Privacy Policy

1. Who we are & scope of this Policy

The National Society of Medicine (NSM) is an independent 501(c)(3) academic nonprofit organization headquartered in Washington DC, USA. We operate as a professional, educational and scientific society, focused on medicine and health systems.

1.1 Data controller

For many of the activities described in this Privacy Policy, NSM acts as a “data controller” (or equivalent concept under applicable law), meaning that NSM determines the purposes and means of processing personal data in connection with its websites and services.

Registered address:
National Society of Medicine
1717 N Street NW STE 1
Washington DC 20036, USA
Official website: https://nsmedicine.org

1.2 Scope of this Privacy Policy

This Policy applies to personal data processed in connection with:

• Visits to NSM websites and publicly available pages (including nsmedicine.org and related domains);
• Membership applications, renewals and member profile management;
• Fellowship (FNSM) nominations and related governance activities;
• Registration for and participation in NSM events, courses, webinars and continuing education;
• NSM research registries, surveys and academic collaborations where NSM acts as controller or co-controller;
• Communications with NSM, including Secretariat, committees and media channels.

Where NSM acts as a data processor on behalf of another institution (for example, in a specific research project), additional or different privacy terms may apply. Those will be communicated in the relevant project documentation.

2. Data we collect

We seek to collect only the data reasonably necessary for clear, legitimate purposes connected with NSM’s academic, professional and organizational mission.

2.1 Identification and contact data

• Names, titles, honorifics and post-nominals (e.g. MD, PhD, FNSM);
• Professional contact details (email addresses, phone numbers, institutional addresses);
• Institutional affiliation(s), department, specialty, role and clinical/academic position;
• Membership or account identifiers (e.g. NSM-YYYY-####, username, profile ID).

2.2 Professional and credential information

• Education and training background (degrees, residencies, fellowships);
• Licensure and registration numbers (where voluntarily provided for verification);
• Professional experience, areas of practice, academic appointments;
• CVs, biographies, publication lists and conflict-of-interest disclosures, where relevant to NSM roles.

2.3 Membership, event and transaction data

• Membership category, status, payment history and renewal dates;
• Event and course registrations, attendance, CME credits (where applicable);
• Donation or sponsorship records administered by NSM;
• Invoices, receipts and limited payment-related details (e.g. transaction reference), typically via secure third-party providers.

2.4 Technical and usage data

• Log data such as IP address, browser type, operating system and approximate location (country/region);
• Device identifiers, access times and referring pages;
• Interactions with NSM pages, such as visited URLs, clicks, downloads and error reports.

2.5 Research & survey data

For research registries, surveys and academic projects, we may process data provided by participating institutions or individuals. This may include:

• Aggregated or de-identified clinical data, quality-improvement metrics or survey responses;
• In some contexts, limited coded data related to health services (where allowed and appropriately governed).

NSM does not intend to receive direct patient identifiers via public website forms. Where patient-level or health-related data is processed, this is subject to additional safeguards and governance (e.g. research protocols, data-use agreements, IRB/ethics approvals) and may be de-identified or pseudonymized.

3. How we collect personal data

We collect personal data directly from you, from your institution, from public sources and through automated means when you interact with our websites and services.

3.1 Data you provide directly

• When you apply for membership or fellowship, or update your profile;
• When you register for events, courses or webinars;
• When you submit forms, surveys, abstracts, nominations or committee applications;
• When you correspond with NSM via email or other communication channels.

3.2 Data from institutions or third parties

• Institutional contacts (e.g. hospitals, universities, societies) may provide professional details of nominees, speakers or committee members;
• Collaborating organizations may share limited data for joint events, co-branded research or guideline projects;
• Publicly available sources (e.g. institutional websites, academic databases) may be used to confirm professional roles and publications.

3.3 Data collected automatically

When you access NSM websites, we and our service providers may collect technical and usage data through cookies, pixels, analytics tools and server logs. See Sections 5 and 6 for more details.

4. Purposes & legal bases for processing

We process personal data for specific, legitimate purposes linked to NSM’s academic, educational and organizational mission. Depending on your jurisdiction, our legal bases may include consent, contract, legitimate interests and legal obligations.

