In the D-A-CH area, two legal regulations must be observed in the context of data protection. For Germany and Austria, the EU General Data Protection Regulation (EU GDPR), which came into force on 25 May 2018, applies; for Switzerland, the new, totally revised Data Protection Act (nFADP), which comes into force on 1 September 2023, applies.
Please note: PC CADDIE cannot and must not offer legal advice of any kind. The respective legal entities - i.e. golf clubs, golf courses, etc. - are responsible for the correct implementation of the legal requirements. We recommend that you seek advice from an appropriate specialist lawyer or a qualified person authorised to do so.
Text of the law in full length: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&qid=1692776893079
Text of the law in full length: https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/grundlagen/ndsg.html
Text of the law as synopsis: https://www.kmu.admin.ch/kmu/en/home/facts-and-trends/digitization/data-protection/new-federal-act-on-data-protection-nfadp.html
Specific contexts for data protection in PC CADDIE can be found at Informationen zum Datenschutz einzelner Module bei PC CADDIE .
A file with the most important procedures for deletion and pseudonymisation of data can be found here as a PDF, e.g. for submission to your data protection officer: Deletion&Pseudonymisation.
Two points are important in the future:
A) Documentation of the stored data,
B) deletion/pseudonymisation of the data with the corresponding documentation thereof.
Please note from the beginning
ALL ACTIONS OF DELETION AND PSEUDONYMISATION ARE IRREVERSIBLE! Because that is the purpose of the respective data protection laws!
Please consider in advance what makes sense. Advise your clients well, consult with your data protection officer and try to find out what the concern actually is.
In the personal data, tab „Characteristics there is a new button „Data protection“:
Click on this button to see all options relevant to the customer in a new window.
Here you can store the data when a customer expressed which wish with regard to data protection.
This is the basic setting for the permissions/objections/mail use/deletion/pseudonymisation stored for this client.
The upper two date fields are self-explanatory. I.e. usually you would fill in the upper date field for e.g. new members, if e.g. in the admission form the use of the data is approved. It is best to discuss internally with your data protection officer how you have dealt with the consent of members/customers so far, e.g. whether you want to enter everything later.
The date field Objection is filled in if the customer objects to the further use of the data. Please note, however, that you can no longer manage the customer as soon as he/she objects. An example would be if guests who play on a green fee basis object to the use of their data, they can no longer be loaded into a tournament, booked into tee times or otherwise used. For users without supervisor rights, the customer's data record disappears; they can no longer be selected. This is only possible for users with supervisor rights, who can reactivate these customers in a special setting.
It is therefore necessary to consider exactly what the customer's will is and find the optimal solution with him.
Before carrying out this action, however, you will be asked again if this is what you really want:
You will then recognise a contradiction by this alarm signal:
If you then carry out another action, e.g. call up another data record, etc., no result will be displayed the next time you try to dial the person who has objected to the use of data.
With „Blocking the data“ it gets tricky: the date field is automatically filled if you select an action other than Normal from the drop-down menu:
The options are controlled here. The default setting is „normal“. We will take a closer look at what this means under the </ignore>Supervisor-Funktionen look at.
You can specify here whether or not a customer agrees to the use of the mail for newsletters, etc. This setting also ensures that even if the wrong mailing list is selected, no unauthorised mails are sent. With this setting you can also make sure that customers who have objected to receiving mails do not receive unauthorised mails even if they have selected the wrong mailing list. „Neutral“ with the correct basic settings as well as „not agreed“ BLOCK any mails for advertising purposes and thus act like the filter NONEWSfilter, which you can use in the Supermailer to suppress the unauthorised sending of advertising mails to recipients who have objected to receiving newsletters.
Our default setting after loading the latest update is such that you cannot send any mails for the time being. This is to prevent customers from unlawfully receiving an advertising mail from you. With the supervisor settings, you can define how customer data is to be handled with regard to mails.
You can also store preferences for specific distribution groups in the newsletters. You can use the ones we suggest, but you can also create groups yourself. In this way, for example, team players who would otherwise not like to receive a newsletter can still be included in a distribution list for special news relating to the team.
You proceed as for creating a normal list of persons and then create a new filter, e.g. „e-mail use“ or similar. Then you take the field „E-mail group“ and can filter according to the following criteria:
Here, too, there is a query in the lists of persons for which you can save a filter (e.g. data protection status):
The query runs here via the following parameters:
List of members who have NOTHING in the data protection consent date?
Members WITHOUT consent date
EMPTY(golfmitg->MITGPRIV)
Members, WITH consent date
STOD(golfmitg->MITGPRIV) > STOD("19900101")
The filters are created as described above.
SUBSTR(golfmitg->(xFieldGet("mitgpriv", "")), 26,1)=="A" - nur Personen mit "Mailverwendung zugestimmt" SUBSTR(golfmitg->(xFieldGet("mitgpriv", "")), 26,1)=="M" - nur Personen mit "Mailverwendung widersprochen"
Here, too, we have programmed a separate field in which this information can be stored.
