Skylinks Privacy Policy - Skylinks at Buchanan Fields

Effective Date: April 21, 2026

This Privacy Policy (“Policy”) describes how Skylinks (“Skylinks,” “we,” “our,” or “us”) collects, uses, retains, discloses, and protects personal information obtained from or about individuals who interact with Skylinks in any capacity.

Skylinks is a California-based company operating at Skylinks at Buchanan Fields, Concord, California. Skylinks operates multiple business functions under a single organizational umbrella, including but not limited to:

Skylinks Golf Club (SGC) — a membership-based golf club offering course access, Pro Shop retail, private lessons, driving range, events, and tournaments
Skylinks Web Services (SWS) — the digital infrastructure supporting Skylinks’ online presence, web platforms, internal tooling (including browser extensions and automation services), and integrated technology systems
Skylinks at Buchanan Fields — the physical facility and its associated on-site operations, including food and beverage services, the Kids Zone, bounce houses, and recreational amenities

This Policy applies to all Skylinks business units, services, digital properties, internal tools, and operations. Where a specific business unit, tool, or activity has additional or distinct data practices, those are addressed in the applicable supplemental section of this Policy.

By accessing or using any Skylinks service, facility, website, digital property, or internal tool, or by providing us with personal information in any context, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

1. Scope of This Policy

This Policy covers personal information collected by Skylinks across all of its operations and touchpoints, including:

Skylinks-operated websites, web applications, and online portals
Skylinks-operated browser extensions and other internal staff tools (see Section 9)
In-person interactions at Skylinks facilities
Phone, email, SMS, and postal communications with Skylinks staff
Third-party platforms through which Skylinks delivers services (e.g., booking platforms, payment processors, waiver and event management tools)
Video monitoring, gate cameras, and physical-security systems on Skylinks premises (see Section 10)
Any other means by which you provide personal information to Skylinks

This Policy does not apply to third-party websites, platforms, or services that are linked to from Skylinks properties but are not operated by or on behalf of Skylinks. Those entities’ own privacy policies govern the collection and use of your information on their platforms.

2. Information We Collect

Skylinks collects personal information in the following general categories across all business units. Additional categories specific to Skylinks Golf Club are described in Section 8.

2.1 Identity & Contact Information

Full name, mailing address, email address, telephone number, and date of birth (where required for age verification, waiver execution, or account creation).

2.2 Account & Profile Information

Username, password (stored in hashed/encrypted form), account preferences, communication preferences, and account activity history.

2.3 Payment & Financial Information

Credit and debit card details, billing address, and transaction history. Skylinks does not store full payment card numbers. All payment card data is processed by our designated third-party payment processor(s) in accordance with Payment Card Industry Data Security Standards (PCI-DSS). Skylinks retains only tokenized payment references and transaction records necessary for billing, accounting, and dispute resolution.

2.4 Communications & Correspondence

Records of phone calls, emails, text messages, web form submissions, and written correspondence between you and Skylinks staff or automated systems.

2.5 Digital & Technical Information

When you access a Skylinks website, web application, or online portal, we may automatically collect: IP address, browser type and version, device type and identifiers, operating system, referring URLs, pages viewed, session duration, and general geographic location derived from IP address. This information is collected through cookies and similar tracking technologies (see Section 5).

2.6 Event & Photography Records

Images or video captured during Skylinks events, programs, or activities conducted at Skylinks facilities, where permitted by applicable law.

2.7 Waiver & Release Information

For activities that require execution of a liability waiver or participation release (e.g., Kids Zone, bounce houses, certain tournaments, lessons, and private events), Skylinks — directly or through its waiver vendor (e.g., SmartWaiver) — collects the participant’s name, the name and contact information of a parent or legal guardian (if the participant is a minor), date of birth, signature, and waiver execution timestamp. Waiver records are retained in accordance with Section 6.

2.8 Video & Physical-Security Information

Skylinks operates video monitoring and gate-camera systems on its premises, which may capture images of individuals, vehicles, and license plates, together with timestamps and location metadata. See Section 10 for details.

