When you entrust your personal information to a web site, you expect the operators of that site to demonstrate that they have earned your trust.
Maintaining your privacy and the security of your personal information is our highest priority.
collects, stores, uses, and discloses information about you. Our customer is Beacon Hill Village, Inc. ,
which has signed up and paid for the ClubExpress service.
We offer our services to membership-based organizations (clubs and associations) to help them run their operations, including their website,
events, finances, and communications. These operations include the collection, storage, and processing of data on current and expired members
of each organization, as well as non-members who add themselves to the organization's database by completing an Add-Me form, registering for
an event, making a donation, volunteering, or other means, including being added manually by an administrator of the organization (for example,
if you're a member of the Press or a local government or public safety official.)
Beacon Hill Village, Inc. and ClubExpress are committed to meeting and exceeding all relevant international,
federal, and state laws and industry guidelines regarding your personal information and how it is protected.
Please note that privacy laws differ widely between countries and, within countries, between states and smaller jurisdictions. Because a club or
association using ClubExpress may be located anywhere in the world and may have members or non-members from anywhere, and because their website
accordance with the requirements of the European Union's General Data Protection Regulations ("GDPR") and similar UK regulations.
In the context of the GDPR and similar UK regulations, Beacon Hill Village, Inc. shall be considered to be
the Data Controller and Gembrook shall be considered to be the Data Processor.
Gembrook is based in the United States and our servers are hosted in the US. No matter where you are located, you consent to the transferring to,
and processing of, your information in the US.
other websites not controlled by Beacon Hill Village, Inc. or by Gembrook, and the policies and
procedures described herein do not apply to these other websites.
stricter provisions. Your continued membership in Beacon Hill Village, Inc. and/or your continued use
below, you also have the right and ability at any time to resign from the organization and to have your personal information removed from its databases.
What We Collect and How We Use It
This site stores personal information about you, including your name, contact information (addresses, phone numbers, email address, work information, etc.),
demographic data (date of birth, gender, etc.), and, for members only, a user name and password to allow you to log in and access member-only content.
Depending on which functions have been enabled by Beacon Hill Village, Inc. , it may also collect, store, and
display other information, including but not limited to:
- Your original membership sign-up and subsequent renewals
- Your event registrations
- Your donations
- Your online payments and payment history
- Biographic and other information specifically to share with other members
- Business information specifically to share with the public
- Links to your social networking accounts for the purposes of sharing club or association information with others in your networks
- Information posted in online discussion forums and surveys
- Volunteering and committee assignments
- Downloading of documents and photos from the website
- Uploading of documents and photos to the website
- Completing custom forms for specific club or association purposes
- Posting classified ads or available jobs
- Maintaining your certifications and continuing education training
- Purchasing products through an E-commerce storefront
- Registering for interest groups
- Whether you have opened emails sent to you from the platform
This information is provided by you as you interact with the website and its various screens and dialogs. Some information is required by your club or
association in order to maintain accurate and complete records, for legal protections, or to allow the organization to provide its services to you.
Other information is optional or dependent on your participation in specific activities or programs.
Beacon Hill Village, Inc. uses this information to run the club or association, to provide services for members,
to maintain accurate and complete financial records, to fulfill its legal obligations in accordance with laws pertaining to non-profits, to promote the club
or association in the general community, to strengthen and grow the organization, to communicate with you about news and activities, and to advocate for
issues that are important to members.
Within this website, only authorized administrators appointed by Beacon Hill Village, Inc. have access to personal
information on members. ClubExpress cannot control who these administrators are or what they do with this information. However, our agreement with
Beacon Hill Village, Inc. strongly discourages organizations from selling or trading personal data to third parties,
but if they do so, you always have the ability to opt-out from such lists.
ClubExpress may collect and access personal information when you contact our Customer Support team by email or phone to get help with using the features of
this website. ClubExpress does not otherwise collect personal information for its own purposes. All personal information is collected on behalf of the clubs
or associations that have signed up to use the ClubExpress platform.
