Privacy
CGLMC Ltd (SC045236) Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ (“we”, “us” “Carnoustie Golf Links Management Committee”) is the Data Controller over any personal data (defined below) we process about you for the purposes set out in this Privacy Notice. We ensure that all personal data collected and used by us is managed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise that, in order to maintain our reputation and integrity as an open and professional organisation, we must be fully compliant with this legislation. CGLMC Ltd is registered as a data controller with the Information Commissioner (number Z5167695).
This privacy notice is for:
- our guests/volunteers/those that participate in our community programmes/those who take part in our Community Benefits Programme.
- those who visit our websites
- those that have signed up to receive marketing communication;
- those that have otherwise engaged with us either through our website, or directly by telephone, post, social media or email where you may have provided us with personal data;
- Professional contacts such as Partners and Suppliers.
- Trustees of CGLMC Ltd
This Privacy Notice explains how we use the personal data which we collect about you, how we keep it secure, who we share it with and to explain the legal rights you have in relation to your personal data. If you have any questions about this notice, please contact us by telephone at 01241 802270 or by email: admin@cglmc.org.uk.
Our Promise
In accordance with the Data Protection Law, we will ensure that your data is:
- used fairly and lawfully and in a transparent manner;
- used only for specific, explicit and legitimate reasons;
- adequate, relevant and not excessive having regard to the reason for which it is collected;
- accurate and up to date where possible;
- kept for no longer than necessary;
- used in line with your rights;
- kept secure; and
- transferred internationally only where necessary steps have been taken to ensure the adequate protection and security of the data.
We reserve the right to make minor amends or modifications to this Privacy Notice from time to time, without notice to you, and if we do so, we will post the updated notice on our website. If we make an important change that we need to tell you about, we’ll email you to let you know wherever possible.
What is Personal Data?
Personal Data: means any information relating to an identified or identifiable living person (‘data subject’); an identifiable living person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Special Category of Data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
When we use the term ‘personal data’ we mean both personal data and special category of data
Our Processing
Personal Data is collected in several different ways dependent on your interaction with us. We mostly receive the information from yourself but in some cases we may receive data from third parties. The table below sets out what personal data we process about you, where we get it from, why we use it, our legal basis and who we share it with. Otherwise we will only share your personal data:
- where we are required to share your personal data in accordance with law e.g. such as under a Court order, other authorities or any regulatory requirement to which we may be subject. We may also share information with the Police if we think it is necessary to assist in the apprehension of offenders or detection of crime;
- where we use third parties to undertake certain services on our behalf and in doing so they require to process personal data in order to do this. If so, we will ensure that adequate arrangements are in place to protect your personal data. These third parties include: our professional advisors, our website host provider, cloud storage suppliers, CRM suppliers, marketing platforms (including parties used for sending email marketing communications), IT infrastructure suppliers;
- within our corporate group to the extent this is necessary for the purpose for which it was collected;
- where we need to share your personal information as part of a sale of our assets, or corporate restructure;
- where we have your consent.
| Purpose | Personal Data | Lawful Basis | Will we share it with anyone not covered above? |
|---|---|---|---|
| To consider your application to our Community Benefits Programme and to issue awards | Name, email, address, telephone number, date of birth, gender, details of your bank account, your bank account statements, in conjunction with your application | Legitimate Interest of assessing applications and providing grants. | No |
| To represent CGLMC Ltd as a Trustee | Name, email, telephone, proof of ID, image | Performance of a contract. If you do not provide the requested personal data, you may not be able to represent CGLMC Ltd as a trustee. | No |
| To respond to your enquiries made by email, post, phone and social media. | Name, email address, telephone number, social media handle, postal address, any other you provide. | Legitimate Interest – to respond to enquiries. | No |
| When you telephone us, we will record your calls. | Any personal data provided on the call. | Legitimate Interest – for training and quality purposes. | No |
| To understand usage of our websites and behaviour advertising on our website. | Technical data, such as your IP address when you visit our website. | Legitimate Interest of understanding how our website is used so we can improve it. Legitimate Interest where we use essential cookies required to operate the website. Consent – for non essential cookies. |
Google Analytics (see Cookies Policy) |
| To contact you about important updates to the business | Your name, email, Season Ticket Number or reference number | Vital Interest – to keep you up to date with important updates to the business | Send Pulse |
| To manage our relationship with Partners and Suppliers. | Name, email, telephone number, | Legitimate Interest – of managing relationship. | No |
Do we share your personal information outside of the UK?
Most of our suppliers are based in the UK, however some of our suppliers may host some of the data they process on our behalf outside the UK, including the EU and US. Where this is the case, we have ensured any sharing of your personal data with third parties is in accordance with Data Protection Law and appropriate transfer mechanism are in place to keep your personal data safe. Please contact us for further information if you have any questions on this point.
Keeping your personal data safe
We have put in place appropriate technical and organisational security measures to protect your personal information and prevent it from being lost, destroyed, damaged, used, altered or disclosed. These measures are in place to protect your personal data in all circumstances where we use it.
How long do we keep your data for?
We will only keep your data for as long as we need to for the reason we have collected it. Please contact us for details about our retention schedule.
Your legal rights
We aim to keep your personal data up to date and welcome any updates to your details or corrections to any inaccuracies. You have certain rights under Data Protection Law which are set out below. If you wish to exercise these rights, please email admin@cglmc.org.uk. Your rights are:
- right to request access to your personal information – you can request a copy of the personal information we hold on you;
- right to request correction of your personal information – if any personal information we hold on you is incorrect, you can request to have it corrected;
- right to request erasure of your personal information – you can ask us to delete your personal information in certain circumstances;
- right to object to processing or restrict processing of your personal information – you may object to our processing of your personal data in certain circumstances;
- right to request the transfer of your personal information – to provide you, or a third party you have chosen, with your personal information;
- right not to be subject to automated decision-making and profiling; and
- right to withdraw consent – where we process your data on the basis of consent, you can notify us that you want to withdraw consent any time. Please note that this would not affect the lawfulness of the processing prior to your withdrawal.
Please note these rights are not always absolute and there may be some instances where we cannot fully comply. Where this the case we will explain this to you at the time.
If you have any data protection complaints or concerns, you may contact the Information Commissioner’s Office (ICO) by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Make a complaint about how an organisation has used your personal information | ICO
We’d like to try and help with any concerns you may have before you contact the ICO, so please get in touch with admin@cglmc.org.uk in the first instance.