2.9 Information from Third-Party Sources

Skylinks may receive personal information about you from third-party platforms or partners through which you interact with Skylinks (e.g., booking platforms, social media, referral programs). Such information is used in accordance with this Policy.

Sensitive Personal Information: Skylinks does not intentionally collect sensitive personal information as defined under the California Privacy Rights Act (CPRA), including Social Security numbers, government-issued ID numbers, financial account credentials, precise geolocation data, racial or ethnic origin, religious beliefs, health or medical data, or biometric identifiers. If you believe sensitive information has been inadvertently submitted to Skylinks, contact us immediately using the information in Section 18.

3. How We Use Your Information

Skylinks uses personal information only for the following legitimate business purposes:

Account & Service Administration: Creating and managing your account, delivering services you have requested, and fulfilling contractual obligations.
Billing & Payments: Processing transactions, collecting fees, issuing receipts and invoices, managing recurring billing, and resolving payment disputes.
Communications: Sending transactional and administrative communications (e.g., confirmations, receipts, account notices, policy updates) and, where you have consented, promotional communications.
Customer Service: Responding to inquiries, complaints, feedback, and support requests, and resolving disputes.
Safety & Security: Protecting the safety and security of Skylinks personnel, guests, members, and facilities; operating video monitoring and gate-camera systems; and detecting, investigating, and preventing fraud, unauthorized access, and other harmful activity.
Legal & Regulatory Compliance: Meeting obligations under applicable federal, state, and local law; responding to legal process; and protecting Skylinks’ rights and interests in legal proceedings.
Business Operations & Improvement: Analyzing aggregate and anonymized usage data to evaluate and improve Skylinks’ services, facilities, technology, and member experience.
Internal Operational Tools: Using authorized internal browser extensions, dashboards, automation services, and reporting tools (see Section 9) to retrieve operational data from authorized systems for reporting, accounting, scheduling, and facility-management purposes.
Business-Unit-Specific Purposes: As described in Section 8 for Skylinks Golf Club operations.

Skylinks does not sell, rent, or trade your personal information to unaffiliated third parties for their own marketing or commercial purposes.

4. How We Share Your Information

Skylinks shares personal information only in the following circumstances:

4.1 Service Providers & Vendors

We engage trusted third-party service providers who process personal information on our behalf in order to operate and support our business. All such providers are contractually required to: (a) process personal information solely for the purpose of providing services to Skylinks; (b) maintain appropriate technical and organizational security measures; and (c) comply with applicable privacy law. Service provider categories include:

Payment processing (e.g., Stripe, Inc.)
Point-of-sale and retail management (e.g., Lightspeed Retail)
Tee-time booking and reservation platforms (e.g., GolfNow)
Event and function management (e.g., Perfect Venue)
Waiver and release management (e.g., SmartWaiver)
Handicap administration (e.g., NCGA / GHIN)
Operational databases and records (e.g., Airtable)
Cloud hosting, compute, and storage (e.g., Google Cloud Platform, Google Workspace)
Website and application hosting, monitoring, and analytics
Email, SMS, and communications delivery platforms
Internal productivity and collaboration tools (e.g., Notion, Slack)
AI-assisted productivity and workflow tools (see Section 11)

4.2 Legal & Regulatory Authorities

Skylinks may disclose personal information to government authorities, law enforcement agencies, courts, or regulatory bodies when: (a) required by applicable law or valid legal process; (b) necessary to respond to a lawful subpoena, court order, or government request; or (c) we believe in good faith that disclosure is necessary to prevent imminent harm, detect or prevent fraud, or protect the rights, safety, or property of Skylinks, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, consolidation, asset sale, reorganization, or similar corporate transaction involving all or a material portion of Skylinks’ assets or operations, your personal information may be transferred to the acquiring or successor entity. You will be notified of any such transfer and of any material changes to this Policy that result from it, in accordance with Section 17.

4.4 With Your Consent

Skylinks may disclose your personal information to third parties for purposes not described in this Policy where you have provided prior, express, and informed consent.

Except as set forth in this Section, Skylinks does not disclose your personal information to third parties.

