- Woodhall Hills Golf Club Limited (“we”, “our” or “us”) is a members Golf Club.
- We are committed to ensuring that when we collect and use information provided to us or information about visitors to our websites (as described below) we do so in accordance with applicable data privacy laws.
- For further information, please visit www.woodhallhillsgolfclub.com.
- Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within our website.
- Users are advised that if they wish to deny the use and saving of cookies from our website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from our website and its external serving vendors
- Other cookies may be stored to your computer’s hard drive by external vendors when our website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
- We will collect personal information directly from you, from members or from authorised representatives. We may also collect personal information from third parties such as regulatory authorities, your employer, other organisations with whom you have dealings, government agencies, credit reporting agencies, recruitment agencies, information or service providers, publicly available records and the third parties described in the ‘Disclosure of your information’ section below. We will handle any unsolicited information in accordance with law, including destroying or de-identifying such information where we are required to do so by law.
- We may collect current and historical personal information including for example your name, contact details, identification, organisation, employment, positions held and enquiry/complaint details. We may also collect personal information about your other dealings with us and our members, including any contact we have with you in person, by telephone, email or online.
- When you use our online services, we may collect the following:
- Information you provide by completing forms (this includes information you give us when registering for any of our online services, subscribing to our services, submitting material or requesting further services);
- Information you provide to us if you contact us, for example to report a problem with our online services or raise a query or comment; and
- Details of visits made to our online services including, but not limited to, the volume of traffic received, logs (including, where available, the IP address and location of the device connecting to the online services and other technical information and identifiers about the device and the nature of the visit) and the resources accessed.
Careers and Recruitment
- If you apply for a job or work placement you may need to provide information about your education, employment, background and state of health. Your application will constitute your express permission to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer.
- We may also carry out screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal and regulatory record checks) and consider you for other positions. We may exchange your personal information with academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment providers, referees and your current and previous employers. Without your personal information, we may not be able to progress considering you for positions with us.
USE OF YOUR INFORMATION
- We use your personal data in order to provide the services of a Golf Club to you.
- We are required to set out the lawful basis under the General Data Protection Regulation for which we process your personal data. We use your information where it is necessary for the performance of a contract with you (Article 6(1)(b) General Data Protection Regulation (GDPR)) or necessary in connection with a legal obligation (Article 6(1)(c) GDPR), or where we otherwise consider such use of your information as not detrimental to you, within your reasonable expectations and necessary to fulfil our legitimate interests (Article 6(1)(f) GDPR).
- In particular we use your information in order to provide you with, and improve, our services, for example:
- To carry out our obligations arising from any contracts entered into between you and us (Article 6(1)(b) GDPR).
- To facilitate our internal business operations, including to fulfil our legal requirements (including in relation to anti-money laundering) and professional obligations (Article 6(1)(c) GDPR).
- To maintain and develop our relationship with you (Article 6(1)(b) GDPR).
- To provide you on an ongoing basis with information and services, that you request from us or which we feel may interest you as permitted under applicable law, and to measure the popularity and effectiveness of services such as newsletters and emails, in order to improve what we offer to you and other recipients (Article 6(1)(f) GDPR).
- To ensure that content from our online services is presented in the most effective and secure manner for you and for your device and settings (Article 6(1)(f) GDPR).
- For research, planning, service development, security or risk management (Article 6(1)(b) GDPR).
- To maintain and update our records (Article 6(1)(b) GDPR).
We may not be able to do these things without your personal information.
- Under applicable data protection legislation, we have a duty of care to ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information.
- We will only retain your personal information for as long as is reasonably necessary in the circumstances. Personal information provided in connection with the provision of our services will be retained for no longer than six years unless we agree otherwise with you.
DISCLOSURE OF YOUR INFORMATION
- We may, in providing our services and operating our business, allow our associated firms and our service providers to access your information.
