UPDATED MAY 23RD 2018

OUR PRIVACY MISSION STATEMENT

At Carr Golf, we value the trust placed in us by customers, suppliers and colleagues who give us their personal data. Data security is one of our highest priorities and we aim to be as clear as possible about what we do with personal data and why we do it.

OUR PRIVACY STATEMENT FOR CARR GOLF

Your privacy is really important to us, and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do and why we do it. Carr Golf is committed to the privacy of all its users and customers.

WHO ARE WE

Carr Golf & Corporate Travel Limited, trading as Carr Golf (referred to in this Policy as “Carr Golf”, “we”, “us” and ”our”), a limited company (company registration number: 196068) whose registered address is 12d Joyce Way, Parkwest Business Park, Nangor Road, D12.

WHO THIS POLICY APPLIES TOO

This Privacy Policy covers our treatment of your personal information that we gather when you are interacting with Carr Golf as a member, customer, visitor, vendor, supplier, website user, or otherwise (a “Data Subject”). In the course of our business, we gather various types of information about our Data Subjects including information that identifies you as an individual (“Personal Data”) as explained in more detail below.

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”), the data controller is Carr Golf & Corporate Travel Limited whose registered office is Carr Golf, 12d Joyce Way, Parkwest Business Park, Nangor Road, D12.

WHO CAN YOU CONTACT IF YOU HAVE QUESTIONS OR REQUESTS?

Our Data Protection Officer can handle any questions or requests relating to this Policy or your Personal Data. For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at the Data Protection Manager at:

Email: marketing@carrgolf.com

Phone: +353 1 822 6662 or US Toll Free 1 855 617 5701

Post: Carr Golf, 12d Joyce Way, Parkwest Business Park, Nangor Road, D12.

KEY PRINCIPLES

We value your Personal Data entrusted to us and we are committed to processing your Personal Data in a fair, transparent and secure way. The key principles that Carr Golf applies when dealing with your personal data are as follows:

• Lawfulness: we will only collect your Personal Data in a fair, lawful and transparent manner.
• Data minimisation: we will limit the collection of your Personal Data to what is directly relevant and necessary for the purposes for which they have been collected.
• Purpose limitation: we will only collect your Personal Data for specified, explicit and legitimate purposes and not process your Personal Data further in a way incompatible with those purposes.
• Accuracy: we will keep your Personal Data accurate and up to date.
• Data security and protection: we will implement technical and organisational measures to ensure an appropriate level of data security and protection considering, among others, the nature of your Personal Data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of Processing.
• Access and rectification: we will process your Personal Data in line with your legal rights.
• Retention limitation: we will retain your Personal Data in a manner consistent with the applicable data protection laws and regulations and for no longer than is necessary for the purposes for which it has been collected.
• Protection for international transfers: we will ensure that any of your Personal Data transferred outside the EEA is adequately protected.
• Safeguards re third parties: we will ensure that Personal Data access by (and transfers to) third parties are carried out in accordance with applicable law and with suitable contractual safeguards.

Lawfulness of direct marketing and cookies: if we send you promotional materials or place cookies on your computer, we will ensure that we do so in accordance with applicable law.

INFORMATION WE COLLECT

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

• Identity Data including first name, last name, or similar identifier, title and gender:
• Contact Data including residential address, email address and telephone numbers;
• Financial Data including credit card details if only requested to do so;
• Transaction Data including details about payments to and from you and other details of products and services you have purchased from us, including tee times, green fees, etc.;
• Handicap Information including your GUI/GHIN handicap history;
• Technical Data including internet protocol (IP) address. When you visit our website, we will automatically receive your IP address, a unique identifier for your computer or other access device. To help us design our website and improve your experience, we may collect information about the way you use and access our website. Our web system collects information about each visitor, including IP address, the length of time spent on the website and the order in which pages are visited. We may employ third party experts to help us look at this information. However, we make sure that anyone we employ treats all information with the same sensitivity and security that we treat it. This is explained in more detail in the cookies section below.

We collect the personal data that you may volunteer while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or private organizations. We do not collect or use personal data for any purpose other than the specific services.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

LAWFUL BASIS FOR PROCESSING

Please note that in accordance with applicable data protection law, your Personal Data can be processed if:

• you have given us your consent for the purposes of the Processing. For the avoidance of doubt, you will always have the right to withdraw your consent at any time;
• it is necessary for the performance of a contract to which you are a party;
• with such processing, we pursue a legitimate interest that is not outbalanced by your privacy rights. Such legitimate interest will be duly communicated to you if applicable; or it is required by law.

HOW WE USE YOUR INFORMATION / PURPOSES OF PROCESSING

We will only process your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data further in a way that is incompatible with those purposes.