5. Cookies & Tracking Technologies

Skylinks’ websites and online portals use cookies, web beacons, pixels, and similar tracking technologies to operate and improve our digital services.

Types of technologies we use:

Strictly Necessary: Required for core website functionality (e.g., session management, security tokens). These cannot be disabled without impairing site operation.
Analytics: Used to collect aggregate, anonymized data about how visitors use our site (e.g., Google Analytics). This data informs improvements to our digital services.
Functional: Used to remember your preferences and settings across sessions.

You may manage or disable cookies through your browser settings. Disabling certain cookies may degrade the functionality of Skylinks’ websites or online services. Skylinks does not currently respond to browser “Do Not Track” signals, as no uniform industry or legal standard for such signals exists.

6. Data Retention

Skylinks retains personal information for as long as is reasonably necessary to fulfill the purposes for which it was collected, consistent with the following general guidelines:

Active account records are retained for the duration of the account or active relationship.
Inactive account and guest records are retained for no less than three (3) years following the last interaction, or longer if required by law.
Financial and transactional records are retained for a minimum of seven (7) years to satisfy standard tax, accounting, and audit requirements.
Waiver and release records are retained for no less than four (4) years following waiver execution or, where the participant was a minor, four (4) years following the participant reaching the age of majority, whichever is longer, consistent with the applicable statute of limitations under California law.
Digital and activity logs are retained for up to two (2) years unless longer retention is required.
Video and gate-camera recordings are retained on a rolling basis for up to thirty (30) days, except for segments preserved in connection with an incident, claim, investigation, insurance matter, or legal hold.
Legal hold: Records subject to an active or reasonably anticipated legal claim, regulatory inquiry, or dispute will be retained until the matter is fully resolved.

When personal information is no longer required, Skylinks will securely delete or irreversibly anonymize it in a manner consistent with applicable law.

7. Data Security

Skylinks maintains a written information security program and implements commercially reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, loss, and destruction. Our security measures include:

Encrypted data transmission (SSL/TLS) across Skylinks websites, browser extensions, and digital platforms
PCI-DSS–compliant payment processing via our designated payment processor(s)
Role-based access controls limiting data access to personnel with a legitimate business need
Secret-management practices for API keys, tokens, and credentials used by Skylinks-operated services
Staff training and awareness programs on data privacy and security obligations
Periodic review and assessment of security practices and third-party vendor controls

Notwithstanding these measures, no electronic system is completely immune from breach or unauthorized access. Skylinks cannot guarantee the absolute security of your personal information. In the event of a security breach that triggers notification obligations under California law (Cal. Civ. Code §§ 1798.29 and 1798.82), Skylinks will notify affected individuals in the manner and within the timeframes required by applicable law.

8. Skylinks Golf Club (SGC) — Specific Provisions

This Section sets forth data practices specific to Skylinks Golf Club, Skylinks’ membership-based golf and recreation operation. These provisions supplement, and are subject to, the general terms of this Policy.

8.1 Scope

This Section applies to all individuals who interact with Skylinks Golf Club in any of the following capacities:

SGC membership enrollment, renewal, and administration
Tee-time bookings, rounds of play, and golf course access
Pro Shop retail purchases (in-person and online)
Driving range, practice facility, and equipment rental use
Private golf lessons and instructional programs
Participation in SGC events, tournaments, and leagues
Food and beverage services on premises
Guest access sponsored by an SGC member

8.2 SGC-Specific Information Collected

In addition to the general categories described in Section 2, SGC collects:

Membership & Account Information: Membership tier, membership number, NCGA/GHIN handicap index, enrollment and renewal dates, account status, benefit utilization records, and guest privileges exercised.
Booking & Activity Records: Tee-time reservations and history (including records from third-party booking platforms such as GolfNow), driving range visits, lesson bookings, event registrations, equipment rentals, and general facility usage logs.
Pro Shop & Transactional Records: In-person and online retail purchases, food and beverage charges, event or function deposits, lesson packages, and other point-of-sale transactions.

