(Revised May 25, 2018)
When you entrust your personal information to a web site, you expect the operators of that site to demonstrate that they have earned your trust. Maintaining your privacy and the security of your personal information is our highest priority.
We offer our services to membership-based organizations (clubs and associations) to help them run their operations, including their website, events, finances, and communications. These operations include the collection, storage, and processing of data on current and expired members of each organization, as well as non-members who add themselves to the organization’s database by completing an Add-Me form, registering for an event, making a donation, volunteering, or other means, including being added manually by an administrator of the organization (for example, if you’re a member of the Press or a local government or public safety official.)
New England Women in Science Executives Club, Inc. and ClubExpress are committed to meeting and exceeding all relevant international, federal, and state laws and industry guidelines regarding your personal information and how it is protected.
In the context of the GDPR, New England Women in Science Executives Club, Inc. shall be considered to be the Data Controller and Gembrook shall be considered to be the Data Processor.
Gembrook is based in the United States and our servers are hosted in the US. No matter where you are located, you consent to the transferring to, and processing of, your information in the US.
WHAT WE COLLECT AND HOW WE USE IT
This site stores personal information about you, including your name, contact information (addresses, phone numbers, email address, work information, etc.), demographic data (date of birth, gender, etc.), and, for members only, a user name and password to allow you to log in and access member-only content. Depending on which functions have been enabled by New England Women in Science Executives Club, Inc., it may also collect, store, and display other information, including but not limited to:
- Your original membership sign-up and subsequent renewals
- Your event registrations
- Your donations
- Your online payments and payment history
- Biographic and other information specifically to share with other members
- Business information specifically to share with the public
- Links to your social networking accounts for the purposes of sharing club or association information with others in your networks
- Information posted in online discussion forums and surveys
- Volunteering and committee assignments
- Downloading of documents and photos from the website
- Uploading of documents and photos to the website
- Completing custom forms for specific club or association purposes
- Posting classified ads or available jobs
- Maintaining your certifications and continuing education training
- Purchasing products through an E-commerce storefront
- Registering for interest groups
- Whether you have opened emails sent to you from the platform
This information is provided by you as you interact with the website and its various screens and dialogs. Some information is required by your club or association in order to maintain accurate and complete records, for legal protections, or to allow the organization to provide its services to you. Other information is optional or dependent on your participation in specific activities or programs.
New England Women in Science Executives Club, Inc. uses this information to run the club or association, to provide services for members, to maintain accurate and complete financial records, to fulfill its legal obligations in accordance with laws pertaining to non-profits, to promote the club or association in the general community, to strengthen and grow the organization, to communicate with you about news and activities, and to advocate for issues that are important to members.
Within this website, only authorized administrators appointed by New England Women in Science Executives Club, Inc. have access to personal information on members. ClubExpress cannot control who these administrators are or what they do with this information. However, our agreement with New England Women in Science Executives Club, Inc. strongly discourages organizations from selling or trading personal data to third parties, but if they do so, you always have the ability to opt-out from such lists.
ClubExpress may collect and access personal information when you contact our Customer Support team by email or phone to get help with using the features of this website. ClubExpress does not otherwise collect personal information for its own purposes. All personal information is collected on behalf of the clubs or associations that have signed up to use the ClubExpress platform.
This website also collects information when you log in and as you navigate around the site, using standard Internet technologies (such as IP addresses, log files, access dates and times, language and other formats, session cookies, pixel tags, other tracking technologies, and reading your computer or mobile device type, operating system, browser version, etc.) We use this information for the following purposes:
- To provide and maintain our service
- To help us improve our products and services
- To manage the performance of our platform
- To perform accounting and billing activities
- For the following security and data protection purposes:
- To detect, investigate and prevent fraudulent use of the platform
- To detect, investigate and prevent abuse and other illegal activities
- To detect, investigate and block security breaches
- To protect the rights, intellectual and physical property of Gembrook
- To protect the rights and intellectual property of others
- To provide you with a safe online environment
- To manage and resolve legal claims
- To protect and enforce our legal rights
Your club or association may enable a ClubExpress module that provides discussion forums. Please remember that any information disclosed in these forums may become public. You should exercise caution regarding personal information when you write messages in a public discussion forum.
