Here at Middlesbrough Golf Club we take your privacy seriously and we want to make sure all the personal information we have collected about you, is safe and secure.
This Policy sets out our commitments to you, in compliance with the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal data. We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so.
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or in providing services to our customers and members, or just managing our relationship with you.
We will provide you with a privacy notice which sets out in detail what information we hold about you, how your personal information may be used and the reasons for these uses, together with details of your rights. You will be provided with the notice when we collect personal information from you directly.
We will only provide this privacy notice to you once, generally at the start of our relationship with you. However, if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version.
The difference between data controllers and data processors.
A data controller is a person who controls how personal information is processed and used. A data processor is a person who processes and use personal information in accordance with the instructions of a third party, i.e. the data controller.
This distinction is important. You have certain rights in relation to your personal information (see below) which can generally only be exercised against a data controller of your information.
In most cases we will be a data controller of your personal information. In any case where we are not a data controller this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the person who controls how we process the personal information). In these cases we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
Also, it is only a data controller that will provide you with a privacy notice about your personal information, so where we process your personal information as a data controller we will provide you with a privacy notice. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which sets out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.
What are your rights?
Individuals have the right to:
- Obtain confirmation that their data is being processed (privacy notice)
- Withdraw consent
- Access their personal data
- Access other supplementary information
- Have personal data rectified if it is inaccurate or incomplete
- To be forgotten and request the erasure of personal data when it is no longer necessary in relation to the purpose for which it was originally collected/processed or the individual withdraws consent.
- Block or restrict the processing of personal date (storing of personal data is permitted but not further processing of it).
To exercise any of your rights, or if you have any questions relating to your rights please contact us by using the ‘Contact’ section below. You can also unsubscribe from any direct marketing by clicking on the unsubscribe link in the marketing messages we send you.
You should note that some of your rights may not apply as they have specific requirements and exemptions which apply to them and they may not also apply to personal information recorded and stored by us. However your right to withdraw consent or object to processing for direct marketing are absolute rights.
If you are unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website https://ico.org.uk/for-the-public/. However, we are here to help and would encourage you to contact us to resolve your complaint first.
How do we use your personal information?
We will use your personal information as described in the privacy notice provided to you, but, for example, we may use your personal information to administer any account(s) you have with us and for the purpose of legitimate interests.
Who do we share your personal information with?
Generally only we disclose your personal information where we need to do so in order to run our Club (e.g. where other people process information for us). In such circumstances, we will put in place arrangements to protect your personal information. Outside of that we do not disclose your personal information unless we are required to do so by law.
If we transfer personal information about you outside the European Economic Area (EEA), we will let you know and ensure that all reasonable security measures are taken and that any third party processers will be required to process the information in accordance with information protection laws and we will notify you in your privacy notice is we are the information controller.
We do not sell, trade or rent your personal information to others.
We share personal information with the following parties:
- To any governing bodies or regional bodies for the sports covered by our Club: to allow them to properly administer the sports on a local, regional and national level.
- Other service providers: for example, payment processors and IT services (including BRS Golf, Club Systems)
- The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives.
- Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
How long do we hold on to your personal information?
We will only hold your personal information for as long as is necessary or where you ask us to delete records we may delete it earlier.
The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. However, in some cases personal information may be retained on a long term basis: for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements.
Linking with third party sites
Our website may, from time to time, contain links to and from the websites of our commercial partners, and other regional bodies. If you follow a link to any of these websites, please note that these websites have their own privacy policies and they will be a data controller of your personal information. We do not accept any responsibility or liability for these policies and you should check these policies before you submit any personal information to these websites.
In addition, if you link to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact tis owner or operator if you have any concerns or questions.
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it.
Unfortunately, no information transmission over the internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.
Certain parts of our website use ‘cookies’ to keep track of your visit and to help you navigate between sections. A cookie is a small data file that certain websites store on your computer’s hard-drive when you visit such websites. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied.
Changes to this policy
Any changes we may make to this policy in the future will be posted on our website and, where appropriate, notified to you by email. When we change this policy in a material way, we will update the version date at the bottom of this page. Please check back frequently to see any updates or changes to this policy and should you object to any alterations, please contact us as set out in the ‘Contact’ section below.
Your acceptance of these terms
By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.
In the event of any query or complaint in connection with the information we hold about you, please email firstname.lastname@example.org or write to us at Middlesbrough Golf Club, Brass Castle Lane, Marton, Middlesbrough, TS8 9EE.
Version date: 25 May 2018