This website also collects information when you log in and as you navigate around the site, using standard Internet technologies (such as IP addresses,
log files, access dates and times, language and other formats, session cookies, pixel tags, other tracking technologies, and reading your computer or mobile
device type, operating system, browser version, etc.) We use this information for the following purposes:
- To provide and maintain our service
- To help us improve our products and services
- To manage the performance of our platform
- To perform accounting and billing activities
- For the following security and data protection purposes:
- To detect, investigate and prevent fraudulent use of the platform
- To detect, investigate and prevent abuse and other illegal activities
- To detect, investigate and block security breaches
- To protect the rights, intellectual and physical property of Gembrook
- To protect the rights and intellectual property of others
- To provide you with a safe online environment
- To manage and resolve legal claims
- To protect and enforce our legal rights
Your club or association may enable a ClubExpress module that provides discussion forums. Please remember that any information disclosed in these forums
may become public. You should exercise caution regarding personal information when you write messages in a public discussion forum.
Your club or association may enable a ClubExpress module that allows a third party, from an external website, to verify your membership in
Beacon Hill Village, Inc. using a special interface and by providing credentials that you have supplied to that party.
you have consented to allow them to use this data to verify your membership status.
Using the ClubExpress Mobile App
Your village may also enable a ClubExpress mobile app that provides special functions for members
using mobile devices such as a smartphones and tablets, running on both iOS and Android. When you download the mobile app for your club and device,
we may request permission to use various features on your mobile device:
- Calendar - We request access to your calendar so that we can add/edit events on your device. Calendar events are only added when you touch
the "add event" icon. We never automatically add or edit events on your device without user interaction.
- Location - We request permission to access your device location for the "Meets" functionality within the ClubExpress mobile app.
Your device location is stored on our servers when you touch the "Update my position" button. Your device location is displayed
to other users for the specified time limit. After that time limit expires, your location is no longer displayed to other users.
Your device location is automatically hidden and not requested unless you explicitly touch "show me on this device" or "update my position.
We do not retain this data or share it with your club or association or any third parties.
- Microphone - We never store or retain any information from your microphone or record any audio from the microphone.
Our app will request permission to use your microphone as a general "media" permission request.
- Phone - We request access to your phone so that if users tap or touch a phone number the keypad/dialer will become preloaded with the phone number you touched.
We never store or retain any contact logs or phone numbers you may have touched. This general permission allows us to access information about your device
such as screen orientation or unique identifiers. We do not retain this data or share it with your club or association or any third parties.
- Contact Logs - We never request or keep any information from your device’s contact logs.
- Notifications - We request permissions to send notifications so that you are notified when a new message is posted to a Chat channel.
- Storage - We request permission to access device storage so that we can save files to your device or display them temporarily.
Files are only downloaded or displayed when you explicitly touch a file name or "download" button. Files are never automatically sent
to the device without your knowledge. Your device will automatically cache some files in storage for better performance.
- Carrier/Network information - We never share or keep any information regarding your carrier or network information.
- Camera - Your device camera can be accessed when adding a photo to a Chat message.
Our app will request permission to use your devices’ camera in the event that you choose this option.
- Cookies - We use "session" cookies to keep you logged in while you use the ClubExpress mobile app to keep session information about who you are while you are logged in.
Session cookies disappear when you log out or close the app. We do not keep any session information or financial information in Persistent cookies.
What is our Legal Basis for Collecting and Processing this Information
As noted above, Beacon Hill Village, Inc. is the controller of this data. It collects and stores your personal information
in order to manage your membership in the club or association and/or your participation in the organization's activities. Any of the following activities provide
clear indication of your intent to establish a relationship with this club or association, thereby allowing them to collect and store your personal information:
- When you pay a membership fee to join or renew
- When you register for an event
- When you make a donation
- When you purchase product from the organization's storefront
- When you request to be added to the organization's mailing list
- When you log in to the website as a paid-up member to participate in the organization's activities
As noted below, you also have the right to cancel this relationship with the club or association at any time, and to have your data removed from their website
and data repositories, subject to the organization's rights to maintain accurate and complete records of its operations.
As noted above, ClubExpress is the Data Processor for this data. Beacon Hill Village, Inc. has signed a legal agreement
with us to use the ClubExpress platform, which provides methods for maintaining and processing this data. We manage the security and integrity of this data and access to it.
