scroll down for more
This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR), which came into law on the 25th May 2018, seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.
We are committed to ensuring that your privacy is protected, and we will never release your personal details to any third party without your express consent. When you complete an application to join the club certain personal information is collected from you (for example: your name, email address, gender, golf handicap, type of membership sought). You can be assured that it will only be used in accordance with this privacy statement.
Data Controller/Data processors:
CGC is the data Controller of Members, Visitors and Staff data, required for the performance of its contractual obligations to these groups of individuals. A data controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
A data processor is distinct from the data controller for whom they are processing the personal data. An employee of a data controller, or a section or unit within a an organisation which is processing personal data eg Staff Payroll for the organisation as a whole, is not a "data processor". However, someone who is not employed by the data controller, but is contracted to provide a particular data processing service (such as a tax adviser, or a telemarketing company used to manage customer accounts) would be a data processor. ClubV1 and BRS are data processors on behalf of CGC. ClubV1 are used to process competitions and manage handicaps of members and visitors. BRS is the organisation that manages the club reservations system. Both these organisations are GDPR compliant and have their own privacy policies, procedures and security systems.What we collect:
We may collect the following information directly from you:
* Name and surname
* Date of Birth
* Current Address
* Phone numbers
* Email address
* Handicap ability
* Membership Category
* Bank details (If you wish to sign up for the subscription direct debit scheme)
What we do with the information we gather:
We require this information to administer your membership and to provide the products and services you have requested from us and provide you with a better service for the following reasons:
* Internal record keeping.
* Sending subscription notices to you.
* Recording financial transaction to your subscription account.
* Contacting you with relevant club correspondence.
* Send promotional emails about special offers, competitions, results or other information which we think you may find interesting using the email address which you have provided.
* From time to time, we may also use your information to contact you for club research purposes.
* We may use the information to customise the website according to your interests.
* Maintaining a record of any competitions you play in.
* Maintaining a record of your handicap and related GUI / ILGU Number.
* Providing you with a Member’s Card for gaining access to the club, spending of the bar & restaurant levy & handicapping and competition entry.
* Confirm your handicap to other Golf Clubs if they request confirmation of your handicap for any competitions you have entered with them.
* Provide your contact details to other club members such as team managers for the sole use of club business
* Your handicap details and membership number are displayed in the Locker Room area of the Clubhouse. Under the Data Protection Acts, you are entitled to write to the Golfing Union of Ireland or Irish Ladies Golf Union at their address or email info@GUI.ie / firstname.lastname@example.org to request a copy of your personal data which GUI/ ILGU- ClubV1 holds. Similarly with ‘BRS’ which operates the club reservation system.(www.brs.com). Further details are available on the ‘Help for Clubs’ section of the CGI website at www.cgigolf.org.
WEBSITE, Social Media
From time to time information and photographs will be posted on the CGC website and other social media with the intention of informing members and visitors of the activities within the club in order to promote the goodwill of the club and enjoyable experiences to be had by particpating in these activities.
CGC uses CCTV to capture images of individuals or information relating to individuals for Health and Safety and crime prevention.
Data is processed fairly and lawfully and Images of people and the information which is derived from images – for example, vehicle registration numbers, are covered by the Data Protection Act. Recorded material is password protected and stored for a maximum of 28 days. Advisory Signs are in use at the premises
The Club is affiliated to the Golfing Union of Ireland and the Irish Ladies Golf Union. The GUI and the ILGU operate and maintain the details of the handicap of members on the www.ClubV1.ie system and for this purpose allocates each individual member of the Club a unique personal identifier number (your unique “Club Membership No.”). The system has been designed by GUI/ILGU to provide members of Clubs affiliated to GUI/ILGU with enhanced membership services free of charge.
The purposes for which GUI/ILGU may use the data are as follows:
1. GUI/ILGU may use your details to communicate directly with the people who play the sport in Ireland, to provide them with information and other benefits relating to their membership; and
2. The provision of a handicap system for all individual members of affiliated Clubs and the wider golf community through the introduction of the Club Membership Number. You agree that the Club and other GUI/ILGU affiliated Clubs at which you may play in competition may provide your name, address, phone number, email address, membership no., gender, date of birth, your card number and your results history to the GUI/ILGU for the purposes of operating the data base system. The Club agrees to keep your data on the system securely and to only use it for the purposes set out in this notice.