USING THE CLUBEXPRESS MOBILE APP
Your club may also enable a ClubExpress mobile app that provides special functions for members using mobile devices such as a smartphones and tablets, running on both iOS and Android. When you download the mobile app for your club and device, we may request permission to use various features on your mobile device:
- Calendar – We request access to your calendar so that we can add/edit events on your device. Calendar events are only added when you touch the “add event” icon. We never automatically add or edit events on your device without user interaction.
- Location – We request permission to access your device location for the “Meets” functionality within the ClubExpress mobile app. Your device location is stored on our servers when you touch the “Update my position” button. Your device location is displayed to other users for the specified time limit. After that time limit expires, your location is no longer displayed to other users. Your device location is automatically hidden and not requested unless you explicitly touch “show me on this device” or “update my position. We do not retain this data or share it with your club or association or any third parties.
- Microphone – We never store or retain any information from your microphone or record any audio from the microphone. Our app will request permission to use your microphone as a general “media” permission request.
- Phone – We request access to your phone so that if users tap or touch a phone number the keypad/dialer will become preloaded with the phone number you touched. We never store or retain any contact logs or phone numbers you may have touched. This general permission allows us to access information about your device such as screen orientation or unique identifiers. We do not retain this data or share it with your club or association or any third parties.
- Contact Logs – We never request or keep any information from your device’s contact logs.
- Notifications – We request permissions to send notifications so that you are notified when a new message is posted to a Chat channel.
- Storage – We request permission to access device storage so that we can save files to your device or display them temporarily. Files are only downloaded or displayed when you explicitly touch a file name or “download” button. Files are never automatically sent to the device without your knowledge. Your device will automatically cache some files in storage for better performance.
- Carrier/Network information – We never share or keep any information regarding your carrier or network information.
- Camera – Your device camera can be accessed when adding a photo to a Chat message. Our app will request permission to use your devices’ camera in the event that you choose this option.
- Cookies – We use “session” cookies to keep you logged in while you use the ClubExpress mobile app to keep session information about who you are while you are logged in. Session cookies disappear when you log out or close the app. We do not keep any session information or financial information in Persistent cookies.
WHAT IS OUR LEGAL BASIS FOR COLLECTING AND PROCESSING THIS INFORMATION
As noted above, New England Women in Science Executives Club, Inc. is the controller of this data. It collects and stores your personal information in order to manage your membership in the club or association and/or your participation in the organization’s activities. Any of the following activities provide clear indication of your intent to establish a relationship with this club or association, thereby allowing them to collect and store your personal information:
- When you pay a membership fee to join or renew
- When you register for an event
- When you make a donation
- When you purchase product from the organization’s storefront
- When you request to be added to the organization’s mailing list
- When you log in to the website as a paid-up member to participate in the organization’s activities
As noted below, you also have the right to cancel this relationship with the club or association at any time, and to have your data removed from their website and data repositories, subject to the organization’s rights to maintain accurate and complete records of its operations.
As noted above, ClubExpress is the Data Processor for this data. New England Women in Science Executives Club, Inc. has signed a legal agreement with us to use the ClubExpress platform, which provides methods for maintaining and processing this data. We manage the security and integrity of this data and access to it.
SHARING OF INFORMATION
The ClubExpress platform is designed to allow clubs and associations to run their operations online, including promoting themselves to the public. An organization running on ClubExpress may choose to make certain user information (generally limited to your name but, in some cases, also showing contact information) visible on the public side of its website, available to anyone who visits the site. This information may include, but is not limited to:
- Your membership in a committee, interest group, or chapter
- Your registration for an event
- Your registration for a volunteering activity
- Photos that you have uploaded to the website
- Your participation in a Member or Business Directory
Members who log in to their organization’s website may have access to more information about other members. Depending on how the website and various functions are configured, you may have the ability to control what information is shown.
