Our Data Handling Policy

DATA PROTECTION POLICY

Jan 2018

Crown Golf respects your privacy. Your personal data is protected in the UK by the Data Protection Act 1998 and the forthcoming General Data Protection Regulation. Under the Data Protection Act, we have a legal duty to protect any information we collect from you. Any information that you give us is held with the utmost care and security. It will not be used in ways to which you have not consented. We do not and will not pass on your details to any third party or government department unless you give us permission to do so or as otherwise required by law.

Policy Information

This policy applies to:
Members of Crown Golf
all sites under the control of Crown Golf
all staff operating on behalf of Crown Golf
Crown Golf will use its best endeavours to ensure that staff and contractors of the clubs adhere to this policy at all times.

Introduction

The purpose of this policy is to enable Crown Golf to:
comply with the law in respect of the data it holds about individuals
follow good practice
protect Crown Golf members, staff and visitors
protect the organisation from the consequences of a breach of its responsibilities

The data protection principles require that personal information is:
processed fairly and lawfully
processed for limited purposes
adequate, relevant and not excessive
accurate and up to date
not kept for longer than is necessary
processed in line with the rights of individuals
secure
not transferred to other countries without adequate protection

This policy applies to information relating to identifiable individuals.

Policy Statement

Crown Golf will:
comply with both the law and good practice
respect individuals’ rights
be open and honest with individuals whose data is held
provide training and support for staff who handle personal data, so that they can act confidently and consistently

Crown Golf has identified the following potential key risks, which this policy is designed to address:
breach of confidentiality (information being given out inappropriately).
insufficient clarity about the range of uses to which data will be put — leading to data subjects being insufficiently informed
breach of security by allowing unauthorised access.
failure to establish efficient systems of managing changes leading to personal data being not up to date.
harm to individuals if personal data is not up to date.

Responsibilities

Crown Golf recognises its overall responsibility for ensuring that Crown Golf complies with its legal obligations.
The Data Protection Officer (DPO) is the person with the following responsibilities:
briefing Crown Golf on data protection responsibilities
reviewing data protection and related policies
advising other staff on data protection issues
handling subject access requests

All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
Significant breaches of this policy will be handled under Crown Golf disciplinary procedures.

Security

This section of the policy only addresses security issues relating to personal data. It does not cover security of the building, business continuity or any other aspect of security.
Crown Golf has identified the following risks:
staff with access to personal information could misuse it
poor website security might give a means of access to information about individuals once individual details are made accessible on line
staff may be tricked into giving away information, either about members or colleagues, especially over the phone, through “social engineering”

Data Recording and Storage

Crown Golf will regularly review its procedures for ensuring that its records remain accurate and consistent and, in particular:
our IT systems will be designed, where possible, to encourage and facilitate the entry of accurate data.
data on any individual will be held in as few places as necessary and the holding of unauthorised or unofficial data sets is against company policy.
effective procedures will be in place so that all relevant systems are updated when information about any individual changes.
members data held will be released to other members in order to facilitate the golfing activities of the club. This will only be mobile and/or email for contact/communication. By entering any competitions you are deemed to have given permission for essential data such as your telephone number to be released to another relevant member or members. This permission may be withdrawn at any time by the member in notifying in writing to the club secretary at any time or by indicating this on the Club’s competition entry form(s)
further details of this are contained in the privacy statement contained below.

CCTV

Crown Golf has:
installed a CCTV system which produces clear images which the law enforcement bodies can use to investigate crime and these can easily be taken from the system when required.
sited cameras so that they provide clear images.
positioned the cameras to avoid capturing images of persons not visiting the premises.
sited monitors in a position that provides the staff with the security required whilst restricting as far as is practical the ability of the public to see them.
placed visible signs showing that CCTV is in operation.
a limited number of authorised persons that may access the recorded images from the CCTV system, which are securely stored. The recorded images are held for 28 days and with the exception of law enforcement bodies, images will not be provided to third parties.

Policy Review

The policy is to be reviewed on an annual basis or at such time that the Data Protection Act or the forthcoming General Data Protection Regulation is amended.

Privacy Statement

When you request information from Crown Golf, sign up to any of our services or buy things from us, Crown Golf obtains information about you. This statement explains how we look after that information and what we do with it.
We have a legal duty under the Data Protection Act 1998 and the forthcoming General Data Protection Regulation to prevent your information falling into the wrong hands. We must also ensure that the data we hold is accurate, adequate, relevant and not excessive. Member’s email address and/or telephone numbers may be given to other current members of the club for the purposes of facilitating activities pertaining to the club, where the information is not currently available on the member’s directory via the club website.

Normally the only information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required in order to provide you with the information, service or goods you need. You do not have to provide us with any additional information unless you choose to. We store your information securely on our computer system, we restrict access to those who have a need to know, and we train our staff in handling the information securely. Subject to your indicated approval we may also like to contact you in future to tell you about other services we provide. You have the right to ask us not to contact you in this way.

We will always aim to provide a clear method for you to opt in. You can also contact us directly at any time to tell us not to send you any future marketing material. You have the right to a copy of all the information we hold about you (apart from a very few things which we may be obliged to withhold because they concern other people as well as you). To obtain a copy, please write to the Data Protection Officer (DPO) at Crown Golf  dpo@//crown-golf.co.uk

Crown Golf reserves the right to charge you for a copy of your data (as permitted by law). We aim to reply as promptly as we can and, in any case, within the legal maximum of 40 days.