But beware: this field is purely informative and not connected with any functionality concerning pictures!
The query of persons for this field works as described above.
Also important are the dates you enter when the client made the request for data protection and your personal notes about it.
In this field you can enter a nickname („artist's name“) for a client if he/she wishes. But ATTENTION: this nickname will only appear in local lists. It will not be transported towards the DGV Intranet. So if the client plays in another club or competes in a federation match, his/her real name will always be visible in the lists.
Furthermore, here are the buttons with which you can print out the summary of the customer's data if desired and also save it - ideally on a USB stick of the customer.
Here you must decide for yourself which account areas you want to export/print. By default, NONE is ticked, i.e. you have the choice of including only one, several or all account areas. This decision is to be made in the club. Likewise, you can choose what type of data to output: really everything, only the number or also only the account areas.
TIP Have the request for a printout of all data given to you in WRITING and always hand over the data collection to the customer PERSONALLY (if necessary against presentation of the identity card, if there are doubts about the identity)!
By clicking on this field, you can carry out a final pseudonymisation if the client wishes. But beware: You will then no longer be able to find or edit the client!
Before you finally carry out the action, you will be asked again.
For this reason we have built in some functions for „supervisors“ to be able to reactivate the data, at least for statistics and fiscal checks. And this is how you get there (Attention: this menu item is ONLY visible for supervisors):
Clicking on the menu item opens the following window:
As a supervisor, you can set here how e-mail addresses are usually handled.
If you select these variants, the system remembers the selection. With the following two options, the action is only temporary.
Clicking on the button opens the following security query:
All statements in favour of the process must be ticked. The four answer options vary.
IMPORTANT
IMPORTANT!
ALL PERFORMED ACTIONS OF DELETION AND PSEUDONYMISATION ARE IRREVERSIBLE! Because that is the meaning of the law!
Please consider in advance what makes sense.
A file with the most important procedures for deletion and pseudonymisation of data can also be found here as a PDF, e.g. for submission to your data protection officer: Deletion&Pseudonymisation
The deletion/pseudonymisation of larger amounts of data must be determined individually according to a specific cycle. This is also only done with supervisor rights. The button can also be found in the menu People/Data Protection:
Clicking on the button opens the following field:
Here you can enter criteria, e.g. to delete inactive data records from the database in a certain cycle. For example, all guests of whom you have neither a mobile phone nor an e-mail address and who have not visited for 3 years. These actions are irreversible!
If you also want to delete former members, e.g. because they have left for more than 10 years, the former member feature of this group must be removed first! Otherwise they will not be deleted for safety's sake!
Since it is quite complicated to create such a person filter for a list of persons, there is a procedure with which you can check beforehand whether you are deleting the right persons.
In the function „Delete or pseudonymise persons“ there is the procedure „Set the additional info „oldrec“ for the data records“. (see screenshot in the next section). Select this and let the process run through. Afterwards you can print a list of persons with the additional information „oldrec“. You can then use this to check. For persons who are not to be deleted, remove the additional information. Then make your pseudonymisation run with the person filter „oldrec“.
As soon as the button OK button is clicked, you may answer two security questions before the run is started. This function can take a relatively long time. PC CADDIE shows you the progress:
As soon as the function is finished; the number of (in our case) deleted records appears:
With the help of the log file you can check the history:
The corresponding information after each name means:
Comment | Information |
---|---|
deleted | deleted record |
Competition | Tournament data available, record was not deleted |
Account | Turnover data available, data record was not deleted |
ZIP filled | Address available, record was not deleted |
Phone filled | Phone number available, record was not deleted |
Member | Member, record was not deleted |
There are several options that can be selected:
With a tick in this field
supervisors can access
The function „Block data record“ is useful, for example, if a customer insists on the deletion of his data, but the legal situation is still unclear: the customer can already be „blocked“ in PC CADDIE for all functions, accesses and bookings, but a supervisor still has full access to the data for clarification of the legal situation, for example.
ATTENTION: App users must first agree to continue using the services. Since the introduction of the EU-GDPR, this query is the start screen before bookings can be made on smartphone or computer.
As long as this is not accepted, or the customers have decided to delete, one can no longer use the functionalities as an end customer. In addition, the club receives an error message when you want to send new passwords from the personal screen.
In the app, the customer can determine under „My settings“ whether his name is visible or not.
Important note: If I have excluded visibility for myself, then I cannot see the other players either!
If a member wishes to appear on results lists on the intranet with N.N. instead of his own name, this setting must be made in the DGV Service Portal.
Open the service portal and then click on the menu item Club Persons/Member Search.
Once you have selected the desired person, you only have to tick the box shown below and confirm with „save“.
Anyone who has registered there can change their settings under http://www.mygolf.de/einstellungen/datenfreigabe.cfm?sq=54705789 change them. All questions regarding Mygolf.de will be answered exclusively by the German Golf Association e.V. PC CADDIE not supported by PC CADDIE.