Boughton Golf is committed to safeguarding the privacy of our website visitors, clients and service users. Including, without exception clients sites and services. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. Our systems incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
In this policy:
“we”, “us” and “our” refer to Boughton Golf
“systems”, “servers” refer to the physical machines containing or processing data.
“infrastructure” refer to our system as a whole. In other words our collection of servers and related equipment and storage directly controlled by us.
“website” and “websites” refers to the website www.boughtongolf.co.uk and ANY website that resides within our infrastructure.
“GDPR” means General Data Protection Regulation
“DPA” means Data Protection Act
“ICO” means Information Commissioner’s Office
Our Data Protection Officer is:
2. Data Security
Our system are located in a secure online CRM which is GDPR compliant. The company who owns and hosts our data held in the CRM is located in Arizona, USA and stores the date in a secure server. Data is stored in accordance with GDPR (Inc: compatible UK regulations) and direct access to the infrastructure is strictly limited. Central administration of all systems data takes place in Ireland and the UK but can be accessed from various places, when system administrators are traveling and by the CRM support team in the USA. All traffic that transverses in-and-out of our systems is fully encrypted. All services are secured via HTTPS, this includes (but not limited to): Web traffic, Emails and backend server access. In short, our systems do not respond to unsecured traffic and actively attempts to upgrade any unsecured traffic to HTTPS. The lead supervisory authority is the Information Commissioner’s Office (ICO) in the United Kingdom: https://ico.org.uk/
3. Personal Security Breach Procedure
Inline with GDPR our advanced systems include software that actively detects data breaches. In the event of a personal data breach, we will notify the ICO. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify those concerned directly in accordance with the GDPR.
If we feel further attacks are possible or ongoing we reserve the right to shutdown systems, services and websites as far as we see appropriate to contain the security threat. We may consult with third party security experts at any time who may request access to our infrastructure.
4. Types of data held
Boughton Golf collates and collect a wide variety of data which relates to its primary role as a venue providing golf and hospitality service to it’s customers. To clarify the word collect, this means with the use of a form on a website. A customer/client enters the details manually themselves for a purpose stated at the time.
Data that can be collected by our systems includes (but not limited to):
Names, Addresses, Telephone Number, Email Addresses
Order Information, Shipping addresses, personal messages, delivery data, payment processing data
Data obtained using website tracking software such as Google Anlaytics, Facebook Pixels – this data is non-identifiable
Marketing data – IE: Newsletter Signup forms
Usernames and passwords for the purposes of Sign in – either to manage a service or access a members site.
Our infrastructure DOES NOT directly collect or store credit or debit card details and our websites do not directly process financial transactions. Financial processing is completed by third parties such as Paypal or Stripe. We abide by their security as applicable by their terms and conditions and UK Law.
Data that we collect and store for the purposes of managing our client accounts. This data is not collected via our systems but by our staff:
Bank details (sort code / account numbers)
Confidential company information
Company billing address details
4. How your data is used
Personal data is not used for any other purpose than for what it was intended. The intention is implied at the point where the data is entered. This means that if an address was entered to process an order, it will not be used for any other purpose other than to administer that order.
Marketing data supplied via a newsletter signup form (for example) will be used for all marketing purposes for a given client until a request is received by the individual. A request can come via any source however, opt-outs will always be provided on email communication so that individuals may remove themselves from a mailing list with immediate effect.
We do not sell or use data outside of the scope it was intended. Data is held until Boughton Golf receives a request from the individual or client to remove it.
5. Individuals’ Rights & Third Party Access Requests
We comply fully with the GDPR at DPA regulations and therefore we will respond to all requests that cover individuals’ rights.
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and the right not to be subject to automated decision-making including profiling.
Information will be provided, altered or deleted free of charge on request. However, we reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if we feel it is repetitive.
Third Party Subject Access Requests. We take individuals’ privacy very seriously. Demands from a third party company or legal authority requesting data about an individual to be supplied will only be honoured if the acting authority presents a relevant court order.
None of the cookies we use collect your personal information and they can’t be used to identify you. The length of time a cookie stays on your device depends on its type. We use two types of cookies on our websites.
5.1 Types Of Cookie
These are temporary cookies which only exist during the time you use the website (or more strictly, until you close the browser after using the website). Session cookies help our websites remember what you chose on the previous page, avoiding the need to re-enter information.
These stay on your device after you’ve visited our website. For example, if you tick the ‘Remember Me’ box when you login to check an order, a persistent cookie will be used so that the website remembers your choice the next time you use it. We also use session persistent cookies within our online shops to determine if you have added any products to your shopping basket. Persistent cookies help us identify you as a unique visitor, determine if you are logged in but don’t contain information that could be used to identify you to another person.
These monitor how visitors move around the Website and how they reached it. This is used so that we can see total (not individual) figures on which types of content users enjoy most, for instance. Most commonly we use:
Facebook Tracking Pixels:
5.2 Control Cookies in your browser
These links explain how you can control cookies via your browser – remember that if you turn off cookies in your browser then these settings apply to all websites not just this one:
Internet Explorer: http://support.microsoft.com/kb/278835 (this page links to further information for different versions of IE – the mobile version is at http://www.microsoft.com/windowsphone/en-us/howto/wp7/web/changing-privacy-and-other-browser-settings.aspx).
Safari: http://docs.info.apple.com/article.html?path=Safari/5.0/en/9277.html (or http://support.apple.com/kb/HT1677 for mobile versions)