GDPR Compliance

Last updated: January 1, 2024

1. Introduction

Found It Golf™ is committed to protecting the privacy rights of European Union residents under the General Data Protection Regulation (GDPR). This page explains your rights and how we comply with GDPR requirements in our patent-pending golf equipment tracking services.

2. Data Controller Information

Data Controller: Found It Golf, Inc.
Address: [Company Address]
Email: gdpr@founditgolf.com
Data Protection Officer: dpo@founditgolf.com

3. Your Rights Under GDPR

3.1 Right to Information (Articles 13-14)

You have the right to be informed about the collection and use of your personal data. This information is provided in our Privacy Policy and this GDPR compliance page.

3.2 Right of Access (Article 15)

You have the right to obtain:

• Confirmation that your data is being processed
• Access to your personal data
• Information about how your data is processed
• A copy of your personal data

How to exercise: Submit a request to gdpr@founditgolf.com with proof of identity.

3.3 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if it's incomplete.

How to exercise: Update your information through your account settings or contact us at gdpr@founditgolf.com.

3.4 Right to Erasure (Article 17)

You have the right to have your personal data deleted in certain circumstances:

• The data is no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required for compliance with legal obligations

Note: This right is not absolute and may be limited by legal obligations or legitimate interests.

3.5 Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification of legitimate grounds

3.6 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Applies to: Data processed based on consent or contract, and processed by automated means.

3.7 Right to Object (Article 21)

You have the right to object to processing based on:

• Legitimate interests (including profiling)
• Performance of a public interest task
• Exercise of official authority
• Direct marketing (absolute right)

3.8 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.

Our Practice: Found It Golf™ does not engage in automated decision-making that produces legal effects or significantly affects users.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

4.1 Contractual Necessity (Article 6(1)(b))

• Account creation and management
• Equipment registration and tracking
• Communication for equipment recovery
• Service delivery and support

4.2 Legitimate Interests (Article 6(1)(f))

• Security and fraud prevention
• Service improvement and development
• Analytics and usage monitoring
• Business operations and administration

4.3 Consent (Article 6(1)(a))

• Marketing communications
• Location tracking (where not essential)
• Non-essential cookies
• Optional features and services

4.4 Legal Obligation (Article 6(1)(c))

• Tax and accounting requirements
• Legal compliance and reporting
• Response to lawful requests

5. Data Processing Activities

5.1 Categories of Personal Data

• Identity Data: Name, username
• Contact Data: Email, phone number
• Technical Data: Device ID, IP address, usage data
• Location Data: GPS coordinates (with consent)
• Communication Data: Messages for equipment recovery

5.2 Data Subjects

• Service users and account holders
• Equipment owners
• Equipment finders
• Website visitors

5.3 Recipients of Personal Data

• Authorized employees and contractors
• Cloud service providers (with appropriate safeguards)
• Analytics providers (anonymized data)
• Legal authorities (when required by law)

6. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved contracts with data importers
• Binding Corporate Rules: Internal data protection rules
• Certification Schemes: Recognized data protection certifications

7. Data Retention

We retain personal data only as long as necessary:

• Account Data: Until account deletion or 3 years of inactivity
• Equipment Data: Until equipment is unregistered
• Communication Data: 30 days after successful recovery
• Legal Requirements: As required by applicable law
• Log Data: 12 months for security purposes

8. Data Security Measures

We implement appropriate technical and organizational measures:

• Encryption: Data encrypted in transit and at rest
• Access Controls: Role-based access with regular reviews
• Security Monitoring: Continuous monitoring and incident response
• Employee Training: Regular data protection training
• Privacy by Design: Data protection built into system design

9. Data Breach Procedures

In case of a personal data breach, we will:

• Notification to Authority: Within 72 hours (where required)
• Individual Notification: Without undue delay (if high risk)
• Documentation: Maintain records of all breaches
• Investigation: Analyze causes and implement improvements

10. Children's Data

Our services are not directed to children under 16. We do not knowingly process personal data of children without appropriate consent from parents or guardians.

11. Exercising Your Rights

11.1 How to Submit Requests

1. Email us at gdpr@founditgolf.com
2. Include proof of identity
3. Specify which right you wish to exercise
4. Provide any relevant details

11.2 Response Times

• Standard Response: Within 1 month
• Complex Requests: Up to 3 months (with notification)
• Urgent Requests: Prioritized handling

11.3 Verification Process

To protect your privacy, we may need to verify your identity before processing requests. This may include:

• Email verification
• Account authentication
• Identity document verification (for sensitive requests)

12. Complaints and Supervisory Authority

If you're not satisfied with our response to your GDPR request, you have the right to lodge a complaint with:

• Your local data protection authority
• The data protection authority in your EU member state
• The Irish Data Protection Commission (our lead supervisory authority)

13. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Significant changes will be communicated through:

• Email notifications to users
• Updates to this page
• In-app notifications

14. Contact Information

For GDPR-related inquiries:

• GDPR Requests: gdpr@founditgolf.com
• Data Protection Officer: dpo@founditgolf.com
• General Privacy: privacy@founditgolf.com
• Phone: [Phone Number]
• Address: [Company Address]