Privacy Policy

This Privacy Policy was last updated on September 30, 2020.

Privacy Policy

This is the web site of the National Society of High School Scholars. The National Society of High School Scholars (“NSHSS”) takes your privacy seriously. Please read the following to learn more about our privacy policy (the “Privacy Policy”). NSHSS is the data controller for information entered on this website.

NSHSS is an academic honor society dedicated to recognizing the highest-achieving young scholars globally. The mission of NSHSS is to honor academic achievement and provide resources and scholarships that enrich the educational journey, fuel career interests and drive community impact. NSHSS engages in consistent information practices and uses its best efforts to make clear disclosures regarding those practices. This Privacy Policy is a part of that effort.

In general, NSHSS does not share your personally identifying information with third parties unless you permit it. You can update your information on your member profile or communications preferences at any time on your Member Dashboard at https://dashboard.nshss.org/.

Our policy on information from minors

Our site is not directed to children under 13. You must be 13 years of age or older to use the Website. If you are 13 or over, but still under the age of 18, please ask a parent or guardian to read and agree to these Terms before you use the Website. If you learn that your minor child has provided us with personal information without your consent, please contact us at information@nshss.org.

What does this Privacy Policy cover? 

This Privacy Policy applies to the collection, use, storage, and disclosure of your information by NSHSS. By using our website, you consent to the collection and use of information as outlined in this Privacy Policy. We will clearly disclose any exceptions to the Privacy Policy prior to collecting any information from our users.

NSHSS may decide to modify or amend this Privacy Policy from time to time. When we do, we will post any changes or new language here. Be sure to check regularly for updates.

Personal Information NSHSS Collects

"Personal Information" means any data that identifies you as an individual or relates to an identifiable individual. We obtain Personal Information relating to you at various points in interacting with our Services and from various sources described below.

• Identifiers. We may collect identifiers, such as your first name, middle name, last name, name, alias, email address, phone number, username, physical address, geolocation information, IP address, date of birth, social security number, college identification number, and tax identification number (TIN).
• Demographic Information. We may collect demographic information, such as your age and gender.
• Internet Activity. We may collect internet activity information, such as your IP address, browser characteristics, device IDs and characteristics, operating system version, and referring URLs.
• Social Media Information. We may collect information from your social media account consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates, and friend list.
• Payment Information. We may collect payment information, such as credit or debit card information, bank account information, and billing information.
• Location Information. We may collect location information, such as location based on IP address or geolocation information.
• Employment Information. We may collect employment information, such as employment history, current and former employer names and addresses, profession or title/role, employer/employee identification information, expense information, tax and withholding information, and emergency contact information.
• Audio Recordings. We may collect audio recordings, such as customer service calls.
• Inferences. We may collect inferences regarding your marketing and communications preferences, interests, and other characteristics.

Where we Collect Information

• Registration on our Site when you create a username and password.
• From your educator or school when they nominate you for scholarships or grants.
• Pay for Services. We collect Personal Information when you pay fees; event exhibit fees; event workshop cost and event sponsorship.  
• Inquire about Our Services or Request Information or Materials from Us. We collect Personal Information from you to respond to your request or inquiry about our services.
• Contact Customer Service. We collect Personal Information from you when you contact us, including when you communicate with us by email, via online chat services or contact customer service.
• Social Media. We collect Personal Information from you when you choose to participate in our social media activities or offerings. We may also allow you to enter into contests to provide photos which you may share with your connections on social media for votes, shared offers or other promotions.
• Application for Employment. We collect Personal Information from you when you choose to apply online for employment with us to assess your suitability for employment.

What does NSHSS do with the information it collects?

Membership and Scholarships: We use the information we collect about to you to deliver our membership services and to provide our scholarship and grants program to you.

Events: We process the information you provide when you register for one of our events.

Donations: When you make a donation to our Foundation, we use that information to process the payment and to communicate to you about the Foundation.

When you make a purchase from us, your contact information is used by NSHSS or may be shared with third parties for the purposes of processing your transaction, including fraud prevention and credit card authorization. 

When you opt-in to receive text messages, your information is entered into a third-party service provider who manages our texting program. You may opt out at any time as described in the choices section below.

Additionally, NSHSS may use contact information to notify you about new products, services, promotions, and special offers from NSHSS or our partners that will benefit you.

In addition, NSHSS is relying on the following lawful grounds to collect and process any personal data you may have provided:

• Legitimate Business Interests: To provide you with information requested from us relating to our products or services and to provide information on other products which we feel may be of interest to you if you have consented to receive such information, which are legitimate business interests. To notify you about any changes to our Website, such as improvements or service/product changes, that may affect our service. If you are a member, we may contact you with information about goods and services similar to those which were the subject of a previous notification to you.
• Performance of Contract: To meet our contractual commitments to you and in performance of contractual obligations to you.
• User Consent: We may use your data, or permit selected third parties to use your data, so that you can be provided with information about goods and services which we consider may be of interest to you. We or they may contact you about these goods and services by any of the methods that you consented to at the time your information was collected. If you are a new member, we will only contact you or allow third parties to contact you only when you have provided consent and only by those means you provided consent for. If you do not want us to use your data for ourselves or third parties, you will have the opportunity to withhold your consent to this when you provide your details to us in the profile used to collect your data.
• Please be advised that we do not reveal information about identifiable individuals to our partners, but we may, on occasion, provide them with aggregate statistical information about our members such as your area of residence or age group.

