Privacy

PRIVACY NOTICE
Flempton Golf Club take your privacy very seriously.
This Privacy Notice sets out how we use and look after the personal information we collect from you.
We are the data controller, responsible for the processing of any personal data you give us. We take
reasonable care to keep your information secure and to prevent any unauthorised access to or use of
it.
What personal data we hold on you
Personal data means any information about an individual from which that individual can be identified.
We collect, use, store and transfer some personal data of our participants [and their parents or
guardians], and other Club members.
You provide information about yourself when you register with the Club, and by filling in forms at an
event or online, or by corresponding with us by phone, e-mail or otherwise.
The information you give us may include your name, date of birth, address, e-mail address, phone
number, gender, and the contact details of a third party in the case of emergency. We may also ask for
relevant health information, which is classed as special category personal data, for the purposes of your
health, wellbeing, welfare and safeguarding. Where we hold this data it will be with the explicit consent
of the participant or, if applicable, the participant’s parent or guardian.
Where we need to collect personal data to fulfil Club responsibilities and you do not provide that data,
we may not be able honour or administer your membership.
Why we need your personal data
We will only use personal data for any purpose for which it has been specifically provided.
The reason we need participants’ and members’ personal data is to be able to run the golf club and
arrange matches; to administer memberships, and provide the membership services you are signing
up to when you register with the club. Our lawful basis for processing your personal data is that we
have a contractual obligation to you as a participant or member to provide the services you are
registering for.
We have set out below, in a table format, a description of all the ways we plan to use your personal
data, and which of the legal bases we rely on to do so. We have also identified what our legitimate
interests are where appropriate.
Purpose/ Processing Activity Lawful Basis for processing under Article 6 of the
GDPR.
Processing membership forms and
payments/ subs
Performance of a contract
Organising matches Performance of a contract
Sending out match or Club information and
updates
Performance of a contract
Sharing data with officials, team or
organisers, or pros to run coaching sessions
and enter events.
Performance of a contract
Flempton Golf Club
A heathland course in the heart of Suffolk
43631.0040.8384134.7
Sharing data with leagues we are in
membership of, county associations and
other competition providers for entry in events
Performance of a contract
Sharing data with club officials and activity
organisers to provide information about club
activities, membership renewals or invitation
to social events
The Club has a legitimate interest to maintain
member and participant correspondence for club
community purposes.
Sharing data with third party service or facility
providers
The Club has a legitimate interest to run the
organisation efficiently and as it sees fit. Provision of
some third-party services is for the benefit of the Club,
participants and its members.
Sharing anonymised data with a funding
partner as condition of grant funding e.g.
Local Authority
The Club has a legitimate interest to run the
organisation efficiently and as it sees fit. Application
for funding is a purpose that benefits the Club,
participants and its members.
Publishing match and league results Consent. We will only publish your personal data in a
public domain, including images and names, if you
have given your consent for us to do so. In the case
of children under the age of 13 then only with written
consent of parent/guardian.
Sending out marketing information such as
newsletters and information about promotions
and offers from sponsors
Consent. We will only send you direct marketing if you
are an existing member, participant or other
associated individual and you have not previously
objected to this marketing, or, you have actively
provided your consent.
To ensure we understand possible health
risks
Consent. We will only process details on your medical
history with your consent.
Who we share your personal data with
When you become a member of the Club, your information may be (depending upon which league(s)
your team plays in) entered onto the ClubV1 and HowDidIDo databases, which are administered by the
Club Systems International Ltd. Accounting details are maintained with Xero online accounting software
(Xero Ltd). We also pass your information to the England Golf, The Suffolk Golf Union and affiliated
bodies and to leagues to register participants and the team for matches, tournaments or other events,
and for affiliation purposes.
We may share your personal data with selected third parties, suppliers and sub-contractors such as
referees, coaches or match organisers. Third-party service providers will only process your personal
data for specified purposes and in accordance with our instructions.
We may disclose your personal information to third parties to comply with a legal obligation; or to
protect the rights, property, or safety of our participants, members or affiliates, or others.
Protection of your personal data
We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long we hold your personal data
We keep personal data on our participants and members while they continue to be a participant or
member or are otherwise actively involved with the Club. We will delete this data 12 months after a
participant or member has left or otherwise ended their membership or affiliation, or sooner if specifically
43631.0040.8384134.7
requested and we are able to do so. We may need to retain some personal data for longer for legal or
regulatory purposes. The personal data that is stored on Howdidido is subject to their privacy policy so
we advise you review that policy together with this notice. If you would like your personal data to be
deleted from Howdidido then please contact them.
Your rights regarding your personal data
As a data subject you may have the right at any time to request access to, rectification or erasure of
your personal data; to restrict or object to certain kinds of processing of your personal data, including
direct marketing; to the portability of your personal data and to complain to the UK’s data protection
supervisory authority, the Information Commissioner’s Office about the processing of your personal
data.
As a data subject you are not obliged to share your personal data with the Club. If you choose not to
share your personal data with us we may not be able to register or administer your membership.
We may update this Privacy Notice from time to time and will inform you to any changes in how we
handle your personal data.
If you have any questions about this Privacy Notice, then please contact the club’s Data Protection
Officer.
Key details
• Policy prepared by: Bob Cooper & Sarah Brownie
• Approved by the Council on: 01/05/2019
• Policy became operational on: 02/05/2019
Next review date: 01/05/2020