Skylinks at Buchanan Fields

Skylinks Privacy Polciy

Effective Date: March 13, 2026

This Privacy Policy (“Policy”) describes how Skylinks (“Skylinks,” “we,” “our,” or “us”) collects, uses, retains, discloses, and protects personal information obtained from or about individuals who interact with Skylinks in any capacity.

Skylinks is a California-based company operating at Skylinks at Buchanan Fields, Concord, California. Skylinks operates multiple business functions under a single organizational umbrella, including but not limited to:

  • Skylinks Golf Club (SGC) — a membership-based golf club offering course access, Pro Shop retail, private lessons, driving range, events, and tournaments
  • Skylinks Web Services (SWS) — the digital infrastructure supporting Skylinks’ online presence, web platforms, and integrated technology systems
  • Skylinks at Buchanan Fields — the physical facility and its associated on-site operations, including food and beverage services

This Policy applies to all Skylinks business units, services, digital properties, and operations. Where a specific business unit has additional or distinct data practices, those are addressed in the applicable supplemental section of this Policy (see Section 8 — Skylinks Golf Club Specific Provisions).

By accessing or using any Skylinks service, facility, website, or digital property, or by providing us with personal information in any context, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

1. Scope of This Policy

This Policy covers personal information collected by Skylinks across all of its operations and touchpoints, including:

  • Skylinks-operated websites, web applications, and online portals
  • In-person interactions at Skylinks facilities
  • Phone, email, SMS, and postal communications with Skylinks staff
  • Third-party platforms through which Skylinks delivers services (e.g., booking platforms, payment processors, event management tools)
  • Any other means by which you provide personal information to Skylinks

This Policy does not apply to third-party websites, platforms, or services that are linked to from Skylinks properties but are not operated by or on behalf of Skylinks. Those entities’ own privacy policies govern the collection and use of your information on their platforms.

2. Information We Collect

Skylinks collects personal information in the following general categories across all business units. Additional categories specific to Skylinks Golf Club are described in Section 8.

2.1 Identity & Contact Information

Full name, mailing address, email address, telephone number, and date of birth (where required for age verification or account creation).

2.2 Account & Profile Information

Username, password (stored in hashed/encrypted form), account preferences, communication preferences, and account activity history.

2.3 Payment & Financial Information

Credit and debit card details, billing address, and transaction history. Skylinks does not store full payment card numbers. All payment card data is processed by our designated third-party payment processor(s) in accordance with Payment Card Industry Data Security Standards (PCI-DSS). Skylinks retains only tokenized payment references and transaction records necessary for billing, accounting, and dispute resolution.

2.4 Communications & Correspondence

Records of phone calls, emails, text messages, web form submissions, and written correspondence between you and Skylinks staff or automated systems.

2.5 Digital & Technical Information

When you access a Skylinks website, web application, or online portal, we may automatically collect: IP address, browser type and version, device type and identifiers, operating system, referring URLs, pages viewed, session duration, and general geographic location derived from IP address. This information is collected through cookies and similar tracking technologies (see Section 5).

2.6 Event & Photography Records

Images or video captured during Skylinks events, programs, or activities conducted at Skylinks facilities, where permitted by applicable law.

2.7 Information from Third-Party Sources

Skylinks may receive personal information about you from third-party platforms or partners through which you interact with Skylinks (e.g., booking platforms, social media, referral programs). Such information is used in accordance with this Policy.

Sensitive Personal Information: Skylinks does not intentionally collect sensitive personal information as defined under the California Privacy Rights Act (CPRA), including Social Security numbers, government-issued ID numbers, financial account credentials, precise geolocation data, racial or ethnic origin, religious beliefs, health or medical data, or biometric identifiers. If you believe sensitive information has been inadvertently submitted to Skylinks, contact us immediately using the information in Section 13.