Sharing of Information
The ClubExpress platform is designed to allow clubs and associations to run their operations online, including promoting themselves to the public. An organization
running on ClubExpress may choose to make certain user information (generally limited to your name but, in some cases, also showing contact information) visible on the
public side of its website, available to anyone who visits the site. This information may include, but is not limited to:
- Your membership in a committee, interest group, or chapter
- Your registration for an event
- Your registration for a volunteering activity
- Photos that you have uploaded to the website
- Your participation in a Member or Business Directory
Members who log in to their organization's website may have access to more information about other members. Depending on how the website and various functions
are configured, you may have the ability to control what information is shown.
We recommend that you survey the organization's website to see what information is visible to the public or to other members, to ensure that you are comfortable
with this level of sharing. You always have the option to not participate in the activities that involve sharing.
Clubs and associations have the ability to define "Administrators" from within the organization who have access to all data on the website, as well as "Coordinators"
who have some but not all administrative rights. These members assume the responsibility on behalf of the organization, to protect the privacy and integrity of this data.
Your club or association may share member and non-member data with vendors who assist in the operation of the organization. For example, a vendor may help to manage
a large event and will need to know who has registered and paid to attend the event or specific activities within the event.
ClubExpress may share information with service providers and vendors that help us run the platform, including hosting the computers on which the platform runs,
merchant processing companies to handle credit card payments, address verification and geocoding services, Google Analytics for traffic and usage intelligence,
and consultants that help us secure, maintain, and enhance the platform in different ways. This information sharing will be strictly limited only to what is
necessary for the vendor to perform its service(s) and said vendors and service providers are subject to strict contractual and confidentiality obligations
barring them from using it for any other purposes.
ClubExpress may also share your information as part of a financial transaction such as a sale of the company, merger, consolidation, liquidation, or reorganization.
Within ClubExpress itself, only authorized employees who are trained in our privacy policies and procedures and in the proper handling of confidential customer
information, have access to your data.
We may retain and disclose information about you to third parties if we believe such disclosure is required by applicable international, federal, or state law or
regulation, or by the order of a competent legal authority (such as a court order), or as part of an audit. We may also disclose information if we believe that
your actions are inconsistent with our Terms of Service or internal policies, or if necessary to defend against a real or perceived threat or fraud against Gembrook
and its employees or contractors, or a club or association running on the ClubExpress platform, or to prevent abuse of the platform.
What ClubExpress Will Not Do
Neither ClubExpress nor club officers have direct access to your password or credit card information. This data is encrypted by the system using state of the art
technologies and cannot directly be accessed. If you forget your password, Beacon Hill Village, Inc. or ClubExpress
can reset it at your request. You will then be required to change it when you next log in.
You have the option to not store your credit card information in our system. If you select this option, you will need to re-enter it for each transaction.
Once your card has been authorized using an encrypted transfer, we only retain the first 4 and last 4 digits in accordance with Payment Card Industry (PCI)
regulations and for reporting purposes.
ClubExpress will not independently contact you regarding new features or products or other service offerings unless you are listed as an official club contact,
responsible for your club's relationship with us. We do not send unsolicited email (aka spam) to email addresses in your club's database.
ClubExpress will not sell or otherwise share your name or any contact information with any third parties, including partners, advertisers or service providers,
except as necessary to fulfill your explicit requests. For example, when you renew your membership and pay online using a credit card, we must share data with
the credit card processing company to approve the transaction. But we will never sell or share this data for marketing or revenue purposes.
ClubExpress may generate and provide aggregate statistics about our club customers and their members, online traffic patterns and related information to
customers and partners, but this information will not contain data which is individually identifiable or which can be linked back to a specific person,
family, or business organization member.
Behind the scenes, you should know that other organizations are also using the same software and computers to manage their operations. Information collected
through your membership in one organization is never visible to members or administrators of other organizations. Unfortunately, if you are a member of more
than one organization running on the ClubExpress platform, you have to maintain your information separately for each organization. But we think that the added
security from keeping them completely separate is worth the small extra effort.
Other Things We Do To Protect You
ClubExpress's servers are hosted by an independent hosting company in their secure data center behind a firewall. Only authorized personnel have physical access
to these computers. We take care to promptly install all service packs and security updates, and the data is backed up nightly. We continually test our platform
to ensure that security is maintained. Confidential data is transmitted using SSL/TLS encryption; our SSL Certificates are issued by Comodo, one of the most
respected names in Internet security.
