Here you will find all the information about the Otepää  Golf data processing policy. Our aim is to be a trustworthy partner in the processing of your personal data and to respect your rights.


1.1 Terms are used as defined in the General Terms. Terms in the field of personal data are used in the Privacy Policy with the meanings given to them in the General Data Protection Regulation (2016/679), and here we define only those that are relevant to Us.

1.2 Data Subject is a natural person about whom We have information or information that identifies a natural person, i.e. a Visitor, Player, Customer Representative, etc.. 

1.3 Privacy Policy is the text of our privacy policy.

1.4 Customer means any natural or legal person who uses or has expressed a wish to use Our Services, including the Player and the Visitor.

1.5 Agreement means the agreement between Us and the Customer for the provision of the Service or any other agreement, including the General Terms and Conditions and other applicable procedures and policies. 

1.6 The Website is primarily Our website https://www.otepaagolf.com/, as well as Our social media pages (e.g. Facebook, LinkedIn), mobile applications.

1.7 A Visitor is a person who uses the Golf Centre or the Website. 

1.8 Services are all kinds of services and products provided by Us.

1.9 Cookies are data files that are sometimes stored on the Website on the Visitor’s device.


2.1 We are the legal entities Proformest OÜ, the operator of the sports field and e-shop SA Lõuna-Eesti Golf and Saga Golf AS, contact: info@otepaagolf.com, who process Your personal data as data controllers.

2.2 The Privacy Policy forms an integral part of the Agreement between Us and the Customer.

2.3 The Privacy Policy applies to Data Subjects, and the rights and obligations set out in the Privacy Policy apply to all of Our employees and associates who come into contact with personal data in Our possession. 


3.1 We aim to process personal data responsibly and in accordance with best practice. All of our processes, policies, operations and activities relating to the processing of personal data are guided by the following principles: lawfulness, fairness, transparency, purposefulness, minimisation, accuracy, retention limitation, reliability and confidentiality, and data protection by default and by design. 


4.1 We collect the following types of personal information: 

(1) Personal data disclosed by the data subject to Us;

(2) Personal data that arises as a result of the ordinary course of dealings between you and us; 

(3) Personal data that are manifestly made public by the data subject (e.g. on social media);

(4) Personal data generated by the use of the Services (e.g. account, reservation system, GolfBox);

(5) Personal data (e.g., photos taken at Competitions, golf-related data (club affiliation, HCP, competition results, golf club results, tee times), data related to participation in training sessions, competitions and training programs) collected as a result of visiting the Website and Otepää Golf;

(6) Personal data from third parties;

(7) Personal data created by us and combined (email correspondence or order history in the context of a customer relationship). 


We use the following grounds for processing personal data under the law:

5.1 On the basis of consent, we process personal data strictly within the limits, scope and purposes specified by the Data Subject. The data subject gives us his or her consent voluntarily, specifically, knowingly and unambiguously, for example, by ticking a box on the Website or in the reservation system. The data subject is informed that he or she can always withdraw consent. 

5.2 In entering into and performing the Agreement, we may process personal data for the following purposes: 

(1) Pre-contractual measures taken at the request of the Data Subject;

(2) Identification of the Customer and/or the Visitor to the extent required by due diligence, e.g. submission of data in an e-shop;

(3) performance of its obligations to the Customer and/or the Visitor in relation to the provision of the Services, e.g. the transfer of Personal Data for the processing of orders and the delivery of goods from the purchaser to the data subject or, at the request of the data subject, to a third party; as well as the transfer of Personal Data to a carrier and/or postal service provider for the purpose of delivering goods;

(4) Customer and/or Visitor communications; 

(5) Arranging for and ensuring the fulfilment of the customer’s payment obligations, i.e. arranging for the payment service, submitting and handling the instalment application;

(6) Submission, realisation and defence of claims.

5.3 Legitimate Interest means Our interest in managing or operating Our business to enable Us to provide the best possible Services in the market. The processing of personal data must not unduly prejudice your rights. We process your personal data on the basis of legitimate interest for the following purposes:

(1) Booking system and HCP-keeping. We may use the data to enable you to play golf, to organise competitions and training sessions and to maintain your HCP.  