3. How We Use Your Information

Skylinks uses personal information only for the following legitimate business purposes:

  • Account & Service Administration: Creating and managing your account, delivering services you have requested, and fulfilling contractual obligations.
  • Billing & Payments: Processing transactions, collecting fees, issuing receipts and invoices, managing recurring billing, and resolving payment disputes.
  • Communications: Sending transactional and administrative communications (e.g., confirmations, receipts, account notices, policy updates) and, where you have consented, promotional communications.
  • Customer Service: Responding to inquiries, complaints, feedback, and support requests, and resolving disputes.
  • Safety & Security: Protecting the safety and security of Skylinks personnel, guests, members, and facilities, and detecting, investigating, and preventing fraud, unauthorized access, and other harmful activity.
  • Legal & Regulatory Compliance: Meeting obligations under applicable federal, state, and local law; responding to legal process; and protecting Skylinks’ rights and interests in legal proceedings.
  • Business Operations & Improvement: Analyzing aggregate and anonymized usage data to evaluate and improve Skylinks’ services, facilities, technology, and member experience.
  • Business-Unit-Specific Purposes: As described in Section 8 for Skylinks Golf Club operations.

Skylinks does not sell, rent, or trade your personal information to unaffiliated third parties for their own marketing or commercial purposes.

4. How We Share Your Information

Skylinks shares personal information only in the following circumstances:

4.1 Service Providers & Vendors

We engage trusted third-party service providers who process personal information on our behalf in order to operate and support our business. All such providers are contractually required to: (a) process personal information solely for the purpose of providing services to Skylinks; (b) maintain appropriate technical and organizational security measures; and (c) comply with applicable privacy law. Service provider categories include:

  • Payment processors (e.g., Stripe, Inc.)
  • Website and application hosting, monitoring, and analytics providers
  • Email, SMS, and communications delivery platforms
  • Point-of-sale and retail management system providers
  • Booking and reservation platforms (business-unit specific; see Section 8)
  • Event management and registration platforms
  • Cloud storage and infrastructure providers

4.2 Legal & Regulatory Authorities

Skylinks may disclose personal information to government authorities, law enforcement agencies, courts, or regulatory bodies when: (a) required by applicable law or valid legal process; (b) necessary to respond to a lawful subpoena, court order, or government request; or (c) we believe in good faith that disclosure is necessary to prevent imminent harm, detect or prevent fraud, or protect the rights, safety, or property of Skylinks, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, consolidation, asset sale, reorganization, or similar corporate transaction involving all or a material portion of Skylinks’ assets or operations, your personal information may be transferred to the acquiring or successor entity. You will be notified of any such transfer and of any material changes to this Policy that result from it, in accordance with Section 12.

4.4 With Your Consent

Skylinks may disclose your personal information to third parties for purposes not described in this Policy where you have provided prior, express, and informed consent.

Except as set forth in this Section, Skylinks does not disclose your personal information to third parties.

5. Cookies & Tracking Technologies

Skylinks’ websites and online portals use cookies, web beacons, pixels, and similar tracking technologies to operate and improve our digital services.

Types of technologies we use:

  • Strictly Necessary: Required for core website functionality (e.g., session management, security tokens). These cannot be disabled without impairing site operation.
  • Analytics: Used to collect aggregate, anonymized data about how visitors use our site (e.g., Google Analytics). This data informs improvements to our digital services.
  • Functional: Used to remember your preferences and settings across sessions.

You may manage or disable cookies through your browser settings. Disabling certain cookies may degrade the functionality of Skylinks’ websites or online services. Skylinks does not currently respond to browser “Do Not Track” signals, as no uniform industry or legal standard for such signals exists.

6. Data Retention

Skylinks retains personal information for as long as is reasonably necessary to fulfill the purposes for which it was collected, consistent with the following general guidelines:

  • Active account records are retained for the duration of the account or active relationship.
  • Inactive account and guest records are retained for no less than three (3) years following the last interaction, or longer if required by law.
  • Financial and transactional records are retained for a minimum of seven (7) years to satisfy standard tax, accounting, and audit requirements.
  • Digital and activity logs are retained for up to two (2) years unless longer retention is required.
  • Legal hold: Records subject to an active or reasonably anticipated legal claim, regulatory inquiry, or dispute will be retained until the matter is fully resolved.

When personal information is no longer required, Skylinks will securely delete or irreversibly anonymize it in a manner consistent with applicable law.

