PGA European Tour Privacy Notice
The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. GDPR does not apply to information already in the public domain.
PGA European Tour (PGAET) takes your privacy seriously and we are committed to protecting your personal information. The address for PGAET (a company incorporated in England and Wales under number 1867610) is PGA European Tour, Wentworth Drive, Virginia Water, Surrey GU25 4LX.
If you would like to get in touch with us, you can also find contact details in the ‘How to Contact Us’ section below.
This Privacy Notice applies to personal data (i.e. information concerning any living person (Data Subject)) held by members of the PGAET group of companies (PGAET Group) as data controllers that is not already in the public domain. It explains what personal information we collect, how we collect and use that personal information, with whom we will share it, why and in what circumstances.
The PGAET Group is pleased to provide the following Privacy Notice which covers the PGAET Group, its websites, mobile applications and mobile websites (Platforms). Where you are notified of another privacy notice or policy by the specific PGAET Group entity which collects your personal information, (whether as a customer, official, partner, player or Member of the European Tour), this Privacy Notice sits alongside any specific data protection notice or form provided to you unless such document specifies that this Privacy Notice does not apply to you.
You might find external links to third party websites on our Platforms and those websites may have their own privacy and cookie notices which are different to this Privacy Notice. Our Privacy Notice does not apply to your use of a third party site and you should therefore make sure that you are comfortable with their privacy notices prior to using those sites.
The PGAET Group uses the information collected from you to provide such organisational services as you request from us. In using our services you consent to the PGAET Group maintaining a dialogue with you until you either opt out (which you can do at any stage) or we decide to desist from promoting our services.
The type of information that we may collect will differ depending on the type of service we are offering or the request you make of us. Such information may include your:
- date of birth
- contact details (including email address and/or telephone/mobile number)
- booking reference
- payment card details
For its customers, the PGAET Group will only collect such customer information as is necessary to provide you with and keep you informed about its services.
For Members and officials, PGAET will notify you separately of its processing activities involving your data via the relevant form and/or Handbook.
We may also analyse the personal information you have provided to create a profile of your interests, preferences, online activity and socioeconomic and age groups, so that we can better understand you and aim to build future communications and products which are more relevant for you. These profiles can help us define fan groups, so that we can sometimes personalise and target our communications to provide you with the most relevant information, content, products and services.
Who will we share your data with?
Your personal data may be shared with our third party service providers, who will process it on our behalf to facilitate the particular purposes for which we are using your data. These third parties could include:
• our ticket and merchandise retailers;
• payment processors;
• software providers, multimedia application providers, website hosting service providers and providers of social media platforms;
• operators of venues at which our tournaments are held;
• promoters organising tournaments sanctioned by us; and
• other suppliers and service providers, such as our accreditation service provider(s), caterers and transport providers.
We ensure that each such third party processor is contractually committed to GDPR compliance and adequate data security standards and to only using your data under our instructions (and not for other purposes). If you require further information regarding these third parties, please get in touch using the contact details at the bottom of this Privacy Notice.
We will only share your personal data with a third party for the purpose of them directly marketing to you where you have consented to such data sharing (for example, if you consent to receiving our partner offers and news when participating in a competition run in conjunction with one of our partners).
In addition, where we process your personal data in your capacity as a contractor, supplier, promoter, venue or partner (or as an employee, worker or other representative of any of the aforementioned), we may share your personal data with third parties for operational purposes in connection with the role performed by such contractor, supplier, promoter, venue or partner. For example, if, as a representative of a promoter, your contact details are provided to us, we may pass these on to:
• third party service providers who will be providing services in connection with the tournament(s) which the promoter is organising for the purpose of facilitating the provision of such services; and/or
• players (and their managers) who will be attending such tournament(s) in order to facilitate communication with you.
In addition, where we process your personal data in your capacity as a member, manager of a member, caddy or official, we may share your personal data with third parties as required to facilitate your participation in the European Tour, Challenge Tour or Staysure Tour. For example:
• where you are participating in a tournament organised by one of our promoters, we may pass your personal data to such promoter for the purpose of facilitating your participation in such tournament;
• where we are assisting with your visa application in connection with your participation in a tournament, we may pass your personal data to visa authorities.
We may also need to transfer (or store) your personal information to (or in) countries outside the European Economic Area (EEA), some of which do not protect privacy rights as extensively as in the United Kingdom. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. Further details of these safeguards can be provided for your review on request by getting in touch using the contact details at the bottom of this Privacy Notice.