You may opt out of receiving communications from NSHSS at any time. Please update your Communications Preferences on your Member Dashboard at https://dashboard.nshss.org/.

Sharing and Disclosure

We do not share your personal information with others except as indicated within this policy or when we inform you and give you an opportunity to opt out of having your personal information shared.

We will share your information in the following ways.

• With third-party service providers, agents, or contractors. We use other companies, agents or contractors ("Service Providers") to perform services on our behalf or to assist us with providing services to you. For example, we may engage Service Providers to process credit card transactions or other payment methods. Or, we may engage Service Providers to provide services such as marketing, advertising, communications, infrastructure and IT services, to provide customer service, to collect debts, and to analyze and enhance data (including data about users' interactions with our service). These Service Providers may have access to your personal or other information to provide these functions. In addition, some of the information we request may be collected by third party providers on our behalf. We do not authorize them to use or disclose your personal information except in connection with providing their services.
• Analytics. Specifically, for analytics providers, we use Google Analytics Google Analytics which is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/ Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

• Payment Providers: We may provide paid products and/or services within the site. When we do, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their own privacy notice. The payment processors we work with adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Braintree Payments (https://www.braintreepayments.com/legal/braintree-privacy-policy),

PayPal (https://www.paypal.com/us/webapps/mpp/ua/privacy-full) and

Stripe (https://stripe.com/us/privacy).

• Advertising: We may use third-party Service Providers to show advertisements, which may include targeted advertisements on a third party site after you have visited our website. We and the third party service providers use cookies to inform, optimize, measure performance serve ads based on your previous visits to our site. Any tracking that a third party performs is subject to their own privacy notice.

Please note at this time, we do not recognize automated browser signals regarding tracking mechanisms, which may include "do not track" instructions.

Facebook: You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

To see more about Facebook’s participation in the Digital Advertising Alliance please visit the Choices section of this notice. 

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation

We may participate in Facebook.com's Custom Audience or LinkedIn’s Audience program which enables us to display personalized ads to persons on our email list when they visit Facebook or LinkedIn respectively. We provide Personal Information such as your email address to the social media provider to enable it to determine if you are a registered account holder. You may opt-out of participation in this program by contacting us as noted below in the Choices and Individual rights section. You may also opt-out of receiving these ads from the social media network directly.

• To comply with legal process or to protect NSHSS. If we believe that disclosure is reasonably necessary to comply with a law, regulation, legal or governmental request; to enforce applicable terms of use, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or NSHSS as required by law; or to detect, prevent, or otherwise address, security or technical issues or illegal or suspected illegal activities (including fraud).
  
  
• Business Transfers. We may engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this Policy. In such transitions, customer information is typically one of the business assets that is transferred or acquired by a third party. In the unlikely event that we or substantially all of our assets are acquired or enter a court proceeding, you acknowledge that such transfers may occur and that your personal information can continue to be used as set forth in this privacy policy.

International Data Transfer

This site is operated in the United States. If you are located in another jurisdiction, please know that your information will be transferred to, stored, and processed in the United States. By using this site and providing us with information, you consent to this transfer, processing and storage of your information in the United States. It is important to note that the privacy laws in the United States may not be as comprehensive as those in other countries such as the European Union. Our service providers use appropriate safeguards to transfer your personal data to the United States.

• We may transfer data that we collect from you to locations outside of headquarters for processing and storing. In addition, it may be processed by staff operating outside the office area who work for us or for one of our suppliers. For example, such staff may be engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your data is treated securely and in agreement with this privacy policy.
• Data that is provided to us is stored on our secure servers. We do not store credit card data. Details relating to any transactions entered into via our site will be encrypted to ensure its safety.
• The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.

Third party links

We may have links on our site to other sites that we do not operate. If you click on a third-party link, you will be taken directly to that site which is governed by its own privacy notice. We strongly encourage you to read that privacy notice. We do not control that site and assume no responsibility for the content, policies or its practices.

Choices and Individual Rights:

We aim to take reasonable steps, so you can correct, amend, delete or limit the use of your Personal Data.