We utilize various other technical and operational measures to protect your data stored and maintained in the ClubExpress platform on behalf of the
Beacon Hill Village, Inc. . However, no method of electronic storage or data transfer is completely secure or error-free.
In particular, email sent to or from this website may not be secure, and you should take particular care in deciding what information you communicate via email
to other club or association members or officers, or to ClubExpress. We strongly encourage you to use a strong username and password, to keep this information
well protected and not share it with anyone, and to log out of your user account and close your web browser when finished accessing
Beacon Hill Village, Inc. 's website on a shared or unsecured device or network.
Data Retention Policy
Beacon Hill Village, Inc. has a compelling business reason to maintain accurate and complete records of its operations,
including everything associated with memberships, events, fundraising, and member usage of the organization's website. There may not be a time-limit to this policy.
ClubExpress will retain this information while you are an active or expired member of the Beacon Hill Village, Inc.
or have participated in their activities as a non-member, for the following reasons:
- To allow you to use the ClubExpress platform
- To allow you to review and update your information stored in the platform
- To allow you to opt-out of receiving communications from the organization or to request that your information be deleted (see below.)
- To ensure that we respect your communication preferences
- To maintain accurate membership and other records
- To maintain accurate financial and accounting records
- To better understand how the platform is used so that we can provide you with a secure, reliable, and high-performing experience
- To comply with applicable government legal and financial requirements
Note that data may persist for an additional time in other formats exported from this website for backup and data analysis purposes. Once data has been exported,
it moves outside Gembrook's control and becomes the responsibility of Beacon Hill Village, Inc. . Requests for correction,
deletion or a limitation on processing (see below) will be forwarded to your club or association so that exported data can also be updated.
Your Rights and Options
If you are a member of Beacon Hill Village, Inc. , you have the right to log in to the website to view and update your contact
information, transaction and payment histories, event registration and volunteering history, credit card information if stored in the system, and other data that
is part of your membership record. You also have the right to change your privacy settings at any time, including opting out of receiving general announcements
and excluding yourself from lists provided to third parties for marketing or fundraising purposes.
If you are a non-member of Beacon Hill Village, Inc. , you have the right to view any of your personal data stored in the
platform, and to update any inaccuracies. You also have the right to change your privacy settings at any time, including opting out of receiving general announcements
and excluding yourself from lists provided to third parties for any purpose. Requests should be submitted by email to the organization's
designated Data Privacy Officer (DPO) or general contact address, which can be found on the Contact Us page.
Both members and non-members have the right to request that their information be deleted from the organization's digital records. For members, this implies that you
are resigning your membership. For members, this request can be submitted through your Profile screen. For both members and non-members, this request can also be
submitted from the email Opt-Out screen, or via email to the organization's designated DPO.
Both members and non-members also have the right to object to the processing of their information, to request a restriction on its processing, or to withdraw their
consent for future processing. Because such processing is an integral part of the organization's operations, such requests will be treated as delete requests.
Note also that such actions typically cannot have a retroactive effect.
Such requests will not affect the lawfulness of any processing conducted before the request was received, nor will it affect subsequent processing based on a
reliance on lawful grounds other than consent, such as the compelling business reasons of the organization.
When such a request is received, it will be logged in the system and Beacon Hill Village, Inc. will be notified.
They have 30 days to accept or decline the request. If they decline it, they must provide you with a reason. If they accept it, or if they take no action within 30 days,
your information will be flagged for deletion within 7 days. Information that does not have a compelling business reason to be retained (such as your full contact
information, biography, answers to additional member data questions, uploaded photos, etc.) will be deleted. Information that does have a compelling business reason
to be retained (such as transaction and payment records, event registrations, E-commerce storefront orders, and donations) will be anonymized.
You also have the right to complain to your local Data Protection Authority ("DPA") about the collection and processing of your data.
For more information, please contact your local DPA directly.
ClubExpress complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection,
use, and retention of personal information transferred from the European Union and Switzerland to the United States. ClubExpress has certified to the Department of Commerce
shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, ClubExpress commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with
inquiries or complaints regarding our Privacy Shield policy should first contact ClubExpress using the contact information below.
Under certain conditions, more fully described on the Privacy Shield website
, you may invoke binding
arbitration when other dispute resolution procedures have been exhausted. ClubExpress also complies with the Privacy Shield Principles for all onward transfers of personal data from
the EU and Switzerland, including the onward transfer liability provisions.