We recommend that you survey the organization’s website to see what information is visible to the public or to other members, to ensure that you are comfortable with this level of sharing. You always have the option to not participate in the activities that involve sharing.
Clubs and associations have the ability to define “Administrators” from within the organization who have access to all data on the website, as well as “Coordinators” who have some but not all administrative rights. These members assume the responsibility on behalf of the organization, to protect the privacy and integrity of this data.
Your club or association may share member and non-member data with vendors who assist in the operation of the organization. For example, a vendor may help to manage a large event and will need to know who has registered and paid to attend the event or specific activities within the event.
ClubExpress may share information with service providers and vendors that help us run the platform, including hosting the computers on which the platform runs, merchant processing companies to handle credit card payments, address verification and geocoding services, Google Analytics for traffic and usage intelligence, and consultants that help us secure, maintain, and enhance the platform in different ways. This information sharing will be strictly limited only to what is necessary for the vendor to perform its service(s) and said vendors and service providers are subject to strict contractual and confidentiality obligations barring them from using it for any other purposes.
Within ClubExpress itself, only authorized employees who are trained in our privacy policies and procedures and in the proper handling of confidential customer information, have access to your data.
We may retain and disclose information about you to third parties if we believe such disclosure is required by applicable international, federal, or state law or regulation, or by the order of a competent legal authority (such as a court order), or as part of an audit. We may also disclose information if we believe that your actions are inconsistent with our Terms of Service or internal policies, or if necessary to defend against a real or perceived threat or fraud against Gembrook and its employees or contractors, or a club or association running on the ClubExpress platform, or to prevent abuse of the platform.
WHAT CLUBEXPRESS WILL NOT DO
Neither ClubExpress nor club officers have direct access to your password or credit card information. This data is encrypted by the system using state of the art technologies and cannot directly be accessed. If you forget your password, New England Women in Science Executives Club, Inc. or ClubExpress can reset it at your request. You will then be required to change it when you next log in.
You have the option to not store your credit card information in our system. If you select this option, you will need to re-enter it for each transaction. Once your card has been authorized using an encrypted transfer, we only retain the first 4 and last 4 digits in accordance with Payment Card Industry (PCI) regulations and for reporting purposes.
ClubExpress will not independently contact you regarding new features or products or other service offerings unless you are listed as an official club contact, responsible for your club’s relationship with us. We do not send unsolicited email (aka spam) to email addresses in your club’s database.
ClubExpress will not sell or otherwise share your name or any contact information with any third parties, including partners, advertisers or service providers, except as necessary to fulfill your explicit requests. For example, when you renew your membership and pay online using a credit card, we must share data with the credit card processing company to approve the transaction. But we will never sell or share this data for marketing or revenue purposes.
ClubExpress may generate and provide aggregate statistics about our club customers and their members, online traffic patterns and related information to customers and partners, but this information will not contain data which is individually identifiable or which can be linked back to a specific person, family, or business organization member.
Behind the scenes, you should know that other organizations are also using the same software and computers to manage their operations. Information collected through your membership in one organization is never visible to members or administrators of other organizations. Unfortunately, if you are a member of more than one organization running on the ClubExpress platform, you have to maintain your information separately for each organization. But we think that the added security from keeping them completely separate is worth the small extra effort.
OTHER THINGS WE DO TO PROTECT YOU
ClubExpress’s servers are hosted by an independent hosting company in their secure data center behind a firewall. Only authorized personnel have physical access to these computers. We take care to promptly install all service packs and security updates, and the data is backed up nightly. We continually test our platform to ensure that security is maintained. Confidential data is transmitted using SSL/TLS encryption; our SSL Certificates are issued by Comodo, one of the most respected names in Internet security.
We utilize various other technical and operational measures to protect your data stored and maintained in the ClubExpress platform on behalf of the New England Women in Science Executives Club, Inc.. However, no method of electronic storage or data transfer is completely secure or error-free. In particular, email sent to or from this website may not be secure, and you should take particular care in deciding what information you communicate via email to other club or association members or officers, or to ClubExpress. We strongly encourage you to use a strong username and password, to keep this information well protected and not share it with anyone, and to log out of your user account and close your web browser when finished accessing New England Women in Science Executives Club, Inc.’s website on a shared or unsecured device or network.
