Privacy Policy

This Privacy Policy explains how GolfTap Limited collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and Irish data protection laws.

1. Data Controller

GolfTap Limited is the data controller responsible for your personal data. You can contact us:

  • Company: Clerky Limited T/A GolfTap
  • Address: Newtown, Rathcoole, Co. Dublin, Ireland
  • Email: privacy@golftap.ie
  • Data Protection Officer: dpo@golftap.ie

2. Personal Data We Collect

We collect and process the following categories of personal data:

Account Information

  • Name and contact details (email address, phone number)
  • Account credentials (username, encrypted password)
  • Profile information (golf club affiliation, membership details)
  • Billing information (company name, billing address, VAT number)

Booking and Transaction Data

  • Tee time bookings and reservations
  • Payment transaction records (processed through Square)
  • Competition registrations and scores
  • Guest booking information (name, email, phone for non-registered users)

Membership Data (for Golf Club Members)

  • Membership type and status
  • Membership number and validity period
  • Member benefits and discounts
  • Usage statistics (rounds played, bookings made)

Technical Data

  • IP address and browser type
  • Device information and operating system
  • Usage data and analytics (pages viewed, features used)
  • Cookies and similar tracking technologies

Communications

  • Support ticket messages and correspondence
  • Email communications and preferences
  • Feedback and survey responses

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Contract Performance (Article 6(1)(b))

Processing necessary to provide the GolfTap service, including:

  • Creating and managing your account
  • Processing bookings and transactions
  • Providing customer support
  • Delivering the features and functionality you requested

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations:

  • Tax and accounting records (7-year retention for Irish Revenue requirements)
  • Anti-money laundering compliance
  • Response to lawful requests from authorities

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests:

  • Improving and developing our service
  • Security and fraud prevention
  • Analytics and performance monitoring
  • Marketing to existing customers (with opt-out options)

Consent (Article 6(1)(a))

For certain processing activities, we ask for your explicit consent:

  • Marketing emails to non-customers
  • Non-essential cookies (analytics, marketing)
  • Sharing data with third parties beyond service provision

You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

4. How We Use Your Data

We use your personal data for the following purposes:

Service Delivery

  • Provide access to the GolfTap platform
  • Manage tee time bookings and scheduling
  • Process payments through Square integration
  • Manage memberships and member benefits
  • Organize competitions and events
  • Generate reports and analytics for golf clubs

Account Management

  • Create and maintain your user account
  • Authenticate and authorize access
  • Send service-related notifications (booking confirmations, reminders)
  • Provide customer support

Business Operations

  • Process subscription billing and invoicing
  • Maintain financial and tax records
  • Detect and prevent fraud
  • Enforce our Terms of Service

Improvement and Development

  • Analyze usage patterns to improve our service
  • Develop new features and functionality
  • Conduct research and analytics
  • Test and troubleshoot technical issues

Marketing (with appropriate legal basis)

  • Send promotional emails about GolfTap features and updates
  • Conduct customer satisfaction surveys
  • Provide personalized recommendations

You can opt out of marketing communications at any time using the unsubscribe link in emails or by contacting us at privacy@golftap.ie.

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

Service Providers

We share data with trusted third-party service providers who assist in operating our service:

  • Square: Payment processing (subject to Square's privacy policy)
  • Cloud Hosting: Data storage and infrastructure (AWS, Heroku, or similar EU-based providers)
  • Email Service: Transactional and marketing emails (with GDPR-compliant processors)
  • Analytics: Usage analytics and performance monitoring

All service providers are contractually required to protect your data and use it only for the purposes we specify (Data Processing Agreements in place).

Within Your Golf Club

If you are a member or have bookings at a golf club using GolfTap:

  • Your booking and membership data is visible to authorized staff at that golf club
  • The golf club is a separate data controller for this data
  • Data sharing is necessary to provide the booking and membership services

Legal Requirements

We may disclose your data when required by law:

  • To comply with legal obligations or court orders
  • To respond to lawful requests from public authorities
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activity

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity. We will notify you of any such change and your rights regarding your data.

6. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA).

If we transfer data outside the EEA (e.g., to Square or other service providers), we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • Standard Contractual Clauses: EU-approved contracts with service providers
  • Data Processing Agreements: Contractual guarantees of GDPR-level protection

You can request more information about specific international transfers by contacting privacy@golftap.ie.

7. Data Retention

We retain your personal data only as long as necessary for the purposes set out in this policy:

Active Accounts

  • Account data: Retained while your account is active
  • Booking history: Retained for 3 years for operational and reporting purposes
  • Transaction records: Retained for 7 years to comply with Irish tax and accounting laws

Closed Accounts

  • Account data deleted 30 days after account closure (to allow for data export)
  • Financial records retained for 7 years as required by law
  • Anonymized usage data may be retained indefinitely for analytics

Marketing Data

  • Deleted immediately upon unsubscribe or opt-out request
  • Suppression lists (to prevent re-contacting) retained indefinitely

8. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

Right of Access (Article 15)

Request a copy of the personal data we hold about you. We will provide this within 30 days, free of charge.

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data. You can update most information through your account settings.

Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g., financial records for tax purposes).

Right to Restriction of Processing (Article 18)

Request that we limit how we use your data in certain circumstances (e.g., while disputing accuracy).

Right to Data Portability (Article 20)

Receive your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and transfer it to another service provider.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Right to Withdraw Consent

Withdraw consent for processing based on consent (e.g., marketing emails, analytics cookies). This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

Lodge a complaint with the Irish Data Protection Commission or your local supervisory authority:

  • Data Protection Commission (Ireland)
  • Website: www.dataprotection.ie
  • Email: info@dataprotection.ie
  • Phone: +353 57 868 4800

How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@golftap.ie
  • Subject Line: "GDPR Data Subject Request"

We will respond within 30 days. We may request proof of identity to verify your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure password hashing (bcrypt)
  • Regular security testing and vulnerability scanning
  • Firewall and intrusion detection systems
  • Regular data backups with encrypted storage

Organizational Measures

  • Access controls and role-based permissions
  • Staff training on data protection and security
  • Data Processing Agreements with all processors
  • Incident response and breach notification procedures
  • Regular security audits and reviews

Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Data Protection Commission within 72 hours (if required)
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches and our response measures

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze usage.

Essential Cookies

Required for the service to function (no consent required):

  • Session authentication cookies
  • Security and anti-fraud cookies
  • Load balancing and performance cookies

Analytics Cookies

Help us understand how users interact with the service (requires consent):

  • Usage statistics and page views
  • Feature adoption and user flows
  • Error tracking and debugging

Managing Cookies

You can manage cookie preferences through:

  • Our cookie consent banner (first visit)
  • Your account settings (Privacy & Cookies section)
  • Your browser settings (to block all cookies, though this may affect functionality)

11. Children's Privacy

GolfTap is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@golftap.ie so we can delete it.

Junior golf club members under 16 should have their accounts created and managed by a parent, guardian, or the golf club with parental consent.

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

We may use automated systems for:

  • Fraud detection and prevention (with human review)
  • Personalized recommendations (non-binding suggestions)
  • Usage analytics (aggregated and anonymized)

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Material changes will be notified via:

  • Email to your registered email address
  • Prominent notice on the GolfTap platform
  • Updated "Last Updated" date at the bottom of this policy

We will provide at least 30 days' notice before material changes take effect. Your continued use after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact us:

  • Privacy Enquiries: privacy@golftap.ie
  • Data Protection Officer: dpo@golftap.ie
  • General Support: support@golftap.ie
  • Postal Address: Clerkly Limited T/A GolfTap, Newtown, Rathcoole, Co. Dublin, Ireland

15. Legal References

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Data Protection Act 2018 (Ireland)
  • ePrivacy Directive 2002/58/EC (as amended)
  • European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336 of 2011)

Last updated: December 06, 2025