Privacy Policy

Privacy Policy

This privacy policy explains how Flintshire Golf Captains' & Past Captains' Association ("we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you visit our website at https://flintshiregolfcaptains.org.uk (the "Website") or otherwise interact with us.

This policy was last updated on 10th April 2026.

1. Introduction and who we are

1.1 We are Flintshire Golf Captains' & Past Captains' Association, an unincorporated non-profit association which is run by volunteers.

1.2 For the purposes of the UK General Data Protection Regulation (the "UK GDPR") and the Data Protection Act 2018 (the "DPA 2018"), we are the data controller responsible for your personal data. We are currently operating on the basis of exemption from registration with the Information Commissioner's Office (ICO) due to our status as a non-profit organisation; however, we remain compliant with all applicable legal obligations.

1.3 If you have any questions about this privacy policy, please contact us using the details set out in Section 6 below.

2. How we collect your personal data

2.1 Directly from you — we collect your personal data when you fill in forms on our Website (specifically enquiry and contact forms), correspond with us by email or telephone, or provide feedback.

2.2 Automatically — as you navigate our Website, we may automatically collect technical data about your equipment and usage patterns using server logs. We do not use cookies or similar tracking technologies on this website. Please see our cookie statement below for confirmation that no cookies are deployed.

3. Types of personal data we collect

We only collect the following categories of personal data:

  • (a) Identity data — first name, last name, title (e.g., Mr/Ms), and username or identifier associated with an enquiry.

  • (b) Contact data — email address, telephone number, and postal address provided to us during an enquiry.

  • (c) Technical data — internet protocol (IP) address, browser type and version, operating system, and platform (collected automatically via server logs).

3.1 We do not knowingly collect any special categories of personal data about you (e.g., health data, biometric data, racial or ethnic origin). We also do not knowingly collect information about criminal convictions and offences.

4. How and why we use your personal data

We will only use your personal data when the law allows us to. Under the UK GDPR, we must have a valid lawful basis for processing. The lawful bases we rely on are set out below:

4.1 Legitimate interests (Article 6(1)(f) UK GDPR) — we process your data where necessary for our legitimate interests and your rights do not override those interests. Our legitimate interests include:

  • (a) responding to enquiries from you regarding the organisation;

  • (b) maintaining security of our Website and communications; and

  • (c) keeping a record of interactions with visitors to improve our service.

4.2 Consent (Article 6(1)(a) UK GDPR) — we rely on your consent for:

  • (a) sending you marketing communications where you are not an existing customer; and

  • (b) any other processing for which we have specifically obtained your consent.

4.3 Marketing — You may be contacted regarding events or services relevant to the Golf Clubs if you have explicitly opted in. We will not share your personal data with third parties for their direct marketing purposes without your explicit consent.

4.4 Rights — You can opt out of marketing at any time by following the unsubscribe link in any marketing email, contacting us using the details below. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Who we share your personal data with

We may share your personal data with the following categories of third parties:

  • (a) Service providers — companies that provide services to us, such as website hosting and email delivery (if any). These providers process data on our instructions under a written data processing agreement.

  • (b) Professional advisers — our lawyers, accountants, auditors, and insurers.

  • (c) Regulatory bodies — where required by law (e.g., Information Commissioner's Office).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your data for their own purposes.

6. International transfers of personal data

Some of our service providers may be based outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure appropriate safeguards are in place:

  • (a) Using standard contractual clauses approved by the ICO/Secretary of State; or

  • (b) Relying on an applicable data privacy framework recognised by the UK government for US-based providers.

We do not transfer your personal data to countries unless they provide adequate protection.

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy legal or regulatory requirements.

7.1 We will retain enquiry contact details (Name, Email, Phone) and enquiry responses until the matter is resolved and a reasonable period has passed after resolution.

  • (a) Typically, we retain this data for 2 years after the last contact or until you request deletion.

7.2 In some circumstances, we may anonymise your personal data for research or statistical purposes.

8. Data security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way. These measures include:

  • (a) Encryption of personal data where appropriate;

  • (b) Access controls to limit access to those who have a business need to know;

  • (c) Regular testing and evaluation of security measures.

While we take all reasonable precautions, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of your personal data.

9. Your rights under data protection law

Under the UK GDPR and the DPA 2018, you have the following rights:

  • (a) Right of access — you may request a copy of the personal data we hold about you (a "subject access request"). We will respond within one month.

  • (b) Right to rectification — you may request correction of inaccurate or incomplete personal data.

  • (c) Right to erasure — you may request deletion of your personal data where there is no compelling reason for continued processing.

  • (d) Right to restriction — you may request that we suspend processing in certain circumstances.

  • (e) Right to data portability — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured format.

  • (f) Right to withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us using the details below. We may request information to verify your identity before processing your request. There is generally no fee, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

10. Children's privacy

Our Website is not intended for children under the age of 13. We do not knowingly collect personal data from children under that age. If we learn that we have collected personal data from a child without appropriate consent, we will delete that information as quickly as possible.

11. How to contact us

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us:

  • (a) By email: admin@flintshiregolfcaptains.org.uk

  • (b) By post: Available upon request

  • (c) By telephone: 07733713647

The data controller is Flintshire Golf Captains' & Past Captains' Association, an unincorporated non-profit association.

12. How to complain

If you have concerns about how we handle your personal data, please contact us first using the details in Section 11. We will investigate and respond as soon as possible. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection.

13. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or applicable legislation. Changes will be posted on this page and notified to you by email where appropriate. The updated policy takes effect from the date it is posted.

14. Third-party links

Our Website may include links to third-party websites, plug-ins, and applications. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.