National Union Database Integration
The processed data with sub-processor
- The subject matter and duration of processing
- Personal data for members and member activities are transferred to the national union / federation database under which the member exists. There is no specific registration of this within GolfBox. All data are already processed with each designated module in GolfBox and is kept for as long as the record in each module exists.
- The nature and purpose of the processing
- Golf Unions / federations such as Danish Golf Union and Norwegian Golf Federation rely on having all national members in their own database even if they originate from different software supplier companies in the market such as GolfBox.
- The types of personal data
- GolfBox may process personal data such as member number, name, gender, telephone/mobile, e-mail address, postal addresses on behalf of the club / organization.
- GolfBox does not process any special category or sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health or sex life or sexual orientation, civil registration numbers, or data related to criminal records.
- The category of the data subject
- The physical location (of servers) where personal data is processed
- GolfBox hosting environment is located within EU/EEA
The processor is required to ensure a high level of security in its products and services, which is ensured by relevant organizational, technical, and physical security measures required by information on security measures as described in Article 32 of the GDPR.
The processor regularly evaluates the security measures in place for all products and services to ensure they meet industry standards.
Currently the security measures evaluate to these main elements:
- Data is encrypted in transit via HTTPS and SSL certificates
- The data importer will use up-to-date virus checking software to assist the prevention and detection of malware or similar damaging code within the data importer’s systems
- The data importer implements firewalls in a manner that prevents them from being bypassed
- All individuals hired by or otherwise working for the data importer are assigned unique accounts which must not be shared, and must be kept confidential
- Individuals are forced to change passwords upon first logging into an account
- Password configurations are enforced and ensure a minimum level of password integrity
- Policies ensures leavers will have access permissions promptly revoked
- Remote access is through secure VPN