Woodspring Golf & Country Club is committed to protecting your personal data and handling it responsibly.
This policy covers the personal data that Woodspring Golf & Country Club collects whenever you interact with us, including when you use our website, or become a member or green fee affiliate, and when you correspond with us (such as by email or over the phone). It also covers personal data that we may receive from third parties and other media platforms.
The policy will cover the bullet points below in order:
- the types of personal data we collect from you
- the types of personal data we receive from third parties
- why we process your personal data
- who we share your personal data with
- how long we retain your personal data
- your rights to withdraw your consent and to object (including to direct marketing)
- your other personal data rights
- how to contact us and exercise your rights
Personal data Woodspring Golf & Country Club collects from you
We collect personal data from your interactions with us, such as when you sign up for membership engage with our website, become a green fee affiliate or when you email or phone us.
The personal data we collect from you includes:
- the name and contact details that you provide when you register as a member with us
- your payment and address details
- your marketing preferences, including any consents you have given us
- your browser or device information
- information about your use of our website
- your communications with us
- information about your bookings at Woodspring Golf & Country Club, such as tee times, events, bar spend and conferences held at Woodspring Golf & Country Club. Photos and video footage of you may be taken at these events
Personal data Woodspring Golf & Country Club receives from third parties
Sometimes we receive personal data from third parties, in particular:
- online personalisation providers tell us how you engage with our websites and social media accounts
This section explains the reasons why we process your personal data and our legal bases for doing so.
If you’ve contacted us to receive information relating to the Club, then we’ll provide this information to you by email, text, or phone.
Wherever we rely on your consent to process personal data, you have a right to withdraw that consent. See Section on how to exercise your rights below.
We process your personal data when necessary to pursue our legitimate interests in the following:
- tailoring our website and communications for you. We collect information about your engagement with us online (such as pages that you have visited on our websites) and combine that with aggregated insights we have about our customer base, to build a fuller understanding of your individual preferences
- monitoring, improving and protecting our products, content and services
- checking the credit or debit card details you provide (to process your payments and prevent fraudulent transactions)
- sending you some types of direct marketing, including by email and post
- responding to your comments or complaints
- undertaking, or inviting you to take part in, market research
- querying whether you have had an issue completing an online form
- using incident reports and CCTV footage to: protect the security of our customers and staff; and to help detect and prevent unlawful activity
- managing legal claims, compliance, regulatory and investigative matters
- processing job applications received through third party organisations
We process your personal data when necessary for contractual reasons, such as to administer your membership registration and competition entries and to provide products and services that you have requested.
We are legally required to process your personal data in cases where we need to:
- obtain parental consent to provide services directly to children
- respond to certain requests by government or law enforcement authorities
Who Woodspring Golf & Country Club shares personal data with
We will share your personal data with the following recipients:
- government authorities or law enforcement officials, to assist with their official requests and comply with our legal obligations
- The Gloucestershire and the North Somerset Golf Union and English Golf Union, when they ask for information about Golf Participation.
- our advisers, any prospective purchaser’s advisers, and any new owners of the business (in the event our business is sold or integrated with another business)
How long Woodspring Golf & Country Club retains personal data
We retain personal data about your membership for as long as your account remains active, and for a limited period of time afterwards (in case you decide to reactivate your membership or have queries about it).
We retain personal data relating to your purchases for several years from the date of the relevant transaction. This is to understand your purchasing preferences and to meet our legal and contractual obligations.
Where you have asked us not to send you direct marketing, we keep a record of that fact to ensure we respect your request in future.
We keep a record of all CCTV security footage for 30 days, unless we need to hold this data for longer to resolve an issue or to meet a legal requirement.
We also retain information with the potential to give rise to legal disputes for 7 years.
Your rights to withdraw consent and to object (including to direct marketing)
Wherever we rely on your consent to process personal data, you always have a right to withdraw that consent. See where we rely on your content in the section above
You also have the right to object to any use of your personal data for direct marketing purposes, as well as to processing that we undertake based on our legitimate interests (including profiling). See the above section for situations where we process data for our legitimate interests.
Your other personal data rights
In addition to your rights to withdraw your consent and to object, you have the right to ask us:
- for access to information about your personal data or for a copy of your personal data
- to correct or delete your personal data
- to restrict (i.e. stop any active) processing of your personal data
- to provide you with certain personal data in a structured, machine readable format and to transmit that data to another organisation
How to contact us and exercise your rights
The easiest way to stop receiving information from us is by opting out of emails by using the unsubscribe link at the bottom of each email. You can also call us on 01275 394378 or visit us in person to discuss your concerns.
