The protection of your data is very important to us! At Golfclub Schloss Lütetsburg and Golfanlage Schloss Lütetsburg, hereinafter referred to as GCSL, we handle your personal data with care and responsibly. How we do this is explained below. In principle, the basis for the storage and use of your data is your consent or a legal permission. It depends on what we do with your data.

1. FOREWORD FOR INFORMATIONAL PURPOSES

“GDPR" is used here as an abbreviation for the EU General Data Protection Regulations.

The following information serves to fulfil the information obligations in areas in which GCSL as the responsible party collects, processes or uses personal data in a transparent way.

According to Art. 13 and 14 GDPR, GCSL shall inform the data subject of the details regarding the collection of personal data.

The information below is structured in the form of

  • some general information, regardless of the target group which you as a data subject fall into.
  • Information provided by GCSL in a targeted manner, depending on the target group you as a data subject fall into. A separate section for each target group can be found below.

2. GENERAL INFORMATION FOR ALL TARGET GROUPS

The website is operated jointly by Golfclub Schloss Lütetsburg e.V. and Golfanlage Schloss Lütetstburg GmbH & Co. KG.

Company name of the data controller

Golfclub Schloss Lütetsburg e.V
Golfanlage Schloss Lütetsburg GmbH & Co. KG
Members of the Board of Directors of the e.V.: Karl-Heinz Harting, Uwe Buss, Heidrun Schmidt-Pflüger
Managing Director of the operating company: Tido Graf zu Inn- und Knyphausen
Management of the golf course: Stefan Schierholz
Management of data processing: Stefan Schierholz
Data protection officer: Jannes Fischer
Contact: [email protected]
Data protection coordinator: David Dirks

Address of the entity acting as data controller / data controller:

Golfanlage Schloss Lütetsburg GmbH & Co. KG 
Landstraße 36 
26524 Lütetsburg, Germany

Rights of the data subject:

In order to ensure fair and transparent processing, we would like to point out that as the data subject you have, inter alia, the following rights:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR In particular, you may request information as to the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision making including profiling and, where applicable, meaningful information on the details of the data;
  • in accordance with Art. 16 GDPR, to demand the correction of your personal data stored by us if it is incorrect or incomplete without delay;
  • in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the correctness of the data, if the processing is unlawful but you refuse to have it erased and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing pursuant to Art. 21 GDPR;
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another data controller;
  • in accordance with Art. 7 (3) GDPR to revoke your consent by notifying GCSL at any time. As a consequence, we may no longer continue the data processing that was based on this consent in the future, and
  • complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you may contact the supervisory authority competent for your usual place of residence or workplace or the company’s reistered offices in this regard.

For the purposes of exercising these rights, please contact [email protected] .

To be able to exercise the right of appeal to the competent supervisory authority, you can obtain information from these websites: www.datenschutz-wiki.de or www.lfd.niedersachsen.de

The supervisory authority competent for GCSL is:

Die Landesbeauftragte für den Datenschutz Niedersachsen [The State Commissioner for Data Protection of Lower Saxony]

Prinzenstraße 5
30159 Hannover, Germany
Phone: +49 511 120-4500
Fax: +49 511 120-4599

E-mail: [email protected]

Other information

  • There is currently no automated decision-making including profiling.
  • If GCSL intends to further process the personal data for a purpose other than that for which it was collected, GCSL shall notify the data subject of that other purpose and provide any other relevant information prior to such further processing. If the other purpose is consistent with the previous purposes for which it was permissible, or if legitimate interests of GCSL outweigh this, separate notification shall not be necessary. This change of purpose can be objected to at any time. For this purpose, please contact [email protected].

2.1 RIGHT OF OBJECTION

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 letter f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for doing so arising from your particular situation or if the objection relates to direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without a special situation having to be specified.

If you wish to make use of your right of revocation or objection, simply send an e-mail to [email protected]

2.2 DATA SECURITY

On the website we use the SSL (Secure Socket Layer) procedure in connection with the highest encryption level supported by your browser. Usually this is 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by means of the display of a locked key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

TARGET GROUPS

3. ONLINE

You are currently on our website. Here, we temporarily store the following data in order to detect technical errors and to track and prevent misuse, as well as to optimise the user’s experience of the website:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access takes place (referrer URL),
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the data mentioned above for the following purposes:

  • Ensuring a smooth connection of the website,
  • Guaranteeing convenient use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.

Everything else is up to you, i.e. what information you want to share with us. To do this, make the appropriate settings for cookies in your Internet browser.