(2) to ensure a trustworthy user experience, which includes the processing of personal data strictly necessary for the purpose of identifying the beneficial owner, complying with anti-money laundering or anti-terrorism requirements or preventing fraud;

(3) to manage and analyse the Visitor Base in order to improve the availability, choice and quality of the Services and to provide the best and most personalised offers to the Customer, subject to the Customer’s consent;

(4) Identifiers and personal data about Visitors and Customers collected when using the Website, Our social media pages, mobile applications and other channels and Services. We use the data we collect to analyse web analytics or mobile and information society services, to ensure the functioning of these channels, to improve them, to compile statistics and to analyse Visitor behaviour and experience and to provide a better and more personalised Service;

(5) for the organisation of campaigns, including personalised and targeted campaigns, Customer and Visitor Satisfaction Surveys and to measure the effectiveness of the marketing activities carried out;

(6) to make recordings. We may record notices and instructions given at the Golf Centre (e.g. video recordings on the premises) and by means of communication (email, telephone, etc.), as well as information and other actions we have taken and, where necessary, use those recordings to evidence those instructions or other actions;

(7) for network, information and cyber security reasons, such as measures taken to combat piracy, obscenity and hate speech, propaganda and untruthful information, and measures taken to ensure the security of the Website and to make and store backups;

(8) we may share personal information when we enter into or negotiate a business transaction involving the sale or transfer of all or substantially all of our business or assets. These transactions may include any merger, financing, acquisition or bankruptcy operation or proceeding;

(9) for the drafting, submission or defence of legal claims.

5.4 To comply with our legal obligations, we process personal data to fulfil our legal obligations. For example, legal obligations to process payments or comply with money laundering rules.

5.5 New target. In cases where the processing of personal data is for a new purpose compared to that for which the personal data was originally collected or is not based on the consent of the Data Subject, we will carefully assess the permissibility of such new processing. In order to determine whether the processing for the new purpose is compatible with the purpose for which the Personal Data was originally collected, we will take into account, inter alia:

(1) the link between the purposes for which the personal data were collected and the purposes for which further processing is envisaged;

(2) the context in which the Personal Data is collected, in particular the relationship between the Data Subject and Us;

(3) the nature of the personal data, in particular whether special categories of personal data or personal data relating to criminal convictions and offences are processed;

(4) the possible consequences for Data Subjects of the proposed further processing;

(5) appropriate safeguards, such as encryption.

5.6 To conclude and perform an employment contract. On the basis of the conclusion (and performance) of the contract and legitimate interest, the processing of personal data of employees of Mei and of job applicants includes: 

(1) Processing of employee’s personal data in accordance with what is required by law and necessary for the performance of the employment contract between us and the employee. In particular, each employee will comply with the principles set out in this Privacy Policy when processing data subjects’ data. 

(2) the processing of data provided to Us by a job applicant for the purpose of concluding an employment contract and the processing of personal data collected from national databases and registers and public (social) media.  If the job applicant is not selected, we will keep the personal data collected for the purpose of the employment contract for one year in order to make the job offer to the job applicant when a suitable vacancy becomes available. 


6.1 We cooperate with persons to whom we may disclose data relating to Data Subjects, including personal data, in the course of and for the purposes of such cooperation. 

6.2 In particular, such third parties are reservation system administrators; organisers of competitions, persons involved in HCP booking and applications (GolfBox, Estonian Golf Association), which may themselves be controllers or processors. A third party controller means that all personal data is collected and processed by or under the instructions of the controller, and We will only process personal data in accordance with the instructions and directions of the controller. 

6.3 Such third parties also include development partners, advertising and marketing partners, customer satisfaction survey companies, debt collection service providers, payment default registers, ICT partners i.e. providers of various technical services, billing service providers provided that:

(1) The corresponding purpose and processing of is lawful;

(2) processes personal data in accordance with Our instructions and on the basis of the applicable Agreement.

6.4 As a general rule, we do not transfer personal data outside the European Economic Community. If we transfer personal data outside the European Union, we will only do so in compliance with data protection legislation if the European Commission has decided that there is ‘adequate protection’ in that country or, in the absence of such a decision, we have put in place adequate safeguards (such as binding intra-group rules or standard data protection clauses).


7.1 We will only keep personal data for the strict minimum period necessary. Personal Data that has expired its retention period will be destroyed or anonymised using best practices and in accordance with the procedures established by Us.

7.2 We have put in place policies and procedures to ensure the security of personal data through the use of both organisational and technical measures. 

