This Privacy Policy sets out how we use and look after the personal information we collect from you. We are the data controller, responsible for the processing of any personal data you give us. We take reasonable care to keep your information secure and to prevent any unauthorised access to or use of it.
References to "we", "us" and "our" in this policy are all references to the Club.
Sidcup Golf Club takes the privacy of all its members/supporters and website users very seriously and takes great care to protect your information.
How to Contact Us About Your Personal Data or This Privacy Policy.
If you have any questions about this privacy policy or about your personal data, please email us at sidcupgolfclub@googlemail.com or write to us at the following address:
General Manager
Sidcup Golf Club
Hurst Road
Sidcup
Kent DA15 9AW
What Personal Data We Hold on You
Personal data means any information about an individual from which that individual can be identified. We collect, use and store some personal data of our employees, visitors and members [and their parents or guardians]. When you join or visit our Golf Club we collect only the information required from you to be able to fulfil our contractual obligations. We may also collect further information through our website which allows us to contact you regarding events and offers at the club.
* As an employee we collect only the information required to fulfil the contractual relationship between you and the club and we only share this data with internal and external data processors.
* You provide information about yourself when you register with the Club, and by filling in forms at an event or online, or by corresponding with us by phone, e-mail, face-to-face or otherwise.
The information you give us may include your name, date of birth, address, e-mail address, phone number, gender. We may also ask for relevant health information, which is classed as special category personal data, for the purposes of your health, wellbeing, welfare and safeguarding. Where we hold this data, it will be with the explicit consent of the member or, if applicable, the members parent or guardian.
Depending on the type of membership you register for with us, you may initially provide us with or we may obtain personal information about you, such as information regarding your:
* personal contact details that allows us to contact you directly such as name, title, email addresses and telephone numbers;
* date of birth;
* gender;
* membership start and end date;
* records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
* any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you;
* records of your attendance at any events hosted by us;
* CCTV footage and other information obtained through electronic means
* images in video and/or photographic form and voice recordings;
* your marketing preferences so that we know whether and how we should contact you.
* details of any county membership; o details of next of kin, family members, coaches and emergency contacts;
* records and assessment of any player rankings, grading or ratings, competition results, details regarding [events/matches/games] attended and performance (including that generated through player pathway programme);
* any disciplinary and grievance information;
CCTV - Recording
The principal purposes of the Clubs CCTV system are as follows: -
* for the prevention, reduction, detection and investigation of crime and other incidents;
* to ensure the safety of staff, members and visitors; and
* to assist in the investigation of suspected breaches of Club regulations by staff, Members or Visitors
Unless required for evidential purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 30 days from the date of recording. Images will be automatically overwritten after this point.
Debit/Credit Card Payments
The Club accepts card payments for the purpose of paying subscriptions, adding money to clubcard accounts and/or providing ‘cashback’. When you make a card payments at the club; receipts are stored securely for two months {60 days} in order to process and confirm funds. Card receipts are then destroyed inline ICO and our suppliers (World Pay) guidelines.
Why We Need Your Personal Data
All personal information that we collect about you will be recorded, used, and protected by us in accordance with applicable GDPR legislation and this privacy policy. We may supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations, for example, England Golf, County Bodies.
We will only use personal data for any purpose for which it has been specifically provided.
How We Use Your Personal Data
When you join as a member or enter into a society event or open competition we may share your information with external and internal data processors (ClubV1, BRS etc. Membership Administration System). Your personal data is controlled internally by the clubs Data Protection Officer who adheres to the Golf Club’s internal data protection policies and procedures.
We request that the information you provide is as accurate as possible as this allows us to secure your privacy by differentiating you from others and creating a "profile" for you on our database so that we can provide a personalised service when you visit the Site and/or we send you emails. Periodically we may send you an email asking you to "Update your Details".
When you go to the ‘update your details’ section of your account, via ClubV1, you will be able to specify what we can contact you regarding. There are two options to opt-in or out of which are highlighted below:
- Opt-in to receive ‘Club Promotions’ from SGC – by opting-in to this you will receive regular updates, offers and information regarding club events, competitions and any news;
- Opt-in to receive updates from selected third parties – by opting-in to this you will receive offers and information from selected third parties that the club work with.
Personal Information held on ClubV1 will not be available to other members unless you register to one or all of the following sites;
1. Club Website
2. ClubV1 Members Hub
3. HowDidiDo
Once registered to one or all of the above sites, you will be able to control what information is shown by opting-in to the selected fields.
