Hinckley Golf Club Data Protection Policy

This policy applies to:

• Hinckley Golf Club Ltd
• All staff and volunteers operating on behalf of Hinckley Golf Club Ltd

Policy operational date:

• With effect from 24th May 2018
• Data Protection Officer: Helen Wilebore
• Date approved by Club Management:  9th May 2018
• Policy review date:  1st May 2020

Introduction

The purpose of this policy is to enable Hinckley Golf Club Ltd to:

• Comply with the law in respect of the data it holds about individuals
• Follow good practice
• Protect Hinckley Golf Club Ltd’s supporters, staff and other individuals
• Protect the organisation from the consequences of a breach of its responsibilities

The Data Protection Principles require that personal information is:

• Processed fairly and lawfully
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with the rights of individuals
• Secure
• Not transferred to others without adequate protection

This policy applies to information relating to identifiable individuals, even where it is technically outside the scope of the Data Protection Act, by virtue of not meeting the strict definition of ‘data’ in the Act.  

Policy Statement

Hinckley Golf Club Ltd will:

• Comply with both the law and good practice
• Respect individuals’ rights
• Be open and honest with individuals whose data is held
• Provide training and support for staff and volunteers who handle personal data, so that they can act confidently and consistently

Hinckley Golf Club Ltd has identified the following potential key risks, which this policy is designed to address:

• Breach of confidentiality (information being given out inappropriately)
• Insufficient clarity about the range of uses to which data will be put — leading to Data Subjects being insufficiently informed
• Breach of security by allowing unauthorised access
• Failure to establish efficient systems of managing changes leading to personal data not being up to date
• Harm to individuals if personal data is not up to date
• Insufficient clarity about the way staff or volunteers’ personal data is being used e.g. given out to general public.

Responsibilities

The Board of Directors recognises its overall responsibility for ensuring that Hinckley Golf Club Ltd complies with its legal obligations.

The Data Protection Officer is Helen Wilebore, with the following responsibilities:

• Briefing the board on Data Protection responsibilities
• Reviewing Data Protection and related policies
• Advising other staff on Data Protection issues
• Ensuring that Data Protection induction and training takes place
• Notification
• Handling subject access requests
• Approving unusual or controversial disclosures of personal data

All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Significant breaches of this policy will be handled under Hinckley Golf Club Ltd’s disciplinary procedures.

Security

This section of the policy only addresses security issues relating to personal data. It does not cover security of the building, business continuity or any other aspect of security.

Hinckley Golf Club Ltd has identified the following risks:

• Staff or volunteers with access to personal information could misuse it
• Poor website security might give a means of access to information about individuals once individual details are made accessible online
• Staff may be tricked into giving away information, either about supporters or colleagues, especially over the phone, through “social engineering”
• Setting security level access to information on the main computer system will be controlled by the DPO

Data Recording and Storage

Hinckley Golf Club Ltd will regularly review its procedures for ensuring that its records remain accurate and consistent and, in particular:

• IT systems will be designed, where possible, to encourage and facilitate the entry of accurate data
• Data on any individual will be held in as few places as necessary and all staff will be discouraged from establishing unnecessary additional data sets
• Effective procedures will be in place so that all relevant systems are updated when information about any individual changes
• Members' data held on the website will require the permission of the member before the data becomes accessible to other members. Permissions will be obtained by way of tick boxes required to be completed by each member when they first log on. These permissions may be withdrawn at any time by the member

Data will be stored on site. Hinckley Golf Club Ltd will retain data for a minimum period of 6 years.

Archived paper records of members are stored on site.

CCTV

Hinckley Golf Club Ltd has:

• Installed a CCTV system which produces clear images which the law enforcement bodies can use to investigate crime and these can easily be taken from the system when required
• Sited cameras so that they provide clear images
• Positioned the cameras to avoid capturing images of persons not visiting the premises
• Sited monitors in positions that provides the staff with the security required whilst restricting as far as is practical the ability of the public to see them
• Placed visible signs showing that CCTV is in operation
• A limited number of authorised persons (Disciplinary Committee) may access the recorded images from the CCTV system, which are securely stored. The recorded images are held for 28 days and with the exception of law enforcement bodies, images will not be provided to third parties

Policy review

The policy is to be reviewed on an annual basis or at such time that the Data Protection Act is amended.

Members' Privacy Statement

When you request information from Hinckley Golf Club Ltd, sign up to any of our services, or buy things from us, Hinckley Golf Club Ltd obtains information about you. This statement explains how we look after that information and what we do with it.

We have a legal duty under the Data Protection Act to prevent your information falling into the wrong hands. We must also ensure that the data we hold is accurate, adequate, relevant and not excessive. We will not use your data or pass it to any other party for marketing products or services to you unless you have given your consent.

Members' email address and/or telephone numbers may be given to other current members of the club for the purposes of facilitating activities pertaining to the club, where the information is not currently available on the members' directory via the club website.

Normally the only information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required in order to provide you with the information, service or goods you need. You do not have to provide us with any additional information unless you choose to. We store your information securely on our computer system, we restrict access to those who have a need to know, and we train our staff in handling the information securely.

Our website does capture and retain member ‘Log-in’ activity and ‘email receipt’ information. This is only used by Administrators to help understand website traffic levels and email effectiveness.  Intelligent Golf do use limited ‘cookies’ to help run the web site - all are considered legitimate use of cookies. If you require more information you can look here: https://www.intelligentgolf.co.uk/cookie-usage.php

We also share your handicap details with England Golf, so that they can run their central database of handicaps and provide your CDH number.

We may also like to contact you in future to tell you about other services we provide. You have the right to ask us not to contact you in this way. We will always aim to provide a clear method for you to opt out. (Currently this is via your ‘Preferences’, found under the ‘My Golf’ tab, or by simply unsubscribing from emails). You can also contact us directly at any time to tell us not to send you any future marketing material.

You have the right to a copy of all the information we hold about you.  To obtain a copy, write to the Data Protection Officer at Hinckley Golf Club Ltd We aim to reply promptly and within the legal maximum of 40 days.

If you are not satisfied with the way we have managed your personal data, please contact our Data Protection Officer (Helen Wilebore) who will address your concerns. 

______________________________________________________________________________________________________________________________