Do Your Customers Need Some Privacy?
One thing I hear very often when talking about best practices around working with third parties involves making sure you collect customer data of your golfers, regardless of the channel through which he or she booked the reservation. I get it. It makes sense.
We all have heard the hackneyed (yet completely accurate) phrases:
- take back control of your tee sheet
- they’re at your facility and it’s your job to make sure those working the counter collect the email addresses and all relevant contact information on those golfers
- data is king
It’s a tried and true best practice that we must do a good job of collecting customer data. But one thing we may be glossing over is what we need to do after
collecting the customer data to ensure that we protect our customers ‘sensitive information.
Golf course owners and operators, more often than not, are collecting personal information of customers through POS systems and tee sheets and your policy needs to be displayed digitally and/or in front of your counter. Wherever you are collecting customer information, you need to make your customer aware of your intended use for and promise to protect their customer information.
- Review their policy and make sure you understand its terms. You need to know what third parties intend to do with your customer’s information.
- Make sure that customers know what your third-party vendors may be doing with their sensitive information as well
- Limit the amount access given to vendors of your customer data to what they need to know to perform their service, if possible.
Digital Double Bogey: The Pitfalls of collecting, using and sharing customer data through your Golf Management Systems and how to avoid them*This article specifically addresses the collection of customer data. However, you (as a golf course owner, operator, or PGA professional) may collect personal information from other persons during the course of your business, including but not limited to: employees, vendors…etc. that may require the implementation of separate data privacy procedures, practices and notices.