Privacy Policy
Our Policy
Last Updated: 1 July 2026
Welcome to Bay17 Indoor Golf & Social Club. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from), book a simulator bay, buy our products, or interact with us, and tell you about your privacy rights and how the law protects you.
Bay17 Indoor Golf & Social Club is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this privacy policy).
1. The Data We Collect About You
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
-
Identity Data: Includes first name, last name, username or similar identifier.
-
Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
-
Financial Data: Includes bank account and payment card details (processed securely via PCI-DSS compliant third-party payment gateways).
-
Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us (e.g., bay bookings, or merchandise).
-
Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
-
Usage Data: Includes information about how you use our website, products, and services.
-
Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.
2. How and Why We Use Your Personal Data
Under the UK GDPR, we must always have a lawful basis for using personal data. The table below outlines how we use your data and our legal justifications for doing so:
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
| To register you as a new customer/member | Identity, Contact | Performance of a contract with you |
| To process and deliver your booking or order (including managing payments, fees, and charges) | Identity, Contact, Financial, Transaction |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
| To manage our relationship with you (e.g., notifying you about changes to our terms or privacy policy) | Identity, Contact, Profile, Marketing |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance) | Identity, Contact, Technical | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) |
| To deliver relevant website content and advertisements to you | Identity, Contact, Profile, Usage, Marketing, Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, and grow our business) |
3. Sharing Your Personal Data
We do not sell your personal data. However, we may share your personal data with the parties set out below for the purposes set out in the table above:
-
Service Providers: IT and system administration services, payment processors (e.g., Stripe), and booking management software providers.
-
Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
-
HM Revenue & Customs (HMRC): Regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
4. International Transfers
Many of our external third-party service providers (such as cloud hosting or booking software tools) may be based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
Where we use certain service providers, we may use specific contracts approved for use in the UK (the International Data Transfer Agreement or Addendum) which give personal data the same protection it has in the UK.
5. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (such as the ICO) of a breach where we are legally required to do so.
6. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
By UK law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for tax purposes.
7. Your Legal Rights
Under the UK data protection laws, you have rights in relation to your personal data:
-
Request access to your personal data (commonly known as a “data subject access request”).
-
Request correction of the personal data that we hold about you.
-
Request erasure of your personal data.
-
Object to processing of your personal data where we are relying on a legitimate interest.
-
Request restriction of processing of your personal data.
-
Request the transfer of your personal data to you or to a third party.
-
Withdraw consent at any time where we are relying on consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal data.
8. Third-Party Links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
9. Contact Details & Complaints
If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:
-
Full name of legal entity: Bay17 Golf Limited [Update if accurate]
-
Company Registration Number: [Insert UK Company Number]
-
ICO Registration Number: [Insert ICO Registration Number]
-
Email address: info@bay17golf.co.uk
-
Postal address: Building 17, Weedon Depot, Northamptonshire, NN7 4PS
Right to Complain: You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.