8.3 SGC-Specific Third-Party Platforms

SGC uses the following third-party platforms in connection with its operations. Each operates under its own privacy policy:

GolfNow — tee-time booking and reservation management
Stripe, Inc. — payment processing (PCI-DSS compliant; see Section 2.3)
NCGA / GHIN — official golf handicap index administration
Lightspeed Retail — point-of-sale and retail management
Perfect Venue — event and function management
SmartWaiver — liability waiver and participant release management

When you interact with SGC through any of these platforms, those platforms may share your name, contact information, and relevant transaction or booking details with SGC solely to fulfill your request. SGC does not control those platforms’ independent data practices.

8.4 SGC Membership Terms Cross-Reference

The collection and use of personal information in connection with SGC membership, billing, cancellation, and guest privileges is also governed by the Skylinks Golf Club Terms and Conditions, which are incorporated by reference herein. In the event of a conflict between the SGC Terms and Conditions and this Policy with respect to privacy matters, this Policy controls.

8.5 SGC-Specific Retention

In addition to the general retention schedules in Section 6:

Active SGC membership records are retained for the duration of the membership.
Former member records are retained for no less than three (3) years following membership termination or last activity, whichever is later.
NCGA/GHIN handicap records are subject to the retention policies of the NCGA and are outside Skylinks’ direct control once transmitted.

9. Skylinks Tools Browser Extension & Internal Staff Tools

Skylinks operates the Skylinks Tools Chrome extension and related internal staff utilities, distributed privately to authorized Skylinks personnel (including, where applicable, via the Chrome Web Store).

9.1 Purpose

The Skylinks Tools extension provides authorized Skylinks staff with reporting and operational utilities for third-party systems they are already entitled to access — principally Lightspeed Retail (point-of-sale). The extension generates on-demand reports (e.g., sales line-item exports) that are downloaded locally as CSV files to the staff member’s device.

9.2 Data Handling

Authentication: The extension relies exclusively on the staff member’s existing authenticated browser session with the authorized third-party system. The extension does not collect, store, or transmit login credentials, API keys, or authentication tokens.
Data access: When activated on an authorized page, the extension reads the current tab’s URL to identify the merchant account, then issues authenticated API requests directly from the browser to the third-party system’s API.
Data processing: All data retrieved by the extension is processed locally in the browser tab and is not transmitted to any Skylinks-operated server, analytics service, advertising service, or other third party.
Data output: The extension may generate a CSV file containing transaction data — which may include customer first and last names as recorded at the point of sale — and download that file to the staff member’s device. Subsequent handling of downloaded files is governed by Skylinks’ internal data-handling policies and by Sections 6 (Retention) and 7 (Security) of this Policy.
No analytics or telemetry: The extension does not include analytics, tracking, telemetry, or advertising identifiers of any kind.
No remote code: All executable code is packaged in the extension and loaded from the extension bundle; no JavaScript or WebAssembly is loaded from remote sources at runtime.

9.3 Permissions

The extension requests the minimum Chrome permissions required for its function: activeTab (to read the URL of the active authorized tab), scripting (to inject the reporting UI), tabs (to identify the active tab), and host permission to https://us.merchantos.com/* (to make authenticated API calls to Lightspeed Retail).

9.4 Distribution & Authorized Use

The extension is distributed for use by authorized Skylinks staff only and is not intended for use by members of the public. Use of the extension by any individual who is not authorized Skylinks staff is unauthorized and is not permitted under this Policy.

10. Video Monitoring & On-Premises Security

Skylinks operates video cameras and gate-camera systems at Skylinks at Buchanan Fields for purposes of facility security, incident investigation, parking and gate-access management, and operational safety.

Scope of recording: Cameras may capture images of individuals, vehicles, and license plates in monitored areas of the facility, including entry/exit points, parking areas, the driving range, and other common areas. Cameras are not deployed in restrooms, changing areas, or other locations where a reasonable expectation of privacy exists.
Notice: Skylinks posts visible notices at monitored areas consistent with applicable California law.
Access: Access to recordings is limited to authorized Skylinks personnel with a legitimate business need.
Retention: Video recordings are retained on a rolling basis for up to thirty (30) days, except for segments preserved in connection with an incident, claim, investigation, insurance matter, or legal hold.
Disclosure: Video may be disclosed to law enforcement, insurers, or other parties as described in Section 4.