You may, at anytime, change/update your ‘Personal Data Restrictions’ – By permitting your details to be visible, you will be giving consent to the club to make your details available to other members, Data processors (for the purpose of club activates) and other relevant golfing partners to contact you.
These settings can be changed via your ClubV1 log-in or by completing a ‘Members Permission Notice’ in order to permit the appointed GDPR officer to amend your preferences and/or restrictions on your behalf.
Your information will then be held by ClubV1.
How will ClubV1 protect your Data?
The GDPR became enforceable from 25 May 2018, this notification is designed to assist users if asked about the security in place for Club Systems hosted products’
ClubV1 (and all our cloud software) is hosted in Microsoft Azures Northern Europe region.*
Microsoft has been leading the industry in establishing clear security and privacy requirements and consistently meeting these requirements. Microsoft Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2.
As well as country-specific standards, such as Australia IRAP, UK G-Cloud and Singapore MTCS. Rigorous third-party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.
ClubV1 protect your data in the following ways:
1) Encryption - We use an industry standard level of SSL certification to secure data, the SQL database secures your data by providing encryption for data in motion with Transport Layer Security (TLS) and for data in use with Transparent Data Encryption (TDE).
2) Firewall and Rules - To help protect your data, firewalls prevent access to the ClubV1 database until we specify which computers have permission using firewall rules. The firewall grants access to databases based on the originating IP address of each request.
3) Authorization / Authentication - Authorization refers to what a user can do within an Azure SQL Database, and this is controlled by our user account permissions. As a best practice, we grant users the least privileges necessary.
4) Dynamic Data Masking - We hide some columns to limit sensitive data exposure by masking them to non-privileged users.
5) Key Vaults – We use Key Vault for storing secrets like passwords or API keys,
6) Additional security - We offer all ClubV1 clubs an option, to use a ‘PIN’ in conjunction with the Username and Password to ensure an additional level of security preventing unauthorized access to the Software by any user or other party.
7) Passwords - Passwords are hashed using unique salts and key stretching to make cracking more difficult.
Along with protection, we also use proactive monitoring in the form of:
1) Auditing
Auditing tracks database activities by recording database events to an audit log. We are able to understand ongoing database activities, as well as analyse and investigate historical activity to identify potential threats or suspected abuse and security violations.
2) Threat detection
Threat Detection complements auditing, by providing an additional layer of security intelligence built into the service that detects unusual and potentially harmful attempts to access or exploit databases. We are alerted about suspicious activities, potential vulnerabilities and SQL injection attacks, as well as anomalous database access patterns.
We Use Information About You for These Primary Purposes:
• To perform the services you have requested, such as sending you our newsletters and other information about us. The type of information we may use might include, for example, your name, address, email address, date of birth, telephone number.
• To alert you to other information, including offers and promotions, relating to us, and/or (except where you have indicated otherwise) commercial partners such as England Golf & County Bodies. See below heading 'Marketing Information' for more information about this. For example, such information may include newsletters, offers, promotions, occasional surveys and other communications of potential interest from us, our official partners, or official partners.
• To carry out market research so that we can improve the products and services we offer. Your feedback is valued and helps to shape the products and services we offer. You will have the right to opt-out of receiving or participating in our surveys at any time.
• We may also supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations such as our commercial partners and group companies.
Marketing Information
News, offers and opportunities from us and our sponsors and partners (which we provide only with your consent).
We do not sell, rent, or otherwise provide personally identifiable information to third-parties without your consent, except only as set out in the 'Disclosing (Sharing) of Your Information' section below.
From time-to-time we, and/or our commercial partners (if you have agreed to receive their information when you provided your personal information) would like to contact you to tell you more about the offers, services, products and other initiatives available to you.
We and/or our commercial partners will only contact you by electronic means if you have consented to this. However, if you are an existing member (and have not opted out) we may contact you by electronic means about services, products and initiatives similar to those you have previously received or enquired about (unless you have chosen not to receive such electronic communications).
If, at any time after registering, you would like to change your preference and opt-in or opt-out from receiving communications from us or third-parties you can do this at any time by logging into your account and amending your preferences.
Children and Young People
We realise and understand that children and young people under the age of 18 ("minors") may join the club, It is our policy:
• to encourage all minors to consult with their parents or legal guardian before submitting any content or information to us. Minors may be asked to provide a valid email address for their parent or guardian so that we may verify parental consent, where required;
• not use (or pass to any third party) personal information on persons known to be minors for any commercial purposes.
