Data Processing Addendum

1. Parties

The customer is the Controller.

Golf Sherpa LTD is the Processor, unless the parties agree otherwise in writing.

2. Subject Matter

Golf Sherpa processes personal data to provide golf event, competition, scoring, app, venue software and related services.

3. Duration

Processing continues for the duration of the agreement and any period required for deletion, return, legal retention or dispute handling.

4. Nature and Purpose of Processing

Processing may include:

• Account creation
• Event registration
• Player management
• Tee time and group management
• Score entry
• Leaderboard display
• Handicap collection
• Communications
• Analytics and reporting
• Support
• Payment status management
• Technical hosting and storage

5. Types of Personal Data

Personal data may include:

• Names
• Email addresses
• Phone numbers
• Club details
• Handicap or playing ability
• Event registration data
• Scores and results
• Tee times
• Team allocations
• Payment status
• Dietary or accessibility requirements
• Device and app usage data
• Communications data

6. Categories of Data Subjects

Data subjects may include:

• Golfers
• Event participants
• Club members
• Venue customers
• Organisers
• Staff
• Volunteers
• Sponsors or guests
• Corporate event attendees

7. Processor Obligations

Golf Sherpa will:

• Process personal data only on documented instructions.
• Ensure authorised personnel are subject to confidentiality obligations.
• Apply appropriate technical and organisational measures.
• Assist the controller with data subject rights where reasonably possible.
• Assist with security, breach and compliance obligations where required.
• Delete or return personal data at the end of the services unless retention is legally required.
• Make reasonable information available to demonstrate compliance.

8. Sub-Processors

Golf Sherpa may use sub-processors for hosting, storage, email, analytics, payments, app services and technical support.

Golf Sherpa will ensure sub-processors are subject to appropriate contractual obligations.

9. Security Measures

Security measures may include:

• Access controls
• Authentication
• Role-based permissions
• Encryption where appropriate
• Secure hosting
• Backups
• Logging and monitoring
• Staff and contractor access restrictions
• Supplier due diligence

10. Personal Data Breaches

Golf Sherpa will notify the controller without undue delay after becoming aware of a personal data breach affecting controller data.

The notification will include information reasonably available to Golf Sherpa at the time.

11. International Transfers

Golf Sherpa will not transfer personal data outside the UK unless appropriate safeguards are in place.

12. Audit

Golf Sherpa will provide reasonable information to demonstrate compliance.

Audits must be reasonable, proportionate, confidential and not disrupt Golf Sherpa’s operations.