- In addition, we may exchange your personal information with third parties where:
- You have permitted us to share your personal information in this way;
- We are under a legal, regulatory or professional obligation to do so (for example, in order to comply with anti-money laundering requirements) or in order to enforce or apply our terms of business or to protect the rights and interests, property, or safety of our club, our members or others;
- All, or substantially all our assets, or the assets of an associated firm, are merged with or acquired by a third party, or we expand or re-organise our business, in which case your personal information may form part of the transferred or merged assets or we may need to transfer your information to new entities or third parties through which our business will be carried out;
- It is relevant in the circumstances to disclose the information to parties with whom we have co-promotional arrangements (such as jointly sponsored events);
- We provide anonymous statistical information about users of our websites and related usage information to reputable third parties, including analytics and search engine providers; or
- We use a third-party service provider to provide services that involve data processing, for example archival, auditing, reference checking, professional advisory (including legal, accounting, compliance, financial and business consulting), mailing house, delivery, technology, website, research, banking, payment, client contact, data processing, insurance, forensic, litigation support, marketing and security services.
- Some of the third parties with whom we share personal information may be located outside of the United Kingdom and / or the European Economic Area. While such third parties will often be subject to privacy and confidentiality obligations, you accept that such obligations may differ from and be less stringent than the requirements of the UK’s privacy laws. In those cases, we are not responsible for imposing the laws of the UK and you may not be able to seek redress under the laws in that jurisdiction.
- The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk. Once we have received your information, we will take reasonable steps to use procedures and security features to try to prevent unauthorised access, modification or disclosure. For example, if you communicate with us using email, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient.
- We take reasonable steps to hold information securely in electronic or physical form. Our information security policy is supported by a number of security standards, processes and procedures and we store information in access-controlled premises or in electronic databases requiring logins and passwords. We require our third-party data storage providers to comply with appropriate information security industry standards. All partners and staff and third-party providers with access to confidential information are subject to confidentiality obligations.
- In addition to our online services, which we control directly, we also use and provide links to websites which are controlled by third parties, which may include Twitter, LinkedIn and YouTube, where we have certain accounts and profiles.
- If you use or follow a link to any of these third-party websites, please be aware that these websites have their own privacy policies and that we cannot accept any responsibility for their use of information about you.
- Subject Access Requests – The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly and within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
- Sources from which we required the information;
- The purpose for processing the information; and
- Persons or entities with whom we are sharing the information.
- Right to rectification – You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking in to account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed.
- Right to erasure – You, the data subject, shall have the right to obtain from us confirmation of the erasure of personal data concerning you without undue delay.
- Right to restriction of processing – Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
- The processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use;
- We no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
- You, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections
- Notification obligation regarding rectification or erasure of personal data or restriction of processing – We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involved disproportionate effort. We shall provide you, the data subject, with information about the recipients if you request it.
- Right to data portability – You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit this data to another controller, without hindrance from us.
- Right to object – You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
- Right not to be subject to decisions based solely on automated processing – We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
- Invoking your rights – If you would like to invoke any of the above data subject rights with us, please write to Data Protection Officer, Woodhall Hills Golf Club, 288 Woodhall Road, Calverley, Pudsey LS28 5UN or send an e-mail to email@example.com. We may refuse to provide access and may charge a fee for access if the relevant legislation allows us to do so, in which case we will provide reasons for our decision as required by law.
- We may send you marketing materials relating to our services by email or post. If, at any time, you would prefer to stop receiving newsletters and updates from us, please use the “unsubscribe” option included in the email or other material or alternatively send an email to firstname.lastname@example.org.
- Accuracy of information – In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of this information. We also consider when it is necessary to update this information, such as name or address changes and you can help us by informing us of these changes when they occur.
STATUS OF THIS POLICY
CONTACT AND FURTHER INFORMATION
- If you make a privacy complaint, we will respond to let you know how your complaint will be handled. We may ask you for further details, consult with other parties and keep records regarding your complaint.