Data Privacy Policy

The Bramhall Golf Club Ltd is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all of our legal obligations.

We hold data about our members, employees, visitors and suppliers for a variety of business reasons.

This policy sets out how we seek to protect personal data and ensure that our Directors, Council members, Committees Organisers and employees understand the rules governing their use of the personal data to which they have access.

The Honorary Secretary will be the data protection officer [DPO} who is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements

The Bramhall Golf Club Ltd shall comply with the principles of data protection identified in the EU General Data Protection Regulations. We will make every effort possible in everything we do to comply with these principles. These principles are:

  1. Lawful, fair and transparent – Only essential data will be collected and members and staff will be informed how it is to be used. This will include members names, address, telephone numbers, email address, age, gender and handicap.
  2. Limited for purpose – data will only be used to fulfil our contractual obligations which includes being able to contact you to send you subscription renewal notices, newsletters, AGM notices and to administer competitions at the Club. We may share your information with external and internal data processors such as Club V1 and England Golf for handicapping purposes and to allow on line booking of tee times. You have given us data in order for us to be able to correspond with you regarding our activities including social events and competitions by way of post, telephone, email and SMS  If you do not wish us to share your data with these external agency  you can opt out at any time
  3. Data minimisation – only data necessary for us to fulfil our contractual obligations will be collected
  4. Accurate – We want to make sure the information we hold about you is accurate and up to date, you may ask us to correct or erase information you think is inaccurate. At the time of collecting data you have the right to object to the Club holding certain information about you.
  5. Retention- We will not hold data longer than necessary.
  6. Integrity and confidentiality- The data we keep will be kept safe and secure

Please note that you have the right to request a copy of the information we hold about you. If you would like a copy of this information please email us on This email address is being protected from spambots. You need JavaScript enabled to view it. or write to the Honorary Secretary at the club. This will be provided to you by e-mail or if you prefer by mail. No charge will be made for these requests and a response will take no longer than 30 days.

We keep our privacy policy under regular review and will place any updates on our website.

This policy was last updated May 2018

If you need any further information please email us on This email address is being protected from spambots. You need JavaScript enabled to view it. or write to The Honorary Secretary, Bramhall Golf Club, Ladythorn Road, Bramhall Stockport, Cheshire, SK7 3EY.


Internal Procedures for Handling, Storing and Processing data

  1. Procedures for Data Protection Officer (DPO)
  • Ensure the Directors Council members, Organisers and employees understand compliance requirements through board and staff meetings
  • Arrange staff training in data processing where necessary
  • Conduct audits to ensure compliance and address potential issues
  • Maintain records of data processing activities
  • Inform members and staff how their data is used and their rights through newsletters, the club’s website and staff meetings.
  • The DPO will conduct a Privacy Impact Assessment annually
  • Any data breaches that are likely to cause emotional distress, and physical or material damage will be reported to the Information Commissioner’s Office [ICO]

2.Procedures for Data Processors (DPO)

  • Details from members application forms are kept on our membership database. The forms are kept in a locked cabinet in the office which is also kept locked out of hours.
  • When a member leaves or dies their data will be removed immediately. Employees bank and next of kin personal data will be removed immediately they leave , records of PPE will be kept for 3 years and contacts and financial records will be kept for 7 years.
  • All databases are password protected

    3. Safe Storage of Data Procedures
  • Access from off site is restricted and is password protected.
  • Access to passwords is restricted to relevant users.
  • Passwords are stored in a protected area on the office computer and backed up on i cloud.
  • All data is backed up daily.
  • Automatic timed log outs are installed on the office computers.
  • AVG Internet Security Business edition virus protection is installed on all office computers.
  • A cross cut shredder is used for the disposal of paper documents.

Data Breach procedures

  • Security systems – Malware Bytes is run periodically.
  • DPO to be vigilant of suspicious activity such as unusually slow internet or devices, locked out accounts, unexpected software, suspicious out of hours activity, multiple failed log ins, irregular access locations.
  • If a breach is suspected the DPO will be informed immediately.
  • If there is a serious breach that needs reporting the DPO will contact the ICO within 24 hours.
  1. Subject Access Request Procedures
  • SAR’s will be dealt with immediately by the DPO A response will be made within 30 days.
  • Checks will be made to confirm the individual’s identity prior to giving access to information.
  • Information will only be withheld if disclosing it would adversely affect the ‘rights and freedoms of others’. Advice will be sought from NGCAA.
  • A response will be available in an electronic format or hard copy,
  1. Data Protection Policies
  • These policies and procedures should be reviewed annually in March.
  • The reviewed policy and procedure should be agreed by the directors at the first Board after the AGM which will ensure new officers of the club are aware of their responsibilities.
  • These policy and procedures will be made available on the members area of the club website.
  1. Privacy Impact Assessment
  • A PIA will be conducted by the DPO if there is a change in data processors, new technology or external partners.
  • The PIA will look at changes to risks to individuals or the organisation.