
For employees, additional information is provided related to previous employment but also and not exclusively, national insurance and income tax details and if applicable, any county court orders; childcare benefits and any other subject that needs to be included in a payroll calculation. The club also maintains a paper record of the employee’s bank details, limited to name, sort code and account number.
Information from other sources
The club may obtain information from other third party sources where permitted by law and when required for specific purposes for example but not exclusively, to verify an identity or when additional information is required under the club’s child safeguarding policies. Such information will only be obtained from organisations that operate in accordance with GDPR.
How we use your personal data
We use a member’s personal data* to manage and administer the club’s membership system through Club Systems International (CSI) and for golfing members, to support the BRS Golf (BRS) tee booking system.
A record is also maintained of the player’s golfing scores, handicap and CDH number and this information is also shared with England Golf and the How Did I Do system. England Golf uses the member’s name to issue and England Golf membership card.
A bar card is issued to all members on request though the use of the club card is limited to the EPOS system only.
Data on the CSI system is used by the club to advise members whether by email, text message or letter, of upcoming events, subscription renewal, course information and other matters of interest related to the golf club.
For employees, all personal data* is used only for the administration of payroll, pensions and other HR matters.
For visitors (non-members) to the club’s website, personal data* will only be processed if consented to by the visitor.
Except in the circumstances outlined above the club will not share personal information with any third party, unless we have a duty to do so, are required to do so by law or to support the club’s routine.
In this last case, information may be limited to that which allows competitors in competitions to contact each other.
Except for this last reason, should any other occasion arise, the member or employee will be advised as soon as possible of any action taken.
The club will not use personal data* for marketing purposes other than for those promotions internal to the club.
How long do we keep information about you?
Retention periods will be limited to the length of time needed to formally conclude your engagement with the club but in any case, will not exceed a period of two years.
Data subject rights
The GDPR grants you (the data subject) the right to access the personal data* about you, held by the club. This is referred to as ‘subject access request’. The club will respond promptly and within one month from the point of receiving the request and all necessary information from you. The club’s formal response will include; sources from which information was acquired; the purpose for processing the information and any persons or entities with whom the club has shared the information.
You have the right to have any incorrect data rectified or incomplete data made complete including by you, the data subject, providing a supplementary statement.
Notwithstanding the club’s need to retain personal data* as outlined above, you, the data subject, has the right to obtain from the club the full or partial erasure of your personal data* held by the club, without undue delay.
You (the data subject) also have certain rights to obtain from the club, restriction of processing, where the accuracy of personal data* is contested, until the data is verified. This right applies also if processing is unlawful and you oppose erasure of the data but instead, request restriction of use.
You can also request that personal data* is not erased but is required by you for the establishment, exercise or defence of legal claims
The club will communicate any rectification or erasure of any personal data* to each recipient to whom the data has been disclosed, unless this proves to be impossible or involves disproportionate effort. We shall provide you with information about these recipients if you request it.
You shall have the right to receive your personal data*, which you have provided to the club in a structured, commonly used readable format and have the right to transmit or pass on this data to another controller, without hindrance from the club
Right to Object
You have the right to object at any time, on grounds related to your particular situation, to the processing of your personal data*, unless this processing is necessary in the public interest or an exercise of official authority vested in the club. We, the club, have to demonstrate compelling legitimate grounds for processing the data, which override your rights in this matter.
Invoking Your Rights
Should you wish to invoke any of these data subject rights please write to the Data Protection Officer at firstname.lastname@example.org or The Hon Secretary at South Bradford Golf Club, Pearson Road, Bradford BD6 1BJ.
Accuracy of Information
The club will continue to take reasonable steps to ensure the accuracy of any personal data* we hold which we have obtained from you. However, you the data subject, should make sure that the club is notified about any changes to your circumstances which affects the accuracy of the record we keep. In particular, you should notify the club of any changes to your address, telephone number(s) and email address promptly as the club cannot be responsible for any misdirected communication if you have not made these notifications to us.
GDPR Updated 20/04/2018