PRIVACY POLICY

At GMM Ltd, we are strongly committed to your right to privacy and to providing a safe, enjoyable and productive customer experience both off-line and on-line. Our Privacy Policy has been drawn up with those aims in mind, as well as to ensure compliance with the General Data Protection Regulations (EU) 2016/679, as well as the Data Protection Act 1998 (and any amendment of or replacement for that Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any amendment of or replacement for those Regulations), as well as any other data protection laws that apply from time to time (together the “Data Protection Laws”). In this Privacy Policy, references to ‘Staysure Amateur Golf Tour’, ‘Vale Do Lobo Matchplay’, ‘we’, or ‘us’ or ‘our’ mean Golf Marketing & Management Limited, a company registered in England and Wales, with company number 3198161, with its registered office address at GMM Limited, 19 Albert Drive, Deganwy, Conwy LL31 9SP. GMM Ltd is a data controller in that we determine the purposes and means of the processing of the personal data that we collect and are responsible for your data. Any questions concerning personal data should be addressed to the Data Protection Officer by email to info@gmmltd.co.uk or by post to GMM Ltd, 19 Albert Drive, Deganwy, Conwy LL31 9SP. Additionally, when applicable you can request us to adjust your preferences at any stage via email at info@gmmltd.co.uk. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. We reserve the right to modify or amend this Policy at any time and will display the effective date at the end of this Policy.

This Policy is organised into sections which you can scroll through to :
1. What personal data we collect
2. How we use your personal data
3. Security and storage
4. Your rights
5. Sharing your personal data
6. Cookies and other tracking technologies
7. Third party websites

1. What Personal Data we collect

As a golf event management business, we need to collect certain personal data (such as name, address and contact details) from you to ensure that we can make the arrangements for you to enter the golf event with the golf course, hotel and other suppliers. We will also collect your personal data to be able to provide you with details of future golf events and for the other purposes set out in this Policy. We will ask for your consent or rely on another legal basis for processing before we process your personal data, in accordance with the Data Protection Laws. Under the Data Protection Laws, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural or social identity of that natural person. We will collect personal data, such as your full name, address, email address and telephone number when you:
* make an enquiry with our sales team;
* make a booking for a golf event;
* make a payment for a golf event;
* register for an account in our secure customer portal;
* enter a competition;
* subscribe to our email newsletter;

If you make a booking with us we will also ask you to provide us with the name and contact details of the other members of your party.
Group data: If you provide us with the personal data of any other parties, for example, any other individuals included in your booking, you must ensure that you have the consent of those other parties to provide their information to us. We will use their personal data as necessary to perform the booking contract. Automated technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. Technical data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions we collect from the devices you use to access our website. We collect this personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Aggregated Data: We also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your information about how you use our website, products and services to calculate the percentage of users accessing a specific website feature and to improve our website service using this information. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

2. How we use your Personal Data

Enquiries:
When you make an enquiry about a golf event, we will use the personal data that you provide to us, such as name and contact details, to enable us to service your enquiry and take the steps that you request towards making a possible booking with us.

Bookings:
When you make a booking for a golf event, we will need to use your personal data such as name and address to make the arrangements to ensure that your booking is confirmed. This will usually require us to pass your personal data on to relevant third party suppliers such as hotels, transport providers, ground agents and destination management companies. In order to effect your booking, we may also need to provide your personal data: to security or credit checking companies and/or credit and debit card companies in order to take payment for your booking; and to regulatory or public authorities such as customs or immigration if required by them, or as required by law. Where we need to disclose your information to a third party for the fulfilment of your booking, we require that third party to have appropriate technical and organisational measures in place to protect your personal data and to process your data in accordance with our instructions and the Data Protection Laws. Data transfers outside of the EEA: If necessary we may need to transfer your personal data to third parties such as hotels, transport providers, ground agents and destination management companies located outside of the European Economic Area (EEA). This will be the case where you book a golf event that is based outside of the EEA, such as the USA or one of our other worldwide destinations. See the Section on “Sharing your Personal Data” for details of how we ensure adequate safeguarding of your personal data when transferring it outside of the EEA. Marketing communications:

We would like to be able to send you details of our offers and promotions by email, telephone, text message and/or post according to your choice. You can change your preferences at any time by simply updating your preferences by emailing us at info@gmmltd.co.uk. We will not send you any marketing communications unless you have expressly opted in to receive them.