11. Automated Processing & AI-Assisted Tools

Skylinks uses AI-assisted productivity and workflow tools (including, without limitation, Anthropic Claude, Notion AI, and similar services) to support internal operations such as documentation, reporting, scheduling, and communications drafting.

Skylinks does not use AI tools to make legally significant or materially impactful decisions about you (for example, membership eligibility, billing disputes, or access determinations) without human review.
Skylinks does not knowingly submit sensitive personal information (as defined in Section 2) to AI tools, and contracts with AI vendors on terms that prohibit the use of Skylinks data to train public or foundation models.
Skylinks limits the categories of personal information provided to AI tools to what is necessary for the task and uses vendor configurations that restrict data retention and cross-customer use where available.

California residents’ rights concerning automated decision-making, as and when implemented by the California Privacy Protection Agency, are addressed in Section 13.

12. Employee, Contractor & Authorized Staff Data

This Policy primarily addresses personal information about members, customers, and guests. Skylinks also processes personal information about its employees, contractors, and authorized staff in connection with employment and internal-tool use, including:

Identity and contact information, emergency contact information, and payroll/tax information as required by law
Login credentials, access logs, and activity records associated with Skylinks systems, workspaces, and internal tools (including the Skylinks Tools browser extension described in Section 9)
Device and session information generated by use of Skylinks-authorized tools and platforms

Staff personal information is used solely for employment administration, payroll, benefits, operational supervision, security, and legal compliance. Skylinks is committed to processing staff information in accordance with applicable California employment and privacy law, including the CCPA/CPRA as applied to employees and contractors.

13. Your Privacy Rights (California Residents)

Skylinks is committed to respecting and honoring the privacy rights of California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA/CPRA”), and all regulations promulgated thereunder.

California residents have the following rights:

13.1 Right to Know

You may request that Skylinks disclose: (a) the categories of personal information collected about you; (b) the categories of sources; (c) the business or commercial purposes for collection; (d) the categories of third parties to whom it has been disclosed; and (e) the specific pieces of personal information Skylinks holds about you.

13.2 Right to Correct

You may request correction of inaccurate personal information Skylinks holds about you.

13.3 Right to Delete

You may request deletion of personal information Skylinks has collected from you, subject to exceptions where retention is necessary to: complete a transaction; fulfill a legal obligation; detect or prevent fraud or security incidents; exercise or defend legal claims; or support internal uses reasonably aligned with your relationship with Skylinks.

13.4 Right to Opt-Out of Sale or Sharing

Skylinks does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. No opt-out mechanism is required at this time. Should Skylinks’ practices change, this Policy will be updated and you will be notified in accordance with Section 17.

13.5 Right to Limit Use of Sensitive Personal Information

As described in Section 2, Skylinks does not intentionally collect sensitive personal information as defined by the CCPA/CPRA. If you believe we hold such information about you, you may contact us to request that its use be limited to the purposes permitted by law.

13.6 Right to Non-Discrimination

Skylinks will not discriminate against you — including by denying services, charging different prices, or providing a reduced level of service — for exercising any privacy right described in this Section.

13.7 Rights Concerning Automated Decision-Making

As and when applicable regulations take effect, California residents may have rights to receive meaningful information about, and to opt out of, certain forms of automated decision-making. As described in Section 11, Skylinks does not use AI or automated tools to make legally significant or materially impactful decisions about individuals without human review.

13.8 Authorized Agents

You may designate an authorized agent to submit a CCPA/CPRA request on your behalf. Skylinks will require the agent to provide written proof of authorization and may require you to verify your own identity directly with Skylinks prior to processing the request.

13.9 How to Submit a Request

To exercise any right described in this Section, submit a written request to Skylinks using the contact information in Section 18. Include your full name, the email address associated with your Skylinks account or interactions, and a clear description of your request. Skylinks will acknowledge receipt within 10 business days and respond substantively within 45 calendar days, as permitted by law. If additional time is required, Skylinks will notify you of the extension and the reason for it.