7. Data Security

Skylinks maintains a written information security program and implements commercially reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, loss, and destruction. Our security measures include:

  • Encrypted data transmission (SSL/TLS) across Skylinks websites and digital platforms
  • PCI-DSS–compliant payment processing via our designated payment processor(s)
  • Role-based access controls limiting data access to personnel with a legitimate business need
  • Staff training and awareness programs on data privacy and security obligations
  • Periodic review and assessment of security practices and third-party vendor controls

Notwithstanding these measures, no electronic system is completely immune from breach or unauthorized access. Skylinks cannot guarantee the absolute security of your personal information. In the event of a security breach that triggers notification obligations under California law (Cal. Civ. Code §§ 1798.29 and 1798.82), Skylinks will notify affected individuals in the manner and within the timeframes required by applicable law.

8. Skylinks Golf Club (SGC) — Specific Provisions

This Section sets forth data practices specific to Skylinks Golf Club, Skylinks’ membership-based golf and recreation operation. These provisions supplement, and are subject to, the general terms of this Policy.

8.1 Scope

This Section applies to all individuals who interact with Skylinks Golf Club in any of the following capacities:

  • SGC membership enrollment, renewal, and administration
  • Tee-time bookings, rounds of play, and golf course access
  • Pro Shop retail purchases (in-person and online)
  • Driving range, practice facility, and equipment rental use
  • Private golf lessons and instructional programs
  • Participation in SGC events, tournaments, and leagues
  • Food and beverage services on premises
  • Guest access sponsored by an SGC member

8.2 SGC-Specific Information Collected

In addition to the general categories described in Section 2, SGC collects:

  • Membership & Account Information: Membership tier, membership number, NCGA/GHIN handicap index, enrollment and renewal dates, account status, benefit utilization records, and guest privileges exercised.
  • Booking & Activity Records: Tee-time reservations and history (including records from third-party booking platforms such as GolfNow), driving range visits, lesson bookings, event registrations, equipment rentals, and general facility usage logs.
  • Pro Shop & Transactional Records: In-person and online retail purchases, food and beverage charges, event or function deposits, lesson packages, and other point-of-sale transactions.

8.3 SGC-Specific Third-Party Platforms

SGC uses the following third-party platforms in connection with its operations. Each operates under its own privacy policy:

  • GolfNow — tee-time booking and reservation management
  • Stripe, Inc. — payment processing (PCI-DSS compliant; see Section 2.3)
  • NCGA / GHIN — official golf handicap index administration
  • Lightspeed — point-of-sale and retail management
  • Perfect Venue — event and function management

When you interact with SGC through any of these platforms, those platforms may share your name, contact information, and relevant transaction or booking details with SGC solely to fulfill your request. SGC does not control those platforms’ independent data practices.

8.4 SGC Membership Terms Cross-Reference

The collection and use of personal information in connection with SGC membership, billing, cancellation, and guest privileges is also governed by the Skylinks Golf Club Terms and Conditions, which are incorporated by reference herein. In the event of a conflict between the SGC Terms and Conditions and this Policy with respect to privacy matters, this Policy controls.

8.5 SGC-Specific Retention

In addition to the general retention schedules in Section 6:

  • Active SGC membership records are retained for the duration of the membership.
  • Former member records are retained for no less than three (3) years following membership termination or last activity, whichever is later.
  • NCGA/GHIN handicap records are subject to the retention policies of the NCGA and are outside Skylinks’ direct control once transmitted.

9. Your Privacy Rights (California Residents)

Skylinks is committed to respecting and honoring the privacy rights of California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA/CPRA”), and all regulations promulgated thereunder.

California residents have the following rights:

9.1 Right to Know

You may request that Skylinks disclose: (a) the categories of personal information collected about you; (b) the categories of sources; (c) the business or commercial purposes for collection; (d) the categories of third parties to whom it has been disclosed; and (e) the specific pieces of personal information Skylinks holds about you.

9.2 Right to Correct

You may request correction of inaccurate personal information Skylinks holds about you.