4.1 Core purposes

• Membership and governance: managing membership and fellowship records, elections, committee appointments and internal governance;
• Events and education: organizing congresses, courses, webinars and CME activities, tracking attendance and providing certificates;
• Research and guideline development: supporting registries, surveys and multidisciplinary guideline projects;
• Communications: responding to enquiries, providing service updates, and sharing relevant professional information;
• Administration and compliance: managing billing, accounting, audits, risk management and compliance with legal obligations.

4.2 Examples of legal bases (where relevant)

• Contract: when processing is necessary to administer a membership, event registration, or other agreement with you;
• Legitimate interests: for example, to maintain an accurate membership directory, safeguard NSM systems, or understand how our resources are used, balanced against your interests and expectations;
• Consent: where required, for example for certain kinds of optional communications, or where local law requires explicit consent for particular processing;
• Legal obligations: where processing is required to comply with tax, accounting, reporting or other legal duties.

4.3 No automated decisions with legal effect

NSM does not rely on automated decision-making that produces legal or similarly significant effects about individuals without appropriate human review and governance.

5. Cookies & similar technologies

NSM uses cookies and similar technologies to provide and improve its websites and services. The specific tools and settings may vary over time and across regions.

5.1 What are cookies?

Cookies are small text files stored on your device. They may be set by NSM (“first-party cookies”) or by third parties (e.g. analytics or embedded service providers).

5.2 Types of cookies we may use

• Strictly necessary cookies: essential for security, session management and core functionality (e.g. signing in, remembering your privacy choices);
• Functional cookies: help remember preferences such as language and display settings;
• Analytics cookies: help us understand how sites are used (e.g. which pages are visited and for how long) so we can improve content and navigation;
• Optional tools: for example, when integrating third-party video, survey or social tools, subject to separate notices where applicable.

5.3 Managing cookie choices

Depending on your jurisdiction and our implementation, you may be able to manage non-essential cookies via a consent banner or settings panel. In addition, most browsers allow you to block or delete cookies; doing so may affect certain site features.

6. Analytics & log files

NSM uses analytics and logging to understand how its websites are used, ensure performance and security, and plan improvements.

6.1 Analytics

We may use privacy-focused analytics tools that collect aggregated information such as page views, referral sources, device types and approximate region. We are interested in broad patterns (for example, which sections are most used), not in tracking individuals for advertising.

6.2 Server logs

Our hosting providers maintain log files containing technical information such as IP addresses, user-agent strings and timestamps. Logs help us detect security issues, diagnose problems and maintain system stability.

7. Communications & professional information

NSM communicates with members, Fellows, institutions and professional contacts to support its academic and organizational mission.

7.1 Service and transactional communications

We may send you service-related messages such as membership confirmations, event details, security alerts, policy updates or governance notices. These are considered part of the services and are not primarily promotional in nature.

7.2 Professional updates & newsletters

NSM may offer newsletters or professional updates about events, guidelines, research and related activities. Where required, we will seek your consent or provide an opportunity to opt out. You can typically manage preferences via a link in the communication or by contacting NSM.

7.3 Accuracy of professional information

To maintain accurate professional records (e.g. for membership directories or programme materials), NSM may periodically invite you to review and update your details. You can request corrections at any time (see Section 11).

8. Data sharing & international transfers

NSM does not sell personal data. We may share data with carefully selected partners and service providers where necessary for NSM activities, subject to appropriate safeguards.

8.1 Service providers

• Hosting and infrastructure providers that support NSM websites and portals;
• Event platforms, learning management systems and secure video tools;
• Payment processors and invoicing systems, for membership fees and event registrations;
• IT security, analytics and support providers.

Such providers are generally engaged under agreements that require them to protect personal data and use it only for NSM-related purposes.

8.2 Academic and professional partners

For joint conferences, guideline work or research collaborations, NSM may share limited professional data about speakers, authors, committee members or participants, consistent with the goals of the activity and applicable confidentiality or data-sharing terms.

8.3 International transfers

NSM’s activities are international. Depending on where you are located, your data may be transferred to, stored or processed in countries that may have different data-protection laws than your own. Where required by applicable law, NSM seeks to implement appropriate safeguards (for example, standard contractual clauses, data-processing agreements or equivalent arrangements).