We use the information given to us by you to provide the services you request from us in the way that is set out in this privacy policy. We may use your Information to (but not limited too):

• Create and manage your account, when you purchase goods and/or services from us;
• Provide quotes for our products and services;
• Process your purchase transactions;
• Manage your subscriptions;
• Members/Customers – Subscribe you to a newsletter, send product updates or technical alerts if you have opted in;
• Communicate with you about and manage your participation in event activities;
• Secure our systems and applications;
• Enforce our legal rights or comply with legal requirements;

DISCLOSURE OF PERSONAL DATA

Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:

1. a) Within our organisations and our brand environment:

• Our authorized staff members;
• Our affiliates and subsidiary companies;

1. b) Third party business partners:

• Advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;
• Business partners: for example, trusted companies that may use your Personal Data to provide you with the services and/or the products you requested and/or that may provide you with marketing materials (provided that you have consented to receiving such marketing materials). We ask such companies to always act in compliance with applicable laws and this Policy and to pay high attention to the confidentiality of your personal information;
• Service providers of Carr Golf: companies that provide services for or on behalf of Carr Golf, for the purposes of providing such services (for example, Carr Golf may share your Personal Data with external providers of IT related services or fulfillment companies);

1. c) Other third parties:

• when required by law or as lawfully necessary to protect Carr Golf:
• to comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.;
• to verify or enforce compliance with Carr Golf’s policies and agreements; and
• to protect the rights, property or safety of Carr Golf and/or its customers;
• in connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganization or liquidation of all or part of Carr Golf’s business.

VISITORS TO OUR WEBSITES

When someone visits our website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

WEBSITE HOST

We use a third party service, DMac Media, to publish our website. This site is hosted by Servers in Ireland. We use a standard service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.

STORAGE OF DATA

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will not store your personal information for any longer than we need to, however we may be obliged by law to store your communications and personal information including activity logs and we may need to show details of these to government or authorized officials upon request. Like many websites, we use log files to monitor the effectiveness of our website.

The data we collect from you will be stored within the EU. By providing us with this data, you agree to this storing and/or processing. All our data is stored on our secured servers or on secure servers that are operated by a third party. If we have provided you with a password which enables you access to our website, you are responsible for keeping this password confidential.

CONFIDENTIALITY/SECURITY

We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.  We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from:

• Unauthorised access
• Improper use or disclosure
• Unauthorised modification
• Unlawful destruction or accidental loss
• Unlawful processing

All our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our members’ and visitors’ personal data. We ensure that your personal data will not be disclosed to State institutions and authorities except if required by law, other regulation or for funding purposes.

BREACH MANAGEMENT

In the event that any personal information is accessed without authorization, Carr Golf will refer the information to the office of the Data Protection Commissioner within two working days of becoming aware of the incident, outlining the circumstances surrounding the incident. Further steps will be taken in consultation with the office of the Data Protection Commissioner thereafter.

ACCESS TO THE PERSONAL DATA WE MAY HOLD ABOUT YOU

You can ask us whether we are keeping personal data about you upon request, which you can indicate by:

Sending an email to dataprotection@carrgolf.com

Post:Carr Golf, 12d Joyce Way, Parkwest Business Park, Nangor Raod, D12

We will provide you with a readable copy of the personal data which we keep about you, within one month of receipt of this request – although we will before require proof of your identity. This can be extended by two months where the request for rectification is complex. We will provide this information free of charge.

We will however charge a reasonable fee when a request for information is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with the requests for further copies of the same information. This fee is based on the administrative cost to provide this information.

We allow you to challenge the data that we hold about you and, where appropriate, you may have the data erased, rectified or amended if it is incorrect or inaccurate. We reserve the right to refuse to provide our visitors with a copy of their personal data if the request is manifestly unfounded or excessive, but we will give reasons for our refusal. We do, however, allow you to challenge our decision to refuse to provide you with a copy of your personal data. You have the right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

ERASURE OF DATA

You have a right to have your personal data erased to prevent processing in the following specific circumstances:

• Where the personal data is no longer necessary in relation to the purposes for which it was originally collected/processed.
• If you wish to withdraw consent.
• If you object to the processing and there is no overriding legitimate interest for continuing the processing.
• The data was unlawfully processed in accordance with the GDPR.
• The personal data has to be erased in order to comply with a legal obligation.
• The personal data is processed in relation to the offer of information society services to a child.

KEEPING YOUR INFORMATION SECURE – TO HELP US KEEP YOUR INFORMATION CONFIDENTIAL YOU SHOULD:

• If provided a password, you should keep your password secret.
• Never distribute the website addresses for pages that you have looked at while logged in as a registered member or visitor.
• You should choose a password that is not obvious or known to anyone else. You should never give a third party your password, as you will be responsible for all activity and charges incurred through use of your password whether authorized by you or not.

If you forget your password, you can request a new password, which will be emailed to the address we hold for you. You can change your password anytime through your account on the website. Should we think that there is likely to be, or has been any breach of security, we may change your password and notify you of the change by email.

NOTIFICATION OF CHANGES TO THIS POLICY

If we decide to change our Privacy Policy, we will post these changes on this website so you know what information we collect and how we use it. If at any point we decide to use personally identifiable information in a way different from that told to you at the time it was collected, we will tell you. You will have a choice as to whether or not we use your information in this different manner.

SUMMATION

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Carr Golf’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address dataprotection@carrgolf.com.