In the event that any part of our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
How we use your personal data may also be explained in further specific privacy notices drawn to your attention (such as Member notices in the Handbook or accreditation notices as part of the accreditation application process). These notices supplement this over-arching privacy notice.
Legal Basis for Processing Personal Data
We will only collect, process, use, share and store your personal information where we are satisfied that we have an appropriate legal basis for doing so. This may be because:
- we need to use your personal information to take steps to enter into a contract with you or to meet our contractual obligations to you
- we need to use your personal information to respond to marketing or other enquiries from you
- we need to use your personal information to pursue our legitimate interests as a commercial organisation
- we have your consent to using your personal information for a particular activity (for example, where you have consented to us sharing with you marketing or promotional communications from members of the PGAET Group and/or its official partners, sponsors, suppliers or licensees which we think may be of interest).
Our legitimate interests as a commercial organisation include the administration and promotion of the European Tour and the sport of golf, and the fulfilling of services to its fans and our customers.
Where we are relying on your consent, you may withdraw your consent to the processing of your personal information at any time by contacting our Chief Privacy Officer (see the ‘How to Contact Us’ section below).
Members of the PGAET Group will only retain your personal information for as long as is reasonably necessary for the purposes for which it was collected and in line with our data retention policy. For example, we will normally keep contractual information for a period of ten years after the expiry of any such contract so that, if we need to establish, exercise or defend our legal interests, we may deal with any dispute or concerns that may arise.
Your Rights as a Data Subject
At any point whilst a member of the PGAET Group holds your personal information, you have a number of rights available to you, including the following:
- Right of access – you have the right to access a copy of the information that we hold about you and to obtain information about how we process it
- Right of rectification – you have a right to request that we correct data that we hold about you if it is inaccurate or incomplete
- Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records
- Right to restriction of processing – where certain conditions apply you have a right to request that we restrict the processing of your information
- Right of portability – you have the right to have the data we hold about you provided to you in an electronic format and/or to request that it is transferred to another organisation
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you also have the right not to be subject to a decision based solely on automated processing (including profiling) which adversely affects your legal rights
You can exercise these rights in the first instance by contacting our Chief Privacy Officer (see ‘How to Contact Us’ section below). Should you wish to do so, we will require you to provide additional information to confirm your identity as follows:
One piece of photographic identification (e.g. passport, other national identity card or photocard driving licence) and
One proof of address (e.g. utility bill dated within the last 3 months)
We will advise you promptly if we require further information in order to fulfil your request. Please be aware that these rights are, in the most part, not absolute and are subject to exceptions; for example, if we have a necessary and lawful basis on which to continue processing your personal data, we may refuse your request to delete it,
Further to the rights set out above, you can request the following information from us:
- The identity and the contact details of the person or organisation that has determined how and why to process your data
- Contact details of our Chief Privacy Officer
- The purpose of the processing as well as the legal basis for processing
- If the processing is based on the legitimate interests of PGAET or a third party such as one of its clients, information about those interests
- The categories of personal data collected, stored and processed
- Recipient(s) or categories of recipients that your data is/will be disclosed/transferred to
- How long your data will be stored for
- Details of your rights to correct or erase your personal data and your rights to restrict or object to the processing of your data
- Information about your right to withdraw consent at any time
- How to lodge a complaint with the data protection regulator in the country where you live
- The source of personal data if it was not collected directly from you
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing
We may amend this Privacy Notice from time to time to keep it up to date with legal requirements, best practice and/or the way we operate our business. If we decide to change our Privacy Notice we will place any updates on this webpage and the privacy sections of any relevant Platforms.
Please therefore check this page and the privacy sections of any relevant Platforms periodically in order to view the latest version of our Privacy Notice; however, any substantial changes affecting how your personal data will be notified to you.
How to Contact Us
The primary point of contact for all issues arising from this Privacy Notice is our Chief Privacy Officer, who can be contacted by email at: email@example.com
or by post at:
Chief Privacy Officer
In the event that you have any questions, concerns or wish to make a complaint about how your personal data is being processed or regarding our compliance with this Privacy Notice, we would encourage you to contact our Chief Privacy Officer in the first instance. We will investigate and attempt to resolve complaints and disputes as quickly as possible. If you do not get a response within 30 days you can complain to the Data Protection Regulator (the Information Commissioner’s Office or ICO). You can refer matters to the ICO at any time, but the ICO recommends that individuals always seek to resolve matters through the data controller’s usual processes at first instance.
Updated February 2020