8.4 Legal and regulatory disclosures

We may disclose personal data when reasonably necessary to comply with legal obligations, respond to lawful requests from public authorities, protect NSM’s rights or the safety of individuals, or investigate suspected misuse of NSM services.

9. Data security

NSM seeks to protect personal data through a combination of technical, organizational and procedural measures appropriate to the risks involved.

9.1 Technical safeguards

• Use of secure protocols (e.g. HTTPS) for websites and portals where appropriate;
• Access controls and role-based permissions in internal systems;
• Back-ups and resilience measures to maintain service continuity.

9.2 Organizational and procedural measures

• Limiting access to personal data to individuals with a legitimate role-based need;
• Confidentiality expectations for staff, volunteers and committee members handling data;
• Consideration of privacy and security in the design of new processes and tools.

9.3 No guarantee of absolute security

While NSM takes reasonable steps to protect personal data, no system can be fully secure. Users are encouraged to use strong passwords, enable multi-factor authentication where offered and notify NSM promptly of any suspected account compromise.

10. Data retention

NSM retains personal data only for as long as necessary to fulfil the purposes described in this Policy or as required by law, professional standards or governance obligations.

10.1 Retention criteria

• The nature of the data and the context in which it was collected (e.g. membership vs. one-time event);
• Any legal, tax or accounting requirements applicable to NSM as a 501(c)(3) organization;
• NSM’s legitimate interests in preserving records for governance, research integrity or historical purposes, balanced against privacy considerations.

10.2 Anonymisation and aggregation

Where feasible, NSM may anonymize or aggregate data so that it no longer identifies individuals. In such cases, the information may be retained for statistical, research or reporting purposes without further reference to this Privacy Policy.

11. Your privacy rights

Depending on your jurisdiction and the specific processing involved, you may have rights in relation to your personal data. NSM will handle such requests in good faith and in line with applicable law.

11.1 Illustrative rights

• Access: to request confirmation whether NSM processes your personal data and, where appropriate, receive a copy;
• Rectification: to request correction of inaccurate or incomplete data;
• Erasure: to request deletion of certain data, subject to legal or governance requirements to retain it;
• Restriction: to request that NSM limit certain processing activities in defined situations;
• Objection: to object to certain processing based on legitimate interests, particularly for direct communications;
• Portability: to request that certain data be provided in a structured, commonly used format, where applicable;
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time without affecting previous lawful processing.

11.2 How to exercise your rights

To exercise any rights that may apply to you, please contact NSM using the details in Section 15. We may need to verify your identity before responding. Some requests may be subject to limitations, for example where fulfilling the request would conflict with legal obligations, confidentiality commitments or the rights of other individuals.

12. Children & vulnerable individuals

NSM’s online services are primarily directed to adult professionals and institutions, not to children or individual patients.

NSM does not knowingly collect personal data directly from children via public web forms without appropriate consent and safeguards. If you believe that NSM has received personal data from a child inappropriately, please contact us so that we can review and, where appropriate, remove or anonymize the information.

13. Third-party sites & services

NSM websites may contain links to third-party sites and may integrate external services (e.g. video platforms, abstract-submission tools, survey systems).

NSM is not responsible for the privacy practices or content of third-party sites or services. When you follow a link or use a third-party tool, that provider’s privacy policies will apply in addition to, or instead of, this Policy. We encourage you to review those policies carefully.

14. Changes to this Privacy Policy

NSM may update this Privacy Policy from time to time to reflect legal requirements, best practices or changes in our services.

When we make material changes, we will take appropriate steps to inform you, which may include updating the effective date, posting a notice on nsmedicine.org, or communicating via email or portal notifications for registered users. Your continued use of NSM services after the effective date of an updated Policy will signify your understanding of the changes.

15. Contact & privacy queries

If you have questions, concerns or requests about this Privacy Policy or about NSM’s handling of personal data, you are encouraged to contact the NSM Secretariat.

National Society of Medicine
1717 N Street NW STE 1
Washington DC 20036, USA

Secretariat (general): [email protected]
Privacy & data protection: [email protected]
Website: https://nsmedicine.org

This Privacy Policy is intended to be general information and does not constitute legal advice. NSM encourages institutions and individuals to seek independent advice where needed.