Data Protection Policy (GDPR)Levante Golf Society (LGS) formally registered as “Golf Levante Ondara” is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR) which is effective from 25th May 2018. The GDPR applies to all organisations that process data about their members. It sets out principles which should be followed by those who process data and it gives rights to those whose data is being processed.

To this end, LGS endorses and adheres fully to observing the eight individual rights set out under the GDPR, these are the following.

  • - The right to be informed.
    - The right of access.
    - The right to rectification.
    - The right to erasure.
    - The right to restrict processing
    - The right to data portability.
    - The right to object.
    - Rights in relation to automated decision-making and profiling.

These rights must be observed at all times when processing or using personal information. Therefore, through appropriate management and strict application of criteria and controls, LGS will:

  • - Observe fully the conditions regarding having a lawful basis to process personal information
    - Meet its legal obligations to specify the purposes for which information is used
    - Collect and process appropriate information only to the extent that it is necessary to fulfil   operational needs or to comply with any legal requirements
    - Ensure the information held is accurate and up to date
    - Ensure that the information is held for no longer than is necessary
    - Ensure that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access personal information on request; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information)
    - Take appropriate technical and organisational security measures to safeguard personal information
    - Ensure that personal information is not transferred outside the EU, to third countries or international organisations without an adequate level of protection.

Status of this Policy
The policy does not form part of a formal contract of membership but it is a condition members will abide by the rules and policies made by LGS from time to time. This policy was approved on 29th April 2019. It will be reviewed annually.

LGS Members Responsibilities
checking that any information that they provide to the LGS in connection with their membership is accurate and up to date
informing LGS of any changes to information that they have provided.

All LGS committee members are responsible for ensuring that:
any personal data that they hold is kept securely
personal information is not disclosed either orally or in writing, or via web pages or by any other means, accidentally or otherwise, to any unauthorised third party.
It should note that unauthorised disclosure of data is in breach of the GDPR regulation. Personal information should be coded, encrypted or password-protected both on a local hard drive and on a network drives and it should be regularly backed up. If a copy is kept on removable storage media, that media must itself be kept secure.

Subject Access
A member may submit a written request for details of personal information which LGS holds about him or her under the GDPR free of charge. If a member would like a copy of the information held on him or her, he or she should email the LGS General Secretary. The requested information will normally be provided within one month of receipt of the request. If the request is made electronically, the information will be issued in an electronic format.

If a member believes that any information held on him or she is incorrect, incomplete or out of date, then he or she should email the LGS General Secretary as soon as possible. LGS will promptly correct any information found to be incorrect and respond within one month to the request for rectification.

This policy sets out LGS commitment to protecting personal data and how that commitment is implemented in respect of the collection and use of personal data.