3.1 LEGAL BASIS OF THE PROCESSING

Processing is carried out to protect our legitimate interests or the interests of a third party (Art. 6 (1) (f) GDPR).

3.2 USE OF COOKIES

BASIC COOKIES

We use basic cookies so that our website works correctly. Cookies are small text files that we store on your computer or smartphone. They help you to navigate the website comfortably and without delay. Only anonymous data is used for this purpose and it is not possible for us to identify you as the person behind the data. 

You do not want to use basic cookies? Some things will then no longer work properly when surfing. You still don't want to use basic cookies? Then you can deactivate the cookies via your browser settings. Therefore, first delete all cookies already stored and deactivate storage thereof for the future.

ONLINE MARKETING COOKIES & PIXELS

Do you see advertisements on our or any other website that match your surfing habits? The reason may be an online marketing cookie. We or our advertising partners have stored such a cookie on your computer or smartphone. We only pass on anonymised or pseudonymised data to our advertising partners.

On our website you will find the following links with addresses for the respective data privacy notices:

You can unsubscribe from online marketing cookies & pixels at any time. For this purpose you can unsubscribe from the corresponding cookies directly via the links provided. Alternatively, you can deactivate the storage of cookies in your browser. 

PERFORMANCE COOKIES

We use performance cookies to measure the way our website is used. This allows us to assess where we can improve. For example, we determine how many visitors we have on a particular page or whether error messages are displayed on our pages.

Performance cookies do not collect information that could identify you – all information collected is anonymised and is only used to improve our website. It is therefore not possible for us to identify you as the person behind it. 

In the context of the use of performance cookies on this website, the data is transferred to Google Analytics by the company Google LLC, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and analysed.

DISABLING COOKIES

You can determine whether cookies can be set and retrieved by changing the settings in your browser. You can, for example, completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is about to be placed and asks you for feedback. You can block or delete individual cookies. For technical reasons, however, this can lead to some functions of our website being impaired and no longer functioning fully.

4. JOB APPLICANTS

This is the right place if you are applying for a job and would like some more information.

4.1 PURPOSE OF DATA COLLECTION, PROCESSING OR USE

Processing of the job application; checking for suitability; making contact.

4.2 LEGAL BASIS FOR PROCESSING (ART. 6 GDPR)

Implementing (including) pre-contractual measures taken at the request of the data subject (Art. 6 (1) (b)).

The data subject provides their consent voluntarily. This is the case with a relevant declaration of consent (Art. 6 (1) (f)).

In principle, GCSL observes the principles of data avoidance and data economy with regard to the intended purposes of processing, taking into account the interests of the data subjects worthy of protection.

4.3 DESCRIPTION OF THE GROUPS OF DATA SUBJECTS CONCERNED AND THE RELEVANT DATA OR CATEGORIES OF DATA

Group of data subjects concerned: Applicants of GCSL

Customary and necessary information provided by applicants for application procedures.

4.4 RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM THE DATA MAY BE COMMUNICATED

All employees who are authorised to carry out the intended tasks within the company. In the case of payment transactions, credit institutions receive the necessary information. External contractors as subcontractors within the meaning of Art. 28 GDPR. In general, access to personal data is not the purpose of the contract but it cannot be excluded.

4.5 TRANSMISSION OF DATA TO THIRD COUNTRIES

Data transmissions to third countries only occur within the framework of the performance of a contract, necessary communication as well as other regulations specified in the BDSG [German Data Protection Regulations] (old (version) and the GDPR which expressly provide for exceptions.

If, in the course of order processing, GCSL itself carries out subcontracting, its guarantees are obtained through contracts under data protection law. Relevant checks are carried out regularly. On request, further information can be obtained by contacting [email protected].

4.6 STORAGE PERIOD OR STANDARD PERIODS FOR THE ERASURE OF DATA

The legislator has enacted a wide range of retention obligations and periods. Once these periods have expired, the relevant data is routinely erased if it is no longer required for the perfromance of the contract. For example, the commercial or financial data of a completed financial year will be erased after a further ten years in accordance with the legal provisions, unless longer retention periods are prescribed or are necessary for justified reasons. Shorter periods for erasure are used in special areas (e.g. in the personnel administration area such as rejected applications or warnings). If data is not affected by this, it will be deleted when the purposes for which it was stored cease to apply.

