The EU General Data Protection Regulation entered into force on 25 May 2018.

Full text of the law

Legal text as a synopsis

• Burden of proof: starting with 25.5.2018, if the customer believes that the club is not handling the data properly, the club must prove that all data was handled correctly;
• Obligation to provide information: the customer is entitled to receive a COMPLETE overview of the their stored data. The deadline for the provision of such information is 30 days from the WRITTEN request for information.
• Right to cancellation / anonymization: the customer may request the deletion of their data. The deletion must be documented. They can also demand the name anonymization, so that they no longer appear on start lists/result lists and the like (this function is local!).

• Ideally: consult a lawyer about what needs to be done internally.
• Determine contact person or external data protection officer (Attention! Legal consequences).
• Creation of a procedural list of all processing of personal data in the club (sample via DGV service portal: https://serviceportal.dgv-intranet.de/clubintern/recht-versicherung/recht-steuern/a-z.cfm)
• Inform members, obtain consents if necessary.
• Clear password management for your employees (it makes sense to have only one or two employees with supervisor rights; for all others, permissions must be granted according to their roles).

• ADV contract must be signed before 24.05.2018, 24.00 clock, and ideally send back to us. Why? Because otherwise we cannot provide support.
• Fill out the contact sheet with the contact person and send it to us. Why? So that we have a contact person in your club in the future. Because information exchange will certainly be needed on this topic.
• Use the new PC CADDIE privacy features needed to comply with EU GDPR. (The latest update can be downloaded under menu item “Exit/Update PC CADDIE”).

Two points are important in the future:
A) Documentation of the stored data;
B) Deletion/anonymization of the data with the corresponding documentation.

Please note from the beginning
DELETION AND ANONYMIZATION ARE IRREVERSIBLE! Because this is required by law!
Please think in advance what makes sense. Advise your customers, consult with your privacy officer, and try to timelly identify any issues.

The “Status” tab from the person's mask has now a new button “Privacy”:

Clicking on this button opens a new window with all options relevant for the customer.

If a customer has made any request regarding data protection, you can make here the corresponding entries.

This is the basic setting for the authorizations/objections/mail usage/deletion/anonymization for this customer.

The upper two date fields are self-explanatory; usually you would fill the upper date field for new members when, for example, in the application form, the use of the data is approved. You should discuss this internally with your data protection officer how to deal with the approval of members/customers, if, for example,you want to add everything.

The field Objection is filled if the customer objects to the further use of the data. Please note, however, that you can no longer manage the customer's data once an objection was filled. An example would be if guests playing on a green fee basis disagree with the use of their data, in which case they cannot be charged into a tournament anymore, booked for tee times, or their data be used in any other way. For users without supervisor rights, the customer's record disappears; they cannot be selected anymore. This applies only for users with supervisor rights, who can reactivate these customers in a special setting.

It is therefore important to consider exactly what the customer wants and find the optimal solution.

However, before performing this action, you will be asked again if you really want this:

You will recognize an objection by this alarm signal:

If you then perform another action, for example, call another record, the data will no longer be displayed at the next selection of the person who has objected to the data usage.

“Blocking the data” makes it tricky: the data field automatically fills when you select an action other than Normal from the drop-down menu:

• Access for supervisors only: here the person who works with administrator rights has the possibility to activate data for purposes of statistics or financial data retention. For all other employees with different permissions, the customer is untraceable.
• Processing blocked: When this selection is made, the customer is NO LONGER visible and cannot be selected by anyone after the final click on OK. He is indeed gone. NB: Not even PC CADDIE support can retrieve it. You will have to re-enter the data!

The options are controlled here. The default setting is “normal”. Please consult the Supervisor functions for more details.

You can define here whether a customer actively agrees to the use of e-mail for newsletters. With this setting, you can also make sure that even if you select the wrong mailing list, the customers who have objected to e-mail delivery do not receive unauthorized mails. “Neutral” with the correct basic settings as well as “Not agreed” BLOCKS any emails for advertising purposes and thus acts as the filter NONEWS , with which you suppress in the Supermailer the unlawful sending of promotional emails to recipients who have objected to receiving newsletters.

Our default setting after loading the latest update is that you cannot send e-mails in the first place. This is to prevent customers from receiving unlawful advertising e-mails. With the supervisor settings, you can define how the customer data should be handled with regard to e-mails.

As of the 05.2018 update: you can also set preferences for certain distribution groups in the newsletter. You can use the ones suggested by us, but also create groups yourself. Thus, for example, team players who otherwise would not like to receive newsletters will nevertheless be included in a mailing list for specific news related to the team.