CGC complies with the security requirements of the credit card Payment Card Industry Data Security Standard (PCI DSS) Program and compliance is validated annually.
PCI requirements apply to all systems that store, process, or transmit cardholder data. Electronic storage of cardholder data is not conducted or permitted.
CGC uses the information collected from you to provide membership services, subscription billing, make telephone contact and to email you marketing information which CGC believes may be of interest to you. In you making initial contact you consent to CGC maintaining a marketing dialogue with you until you either opt out (which you can do at any stage) or we decide to desist in promoting our services. CGC also acts on behalf of its members in the capacity of data processor.
Some personal data may be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses. CGC may from time to time use such information to identify its visitors. CGC may also collect statistics about the behavior of visitors to its website.
CGC will only collect the information needed so that it can provide you with membership & marketing services. CGC does not sell or broker your data.
Legal basis for processing any personal data
To meet CGC’s contractual obligations to members, to manage the club, to run all competitions and to also respond to marketing enquiries.
Legitimate interests pursued by CGC and/or its contractors
To promote the marketing and services offered by CGC and/or to market the services and/or products offered by CGC’s contractors such as the club professional and caterer.
Through agreeing to this privacy notice you are consenting to CGC processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing email@example.com or writing to the club, see last section for full contact details.
CGC may on occasions pass your Personal Information to third parties exclusively to process work on its behalf. CGC requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.
CGC do not broker or pass on information gained from your engagement with the club without your consent. However, CGC may disclose your Personal Information to meet legal obligations, regulations or valid governmental request. The agency may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of Craddockstown Golf Club , its members, guests and/or the wider community.
CGC will process personal data during the duration of any membership / contract and will continue to store only the personal data needed as outlined in the Data Retention Policy.
Data is held in Ireland using different (multiple) servers. CGC does not store personal data outside the EEA.
Your rights as a data subject
At any point whilst CGC is in possession of or processing your personal data, all data subjects have the following rights:
* Right of access – you have the right to request a copy of the information that we hold about you.
* Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
* Right to be deleted – in certain circumstances you can ask for the data we hold about you to be erased from our records.
* Right to restriction of processing Â– where certain conditions apply you have a right to restrict the processing.
* Right of portability – you have the right to have the data we hold about you transferred to another organisation.
* Right to object – you have the right to object to certain types of processing such as direct marketing.
* Right to object to automated processing, including profiling Â– you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that CGC refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
CGC at your request can confirm what information it holds about you and how it is processed
You can request the following information:
* Identity and the contact details of the person or organisation (Craddockstown) that has determined how and why to process your data.
* Contact details of the data protection officer, where applicable.
* The purpose of the processing as well as the legal basis for processing.
* If the processing is based on the legitimate interests of CGC or a third party such as one of its clients, information about those interests.
* The categories of personal data collected, stored and processed.
* Recipient(s) or categories of recipients that the data is/will be disclosed to.
* How long the data will be stored.
* Details of your rights to correct, erase, restrict or object to such processing.
* Information about your right to withdraw consent at any time.
* How to lodge a complaint with the supervisory authority (Data Protection Regulator).
* Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
* The source of personal data if it was not collected directly from you.
* Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what personal data is held, identification will be required
CGC will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If CGC is dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made to firstname.lastname@example.org or by phoning +353 897610 or writing to us at the address further below.
In the event that you wish to make a compliant about how your personal data is being processed by CGC or its partners, you have the right to complain to CGC’s Committee of Management. If you do not get a response within 30 days you can complain to the Data Protection Regulator.
The details for each of these contacts are:
Chairperson of the Committee of Management
Craddockstown Golf Club
Telephone +353 45 897610 or email@example.com
Data Protection Regulator
Office of the Data Protection Commissioner
Co. Laois, R32 AP23
Telephone 1890 25 22 31 or email: firstname.lastname@example.org