Breath, relax and read on… We’ve got you covered for GDPR

Birdietime is compliant with the General Data Protection Regulation (GDPR). Using Birdietime makes you compliant as well.

The EU General Data Protection Regulation (GDPR) enters into force on May 25th, 2018. It is one of the most remarkable international privacy laws in decades. The important aim of the regulation is to improve individuals’ rights to control the use and processing of personal data, and to harmonise the rules within the European Union. Some have pushed the panic button on the new regulation but trust us, there’s no need to.

Birdietime is deeply committed to the new regulation. In addition to full compliance, it is important to us to help PGA Professionals and golf academies using Birdietime to comply with it, too.

For PGA Professionals, golf clubs, pro shops and golf academies (and others doing business with golfers) the biggest implication of GDPR is to realize that

  • the regulation concerns you,
  • you hold personal data of your customers (such as names, phone numbers and email) and
  • you need to be mindful of the way in which you use the data

The good news for you is that once you’ve taken Birdietime in use (and have a well-structured system in use with a separate section for customer data), fulfilling the requirements of the new legislation is simple! Using Birdietime tools according to our Data Protection Policy and Terms ensures that you are in compliance with the GDPR. We also offer our customers with a ready-made template on privacy policy which you need as you possess individual data of golfers.

If you like to understand a bit more about GDPR in general, read the next chapter. Otherwise, you can just jump to the section on “What is Birdietime doing for you”.

The basics of GDPR

The GDPR is about privacy and protection of personal data. It will apply to any organisation processing personal data of EU citizens, regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organisation anywhere in the world. The GDPR also applies across all industries and sectors.

The GDPR makes the definition of personal data extremely broad. Personal data is any information relating to an identified or identifiable individual. That means information that could be used, on its own or in conjunction with other data, to identify an individual. A list of e-mails or customer names and phone numbers written into a paper calendar is all it takes to constitute personal data.

This means that at least a majority of the information that you collect about your customers (=golfers) will be considered personal data under the GDPR. The regulation holds significant changes to e.g. the grounds on which the keeping of a register is justified.

Not complying with the GDPR can result in gigantic financial penalties. Sanctions for non-compliance can be as high as 20 million euros or 4% of global annual turnover, whichever is higher.

Believe it or not, GDPR might also give you competitive advantage! European law tends to set the trend for international privacy regulation, and increased privacy awareness now may give you a competitive advantage later. Our British clients may rest assured that they will remain GDPR compliant using Birdietime tools even after Brexit.

What are your responsibilities?

PGA Professionals, Golf Academies and Pro Shops using Birdietime are considered Data controllers as they process personal information of their customers. Tough that may sound complicated, fear not, as Birdietime helps you fulfill that role!

However, it is good to be aware of your responsibilities. Your role as a Data Controller means that you have the following responsibilities with regards to personal data:

  • Define the purpose of your customer register (which in your case is arranging golf lessons and events). 
  • Process the personal data according to the purpose of the register (meaning you only use the customers’ data for golf and tuition related services)
  • Make sure that the registered personal data will be processed according to the regulation by technical and administrative means (meaning you keep the data safe by e.g. making sure you keep your passwords to Birdietime Dashboard protected)
  • Ensure your operations are transparent to the registered people, that the data is correct, and that its use is restricted
  • Provide your customer (if so requested in writing) access to the data you have, update it, and, if requested, delete the data

What is Birdietime doing for you?

Birdietime is a relatively new service, and we have been mindful of the EU data protection regulations from day 1. We have taken several steps to ensure we are compliant with the GDPR regulations, and continue to take data protection issues seriously. The actions we’ve taken include (but are not limited to):

  • We  have updated our Terms including our privacy policy to meet the requirements of the GDPR
  • We have created a specific Data Protection Policy that all customers using our system need to approve of
  • Provide you with a Template for Privacy Policy that you can use
  • We have ensured that all our third-party service supply contracts meet the requirements of the GDPR and created a List of all our third-party service suppliers and their locations (available upon request)
  • We ensure the safety of our customers – and our customers’ customers – data by complying with the best practices and standards of data protection and by continuously developing our readiness for constantly evolving safety protocols.
  • Analysed all of our current features and templates to determine whether any improvements or additions can be made to make them more efficient for you
  • Evaluate potential new GDPR-friendly features and templates to add to and Birdietime Dashboard

All our new customers must accept our Terms including the privacy policy upon registering to the Birdietime network. All our existing customers are informed of the updated Terms, and they agree to these policies by continuing to use our service.

Updates to Birdietime system

We continuously develop our system to better serve our customers, and to make sure the data is processed safely and lawfully also after May 25th, 2018. These tools will, above all, enhance the transparency of the data processing and ensure compliance with the other requirements of the regulation.

The following functionalities are at the heart of GDPR, and we continue to automate and improve the following:

  1. Birdietime Privacy Policy and Terms clearly visible on all registration pages
  2. Clear consents to ensure the rights of the registered person
  3. Monitoring and supervision of the consents given by the participants
  4. Search, edit and removal of data after a data request from a registered person

Important Documents

Here’s a summary of the privacy related documents and links to where you can find them:

  1. Birdietime’s Privacy Policy & Terms
  2. Birdietime’s Data Protection Policy
  3. Template for a privacy policy for PGA Professionals using Birdietime system

Should you have very specific questions regarding the implications of GDPR to your operations, we suggest you seek out local legal advice.

Should you have any further questions regarding Birdietime and GDPR, do reach out to our Customer Support for any further questions