Privacy Notice & Safeguarding

Beauport Park Golf & Country Club is part of Beauport Park Golf & Country Club Limited. This privacy policy explains how we use any personal information we collect about you when you use this website.
Topics:

* What information do we collect about you?
* How will we use the information about you?
* Marketing
* Access to your information and correction
* Cookies
* Other websites
* Changes to our privacy policy
* How to contact us

What information do we collect about you?
We collect information about you when you register with us or book a tee time. We also collect information when you voluntarily complete entry forms, registration cards, provide feedback and participate in competitions. Website usage information is collected using cookies.

How will we use the information about you?
We collect information about you to process your booking/order, manage your account and, if you agree, to email you about other products, news and services we think may be of interest to you.
We may use your information collected from the website to personalise your repeat visits to our website.
Beauport Park Golf & Country Club Limited will not share your information for marketing purposes with companies outside the Beauport Park Golf & Country Club Group.
In processing your order, we may send your details to, and also use information from credit reference agencies and fraud prevention agencies.

Marketing
We would like to send you information about products and services of ours and other companies in our organisation which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of Beauport Park Golf & Country Club Ltd.

If you no longer wish to be contacted for marketing purposes, please email us

beauportparkgolf@gmail.com

Access to your information and correction
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the following address. We may make a small charge for this service.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Other websites
Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

Changes to our privacy policy
We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 25th May 2021.

How to contact us
Please contact us if you have any question s about our privacy policy or information we hold about you:

by email
or write to us at Beauport Park Golf & Country Club Ltd, Battle Road, St Leonards-on-Sea, East Sussex
GDPR Club Policy
The club’s General Manager is responsible for overseeing the clubs conformity with the General Data Protection Regulation and is the designated Data Controller.

Monitoring Compliance
The club has already taken steps to inform the Directors, members, guests and staff of the implications of the change in the law regarding the storing and security of data. The General Manager will make spot checks to ensure that those responsible for handling and storing data are doing so in a professional and secure manner. This will involve informing internal data processors (office staff, Directors, section and team captains, match organisers and professional staff) of their obligations and the restrictions applicable at their level of access.

Procedures of Data Processors
Office staff, Directors, section and team captains, match organisers and professional staff are all classified as Data Processors (DP).

Each level of DP have different levels of access. With regards to the clubs software package, the access levels are managed by the Data Controller (DC)

Office
Membership – Office staff will need to process membership applications and forward details of the name and contact number of the new member to the relevant section Captain. All new members must be informed that this will take place unless they object. Under no circumstances are any other details to be passed on. This includes a copy of the application form. All completed application forms are stored securely in the office and must now be destroyed at year end. As a general policy, past members names will be kept on electronic file for 5 years before removal.

Competitions and societies – The data for these will be kept securely on the clubs database long as individuals have acknowledged that they wish to be contacted in the future about future events and promotions. Otherwise the office must destroy the data within 12 months of the competition or society visit.

Keeping Data Secure – All data must be kept secure. With regards to the clubs database, only the office staff and PR manager can have full webmaster access. This will be reviewed on an annual basis. All physical records must be kept under lock and key, with keys kept in the office key safe and only accessible to office staff. All computer screens must be locked when unattended and no personal data must be left lying around unattended. Personnel files are always to be locked and access is controlled by the DC.

Safe Storage of Data
All laptops, mobile devices must be password protected with passwords being changed annually. All paper documentation should be kept locked in the cabinets provided and destroyed by shredding when redundant (in the case of company records this should be done after 7 years).

The names of former employees and their length of service may be kept in the personnel files but full records are to be destroyed after a period of 2 years from when the employee left the company.

All external processors and handlers of data must furnish BPGC with an up to date copy of certification showing they are competent and qualified to handle third party data. In most cases this will be in the form of the Cyber Essentials programme. We also require a copy of their privacy policy to ensure it complies with GDPR.

In the case of competition processing, all open entry forms must come into the office and the office staff will list the names of all competitors on a spread sheet which will be handed over to the member responsible for the event (competition manager). Under no circumstances is personal data of an entrant to be passed onto the competition manager unless it is the contact phone number and/or email and it is relevant to the competition that they are contacted.

Access to personal data is secured via clubs software package and is limited by controller level.

Data Breaches
Any suspected data breaches should be brought to the immediate attention of the DC who will then in turn contact the company responsible for managing all the club’s IT (TQS Ltd)

Tom Forester 01227 830783 thomas.forester@tqsltd.co.uk
The ICO will need to be notified if the data breach is likely to result in a risk to the rights and freedoms of individuals i.e. discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, BPGC will also have to notify those concerned directly in most cases.

Any potential threats to security such as viruses, malware etc are to be reported to TQS and systems immediately shutdown until given the all clear by TQS.

Subject Access Requests
Members can access their own personal data at any time via their account. Further information can be requested, in writing, and addressed to the General Manager.

As a company we do not charge for complying with a request (from members, employees and visitors) and all requests should be satisfied within 30 days. BPGC can refuse a request, or charge for a request, if it is deemed manifestly unfounded or excessive.

If a request is refused, the individual must be informed why, and that they have the right to complain to the supervisory body and to a judicial remedy. This notification must be made without delay and within 30 days.