Book Event
Book Now
Menu
Perks
Book Event
Book Now
Menu
Perks
Book Event
Book Now

Information Technology SOP X: Guest Data Retention & Deletion (Booking System + Puttshack Perks) — US & UK

Document Information

Document Owner: IT Department (in coordination with Legal/Privacy and Guest Services)
Version: 1.1
Effective Date: 18-Mar-2026
Last Reviewed: 15-April-2026
Review Cycle: Annually (or upon material system/legal change)

Purpose

This SOP establishes standardized procedures for retaining, securing, and deleting guest personal data collected through Puttshack’s booking system and Puttshack Perks (loyalty program, including SMS/email marketing) across the United States and the United Kingdom. It aligns operational practices with Puttshack’s published privacy commitments and ensures consistent handling of data subject requests (especially deletion).

Scope

This SOP applies to all Puttshack personnel, processes, and systems that create, access, store, export, or process guest personal data in connection with:

Bookings/reservations (online and venue-supported workflows)
Puttshack Perks enrollment and operation
Transactional communications (booking confirmations/updates)
Marketing communications (email and SMS where opted-in)
Customer support tooling used to respond to guest requests
Supporting infrastructure (AWS-hosted live backups, logs, data exports)

Out of scope: EU-only requirements and EU-specific processes. UK coverage remains in scope.

Policy Statement (Retention & Deletion Rule)

1. Default retention: 5 years (Bookings + Perks): Puttshack retains booking data for 5 years and Perks guest personal data for 5 years after a guest indicates they no longer want to participate in the program, unless a guest requests deletion.
2. Deletion upon guest request: Puttshack will process deletion requests after reasonable identity verification and review for legal/operational exceptions.
3. No sale of guest data: Puttshack does not sell, rent, or license guest personal information to third parties for their independent use.
4. Permitted sharing: Guest data may be shared with affiliates and service providers (e.g., AWS, messaging/SMS delivery, fraud prevention, payment processing, customer support tooling) strictly for legitimate business purposes.

Procedures

A. Retention (Default)

5. Systems of Record: Booking platform and Perks platform (or shared profile database) are treated as systems of record for covered guest identifiers.
6. Retention Rule: Retain guest personal data based on Retention Period (below) unless a verified deletion request is received and approved. Personal data that has reached the end of its applicable Retention Period or is subject to a verified deletion request will be securely deleted or anonymized.
7. Access Control: Role-based access required (least privilege). Administrative access requires MFA and is restricted to authorized IT staff.

B. Guest Deletion Requests (Bookings + Perks)

8. Intake: Requests may be received via help@puttshack.com or approved internal support channels.
9. Ticketing & Tracking: Guest Services creates a ticket tagged: Privacy Request – Deletion.
10. Identity Verification: Verify the requestor using reasonable methods (e.g., matching email/phone used in booking/Perks).
11. Data Mapping / Systems to Check: IT must locate guest data across: Booking system records; Puttshack Perks records; Email/SMS marketing platforms; Customer support system records; Data exports; AWS-hosted live backups and logs (see Appendix A).
12. Deletion Execution Standard: Primary method: delete the guest record(s) from production systems. If deletion would break referential integrity: perform de-identification (remove/replace first name, last name, email, phone, DOB with nulls or irreversible tokens).
13. Completion & Confirmation: Guest Services confirms completion to the guest, or provides a partial/denied outcome with rationale if an exception applies.

C. Deletion Exceptions

Deletion may be denied or limited where retaining information is necessary to:

comply with legal obligations (e.g., accounting, tax, litigation hold);
complete or document transactions, resolve disputes, enforce agreements;
detect/prevent fraud or security incidents;
support debugging/repair of system issues.

Appendix A: Retention Schedule (Infrastructure & Supporting Data)

Infrastructure data follows the schedule below to ensure system performance and security best practices.

Data Category

Retention Period

Rationale / Notes

Primary Guest Profile (Booking/Perks)

Booking: 5 years

Perks: 5 years after guestindicates they no longer want to participate in the program

Reasonable, justified retention period based on business purpose.

