Golfos Lab (“Golfos Lab,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit golfoslab.com (the “Site”), use our online booking or payment tools, connect to our on‑site Wi‑Fi, or visit our facility in Key Biscayne, Florida (together, the “Services”).
If you do not agree with this Policy, please do not use the Services.
1) Who we are & how to contact us
Controller: Golfos Lab
Location: 907 Crandon Blvd, Key Biscayne, FL 33149, USA
Email: info@golfoslab.com
Phone: (305) 363-7385
For privacy questions or rights requests, email us or write to: Privacy Department, Golfos Lab, 907 Crandon Blvd Key Biscayne, FL 33149.
2) Scope
This Policy covers personal information we collect:
-
Through our Site and online booking/payment pages;
-
From communications with us (email, SMS, forms, social media);
-
At our facility (including security cameras and swing‑capture systems);
-
From our guest Wi‑Fi (network‑level technical logs).
It does not cover third‑party websites we link to. See Third‑party links below.
3) Information we collect
a) Information you provide
-
Contact & account info: name, email, phone number, address, age range (if relevant for waivers), emergency contact (optional).
-
Bookings & purchases: session details, membership or package choices, gift cards, and order history.
-
Payment info: we use third‑party processors (e.g., Square, USchedule). We do not store full card numbers; tokens and limited billing details may be retained by us and/or the processor for receipts, refunds, and fraud prevention.
-
Communications: emails, SMS, chat messages, reviews, and survey responses.
-
Waivers & consent forms: signatures, acknowledgments, and timestamps.
-
Media you share: photos, video clips, or swing data you upload or ask us to store.
b) Information collected automatically
-
Device & usage data: IP address, device identifiers, browser type, pages viewed, referral URLs, timestamps.
-
Cookies & similar tech: see Cookies & tracking below.
-
Approximate location: derived from IP for security/analytics; we do not collect precise GPS unless you grant permission in your device/browser.
c) In‑facility cameras & swing‑capture systems
-
Security cameras operate in public/common areas to protect guests, staff, and property.
-
Swing‑capture/lesson recordings may be created during simulator sessions for coaching, performance analysis, or a service you request. We’ll only use such recordings for coaching/operational purposes unless you give separate consent for marketing.
d) Guest Wi‑Fi
-
If you join our Wi‑Fi, the network may log device identifiers, IP/MAC address, sites/domains accessed (metadata, not content), connection times, and throughput to operate the network and protect against abuse.
e) Data from partners
-
Booking providers: e.g., Square, USchedule send us your reservation details.
-
Payment processors: transaction confirmations and fraud checks.
-
Analytics & communications tools: aggregate metrics, deliverability status, and engagement (e.g., email opens if your settings allow).
4) How we use information
We use personal information to:
-
Provide the Services: process bookings, take payments, schedule sessions, issue receipts, and deliver swing‑capture/lesson materials.
-
Communicate: confirmations, reminders, updates, and support; with your consent, send promotions or newsletters (opt‑out anytime).
-
Improve and secure our Services: analytics, troubleshooting, fraud and abuse detection, service quality, and facility safety.
-
Legal & compliance: tax/audit, contractual obligations, lawful requests, and to enforce our policies and terms.
If you are in the EEA/UK, our legal bases include contract, legitimate interests, consent (where required), and legal obligations.
5) How we share information
We do not sell personal information. We share it only as needed:
-
Service providers/Processors: website hosting, booking, payment processing, email/SMS, analytics, customer support, and security vendors—each bound by confidentiality and data‑processing agreements.
-
Coaches/instructors: access to your relevant booking and session information to deliver services.
-
Business transfers: if we engage in a merger, financing, or sale of assets, your information may be transferred subject to this Policy.
-
Legal/safety: to comply with law, enforce our terms, or protect rights, safety, or property.
If we ever begin using data for “targeted advertising” or any “sale/‘share’” of personal information (as defined by certain state laws), we will update this Policy and provide required opt‑outs.
6) Cookies & tracking
We use:
-
Essential cookies (security, session management, load balancing);
-
Analytics cookies (e.g., Google Analytics) to understand site usage;
-
Preference cookies (remember choices like language).
