Data Protection Policy
We assure you that your personal information will be processed in accordance with the Data Protection Act 2018, which incorporates the European General Data Protection Regulation (GDPR).
For the purposes of GDPR, the “Data Controller” is Ealing Golf Club (1923) Limited (the “Club”) of Perivale Lane, Greenford, UB6 8TS. In accordance with the new requirements laid down by GDPR, we are documenting what personal data we hold, and where; reviewing data retention policies and data security; updating internal procedures; and training staff with access to personal data.
This policy statement sets out the way we process and use your personal data, as well as your rights in these terms. The foregoing relates primarily to Club members, but we also detail the limited data we hold relating to non-members based on their interactions with the Club, as well a brief reference to employee’s personal data and our CCTV Policy.
How we collect your information (Members)
We may collect your personal data in a few limited ways, namely:
- Directly from you when you apply for membership and join the club (via a form, in person, by phone or email
- Via transactions relating to your membership subscriptions, swipe card transactions, or booking your own events
- Via golf competition scores that you submit and related golf handicap data
- Via tee time bookings (on our BRS system)
In a small number of cases we may also hold medical or other personal information that you choose to provide for specific purposes (e.g. for buggy exemptions, DBS checks).
The information we hold (Members)
The personal data relating to members that we retain and use is only that necessary for providing the club services relevant to membership, and – for golf members – also relating to their status as a shareholder in Ealing Golf Club (1923) Limited:
- Contact details: name, address, phone number, email address
- Date of birth (age being relevant both to some membership categories and some teams and competitions, at club, county and national levels)
- Golf handicap (necessary for all competitions) and competition results (part of the handicap system)
- Accounting information: membership payment status; swipe card transactions and balance; any paid for bookings of club facilities
- Tee booking records (for Country membership and Lifestyle membership credits, and more broadly to monitor course usage by different member categories)
- In a small number of cases, only when essential and freely volunteered by the member concerned, medical information (e.g. for buggy exemptions) and/or other personal information for DBS checks
We keep your personal data only for as long as necessary for each purpose we use it. For
most membership data, this means we retain it for so long as you have a valid Club membership and for a period of six years after your last interaction with us (for accounting, tax reporting and record-keeping purposes).
How we use personal data (Members)
In addition to use of your personal data by the Club (its employees and Directors), several (what in GDPR terms are designated as) “Data Processors” necessarily handle personal data on our behalf to deliver services to our members:
Club Systems International Ltd. (membership database, financial systems, member’s app, and HowDidIDo competition and handicap data management)
- BRS (tee booking and diary systems)
- England Golf and Middlesex County Golf Union (Central Database of Handicaps and GolfMark accreditation information)
- Artworking Website Design Ltd. (website – includes member information where members give permission)
- Ricky Willison, trading as “Ealing Golf Club Shop” (golf management and other golf services)
- David Graham Associates (our auditors)
We undertake to ensure that these Data Processors are themselves GDPR compliant, which means in some cases they may not, for instance, use your personal data to market third party services to you without your specific consent, as well as meeting requirements on data security.
In addition, a small number of club member volunteers assist in the running of the club, necessitating some access to personal data from time to time – operating in full compliance with GDPR, backed up by signed NDAs.
The Club and its Data Processors will only use your personal information for one of 3 “legitimate interest” reasons: 1) to ensure that you have the information you need to enjoy the benefits of Club membership 2) to maintain your subscription (renewals, etc.) 3) to ensure that members, as shareholders, are kept fully up to date with developments and member’s meetings at the Club. The ICO’s “soft opt in” guidance also applies for marketing similar services to those previously bought.
Based on the above ‘legitimate interest” and “soft opt in” reasons, the Club will not seek specific ‘opt in’ consent to communicate with members for the following purposes:
- Information on playing conditions and restrictions, course status and developments
- Confirmation of tee bookings (automatic confirmation email generated)
- Information on golf events, club competitions and team matches
- Information of potential interest to Club members relating to Middlesex County Golf Union or England Golf events
- Member’s social events
- Club facilities (including food and drink services)
- Club developments (and related appeals for participation or support)
- Member’s/ shareholder’s meetings (a legal requirement under the Companies Act 2006)
- Pro shop golf-related services to members (including tuition)
- Membership renewals
- Swipe card balance (available via the Club App or by request to Club employees)
- ‘Playing Credit’ status (Lifestyle members) or rounds played update (Country Members)
Members’ personal data will not be used (or passed on) by the Club for purposes not directly related to membership, for instance third party marketing.
You are in control of how we communicate with you. Members may opt out from receiving such communications if they wish – via the Personal Details section on the website or the ‘Unsubscribe’ function on email newsletters. Alternatively, you may contact [email protected] (or 0208 997 0937) to update your preferences.
Members may ‘opt in’ to display what contact details they wish to share with other members in the Members Directory via the Personal Details section of the website (password protected Members Area only) – otherwise they will not be displayed. If ‘opted in’ you may ‘opt out’ at any point.
When not displayed in the Members Directory on the website (Member access only), member contact details will not be given to other members (or anyone else), without their express consent.
To comply with GDPR, Club employees (including Pro Shop staff) cannot provide member contact details we hold to other members who request it. If you do not have contact details (and the member has not chosen to display them in the Members Directory on the website) and wish to contact another member, you should ask the Club Office to contact that member on your behalf, forwarding your email or otherwise relaying your message to them (for instance the desire to fix a match), providing your contact details and requesting that they contact you.
In addition, emails from the Club to all (or multiple) members will not display the emails of all contacted (in effect, ‘blind copying’ all to keep contact details private).
We take care to maintain the security of what GDPR terms as “Special Categories of Personal Data” (Article 9, GDPR). This includes data relating to under-14s, medical records (needed for buggy exemptions), DBS checks and sensitive data relating to employees. This information is only available to the Club General Manager and Chairman of the Board (or designated deputies in their absence).
Non-Member Data
We hold limited personal data relating to non-members. This relates to:
- Tee time bookings made by visitors recorded on BRS, either by online booking or by direct contact with the Pro Shop (contact details sometimes provided, sometimes not)
- Golf society bookings (contact details held of the booker only)
- Bookings for other events at the Club (e.g. Weddings, Parties, Room bookings for meetings).
This information is held on BRS for a period of six years after your last interaction with us (for accounting, tax reporting and record-keeping purposes).
Under the ICO’s “soft opt in” guidance we may use this personal data for email marketing, but only for the marketing of similar services to those originally purchased (e.g. green fee deals for previous green fee purchasers). All such emails will offer the option to unsubscribe.
We will not use Non-member personal data for any other purpose without express consent.
Employee Data
An updated, GPDR-compliant Employee Privacy Notice is available in the Employee Handbook.
CCTV
For the purposes of this policy, personal data includes images captured via CCTV, which we use for the prevention and detection of crime and the security of our employees, as well as being a condition of the Club’s Premises Licence. We do not share these images with any third party, other than law enforcement and under a court order. We keep the images for 14 days, when they are deleted.
Your Rights
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. You can also withdraw your consent, where this is the basis for our processing your data (without affecting the lawfulness of our previous processing based on consent).
- Request the transfer of your personal data to another party.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Contact and complaints
If you have any queries about this privacy policy or how we process your personal data, or if you wish to exercise any of your legal rights, you may contact the Club’s General Manager:
Email: [email protected]
Post: Ealing Golf Club, Perivale Lane, Greenford, UB6 8TS
Tel: 0208 997 0937
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. You can find out more about your rights under applicable data protection laws from the Information Commissioner’s Office, website: www.ico.org.uk.