We outline your choices below:

• E-mail. As described above, if you do not wish to receive promotional e-mails from us, you may opt out at any time by updating your Communications Preferences on your Member Dashboard at https://dashboard.nshss.org/. If you opt out of a promotional e-mail, we may still send you transactional and administrative emails about this privacy notice or about the products or services you have purchased.
• Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued, or to not receive cookies at any time.
• Text Messages: You may opt out at any time by replying “STOP” to one of our text messages.
• Direct Mail: If you do not want to receive any direct postal mail, you can log into the member dashboard and select your preferences. You may also opt out by emailing information@nshss.org.
• You can opt out of online targeted advertising by opting out within the advertisement itself or by visiting Digital Advertising Alliance, http://www.aboutads.info/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/. You can also opt out of the Digital Advertising Alliance using your mobile device settings.
• Your rights under certain circumstances. To initiate any of these actions please contact us at information@nshss.org.
  • To access and receive a copy of the Personal Data we hold about you.
  • To rectify any Personal Data held about you that is inaccurate or you can update your Member Profile on you Member Dashboard at https://dashboard.nshss.org/
  • To request the deletion of Personal Data held about you.
  • You have the right to data portability for the information you have provided to us. You can request to obtain a copy of this information in a commonly used electronic format so that you can manage and move it. We will need to verify your identity before being able to respond to such requests.
  • Please note that in some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
• Right to Lodge a Complaint. For European Union residents, if you feel that our processing of your personal data infringes on data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state where you habitually reside, your place of work or the location of the alleged infringement. If you are located outside of the European Union, you may have rights under privacy laws in the jurisdiction where you live.

Security

We use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information.

Retention

NSHSS will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

NSHSS will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Sensitive Data

We request that you do not send us sensitive data such as political opinions, religious beliefs, health data, biometrics or genetic, criminal background or trade union membership information. If you do send us this information, then you are consenting to its processing in accordance with this privacy notice. To avoid processing of sensitive data, do not submit it.

Your California Privacy Rights
Notice to California Residents
This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement above and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

Personal Information that We Collect, Use and Share
Here is a summary of how we currently collect, use and share Personal Information, and how we have collected, used and shared the information within the last 12 months.

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples
A. Identifiers.	Real name, postal address, username and confirmation number, online identifier Internet Protocol address, email address, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.	Age, race, color, national origin, marital status, sex (including gender, gender identity, gender expression.
D. Commercial information.	Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
F. Internet or other similar network activity.	Browsing history, search history, information regarding a consumer’s interaction with an Internet website, application, or advertisement.
G. Geolocation data.	Location, e.g., derived from IP Address or telemetry data.
I. Professional or employment-related information.	Past or current employment history and performance evaluations.
J. Non-public personally identifiable information (as defined by FERPA).	Name, address, other indirect identifiers such as date of birth, and other information that is linked or linkable to a student sufficient to enable a third party to identify the student.
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

We obtain the categories of Personal Information listed above from the following categories of sources:

• Directly and indirectly from you.
• Directly and indirectly through information we collect from our clients in the course of providing services to them.
• Directly and indirectly from activity on our websites. For example, from submissions through our website portal or website usage details collected automatically.
• From third parties that interact with us in connection with the services we perform.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

• To fulfill or meet the reason for which the information is provided.
• To provide you with information, products or services that you request from us.
• To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
• To improve our website and present its contents to you.
• For testing, research, analysis and product development.
• As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

In the last 12 months, we have disclosed the following categories of Personal Information for a business purpose:

Category A: Identifiers. Category B: California Customer Records Personal Information categories. Category C: Protected classification characteristics under California or federal law. Category I: Professional or employment-related information.

We disclose your Personal Information for a business purpose to the following categories of third parties:

• Our affiliates.
• Service providers.
• Employers/Third parties to whom you authorize us to disclose your Personal Information in connection with products or services we provide.
  
  

In the last 12 months, we have not sold any Personal Information. We have shared Personal Information with our Service Providers as described above. Please note that the CCPA defines sale broadly; thus, for example, the fact that we use analytics tools on our websites may be considered a sale under current California law. As a result, even when we do not get paid for the information and the recipient uses the information for its own purposes, the mere disclosure of the Personal Information to the recipient may be considered a sale under the CCPA.

Your Privacy Rights

You have the following rights under the CCPA:

Access to Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of Personal Information we collected about you.
• The categories of sources for the Personal Information we collected about you.
• Our business or commercial purpose for collecting or selling that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• The specific pieces of Personal Information we collected about you (also called a data portability request).
• If we disclosed your Personal Information for a business purpose, we will provide a list identifying the Personal Information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Emailing us at information@nshss.org  
• Calling 1-866-343-1800

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child, to the limited extent we have information related to minors. We will confirm receipt of the request within 10 business days describing our verification process. We will respond to your request within 45 calendar days, if we are able to verify your identity. Requests for deletion will require a separate confirmation that you want your information deleted.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.

How do I find out more about NSHSS's information practices?

If you have any questions about anything in this Privacy Policy, or about our collection of personally identifiable information, or information generally, please contact NSHSS as follows:

NSHSS
National Headquarters
1930 North Druid Hills Rd.
Atlanta, GA 30319
E-mail: information@nshss.org or by calling 1-866-343-1800