14. Marketing Communications

Skylinks may send promotional emails, text messages, or other communications about programs, services, events, merchandise, and updates across its business units.

Email: You may opt out of promotional emails at any time via the unsubscribe link in any Skylinks marketing email, or by contacting us at the address in Section 18. Opt-out requests will be honored within 10 business days. Note that opting out of promotional email does not affect necessary transactional and administrative communications (e.g., booking confirmations, billing notices, account or policy updates).
SMS / Text Messages: Skylinks sends text messages only to individuals who have provided prior express consent. Message and data rates may apply; message frequency varies. You may opt out at any time by replying STOP to any Skylinks text message or by contacting us directly. Reply HELP for assistance. Skylinks’ SMS practices are intended to comply with the federal Telephone Consumer Protection Act (TCPA) and applicable California law.
Postal Mail: To be removed from any Skylinks postal mailing list, contact us using the information in Section 18.

15. Third-Party Links & Platforms

Skylinks’ websites and communications may contain links to, or integrations with, third-party websites and platforms not operated by Skylinks. These third parties operate under their own privacy policies, which Skylinks does not govern or endorse. Skylinks is not responsible for the data practices, content, or security of any third-party site or service. We encourage you to review the applicable privacy policies of any third-party platform before providing your personal information.

16. Minors

Skylinks welcomes guests of all ages at its facilities, including children who may participate in the Kids Zone, bounce houses, family events, and other on-premises activities. Skylinks-operated websites and digital services are not directed to children under the age of thirteen (13) within the meaning of the federal Children’s Online Privacy Protection Act (“COPPA”), and Skylinks does not knowingly collect personal information from children online.

On-premises activities for minors: Where a minor participates in a Skylinks activity that requires a waiver or release (e.g., Kids Zone, bounce houses), Skylinks collects only the minor’s name and date of birth, together with the parent or legal guardian’s name, contact information, and signature, all as described in Section 2.7.
SGC memberships and online accounts: Standard Skylinks Golf Club memberships and online accounts are intended for individuals eighteen (18) years of age or older. A parent or legal guardian may purchase applicable junior programs, lessons, or similar offerings on behalf of a minor.
No online accounts for children under 13: Skylinks does not permit children under thirteen (13) to create Skylinks online accounts or opt into Skylinks marketing communications. If Skylinks becomes aware that such information has been inadvertently collected from a child under 13 online, it will be promptly deleted.
Parental contact: A parent or legal guardian who believes their child has provided personal information to Skylinks may request review and deletion of that information by contacting Skylinks using the information in Section 18.

17. Amendments to This Policy

Skylinks reserves the right to amend, modify, or update this Policy at any time and in its sole discretion. Users and members will be notified of material changes no less than thirty (30) calendar days prior to the effective date of such changes, via email to the address on file and/or by written notice posted conspicuously at Skylinks facilities. For purposes of this Policy, material changes include changes to: the categories of personal information collected; the purposes for which it is used; the categories of third parties with whom it is shared; and the rights available to individuals.

The most current version of this Policy is available at Skylinks facilities upon written request and at the canonical URL on the Skylinks website. The effective date at the top of this Policy reflects the date of the most recent revision. Continued use of any Skylinks service, facility, or internal tool on or after the effective date of any amendment constitutes acceptance of the revised Policy. Individuals who do not agree to amended terms should discontinue use of Skylinks services and, if applicable, cancel any Skylinks memberships in accordance with the applicable terms.

18. Contact Information & Privacy Requests

All privacy-related inquiries, rights requests, or correspondence regarding this Policy — including requests pertaining specifically to Skylinks Golf Club, the Skylinks Tools browser extension, or any other Skylinks business unit — should be directed to:

Skylinks — Privacy Requests
Skylinks at Buchanan Fields
Concord, California
proshop@skylinksgolf.com

Skylinks will acknowledge all written privacy requests within 10 business days of receipt.