Definitions
-
Customer
means an entity with which GGS has a commercial relationship. In most cases, this is a private golf club, a public golf facility, a resort or a golf association other than Affiliated Golf Associations (AGAs) of the USGA. In some cases, the Customer is a natural person (“Person”), as is the case with users of our golf trip and golf league services. In such cases, the Person is both a Customer and a User.
-
User
is a Person who participates in or manages Customer golf events and for whom we may collect, retain and process User Data, including personally identifiable information (“PII”), such as name and email address, as supplied by a Customer or directly by a User.
- User Datais all data about a User that is provided to GGS directly by the User or indirectly by the Customer and can include PII.
-
Service
is the set of software platforms owned and managed by GGS and made available to Customers and Users. The Service consists of:
- A web based “Manager Site” accessed only by Customers to plan and execute golf tournaments or other events.
- A web based “Portal” created by GGS for every golf event and managed by the Customer that created the event and accessed by Users participating in the event or other Persons granted viewing access. The content on each Portal is determined solely by the Customer and may include registration forms defined by Customer to collect User Data, including PII and other User Data about Users other than the User populating the form (e.g., guests of the User).
- A mobile app (iOS and Android) available to Customers and Users to enter scoring data, capture and upload photos and view event content.
- The ability for a Customer to upload and download spreadsheets that contain User Data, to import User Data into GGS from other Customer IT systems, and to use GGS supplied APIs to import and export User Data.
User Data We Collect and Receive
- We collect information provided by Users via Customer-designed registration forms on Portals. The only User Data required by GGS to provide the Service is a User's name, but the Customer can collect additional User Data by including other fields in Customer-designed registration forms.
- User Data is often provided by Customers on behalf of Users via spreadsheets and synchronization to other Customer systems via APIs or by other means. The Customer is responsible for obtaining all legally required consents and authorizations from Users for whom Customer is supplying User Data to GGS.
- GGS provides a credit card payment facility as part of our registration system that can be used by Customers to collect payments for events. GGS only uses payment providers that allow us to process payments without any access whatsoever to the User's credit card information. Credit card details and receiving bank information flow directly from the User's browser to the payment processor. In some cases, the payment provider provides a “token” that we can later use to identify a User to the payment provider.
- In order for us to provide the Service to Customers and Users, we may also collect User-related information other than User Data, including, for example, IP addresses and other device information, types of browsers used to access the Service, dates and times of access to the Service and “support tickets” submitted by Customers and Users.
How We Use Information
GGS does not own, control or direct the use of any User Data stored or processed by a Customer or User via the Service.
Only the Customer or User is entitled to access, retrieve and direct the use of such User Data. GGS is largely unaware of what User Data is actually being stored or made available by a Customer or User to the Service and does not directly access, share with others, sell, give away or use such User Data except as described in this Privacy Policy.
- Under control of and at the direction of the Customer, we process User Data to provide the Service to Customers and Users.
- We process User Data to better understand how Customers and Users access and use the Service so that we can better understand their needs and plan improvements to the Service.
- We process User Data to communicate via email with Customers and Users for the purposes of educating them about the Service, communicating information about new features of the Service, and alerting them about planned outages for maintenance or new features.
-
We use Google Analytics to measure and evaluate access to and traffic on the Service, and create user navigation reports for our Service administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate Users' and Customers' activity on the Service on behalf of GGS. For more information, see
Google Analytics Privacy and Data Sharing.
Google Analytics' opt-out browser add-on
designed for this purpose.
How We Share and Disclose User Data
Except as described in this Privacy Policy, we do not sell, share, transfer or otherwise intentionally disclose User Data to third parties. We do not disclose User Data to third parties for their marketing purposes.
- With Your Consent: We may disclose User Data to third parties at your direction or if you otherwise consent to us doing so.
- Information that You Make Publicly Available: Any information that you voluntarily choose to include in a public profile page will be available to anyone who has access to such profiles.
- Service Providers: We work with third-party service providers to provide components of the Service; these include, for example, hosting providers, email delivery, text message delivery, problem reporting and our knowledge base. These third parties may have access to and process User Data as part of providing those services for or to us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
- Non-PII: We may make certain automatically-collected, aggregated, or otherwise non-PII available to third parties for various purposes, including (i) for compliance with various reporting obligations; (ii) for legitimate business purposes; or (iii) to provide data to those who seek to better understand how golfers engage with the game (the USGA, for example).
- Law Enforcement, Legal Process and Compliance: We may disclose User Data if required to do so by law or in the good-faith belief that such action is necessary (i) to comply with applicable laws, (ii) in response to a valid court order, judicial or other government subpoena or warrant, or (iii) to otherwise cooperate with law enforcement or other governmental agencies.
- To Protect Us and Others: We may disclose User Data when we believe, in good faith, that such disclosure is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
- Change of Ownership or Bankruptcy: We may disclose or otherwise transfer User Data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership.
Data Retention
Customers organize data into events, and some User Data is stored as part of the data that Customers store about their events. To facilitate Customers accessing and analyzing data from past events, GGS does not delete any User Data associated with an event unless and until a Customer or User instructs us otherwise.
User Right to Access, Correct, and Delete User Data
We respect User privacy rights, and we provide Users with reasonable access to the User Data that we maintain for the purpose of providing the Service. For Users who have created a User account with GGS, a user profile is maintained, and Users can access their profile and make changes to their User Data. Users are able to correct inaccuracies in their data through their profile.
With respect to User Data that is stored with Customer event data, Users can request that such data be corrected or deleted by contacting the respective Customer. Customers can then correct or remove User Data or modify the data so that it does not contain PII, but in so doing may compromise the integrity of stored event data. If a Customer cannot or does not correct or remove User Data at the request of a User, or if a User has any questions about, or requests relating to, GGS processing of their User Data, the User should contact us at dpo@golfenius.com.
Security
GGS takes steps designed to maintain the security of User Data, and takes commercially reasonable steps to protect such data from those who have no right to access this data, including encryption of all data stored in our databases, and encryption of data in transmission to user browsers or other systems.
However, given the nature of communications and information processing technology, GGS cannot guarantee that User Data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by those not authorized to access User Data.
Changes to this Privacy Policy
We may change this Privacy Policy from time to time. If we make changes that materially affect your privacy rights, we will provide notice to Customers and Users for whom we have email addresses.
Contact Us
In the event you have any questions about this Privacy Policy, please contact us at
dpo@golfgenius.com.
Children
We do not knowingly collect or maintain PII from any Person under the age of thirteen. No parts of the Service are directed to or designed to attract anyone under the age of thirteen.
Do Not Track
The Service does not support Do Not Track at this time. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit
www.donottrack.us.
Additional Information for EU Users
We provide the Service from servers located in the United States. If you provide personal data to us we will transfer your personal data to the United States where our servers are located. We will only transfer your personal data to the United States through the use of appropriate safeguards such as standard contractual clauses adopted by the European Commission or with your consent. If the transfer of your personal data or processing of your personal data is based on your consent, you may contact us at
dpo@golfenius.com
to withdraw your consent. If you withdraw your consent we will not be able to provide you with the Service.
We process User Data of our Customers to fulfill our contractual obligations to them. We will also process User Data as necessary to pursue our legitimate interest of providing the Service to our Customers. You may have the right to access your personal data, correct inaccuracies in your personal data, request the erasure of your personal data and restrict the processing of your personal data. For more information about how you can access, rectify and erase your personal data, please see the Section of this Privacy Policy entitled, “User Right to Access, Correct and Delete User Data,” above. In addition, you have the right to lodge a complaint with a supervisory data protection authority.