Do Your Customers Need Some Privacy?
One thing I hear very often when talking about best practices around working with third parties involves making sure you collect customer data of your golfers, regardless of the channel through which he or she booked the reservation. I get it. It makes sense.
We all have heard the hackneyed (yet completely accurate) phrases:
- take back control of your tee sheet
- they’re at your facility and it’s your job to make sure those working the counter collect the email addresses and all relevant contact information on those golfers
- data is king
It’s a tried and true best practice that we must do a good job of collecting customer data. But one thing we may be glossing over is what we need to do
after collecting the customer data to ensure that we protect our customers ‘sensitive information.
Yes, one best practice begets another. Golf courses (and any business for the matter) that is in the business of collecting customer data, should have a privacy policy. A privacy policy is a legal document or notice that discloses a website owner’s practices for collecting, using, maintaining, protecting and/or disclosing the information it gathers through its website from website visitors, users and customers.
Golf course owners and operators, more often than not, are collecting personal information of customers through POS systems and tee sheets and your policy needs to be displayed digitally and/or in front of your counter. Wherever you are collecting customer information, you need to make your customer aware of your intended use for and promise to protect their customer information.
The FTC recognizes that security breaches sometimes still happen even when a company has taken reasonable precautions like enacting a comprehensive privacy policy. However, the FTC takes the position that if a company’s privacy policy includes statements regarding the company’s information-sharing practices, it must comply with them. This includes situations where the privacy policy states that the company will not rent, sell, or otherwise disclose personal information to third parties.
HOW TO MANAGE CUSTOMER DATA WHEN DEALING WITH VENDORS:
- Make sure you request a copy of any vendor’s privacy policy prior to entering into any agreement with them
- Review their policy and make sure you understand its terms. You need to know what third parties intend to do with your customer’s information.
- Include any pertinent parts of your vendor’s privacy policy in your own privacy policy.
- Make sure that customers know what your third-party vendors may be doing with their sensitive information as well
- Limit the amount access given to vendors of your customer data to what they need to know to perform their service, if possible.
Digital Double Bogey: The Pitfalls of collecting, using and sharing customer data through your Golf Management Systems and how to avoid them*This article specifically addresses the collection of customer data. However, you (as a golf course owner, operator, or PGA professional) may collect personal information from other persons during the course of your business, including but not limited to: employees, vendors…etc. that may require the implementation of separate data privacy procedures, practices and notices.
Privacy Policy and Email Marketing Best Practices*This document specifically addresses the collection of customer data. However, you (as a golf course owner, operator, or PGA professional) may collect personal information from other persons during the course of your business, including but not limited to: employees, vendors...etc. that may require the implementation of separate data privacy procedures, practices and notices.Sample Privacy Policy for Golf Courses Collecting Customer Data*This sample privacy policy is for informational purposes only and is not to be used, copied, shared, sold or displayed for personal or professional use or commercial profit. Further, the terms of this sample data privacy policy are general in nature and may or may not be applicable to the data collection practices, procedures, uses or policies currently in place or practice by your golf curse or business. Before implementing a data privacy policy for your golf course or business, be sure to consult with a licensed attorney who can help you craft a policy that is compliant with current federal and state laws, industry best practice and your individual golf course or business' practices, procedures, rules and/or policies.