GolfBox Club Management System

This club / organization has a license for GolfBox Club Management System and use various modules and services connected to this product. GolfBox is processing data on behalf of this club / organization.

These modules and services are described further below.

Members within this club / organization are a part of a greater network of members, clubs / organizations and the national golf union. Members, clubs/organizations, teaching pro’s, and tour operators can search for members and add members to e.g. tee times, tournaments, lessons, and courses. Personal data, such as member number, name, gender, handicap, and age are available to them when a member signs up or is signed up to an event in another club / organization. Contact information is also available for e.g. cancellation reasons but not to other members. To prevent data from being exchanged between clubs/organizations, members can choose to be anonymous in the member profile when logged in to GolfBox.




GolfBox Member System

The processed data

  • The subject matter and duration of processing
    • Members are created and maintained for the entire duration of the membership within the club / organization. If a member resigns the member is categorized as a former member and can be fully deleted upon member request and is automatically deleted/anonymized after 3 years or earlier depending on the specific club / organization retention schedule.
      Deletion may be subject to prolongation if required by other national legislation.
  • The nature and purpose of the processing
    • Members are maintained to give the club / organization the ability to provide the members with services and functionalities, keep track of member status/categories, collect membership fees, and more.
  • The types of personal data
    • GolfBox may process personal data such as member number, debtor number, name, gender, telephone/mobile, mail address, postal addresses, financial records on behalf of the club / organization. Profile pictures can also be processed after specific member opt-in consent.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



GolfBox Tee Time Booking

The processed data

  • The subject matter and duration of processing
    • Members can allocate/book tee times with the club / organization and are registered with a specific date and time. Data is processed for the duration of 5 years until it is automatically deleted/anonymized. Data with no reference to the member can be processed without any expiry.
  • The nature and purpose of the processing
    • Records of booked tee times are processed to give the club / organization the ability to create income from green fees, to offer their members the service of playing golf, and to optimize course utilization based on statistical data.
  • The types of personal data
    • GolfBox may process personal data such as member number, name, gender, union status telephone/mobile, e-mail address, postal address, transaction purchase and amount on behalf of the club / organization.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



Financial Systems Integration

The processed data with sub-processor

  • The subject matter and duration of processing
    • Members are invoiced by the club / organization and data are registered within GolfBox with their financial records. This registration is processed for the entire period of the membership within the club / organization and will be deleted/anonymized along with the member record. Data can be transferred to the financial integration partner specifically chosen by the club /organization and only after instruction from the club / organization to GolfBox. 
  • The nature and purpose of the processing
    • The club / organization can invoice members individually or as a group, and/or specific member groups/categories, generating financial transactions and transfer these data to financial systems where invoicing and the collection of payment occurs. Status of payment collection and financial records generated outside GolfBox can be transferred back to GolfBox Member System.
  • The types of personal data
    • GolfBox may process personal data such as member number, debtor number, name, member categories, telephone/mobile, e-mail address, postal addresses, transaction purchase and amount on behalf of the club / organization.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



Players First integration

The processed data with sub-processor

  • The subject matter and duration of processing
    • Players First offers clubs/organizations a software product which enables the clubs/organizations to conduct surveys and follow up, based on members and activity data. GolfBox provide and transfer data to Players First. Nothing in this regard is registered with GolfBox.
  • The nature and purpose of the processing
    • Clubs/organizations using Players First will receive valuable information about members and guests to improve their product and increase their business.
  • The types of personal data
    • GolfBox may process personal data such as member number, name, gender, telephone/mobile, e-mail address, postal address on behalf of the club / organization.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



National Union Database Integration

The processed data with sub-processor

  • The subject matter and duration of processing
    • Personal data for members and member activities are transferred to the national union / federation database under which the member exists. There is no specific registration of this within GolfBox. All data are already processed with each designated module in GolfBox and is kept for as long as the record in each module exists.
  • The nature and purpose of the processing
    • Golf Unions / federations such as Danish Golf Union and Norwegian Golf Federation rely on having all national members in their own database even if they originate from different software supplier companies in the market such as GolfBox.
  • The types of personal data
    • GolfBox may process personal data such as member number, name, gender, telephone/mobile, e-mail address, postal addresses on behalf of the club / organization.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



Hosting

The processed data with sub-processor

  • The subject matter and duration of processing
    • General hosting of all software code and data. Personal data is processed for different retention periods and is individually specified for each module.
  • The nature and purpose of the processing
    • For having our entire system in operation, we host at various hosting providers such as Athena, Microsoft Azure and Amazon Web Services (AWS).
  • The types of personal data
    • GolfBox may process personal data such as member number, debtor number, name, gender, telephone/mobile, e-mail address, postal addresses, financial records on behalf of the club / organization.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



SMS - TEXT message integration

The processed data with sub-processor

  • The subject matter and duration of processing
    • Members can choose to subscribe to text services from GolfBox providing them with text messages on member related events within the GolfBox module of which the member has chosen to subscribe to.  GolfBox registers the traffic information and this is processed for the duration of 5 years until it is automatically deleted/anonymized. Data with no reference to the member can be processed without any expiry.
  • The nature and purpose of the processing
    • Members using the text service can opt in to be informed about certain events such as upcoming tee times, lessons and more. Payment of this falls on the member. A club / organization can push out text messages to all their members with a cell phone number registered and payment of this falls on the club / organization.
      Information about the member is transferred to the SMS integration partner such as CIM Mobility, who carries out the distribution of messages to members no matter which cell phone provider is used by the member.
  • The types of personal data
    • GolfBox may process personal data such as name and mobile number on behalf of the member or club / organization.
    • GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
  • The category of the data subject
    • Member
  • The physical location (of servers) where personal data is processed
    • GolfBox hosting environment is located within EU/EEA



Security measures

The processor is required to ensure a high level of security in its products and services, which is ensured by relevant organizational, technical, and physical security measures required by information on security measures as described in Article 32 of the GDPR.

The processor regularly evaluates the security measures in place for all products and services to ensure they meet industry standards.

Currently the security measures evaluate to these main elements:

  • Data is encrypted in transit via HTTPS and SSL certificates
  • The data importer will use up-to-date virus checking software to assist the prevention and detection of malware or similar damaging code within the data importer’s systems
  • The data importer implements firewalls in a manner that prevents them from being bypassed
  • All individuals hired by or otherwise working for the data importer are assigned unique accounts which must not be shared, and must be kept confidential
  • Individuals are forced to change passwords upon first logging into an account
  • Password configurations are enforced and ensure a minimum level of password integrity
  • Policies ensures leavers will have access permissions promptly revoked
  • Remote access is through secure VPN