Proceed as if creating a normal list of persons and then apply a new filter, for example, “E-mail usage” or similar. Then you can enter the field “E-Mail Group” and filter according to the following criteria:

• OK - approved for use
• !OK or DISAGREED - not approved for use
• NEUTRAL - for neutral attitude

Again, there is a query in the lists of people for which you saved a filter (for example, privacy status):

The query runs here via the following parameters:

• N (=Normal)
• S (=Supervisor)
• L (=Locked)

List of members who have NOT consented?

Members WITHOUT Date of consent

EMPTY(golfmitg→MITGPRIV)

members WITH Date of consent

STOD(golfmitg→MITGPRIV) > STOD(“19900101”)

Again, we have programmed a separate field in which this information can be stored.

But beware: this field is purely informative and not associated with any functionality regarding pictures!

The query of the persons for this field works as described above.

Also important is the data you enter, when the customer has expressed the desire for privacy and your personal notes.

In this field you can enter a pseudonym (“screen name”) for a customer, if so desired. But ATTENTION: this pseudonym appears only in local lists. It is not uploaded to the DGV intranet. So if the customer plays in another club or in an association game, his real name will always be visible in the lists.

Furthermore, here are the buttons with which you can print the customer's summary of their data (on request) and also save them for the customer - ideally their own USB stick.

Here you have to decide yourself which account areas you want to export/print out. By default, NOTHING is selected, which means you have the choice whether you want to include only one, several or all account areas. This decision is to be made in the club. You can also choose the type of data: everything, just the number or just the account area.

HINT: Ask that the request for the printing of all data is WRITTEN and hand over the data to the customer THEMSELVES (ask for ID if there are any doubts)!

By clicking on this field, you can perform a final anonymization upon the customer's request. But beware: you will not be able to find or edit the customer anymore!

You will be asked again before finalizing the action.

For this reason, we have incorporated some functions so that the “Supervisor” is able to reactivate the data, at least for statistics and fiscal reviews. And this is how you get there (Attention: this menu item is ONLY visible to the supervisor):

Clicking on the menu item opens the following window:

As a supervisor, you can set how the e-mail communication should be handled.

• Standard: no shipping to people who have not explicitly agreed to receive emails → no mail goes out, no distributor for the Supermailer is generated.
• Permanent setting, variant 1: Mails are only sent to people who have explicitly agreed to the reception or to members (if you have set the reception, for example, by statute)
• Permanent setting, variant 2: Mails go to everyone who does not have a red cross in the customer mask under Mail Reception.

If you select these variants, the system remembers the selection. For the following two options, the action is temporary.

• Temporary, variant 1 and 2: as the Permanent setting, variant 1 and 2. The club decides how to handle these.
• Temporary, variant 3: send really to all (for example, annual accounts or invitation to the General Assembly, if legally secured).

IMPORTANT!
DELETION AND ANONYMISATION ARE IRREVERSIBLE! This is required by law!
Please think in advance what makes sense.

The deletion/anonymization of larger amounts of data must be determined individually after a certain period. Again, this only applies to users with supervisor rights. The button can also be found in the Persons/Privacy configuration menu:

Click on the button to open the following field:

Here one can enter criteria, for example to delete inactive data records from the database. For example, delete the guests from whom you have neither mobile phone nor e-mail address and who haven't visited your club in the last 3 years. These actions are irreversible! If you also want to delete former members, for example, because they have resigned for more than 10 years ago, the former membership must also be removed beforehand! Otherwise these will not be deleted!

You have to create a group of people who meet the criteria of the group you want to delete. This way you can check whether you have selected the right group of people or whether you still need to make some refinements.

As soon as the OK button is clicked, you are prompted with two more security queries before starting the run. This function can take a relatively long time. PC CADDIE shows you the log:

As soon as the function is finished, the number of deleted records (in our example) appears:

You can use the log file to check the process:

The corresponding information behind each note means:

With a check-mark in this field

supervisors can a) access data with inconsistencies and b) process blocked users.

ATTENTION: the users of the app must first agree that they want to continue using the services. This query is the start screen since 24.5.2018, it appears before the user can make any bookings on smartphone or computer.

As long as this is not accepted, or the customers have decided to delete the message, the user can no longer use the functionalities as an end customer. In addition, the club gets an error message if the user requests a new password from the personal mask.

The customer can set whether their name is visible or not under “My Settings”.

Important note: Customers who decide to use anonymity cannot see the other players!

If a member wishes to appear on result lists on the intranet with “N.N.” instead of using his own name with N.N., this setting must be made in the DGV service portal.

Open the service portal and then click on the menu item Club / Member search.

When you have selected the person you want, all you have to do is check the box shown below and confirm with “Save”.

Every registered user can change their settings under http://www.mygolf.de/einstellungen/datenfreigabe.cfm?sq=54705789. All questions about Mygolf are answered exclusively by the German Golf Association e. V. This is NOT a feature supported by PC CADDIE.