Parents or legal guardians should supervise minors when online and we recommend parental control tools be put in place. Any minor using the Site and services offered is confirming that they have received the consent of their parent or a guardian to do so.
Storing and Retaining Your Personal Data We are committed to protecting the security of your personal data in accordance with current legislative requirements, industry standards and technology. We will keep the personal data you have provided for as long as we have a relationship with you; once that relationship has ended we will retain it in accordance with this Policy only for as long as we reasonably require and it will then be deleted and destroyed.
Some of the organisations to which we may disclose your personal information after we have obtained your consent (including, but not limited to, our commercial partners) may be situated outside of the European Economic Area, in countries which may not have laws that protect privacy rights as extensively as in the EU or United Kingdom, though we will take all reasonable steps to ensure that your information is still properly protected.
How Long We Hold Your Personal Data
We keep your personal data as a member while you continue to be a member or are otherwise actively involved with the Club. We will delete this data up to 6 years after you have ended your membership or affiliation, or sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes. Exceptions to this rule are:
* CCTV records which are held for no more than [30 days] unless we need to preserve the records for the purpose of prevention and detection of crime;
* Debit/Credit Card Receipts containing card details are kept for a period of no more than 60 days once processed and destroyed in line with ICO and our suppliers (Worldpay) guidelines.
* Details regarding unsuccessful membership applicants where we hold records for a period of not more than 12 months;
* Information that may be relevant to personal injury or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination claims this can be an extended period as the limitation period might not start to run until a long time after the event.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Once your personal data is received, we store it safely, as set out in this Policy. We do not store any unnecessary financial information.
We cannot guarantee the complete security of our databases, nor that information you supply will not be intercepted while being transmitted to us over the Internet.
If we have given you a password to access certain parts of the website, Club V1 and/or the App, you are solely responsible for keeping the password safe and make sure you use a secure browser.
Disclosure (Sharing) Of Your Information
We have already described in the 'Marketing Information' section of this Policy under what circumstances your personal information may be shared with our commercial and official partners, if you have agreed. In addition, there are some other reasons why we may disclose your personal information to third parties and these are as follows:
• to other companies within our corporate group; and to appoint other organisations to carry out some data processing activities on our behalf. For example, mailing services, payment processing and hosting service providers;
• if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our terms of use or terms and conditions of supply of any of the services provided by us (for example our club regulations) and other agreements; and/or
• protect the rights, property, or safety of us, our commercial partners, our members, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
• Where we share your personal information with third parties we will take all possible steps to ensure that it is properly protected and processed in accordance with this Policy.
Your Rights Regarding Your Personal Data
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.
As a data subject you are not obliged to share your personal data with the Club. If you choose not to share your personal data with us we may not be able to register or administer your membership. We may update this Privacy Notice from time to time, and will inform you to any changes in how we handle your personal data.
Accessing Your Personal Information:
You have the right to see a copy of the information that we hold about you. Please contact sidcupgolfclub@googlemail.com, the club will endeavor to fulfil this request for you in a reasonable, timely manner.
Update and Amend Your Personal Information:
You have the right to ask that the information we hold about you is corrected by updating/changing your profile preferences or by contacting us as above. We encourage you to update your personal information promptly if it changes.
Opt-out of Being Contacted:
You have the right to ask that we and/or our commercial partners stop contacting you by accessing your online account and clicking the relevant boxes on the screen upon which you provide information or by contacting us at sidcupgolfclub@googlemail.com.
Close Your Account/Delete Your Personal Information:
You (and any parent/guardian of a minor) have the right to request that we close your account and/or delete your personal information from our database. We will make all reasonable efforts to comply with this request. However, it may not be possible to delete an entry without some delay and without retaining some residual personal information because of backups and records of deletions (including to ensure we no-longer communicate with you) or because we are required to retain personal information for other lawful requirements.
Where to Make a Complaint
If you have a complaint regarding any aspect of your personal data or this privacy policy, please write to us at the above address. If you are still not satisfied with the outcome of your complaint, you may write to the Information Commissioner’s Office at the following address:
Information Commissioner's Office
Wycliffe House Water Lane
Wilmslow Cheshire
SK9 5AF
You can also contact the Information Commissioner’s Office using their online form: https://ico.org.uk/global/contact-us/email/
This Policy was last updated in January 2021.