At the time of writing, these are the EU General Data Protection Regulation (GDPR). By using ClubExpress, we make it easy for your club or association to also conform to these regulations, although you accept the ultimate responsibility for how personal data is handled.
Like most online service providers, we have decided to apply these regulations to everyone, even if the chances are slim that you will have an EU citizen as a member or in your non-member database. You really have no way of knowing whether someone is an EU citizen so it makes sense to apply these most stringent of rules to everyone.
The Privacy Policy (linked at the bottom of each page) explains how ClubExpress handles privacy when member and non-member data is collected, stored, and processed. It also provides the justification for why ClubExpress and your club or association needs this data, and how it will be used.
When members log in the first time, they will see a special screen asking them to consent to having their data stored in the US; to receiving transactional messages from ClubExpress on behalf of your club or association; and to the sharing of your data with third parties for official club purposes (such as credit card processing.) Such consent is required; members cannot proceed without providing it.
They also have the option to accept or decline general purpose emails from your club or association, such as newsletters or event announcements.
If your club shares member and/or non-member data with third parties for marketing or fund-raising purposes, members and non-members are presented with the third question, allowing them to opt-out of being included in these lists. If you don’t do this, it’s easy to turn this question off.
ClubExpress also makes it easy for you to define your Data Protection Officer (“DPO”), who is responsible for protecting the personal data of members and non-members. The DPO also handles inquiries about data security, potential breaches, and requests to be removed or forgotten completely from your organization’s records, as required by the GDPR.
Protecting personal data does not stop with ClubExpress however. When you run a report or one of the data exports built into ClubExpress, perhaps for backup or analysis purposes, this data moves outside our control. It is important to instruct board and committee members, administrators and coordinators at all levels, and any paid staff you may have, in how to handle and protect personal data in their possession.