DATA RETENTION POLICY
New England Women in Science Executives Club, Inc. has a compelling business reason to maintain accurate and complete records of its operations, including everything associated with memberships, events, fundraising, and member usage of the organization’s website. There may not be a time-limit to this policy.
ClubExpress will retain this information while you are an active or expired member of the New England Women in Science Executives Club, Inc. or have participated in their activities as a non-member, for the following reasons:
- To allow you to use the ClubExpress platform
- To allow you to review and update your information stored in the platform
- To allow you to opt-out of receiving communications from the organization or to request that your information be deleted (see below.)
- To ensure that we respect your communication preferences
- To maintain accurate membership and other records
- To maintain accurate financial and accounting records
- To better understand how the platform is used so that we can provide you with a secure, reliable, and high-performing experience
- To comply with applicable government legal and financial requirements
Note that data may persist for an additional time in other formats exported from this website for backup and data analysis purposes. Once data has been exported, it moves outside Gembrook’s control and becomes the responsibility of New England Women in Science Executives Club, Inc.. Requests for correction, deletion or a limitation on processing (see below) will be forwarded to your club or association so that exported data can also be updated.
YOUR RIGHTS AND OPTIONS
If you are a member of New England Women in Science Executives Club, Inc., you have the right to log in to the website to view and update your contact information, transaction and payment histories, event registration and volunteering history, credit card information if stored in the system, and other data that is part of your membership record. You also have the right to change your privacy settings at any time, including opting out of receiving general announcements and excluding yourself from lists provided to third parties for marketing or fundraising purposes.
If you are a non-member of New England Women in Science Executives Club, Inc., you have the right to view any of your personal data stored in the platform, and to update any inaccuracies. You also have the right to change your privacy settings at any time, including opting out of receiving general announcements and excluding yourself from lists provided to third parties for marketing or fundraising purposes. Requests should be submitted by email to the organization’s designated Data Privacy Officer (DPO) or general contact address, which can be found on the Contact Us page.
Both members and non-members have the right to request that their information be deleted from the organization’s digital records. For members, this implies that you are resigning your membership. For members, this request can be submitted through your Profile screen. For both members and non-members, this request can also be submitted from the email Opt-Out screen, or via email to the organization’s designated DPO.
Both members and non-members also have the right to object to the processing of their information, to request a restriction on its processing, or to withdraw their consent for future processing. Because such processing is an integral part of the organization’s operations, such requests will be treated as delete requests. Note also that such actions typically cannot have a retroactive effect.
Such requests will not affect the lawfulness of any processing conducted before the request was received, nor will it affect subsequent processing based on a reliance on lawful grounds other than consent, such as the compelling business reasons of the organization.
When such a request is received, it will be logged in the system and New England Women in Science Executives Club, Inc. will be notified. They have 30 days to accept or decline the request. If they decline it, they must provide you with a reason. If they accept it, or if they take no action within 30 days, your information will be flagged for deletion within 7 days. Information that does not have a compelling business reason to be retained (such as your full contact information, biography, answers to additional member data questions, uploaded photos, etc.) will be deleted. Information that does have a compelling business reason to be retained (such as transaction and payment records, event registrations, E-commerce storefront orders, and donations) will be anonymized.
You also have the right to complain to your local Data Protection Authority (“DPA”) about the collection and processing of your data. For more information, please contact your local DPA directly.
This website is not intended for unsupervised access by children under the age of 13. We will not knowingly collect information from site visitors of this age group. We encourage parents to talk to their children about their use of the Internet and the information they disclose online.
Gembrook Systems, LLC
1051 Perimeter Drive, Suite 350
Schaumburg, IL 60173
Phone: 1-866-HLP-CLUB (457-2582 – outside the US, +1 847-255-0210)