We will do our best to assist with any queries you have about your personal data. You can contact the Data Protection Officer David Knipe at any time using the contact details below. When you do so, please provide your full name, your preferred contact information, and a summary of your query.
If you have unresolved concerns, you also have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the UK.
Woodspring Golf & Country Club, Yanley Lane, Long Ashton, Bristol, BS41 9LR Email:firstname.lastname@example.org Tel:01275 394378
Data Protection Policy
Woodspring Golf & Country Club takes its responsibilities with regard to the management of the requirements of the Data Protection Act 1998 very seriously. This document provides the policy framework through which effective management of Data Protection matters can be achieved. Woodspring Golf & Country Club will be here on referred to as the ‘Club’.
1. Scope of the Policy
The purpose of this policy is to ensure that the Club and the Club’s staff comply with the provisions of the Data Protection Act 1998 when processing personal data. Any serious infringement of the Act will be treated seriously by the Club and may be considered under disciplinary procedures. The Club expects all of its staff to follow the ethical behaviours set out in the Nolan Principles. Those are: selflessness, integrity, objectivity, accountability, openness, honesty and leadership. These Principles underlie the Club’s Ethical Framework and are incorporated into this policy.
This policy applies regardless of where the data is held, ie if it is held on personally-owned equipment or outside the Club’s property.
The Club is required to adhere to the eight principles of data protection as laid down by the Act. In accordance with those principles personal data shall be:
- Processed fairly and lawfully
- Processed for specified purposes only
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept longer than necessary
- Processed in accordance with data subjects’ rights
- Processed and held securely
- Not transferred outside the countries of the European Economic Area without adequate protection.
[a] Club responsibilities
As the Data Controller the Club is responsible for establishing policies and procedures in order to comply with the requirements of the Data Protection Act 1998.
[b] Data Protection Officer responsibilities
The Club’s Data Protection officer holds responsibility for:
- the Club’s Data Protection. Anyone who is, or intends, processing personal data for purposes not included in the existing procedures should seek advice from the Club’s Data Protection officer;
- drawing up guidance, giving advice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of information;
- the appropriate compliance with subject access rights and ensuring that data is released in accordance with subject access legislation under the Data Protection Act 1998;
- ensuring that any data protection breaches are resolved, cataloged and reported appropriately in a swift manner and in line with guidance from the Information Commissioner’s Office;
- investigating and responding to complaints regarding data protection including requests to cease processing personal data.
Staff members who process personal data about guests, members or any other individual must comply with the requirements of this policy.
Staff members must ensure that:
- all personal data is kept securely;
- no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
- personal data is kept in accordance with the Clubs’s retention schedule;
- any queries regarding data protection, including subject access requests and complaints, are promptly directed to the Data Protection Officer;
- any data protection breaches are swiftly brought to the attention of the Data Protection Officer and that they support the Data Protection Officer in resolving breaches;
- where there is uncertainty around a Data Protection matter advice is sought from the Data Protection Officer.
[d] Third-Party Data Processors
Where external companies are used to process personal data on behalf of the Club, responsibility for the security and appropriate use of that data remains with the Club.
Where a third-party data processor is used:
- a data processor must be chosen which provides sufficient guarantees about its security measures to protect the processing of personal data;
- reasonable steps must be taken that such security measures are in place;
- a written contract establishing what personal data will be processed and for what purpose must be set out;
- a data processing agreement, available from the Data Protection Officer, must be signed by both parties.
3. Subject Access Requests
The Club is required to permit individuals to access their own personal data held by the Club via a subject access request. Any individual wishing to exercise this right should do so in writing to the Data Protection Officer.
The Club aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within the 40 calendar day limit set out in the Data Protection Act 1998.
Individuals will not be entitled to access information to which any of the exemptions in the Act applies. However, only those specific pieces of information to which the exemption applies will be withheld and determining the application of exemptions will be made by the Data Protection Officer.
4. Data Protection breaches
Where a Data Protection breach occurs, or is suspected, it should reported immediately in accordance with the Data Security Breach Incident Management Policy which states:
Confirmed or suspected data security breaches should be reported promptly to the Club as the primary point of contact on 01275 394378, email: email@example.com. The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.
Queries regarding this policy or the Data Protection Act at large should be directed to the Data Protection Officer David Knipe at firstname.lastname@example.org