Who we are

Green STEM Certification (“we”, “us”) provides a site-level sustainable research certification platform. We are the data controller for the personal data described in this notice. You can reach us at privacy@greenstemcert.com.

Personal data we collect

Account data: your name, email address and organisation, and the role/permissions assigned to you.

Waitlist data: the email address (and optional name and organisation) you submit to register interest.

Assessment data: the information and evidence you upload to support a certification application for your site.

Technical data: limited logs (e.g. request metadata and error logs) generated when you use the service.

How we use it and our legal bases

To provide and administer the service and your account (performance of a contract).

To assess and issue certifications, and to contact you about your applications (performance of a contract / legitimate interests).

To respond to waitlist and contact requests (consent / legitimate interests).

To secure, maintain and improve the service, including fraud and abuse prevention (legitimate interests).

Service providers (processors)

We host the service on Amazon Web Services (AWS) in the United Kingdom (eu-west-2 region). Authentication is provided by AWS Cognito, and we use Cloudflare Turnstile to protect public forms from abuse. These providers process data on our behalf under appropriate agreements.

International transfers

Personal data is primarily processed in the UK. Where a provider processes data outside the UK, we rely on appropriate safeguards such as UK adequacy regulations or standard contractual clauses.

Retention

We keep personal data for as long as your account is active and as needed to provide the service, then for any period required to meet legal, accounting or reporting obligations, after which it is deleted or anonymised.

Your rights

Subject to UK GDPR, you have the right to access, rectify, erase, restrict or object to processing of your personal data, and to data portability. To exercise these rights, contact privacy@greenstemcert.com. You also have the right to complain to the Information Commissioner’s Office (ICO).

Security

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls and least-privilege permissions. No system is perfectly secure, but we work to protect your data.

Changes to this notice

We may update this notice from time to time. Material changes will be reflected by the “last updated” date above.