AWS Live Backups (Point-in-Time Recovery)

35 Days (Rolling)

AWS RDS/DynamoDB backups are captured live. Data is overwritten/expired on a rolling basis.

System & Application Logs (CloudWatch/S3)

1 Year

Retained for security auditing, troubleshooting, and fraud investigation.

Transactional Email/SMS Metadata

2 Years

Records of message delivery (not necessarily content) for operational tracking.

Customer Support Tickets (Resolved)

7 Years

Retained for historical context and legal defense (e.g., incident records).

Payment Metadata (Non-PCI)

7 Years

Transaction IDs and amounts (no card numbers) for tax and accounting audits.

Temporary Data Exports / Reports

90 Days

Staff-generated exports must be deleted once the specific business task is complete.

Video

(complete)

(complete)

Note on AWS Live Backups

Puttshack utilizes AWS-native backup features (such as RDS Automated Backups or DynamoDB Point-in-Time Recovery) that capture changes live as they occur. When a guest is deleted from the production database, that deletion is reflected in the live state. Because backups are point-in-time snapshots, a deleted guest may still exist in historical backup files for the duration of the rolling retention period (e.g., 35 days). In the event of a system restore, IT must ensure that any guest deletion requests processed after the backup timestamp are re-applied to the restored production environment.

Compliance

Adherence to this SOP is mandatory for all covered personnel.
Non-compliance may lead to disciplinary action and/or access removal.
Annual audit (or delegated review) must include sampling deletion requests for completeness and evidence across both Booking and Perks systems.

Revision History

18-Mar-2026: Initial Draft (v1.0)
18-Mar-2026: Updated to include Puttshack Perks, US/UK scope, and AWS Live Backup Appendix (v1.1)
15-April-2026: Updated to reflect revisions to Privacy Policy

Timelines Summary

 

Step

Actor

Timeframe

Intake & Ticket Creation

Guest Services

Within 2 business days

Identity Verification

Guest Services + Privacy/Legal

Within 5 business days

Systems Identification

IT

Within 5 business days of verification

Deletion Execution

IT

Within 10 business days

Guest Confirmation

Guest Services

Within 3 business days after completion

 

🇺🇸 United states

🇬🇧 United Kingdom

Go To US Site?

You’re visiting the Puttshack website from the United States. Would you like to go to the US site?

YES, TAKE ME TO THE US SITE
NO, STAY ON THE UK SITE

Go To UK Site?

You’re visiting the Puttshack website from the United Kingdom or European Union. Would you like to go to the UK site?

YES, TAKE ME TO THE UK SITE
NO, STAY ON THE US SITE

We Use Cookies

Cookies improve our website’s performance and help us to deliver ads suited to you, so we recommend that you accept them for the best online experience. Don’t worry, if you would prefer not to, just click the manage cookies button. To learn more about the cookie we use simply visit our  Privacy Policy page. Do you accept these cookies?

YES, I ACCEPT
MANAGE COOKIES

Manage Cookies

Essential

These cookies are required for basic site functionality and are therefore always enabled. These include cookies that allow you to be remembered as you explore the site within a single session or, if you request, from session to session.

Performance

These cookies allow us to improve the site’s functionality by tracking usage on the website. In some cases these cookies can improve the speed with which we can process your request as they allow us to remember site preferences that you’ve selected. De-selecting these cookies may result in poorly tailored recommendations and slow site performance.

Social Media and Advertising

Social media cookies offer the possibility for you to connect to your social networks and share content from our website through social media. Advertising cookies (from third parties) collect information to help better tailor advertising to your interests, both within and beyond Puttshack websites. In some cases, these cookies involve the processing of your personal data. For more information about this processing of personal data, check our Privacy Policy. De-selecting these cookies may result in you seeing advertising that is not as relevant to you, not being able to link effectively to Facebook, Twitter or other social networks, and/or not being allowed to share content on social media.

Accept All
Save
Cancel