PGA European Tour Privacy Notice
The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. GDPR does not apply to information already in the public domain.
PGA European Tour (PGAET) takes your privacy seriously and we are committed to protecting your personal information. The address for PGAET (a company incorporated in England and Wales under number 1867610) is PGA European Tour, Wentworth Drive, Virginia Water, Surrey GU25 4LX.
If you would like to get in touch with us, you can also find contact details in the ‘How to Contact Us’ section below.
This Privacy Notice applies to personal data (i.e. information concerning any living person (Data Subject)) held by members of the PGAET group of companies (PGAET Group) as data controllers that is not already in the public domain. It explains what personal information we collect, how we collect and use that personal information, with whom we will share it, why and in what circumstances.
The PGAET Group is pleased to provide the following Privacy Notice which covers the PGAET Group, its websites, mobile applications and mobile websites (Platforms). Where you are notified of another privacy notice or policy by the specific PGAET Group entity which collects your personal information, (whether as a customer, official, partner, player or Member of the European Tour), this Privacy Notice sits alongside any specific data protection notice or form provided to you unless such document specifies that this Privacy Notice does not apply to you.
You might find external links to third party websites on our Platforms and those websites may have their own privacy and cookie notices which are different to this Privacy Notice. Our Privacy Notice does not apply to your use of a third-party site and you should therefore make sure that you are comfortable with their privacy notices prior to using those sites.
The PGAET Group uses the information collected from you to provide such organisational services as you request from us. In using our services, you consent to the PGAET Group maintaining a dialogue with you until you either opt out (which you can do at any stage) or we decide to desist from promoting our services.
The type of information that we may collect will differ depending on the type of service we are offering or the request you make of us. Such information may include your:
- date of birth
- contact details (including email address and/or telephone/mobile number)
- booking reference
- payment card details
For its customers, the PGAET Group will only collect such customer information as is necessary to provide you with and keep you informed about its services.
For Members and officials, PGAET will notify you separately of its processing activities involving your data via the relevant form and/or Handbook.
In order to meet its legal and contractual obligations to its customers, PGAET utilises the following third parties:
|Eventbrite||Selling of tickets for PGAET tournaments|
|Fanatics||Selling of merchandise via in-store, online or telesales methods on behalf of PGAET|
PGAET will ensure that each such organisation, and any third party who processes your personal data on our behalf, is contractually committed to GDPR compliance and adequate data security standards. Third party contractors who process data on our behalf do so strictly under our instructions and are not permitted to make other uses of your personal data.
For Members and officials, PGAET will notify you separately of the third parties (or categories of third parties) who need to process your data via the relevant form and/or Handbook.
Legal Basis for Processing Personal Data
We will only collect, process, use, share and store your personal information where we are satisfied that we have an appropriate legal basis for doing so. This may be because:
- we need to use your personal information to take steps to enter into a contract with you or to meet our contractual obligations to you
- we need to use your personal information to respond to marketing or other enquiries from you
- we need to use your personal information to pursue our legitimate interests as a commercial organisation
- we have your consent to using your personal information for a particular activity (for example, where you have consented to us sharing with you marketing or promotional communications from members of the PGAET Group and/or its official partners, sponsors, suppliers or licensees which we think may be of interest).
Our legitimate interests as a commercial organisation include the administration and promotion of the European Tour and the sport of golf, and the fulfilling of services to its fans and our customers.
Where we are relying on your consent, you may withdraw your consent to the processing of your personal information at any time by contacting our Chief Privacy Officer (see the ‘How to Contact Us’ section below).
Members of the PGAET Group will only retain your personal information for as long as is reasonably necessary for the purposes for which it was collected and in line with our data retention policy. For example, we will normally keep contractual information for a period of ten years after the expiry of any such contract so that, if we need to establish, exercise or defend our legal interests, we may deal with any dispute or concerns that may arise.
Customer personal information will be held by the PGAET Group within the European Economic Area (EEA) only, be this on-premise or in cloud services. Member and official personal data will need be transferred globally as part of the European Tour’s operations on terms notified to you separately.
Your Rights as a Data Subject
At any point whilst a member of the PGAET Group holds your personal information, you have a number of rights available to you, including the following:
- Right of access – you have the right to access a copy of the information that we hold about you and to obtain information about how we process it
- Right of rectification – you have a right to request that we correct data that we hold about you if it is inaccurate or incomplete
- Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records
- Right to restriction of processing – where certain conditions apply you have a right to request that we restrict the processing of your information
- Right of portability – you have the right to have the data we hold about you provided to you in an electronic format and/or to request that it is transferred to another organisation
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you also have the right not to be subject to a decision based solely on automated processing (including profiling) which adversely affects your legal rights
You can exercise these rights in the first instance by contacting our Chief Privacy Officer (see ‘How to Contact Us’ section below). Should you wish to do so, we will require you to provide additional information to confirm your identity as follows:
One piece of photographic identification (e.g. passport, other national identity card or photocard driving licence) and
One proof of address (e.g. utility bill dated within the last 3 months)
We will advise you promptly if we require further information in order to fulfil your request. Please be aware that these rights are, in the most part, not absolute and are subject to exceptions; for example, if we have a necessary and lawful basis on which to continue processing your personal data, we may refuse your request to delete it,
Further to the rights set out above, you can request the following information from us:
- The identity and the contact details of the person or organisation that has determined how and why to process your data
- Contact details of our Chief Privacy Officer
- The purpose of the processing as well as the legal basis for processing
- If the processing is based on the legitimate interests of PGAET or a third party such as one of its clients, information about those interests
- The categories of personal data collected, stored and processed
- Recipient(s) or categories of recipients that your data is/will be disclosed/transferred to
- How long your data will be stored for
- Details of your rights to correct or erase your personal data and your rights to restrict or object to the processing of your data
- Information about your right to withdraw consent at any time
- How to lodge a complaint with the data protection regulator in the country where you live
- The source of personal data if it was not collected directly from you
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing
We may amend this Privacy Notice from time to time to keep it up to date with legal requirements, best practice and/or the way we operate our business. If we decide to change our Privacy Notice we will place any updates on this webpage and the privacy sections of any relevant Platforms.
Please therefore check this page and the privacy sections of any relevant Platforms periodically in order to view the latest version of our Privacy Notice; however, any substantial changes affecting how your personal data will be notified to you.
How to Contact Us
The primary point of contact for all issues arising from this Privacy Notice is our Chief Privacy Officer, who can be contacted by email at: [email protected]
or by post at:
Chief Privacy Officer
In the event that you have any questions, concerns or wish to make a complaint about how your personal data is being processed or regarding our compliance with this Privacy Notice, we would encourage you to contact our Chief Privacy Officer in the first instance. We will investigate and attempt to resolve complaints and disputes as quickly as possible. If you do not get a response within 30 days you can complain to the Data Protection Regulator (the Information Commissioner’s Office or ICO). You can refer matters to the ICO at any time, but the ICO recommends that individuals always seek to resolve matters through the data controller’s usual processes at first instance.