The National STEM Honor Society (NSTEM) is committed to protecting the privacy, confidentiality, and security of personal information entrusted to us. This Privacy Policy explains how NSTEM collects, uses, stores, shares, and protects personal information in compliance with applicable U.S. and international privacy laws, including FERPA, COPPA, GDPR, and CCPA/CPRA.
1. Scope of This Policy:
This Privacy Policy applies to all personal information collected by NSTEM through:
- Our websites and online platforms
- Membership, scholarship, and program applications
- Chapter operations
- Events, communications, and social media interactions
- E‑commerce transactions
This policy aligns with NSTEM’s mission, values, and national organizational standards.
2. Information We Collect:
NSTEM may collect the following categories of personal information:
- Identifiers: first and last name, email address, mailing address, phone number
- Student Information: school name, grade level, graduation year, chapter affiliation
- Parent/Guardian Information: name and contact details when required
- Account and Usage Data: login credentials, IP address, browser type, device information
- Transactional Information: membership status, purchases, certificates (payment data is processed by third parties and not stored by NSTEM)
- User‑Generated Content: photographs, videos, testimonials, social media interactions
NSTEM does not knowingly collect sensitive personal information unless required for legitimate educational, legal, or operational purposes.
3. How and Why We Use Personal Information:
NSTEM uses personal information to:
- Administer memberships, chapters, scholarships, and programs
- Verify eligibility and maintain student records
- Communicate with members, parents/guardians, advisors, and educators
- Deliver newsletters, announcements, and educational content
- Fulfill certificates, awards, and merchandise orders
- Maintain website functionality, analytics, and security
- Comply with legal, regulatory, and accreditation requirements
All data processing is conducted under a lawful basis such as consent, contractual necessity, legitimate interests, or legal obligation.
4. Payment Processing:
NSTEM uses PCI‑compliant third‑party payment processors to handle all credit card and financial transactions. NSTEM does not access, store, or retain full payment card information.
5. Sharing of Information:
NSTEM may share personal information only as necessary with:
- Service providers acting on NSTEM’s behalf (e.g., certificate fulfillment, website hosting)
- Technology platforms supporting operations (e.g., CRM, analytics tools)
- Legal or regulatory authorities when required by law
NSTEM does not sell, rent, or trade personal information.
6. Cookies and Online Technologies:
NSTEM and its service providers use cookies and similar technologies to:
- Ensure website functionality and security
- Analyze traffic and usage trends
- Improve content and user experience
- Measure advertising performance
NSTEM uses tools such as Google Analytics and Google Ads in anonymized form. NSTEM does not associate analytics data with identifiable individuals. Users may opt out of Google Analytics using available browser tools.
Social media platforms used by NSTEM operate under their own privacy policies.
7. Social Media and User Content:
NSTEM may collect information you voluntarily provide through social media interactions, including comments, images, videos, and chapter submissions (“Shout‑Outs”). Content shared publicly may be reused by NSTEM for educational, promotional, or mission‑aligned purposes.
Participation on third‑party platforms is governed by those platforms’ terms and privacy policies.
8. Links to Third‑Party Websites:
NSTEM websites may contain links to external sites. NSTEM is not responsible for the privacy practices or content of third‑party websites. Users are encouraged to review the privacy policies of those sites.
9. Legal Disclosure:
NSTEM may disclose personal information when required to:
- Comply with applicable laws or legal processes
- Respond to lawful government requests
- Protect the rights, safety, or property of NSTEM, its members, or others
- Investigate fraud, security, or misuse
10. Data Security:
NSTEM implements administrative, technical, and organizational safeguards consistent with industry standards.
- Website hosting: GreenGeeks (Chicago, IL)
- Database and internal systems: Airtable (AWS US‑East‑1)
- File storage: Google Workspace (U.S.‑based servers)
Despite best efforts, no system can guarantee absolute security.
11. Data Retention:
NSTEM retains personal information only as long as necessary for:
- Educational and membership purposes
- Legal, regulatory, and accreditation requirements
Student records are generally retained until the member reaches age 22, unless a longer retention period is required by law. Data may be securely deleted upon verified request, subject to legal obligations.
12. Data Breach Response:
NSTEM maintains a formal Data Breach Security Response Plan aligned with the NIST Cybersecurity Framework. The plan defines notification procedures, internal responsibilities, mitigation steps, and regulatory compliance actions.
13. Children’s Privacy (COPPA):
NSTEM does not knowingly collect personal information from children under age 13 without verifiable parental consent. Parents or legal guardians may:
- Review their child’s information
- Request deletion
- Withdraw consent at any time
Requests may be submitted in writing using the contact information below.
14. Privacy Rights:
NSTEM recognizes and honors individual privacy rights as required by applicable law, including FERPA, GDPR, and the California Consumer Privacy Rights Act (CPRA).
Depending on jurisdiction, individuals may have the right to:
- Access personal information NSTEM maintains
- Request correction of inaccurate records
- Request deletion of personal information (subject to FERPA and legal retention requirements)
- Restrict or object to certain processing activities
- Receive a portable copy of personal data where applicable
- Opt out of the sale or sharing of personal information (NSTEM does not sell or share personal information for cross-context behavioral advertising)
NSTEM will not discriminate against individuals for exercising their privacy rights.
Requests may be submitted via written request or by contacting NSTEM using the information below.
15. California Privacy Rights (CPRA Notice):
This section applies solely to California residents, in accordance with the California Consumer Privacy Rights Act (CPRA).
Categories of Personal Information Collected
NSTEM may collect the following categories as defined under CPRA:
- Identifiers (name, email address, mailing address)
- Internet or electronic network activity information (IP address, browser type, device data)
- Educational information protected under FERPA
NSTEM does not collect sensitive personal information beyond what is necessary for educational, operational, or legal purposes.
Use and Disclosure
NSTEM collects and uses personal information for educational, nonprofit operational, and compliance purposes. NSTEM does not sell or share personal information for targeted advertising.
Retention
Personal information is retained only as long as reasonably necessary for the disclosed purposes, consistent with NSTEM’s Data Retention Policy.
Exercising CPRA Rights
California residents may request to:
- Know what personal information NSTEM collects and uses
- Request deletion or correction of personal information
- Limit use of sensitive personal information
Requests will be verified before processing and may be denied if retention is required under FERPA or other laws.
16. FERPA Compliance and Educational Records:
NSTEM treats student membership and participation records as education records where applicable. In compliance with FERPA:
- Personally identifiable information (PII) from education records is not disclosed without written consent, unless an exception applies
- Access to student records is limited to authorized personnel with legitimate educational interests
- Parents or eligible students may inspect and review education records upon request
- Requests to amend records will be reviewed in accordance with FERPA procedures
- NSTEM maintains administrative, technical, and physical safeguards to protect education records
NSTEM does not publicly disclose grades, evaluations, or disciplinary records.
17. Policy Updates:
NSTEM may update this Privacy Policy periodically. Updates will be posted on our website with a revised effective date. Continued use of NSTEM services constitutes acceptance of the updated policy.
18. Contact Information:
For privacy questions or requests, contact:
National STEM Honor Society
127 Eastern Ave, Suite #236
Gloucester, MA 01930
Email: info@nstem.org