9.3 Right to Delete

You may request deletion of personal information Skylinks has collected from you, subject to exceptions where retention is necessary to: complete a transaction; fulfill a legal obligation; detect or prevent fraud or security incidents; exercise or defend legal claims; or support internal uses reasonably aligned with your relationship with Skylinks.

9.4 Right to Opt-Out of Sale or Sharing

Skylinks does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. No opt-out mechanism is required at this time. Should Skylinks’ practices change, this Policy will be updated and you will be notified in accordance with Section 12.

9.5 Right to Limit Use of Sensitive Personal Information

As described in Section 2, Skylinks does not intentionally collect sensitive personal information as defined by the CCPA/CPRA. If you believe we hold such information about you, you may contact us to request that its use be limited to the purposes permitted by law.

9.6 Right to Non-Discrimination

Skylinks will not discriminate against you — including by denying services, charging different prices, or providing a reduced level of service — for exercising any privacy right described in this Section.

9.7 Authorized Agents

You may designate an authorized agent to submit a CCPA/CPRA request on your behalf. Skylinks will require the agent to provide written proof of authorization and may require you to verify your own identity directly with Skylinks prior to processing the request.

9.8 How to Submit a Request

To exercise any right described in this Section, submit a written request to Skylinks using the contact information in Section 13. Include your full name, the email address associated with your Skylinks account or interactions, and a clear description of your request. Skylinks will acknowledge receipt within 10 business days and respond substantively within 45 calendar days, as permitted by law. If additional time is required, Skylinks will notify you of the extension and the reason for it.

10. Marketing Communications

Skylinks may send promotional emails, text messages, or other communications about programs, services, events, merchandise, and updates across its business units.

  • Email: You may opt out of promotional emails at any time via the unsubscribe link in any Skylinks marketing email, or by contacting us at the address in Section 13. Opt-out requests will be honored within 10 business days. Note that opting out of promotional email does not affect necessary transactional and administrative communications (e.g., booking confirmations, billing notices, account or policy updates).
  • SMS / Text Messages: If you have opted in to receive text messages from Skylinks, you may opt out at any time by replying STOP to any Skylinks text message or by contacting us directly.
  • Postal Mail: To be removed from any Skylinks postal mailing list, contact us using the information in Section 13.

11. Third-Party Links & Platforms

Skylinks’ websites and communications may contain links to, or integrations with, third-party websites and platforms not operated by Skylinks. These third parties operate under their own privacy policies, which Skylinks does not govern or endorse. Skylinks is not responsible for the data practices, content, or security of any third-party site or service. We encourage you to review the applicable privacy policies of any third-party platform before providing your personal information.

12. Minors

Skylinks’ services are intended for individuals eighteen (18) years of age or older. Skylinks does not knowingly collect personal information from individuals under the age of 18. If Skylinks becomes aware that personal information has been inadvertently collected from a minor, it will be promptly deleted. If you have reason to believe that a minor’s information has been submitted to Skylinks, please contact us immediately using the information in Section 13.

13. Amendments to This Policy

Skylinks reserves the right to amend, modify, or update this Policy at any time and in its sole discretion. Users and members will be notified of material changes no less than thirty (30) calendar days prior to the effective date of such changes, via email to the address on file and/or by written notice posted conspicuously at Skylinks facilities. For purposes of this Policy, material changes include changes to: the categories of personal information collected; the purposes for which it is used; the categories of third parties with whom it is shared; and the rights available to individuals.

The most current version of this Policy is available at Skylinks facilities upon written request. The effective date at the top of this Policy reflects the date of the most recent revision. Continued use of any Skylinks service or facility on or after the effective date of any amendment constitutes acceptance of the revised Policy. Individuals who do not agree to amended terms should discontinue use of Skylinks services and, if applicable, cancel any Skylinks memberships in accordance with the applicable terms.

14. Contact Information & Privacy Requests

All privacy-related inquiries, rights requests, or correspondence regarding this Policy — including requests pertaining specifically to Skylinks Golf Club — should be directed to:

Skylinks

Skylinks at Buchanan Fields, Concord, California

proshop@skylinksgolf.com

Skylinks will acknowledge all written privacy requests within 10 business days of receipt.