You can also opt in by:
* Subscribing online for our email newsletters;
* Telephoning us on 0345 466 2222;
* Emailing us at info@gmmltd.co.uk;
* If you have opted-in to receive marketing communications from us, you can opt out at any time by:
* Clicking the unsubscribe link in our email newsletters;
* Telephoning us on 0345 466 2222; * Emailing us at info@gmmltd.co.uk;
* Where you have consented to do so, we may also use your personal data to keep you informed about the selected partner offers that may be of interest to you.

For other lawful purposes:
We will use your personal data for such other lawful purposes as are permitted under the Data Protection Laws and we will always obtain consent where required.

3. Security and storage

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. This includes, as appropriate: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. When you provide your personal data through our website, this information is transmitted across the internet securely using high-grade encryption. In addition to this, we are a PCI DSS compliant company. This means we adhere to high security standards in order to protect your payment card details when you make a booking over the phone or pay your balance through your online account in our secure customer portal. If we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The information that you provide to us will be held securely in our systems, which are located on our premises or those of an appointed third party. We will only allow access to your personal data by third parties who act for us for the purposes described in this privacy policy or for other purposes approved by you. We will only retain your personal data for as long as is appropriate and necessary to the fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, taking into account the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, and whether we can achieve those purposes through other means. We will limit the period for which personal data is stored to a minimum. We will set time limits for erasure or periodic review. You may request details of our retention policy and in addition, you have a right to have your personal data restricted or erased – see more details under “Your Rights” below.

4. Your rights

Your rights under the Data Protection Laws in relation to your personal data include (but are not limited to) the following:
You have the legal right to ask us to supply you with a copy of the personal data that we hold about you at any time free of charge. This could include booking information relating to events that you have booked through us. Further copies may incur a reasonable fee and also if your request is clearly unfounded, repetitive or excessive (or we may refuse to comply with your request in these circumstances).
You can also ask us to rectify any errors in your personal data or complete any incomplete data that we hold or you can update your own details at any time by accessing your online account in our secure customer portal. Where you have given your consent to our processing your data, you have the right to withdraw your consent at any time. If you withdraw your consent and there is no other legal ground for us to process your data, you can ask us to erase your personal data. You can also require us to erase your data if we have processed your data unlawfully or if the law requires us to erase your data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. You may also restrict the processing of your data: This enables you to ask us to suspend the processing of your personal data if: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.. You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

5. Sharing your personal data

We will share your personal data with suppliers or other third parties only on the legal basis indicated in this Privacy Policy.
Transfers outside of the EEA: Where we need to transfer your data to a third party supplier or service provider based in a country located outside of the EEA, either in order to fulfil your booking, or for the purposes of the third party providing us with a service, we will ensure that either the country to which the data is to be transferred has an adequate level of protection for data (as determined by the European Commission) or we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe or where a supplier or service provider is based in the US, we may transfer data to them if they have certified to the Privacy Shield Framework Principles which requires them to provide similar protection to personal data shared between the Europe and the US. If relevant in the future we may share your personal data with any member of our group of companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006) for internal administrative purposes including processing of personal data on the basis of being in our legitimate interests to do so. We ensure that our group companies follow the same rules when processing your personal data. These rules are called "binding corporate rules".
If GMM Ltd is sold to a third party, your personal data may be disclosed to the prospective buyer during the sale negotiations and on conclusion of the sale will be transferred as a company asset to the third party. This is necessary for our legitimate interests to be able to sell the company or its assets in the future, provided that we take all appropriate steps to keep your personal data confidential and secure at all times in accordance with this Policy and the Data Protection Laws, including requiring the third party to sign a confidentiality and non-disclosure agreement. Other than as previously stated, we will only disclose or share your personal data if necessary to comply with any legal obligation or in order to enforce or apply our Terms of Use, Booking Conditions and other agreements with you, or to protect the rights, property or safety of GMM Ltd, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. GMM Ltd will not give or sell any personal data to any third party companies, organisations or individuals without your prior consent.

6. Cookies and other tracking technologies

We use cookies and other tracking technologies on our site. These allow you to use our site and specific parts of the site effectively, as well as give us information about your use of our site which we use to develop and improve our site. A list of all the cookies that we use and what we use them for will be set out in our Cookies Policy. We do ask for your consent to cookies unless they are strictly necessary for the purpose of enabling the use of our website or a specific service that you request. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

7. Third party websites

Our site may, from time to time, contain links to and from the websites of our partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Privacy Policy last updated on 26th March 2019