You can control cookies in your browser. Some jurisdictions recognize Global Privacy Control (GPC) signals as a valid opt‑out of “sale”/“sharing” under California law; covered businesses must honor such signals. Where required or as a courtesy, we will treat a valid GPC signal as an opt‑out of sale/sharing. California DOJ+1
We currently do not respond to legacy “Do Not Track” (DNT) browser signals.
7) Data retention
We retain information only as long as needed for the purposes in this Policy or as required by law. Typical periods:
-
Bookings & receipts: 7 years (tax/audit).
-
Swing‑capture/lesson media: 90 days by default; longer if you ask us to keep it or if stored in your client account.
-
Security camera footage: ~30–45 days unless needed for an investigation.
-
Website/Wi‑Fi logs: up to 12 months for security and operations.
-
Marketing lists: until you unsubscribe or your subscription becomes inactive (and is then deleted or anonymized).
8) Your privacy choices & rights
Universal choices
-
Marketing: unsubscribe via email footer or reply STOP to SMS to opt out. Transactional messages (e.g., booking confirmations) may still be sent.
-
Cookies/analytics: adjust browser settings, use built‑in privacy controls.
State privacy rights (U.S.)
Depending on where you live, certain U.S. state laws give you rights to access, delete, correct, receive a copy, and opt out of targeted advertising or the sale/sharing of personal information. If applicable, you may exercise these rights by emailing info@golfoslab.com. If we decline a request, you may appeal by replying to our decision; we will review and respond within the time required by law.
California (CCPA/CPRA): California consumers have rights including access, deletion, correction, and the right to opt out of sale or sharing (including via GPC). We will not discriminate against you for exercising your rights. Learn more from the California Attorney General and the California Privacy Protection Agency. California DOJCalifornia Privacy Protection Agency
Florida note: Florida’s Digital Bill of Rights (FDBR) primarily targets very large technology companies (e.g., entities with over US$1B in global annual revenue meeting additional criteria). Most small businesses are outside its scope, but we respect Floridians’ privacy and will respond to reasonable requests. If the FDBR becomes applicable to us, we will update this Policy. White & CaseGreenberg TraurigClifford Chance
EEA/UK rights (GDPR)
If you are in the EEA/UK, you may have rights to access, rectify, erase, restrict, object, and data portability, and to withdraw consent where processing is based on consent. Controllers must facilitate requests; processors must assist controllers. International transfers outside the EEA use safeguards such as Standard Contractual Clauses (SCCs) where required. European Data Protection BoardEuropean Commission
To exercise any rights, contact us at info@golfoslab.com. We will verify your identity and respond within the timeframe required by applicable law.
9) Children’s privacy
Our Site is not directed to children under 13, and we do not knowingly collect personal information from them online. Parents/guardians may book sessions for minors; in those cases, we process the parent/guardian’s information and limited minor details strictly to provide the requested services. If you believe we collected a child’s data in error, contact info@golfoslab.com and we will delete it.
10) Security
We employ administrative, technical, and physical safeguards designed to protect personal information (e.g., access controls, encryption in transit, secure payment processing, staff training). No system is 100% secure; please use strong passwords and notify us promptly of any suspected unauthorized access.
11) International visitors
Our systems are hosted in the United States. If you access the Services from outside the U.S., your information may be processed in the U.S. and other countries with different data‑protection laws. Where required for EEA/UK data, we use lawful transfer tools (e.g., SCCs). European Commission
12) SMS & email communications
By providing your email or mobile number, you agree we may send you transactional messages (e.g., booking confirmations, reminders). Marketing messages require your consent where required by law and include an opt‑out (email “unsubscribe”; SMS reply STOP). Message and data rates may apply.
13) Third‑party links and tools
The Services may link to third‑party websites or integrate third‑party tools (e.g., booking, payments, analytics). Those parties’ privacy practices govern their handling of your data. Review their privacy policies before providing information. Examples you may use include:
-
Booking: Square, USchedule
-
Payments: Square, USchedule
-
Analytics: Google Analytics
14) Changes to this Policy
We may update this Policy to reflect changes to our practices or the law. We will post the updated version with a new effective date and, where required, notify you. Your continued use of the Services after an update means you accept the revised Policy.
15) How to reach us
Questions, concerns, or rights requests:
Email: info@golfoslab.com
Mail: Attn: Privacy Officer, Golfos Lab, 907 Crandon Blvd, Key Biscayne, FL 33149, USA