5. MEMBERSHIPS AND EVENT PARTICIPANTS OF GCSL

5.1 PURPOSE OF DATA COLLECTION, PROCESSING OR USE

  1. a) So that we can contact you for business purposes and for maintaining a relationship with the member community.
  2. (b) Organisation of events and tournaments

5.2 LEGAL BASIS FOR PROCESSING (ART. 6 GDPR)

Depending on the phase our contact is in, different legal bases may apply:

  • Implementing (including) pre-contractual measures taken at the request of the data subject (Art. 6 (1) (b)).
  • The data subject provides their consent voluntarily. This is the case by means of a declaration of consent (Article 6 (1) (a)).
  • The processing is necessary to perform contractual obligations and to safeguard the legitimate interests of GCSL (Article 6 (1) (b) and (f)).

In principle, GCSL observes the principles of data avoidance and data economy with regard to the intended purposes of processing, taking into account the interests of the data subjects worthy of protection.

5.3 DESCRIPTION OF THE GROUPS OF PERSONS CONCERNED AND THE RELEVANT DATA OR CATEGORIES OF DATA

Group of data subjects concerned: Business contacts of GCSL, members of GCSL, green fee guests of other clubs; e.g. contact persons of customers, suppliers, service providers, partners.

Customary and necessary contact details (name, first name, form of address, company affiliation, department (if applicable), telephone number, e-mail address).

5.4 RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM THE DATA MAY BE COMMUNICATED

When participating in GCSL events and tournaments, participants’ data is exchanged with DGV via PC CADDIE and also published on the Internet.

All employees who are authorised to carry out the intended tasks within the company. In the case of payment transactions, credit institutions receive the necessary information. External contractors who are regarded as subcontractors within the meaning of Art. 28 GDPR are, for example, transport companies, tax consultants and IT service providers.

In addition, the data will be used for a specific purpose and exchanged between the operating company and the club with your consent.

This data is communicated in order to process our order with you (Art. 6 (1) (f) GDPR).

5.5 TRANSMISSION OF DATA TO THIRD COUNTRIES

Data is transmitted to third countries as part of contract performance, Art. 6 (1) (b) and due to legitimate interest, Art. 6 (1) (f), as well as other exceptions expressly provided for in the BDSG or GDPR.

5.6 STORAGE PERIOD OR STANDARD PERIODS FOR THE ERASURE OF DATA

The legislator has enacted a wide range of retention obligations and periods. Once these periods have expired, the relevant data is routinely erased if it is no longer required for the perfromance of the contract. For example, the commercial or financial data of a completed financial year will be erased after a further ten years in accordance with the legal provisions, unless longer retention periods are prescribed or are necessary for justified reasons. If data is not affected by this, it will be deleted when the purposes for which it was stored cease to apply. Contacts from individuals who are known to have left their companies are set to inactive and therefore no longer appear in the usual searches.

6. VISITORS AND GUESTS

6.1 PURPOSE OF DATA COLLECTION, PROCESSING OR USE

For reasons of operational and occupational safety, we collect your data when you use our facilities.

6.2 LEGAL BASIS FOR PROCESSING (ART. 6 GDPR)

Different legal bases for the collection of data apply to different situations:

  • The data subject provides their consent voluntarily. This is the case by giving relevant consent (Art. 6 (1) (a)).
  • The safeguarding of a legitimate interest of GCSL (Art. 6 (1) (f))

In principle, GCSL observes the principles of data avoidance and data economy with regard to the intended purposes of processing, taking into account the interests of the data subjects worthy of protection.

6.3 DESCRIPTION OF THE GROUPS OF DATA SUBJECTS CONCERNED AND THE RELEVANT DATA OR CATEGORIES OF DATA

Group of data subjects concerned: Visitors and guests

Customary and necessary contact details (surname, first name, title, handicap, telephone number, e-mail address).

6.4 RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM THE DATA MAY BE COMMUNICATED

All employees who are entrusted in-house with the fulfilment of the intended tasks.

6.5 TRANSMISSION OF DATA TO THIRD COUNTRIES

Data is not transmitted to third countries for this purpose.

6.6 STORAGE PERIOD OR STANDARD PERIODS FOR THE ERASURE OF DATA

The data will be deleted after a retention period of 14 days.

7. NEWSLETTER

Our newsletter informs you about our company and our offers. You can register to receive our newsletter. For this purpose it is necessary for you to provide us with your e-mail address. Other information that serves to optimise the newsletter can be provided voluntarily. We provide our assurances that we do not pass personal data on to third parties. When you register for the newsletter, we save your IP address and the date of registration. Such storage serves only as proof should a third party misuse an e-mail address and register to receive the newsletter without the knowledge of the legitimate recipient. You can cancel the newsletter subscription at any time by sending an e-mail to info (at) golfclub-luetetsburg.de and stating "Unsubscribe Newsletter” in the subject header.

Lütetsburg, May 2018

________________

Data Protection Officer

.
.