7.3 In the event of any incident involving personal data, we will take all necessary measures to mitigate the consequences and to mitigate relevant risks in the future. Among other things, we will record all incidents and, where appropriate, notify the Data Protection Inspectorate and the Data Subject directly (e.g. by e-mail) or publicly (e.g. through national media).


8.1 We do not knowingly collect information about persons under the age of 13, i.e. Children, and we will act on the basis of the wishes of a parent or guardian if we knowingly do so.  

8.2 However, if we become aware that we have collected personal data from or about a Child without the consent of the parent or guardian, we will use our best efforts to stop the processing of such personal data or to obtain the consent of the guardian or parent. 


9.1 Rights related to consent:

(1) The data subject has the right to notify us at any time of his or her wish to withdraw consent to the processing of personal data. Withdrawal of consent does not affect the lawfulness of the prior processing. You can review, modify and withdraw the consents you have given us by contacting us. You can find contact details in section 13 of the Privacy Policy.   

9.2 The Data Subject also has the following rights in relation to the processing of Personal Data:

(1) Right to information, i.e. the right of the data subject to obtain information about personal data collected about him or her. 

(2) Right of access which includes the right of the Data Subject to a copy of the Personal Data Processed. 

(3) The right to rectify inaccurate personal data. The data subject may also have the possibility to correct incorrect data by contacting us. 

(4) Right to erasure, i.e. in certain cases, the Data Subject has the right to request the erasure of Personal Data, for example, where processing is based solely on consent. 

(5) The right to request restriction of processing. This right arises, for example, if the processing of Personal Data is not permitted by law or temporarily if the Data Subject contests the accuracy of the Personal Data. 

(6) Right to data portability, i.e. the right of the data subject to receive personal data in machine-readable form with him or her or transferred to another controller. 

(7) Rights in relation to automated processing mean that the Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on automated decisions. 

(8) Right to an assessment by the supervisory authority as to whether the Processing of the Data Subject’s Personal Data is lawful;

(9) Right to compensation where the processing of personal data has caused damage to the Data Subject. 


10.1 Exercise of rights. The data subject has the right to contact us at the contact details provided in section 13 in the event of a question, request or complaint regarding the processing of personal data.

10.2 Making a complaint. The data subject has the right to lodge a complaint with us, the Data Protection Inspectorate or a court. The contact details of the Data Protection Inspectorate (DPA) can be found on the DPA website at: https://www.aki.ee/ .


11.1 We may collect information about Visitors to the Website and other information society services using Cookies (i.e. small pieces of information stored by the Visitor’s browser on the hard drive of the Visitor’s computer or other device) or other similar technologies (e.g. IP address, device information, location information) and process that information. 

11.2 We use the information we collect to enable the provision of the Service according to the Visitor’s or Customer’s habits; to ensure the best quality of the Service; to inform the Visitor and Customer about content and make recommendations; to make advertisements more relevant and enhance marketing efforts; to facilitate log-in and data protection. The data collected will also be used to count the number of visitors and to record their usage patterns.

11.3 We use session, permanent and promotional cookies. Session Cookies are automatically deleted after each visit; persistent Cookies are retained for repeated use of the Website and advertising and third party Cookies are used by our partners’ websites linked to our Websites. We do not control the creation of these Cookies, so you can obtain information about these Cookies from third parties. 

11.4 With regard to cookies, Visitors agree to their use on the Website, in the settings of the Information Society Service or in the web browser. Whether or not to enable or disable cookies and other similar technologies is under the Visitor’s control through his or her web browser settings, information society service settings, and privacy-enhancing platforms such as All About Cookies: descriptions of cookies and other online technologies used; Your Online Choices; About Ads; Network Advertising,   (in English): a platform for the control and monitoring of cookies and other online technologies, which allows the Data Subject to modify and control how personal data is used.


12.1 For the best way to comply with our data protection obligations, the contact person is Kristi Laur, who can be contacted by email at info@otepaagolf.com.


13.1 We reserve the right to unilaterally change these Privacy Terms. We will notify Data Subjects of any changes on Our Website, at the Golf Centre, by e-mail or otherwise.

13.2 Latest changes to the Privacy Policy and effective date: 

Publication Date of entry into force Main changes

05.06.2020 05.06.2020 Original text

03.02.2021 01.03.2021 Changes in the sale of roads and products.