ClubExpress has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner
(FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
The Federal Trade Commission (FTC), an independent agency of the United States government, has jurisdiction over ClubExpress’s compliance with Privacy Shield.
Privacy Provisions for Customers and Members located in the UK
With the advent of Brexit, people in the UK and UK subjects located in other countries are no longer protected by the provisions of the European Union’s GDPR and Privacy Shield.
The following sections provide similar protections:
Beacon Hill Village, Inc. and ClubExpress jointly and separately warrant that the transfer and processing of personal data has been and will
continue to be carried out in accordance with applicable data protection laws; and that the personal data will be processed only in Beacon Hill Village, Inc. ’s
behalf and in accordance with applicable data protection laws.
Beacon Hill Village, Inc. and ClubExpress warrant that the security measures used in the transfer and storage of personal data are appropriate
to protect said data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing.
Beacon Hill Village, Inc. and ClubExpress also warrant that if any sub-processors are involved in the transfer and processing of personal data
(for example, a merchant processor handling credit card transactions), that they will also be bound by the provisions of these two paragraphs.
In the event of termination, ClubExpress agrees to guarantee the ongoing confidentiality of any personal data transferred and will cease active processing of this personal data,
and maintain existing security measures for as long as the personal data resides on ClubExpress’s systems.
In the event of a dispute, ClubExpress agrees to resolve complaints about our collection and use of your personal information. UK subjects and individuals with inquiries or complaints
should contact ClubExpress using the information below to resolve their concerns.
Compliance with CA Consumer Privacy Act (CCPA)
The CCPA provides consumers (CA residents) with specific rights regarding their Personal Information. This section describes these rights and explains how to exercise them.
Within the context of the CCPA, ClubExpress is a “Service Provider”. We store and process personal information on behalf of Beacon Hill Village, Inc. .
ClubExpress does not sell, barter, trade, or share your personal information with third parties (except to fulfill the business operations of Beacon Hill Village, Inc. ,
such as to process a credit card), and has no ownership rights over your personal information.
ClubExpress and Beacon Hill Village, Inc. may collect the following types of Personal Information:
- Your name, nickname, postal address, phone numbers, email address, website, spouse and family information, work information, and emergency contact information.
- Information that is specific to your membership in Beacon Hill Village, Inc. such as professional qualifications, education, interests, and affiliations.
- Geolocation data.
- Participation in club or association activities, such as (but not limited to) event registrations and attendance, volunteering, files downloaded, pages viewed,
discussion forum and chat participation, emails received, text messages received, continuing education and certifications, collectible items owned, resources used,
storefront items purchased, and surveys taken.
- Activity on the Beacon Hill Village, Inc. website.
ClubExpress and Beacon Hill Village, Inc. may engage certain trusted third parties to perform functions and provide services to us,
including hosting, database storage and management, credit card processing, and direct marketing. We may share your Personal Information with these third parties but only to the
extent necessary to perform these contracted functions and provide these services. We require these third parties to maintain the privacy and security of the Personal Information
they process on our behalf.
You have the right to see what Personal Information Beacon Hill Village, Inc. has collected about you and how this information is used.
If you are a member, you can log into the website to view and update your personal Profile. Non-members who have added themselves to the database (for example, by registering for
an event) can go to the Contact Us page on the website and submit a request to see this information. We may require you to verify your identity before providing this information.
But once this is done, it will be provided within 45 days.
You have the right to see the following information:
- What categories of personal information we collected about you;
- The sources of this personal information;
- The business purpose for collecting this personal information;
- If we have shared this personal information with any third parties.
You have the right to request that personal information collected about you be deleted. For more information, see the “Your Rights and Options” section above.
You have the right of Non-Discrimination. For exercising your CCPA rights described above, we will not deny you goods or services, charge different prices for goods or services,
or provide you with a different level of goods services.
This website is not intended for unsupervised access by children under the age of 13. We will not knowingly collect information from site visitors of this age group.
We encourage parents to talk to their children about their use of the Internet and the information they disclose online.
Data Protection Officer at:
Gembrook Systems, LLC
1051 Perimeter Drive, Suite 350
Schaumburg, IL 60173
Phone: 1-866-HLP-CLUB (457-2582)