Privacy Policy

MedPoint Privacy Policy 2018
Purpose and Overview

MedPoint Digital serves as a data processor for international pharmaceutical and biotech companies and for professional healthcare organizations and societies. MedPoint is committed to protecting your privacy.

MedPoint Digital uses the Internet to provide various information and resources to the professional healthcare community, including medical training and education courses. Our services are not meant for the general public. We rely on our users to provide data that includes mailing and e-mail addresses and other profile information. In addition, user feedback and course evaluation data allow us to better understand the specific needs of medical professionals.

As a part of MedPoint Digital's training and education operations, we collect, and in some cases, disclose information about users to our program sponsors and professional education accreditation providers.

If you, as a User, are uncomfortable with the terms or policies described in this statement, you may discontinue use of our website and send confidential correspondence through the postal service to the address provided below.

The privacy and security pertaining to the information that our users provide is a serious matter; therefore, MedPoint Digital has established this Privacy Policy for our organization and users. Please read the following Privacy Statement on MedPoint Digital's policies regarding the collection, use, disclosure, and protection of user information.

Legal Basis for Processing

MedPoint does not provide services to the general public.

We provide professional services to healthcare professionals and we must control access to this information.

In many cases, Users like you have entered into a contract to conduct clinical studies and the Study Sponsor has designated a MedPoint web-portal to support the study by disseminating private trial documents, communications and alerts.

In other cases, Users like you have contracted directly with us for data services or have requested to participate in training and education courses provided by pharmaceutical sponsors and healthcare institutions to advance your professional knowledge.

In all cases, as a condition of your consuming these services, MedPoint needs to collect relevant information and to identify you and control access to this professional and private information. Should you not provide these data, our services will not be provided to you.

Children

This Website is for medical information and services and is not intended for children. MedPoint does not market any products or services to children under the age of thirteen or knowingly collect any information from children under the age of thirteen. If MedPoint becomes aware that information is or has been submitted by or collected from a child under the age of thirteen, this information will be deleted

Logging and Cookies

As part of MedPoint services, we use cookies. A cookie is a message sent to your browser from a Web server that is stored on your computer's hard drive. The message is sent back to the Web server whenever the browser requests a page from that server. Many commercial Internet websites use cookies. While a code in the cookie file enables the website to label you as a particular user, it does not identify you by name or address unless you have provided the website with such information or set up preferences in your browser to do so automatically. You may opt out of accepting cookies by changing the settings on your browser. However, rejecting cookies may prevent you from using certain functions and you may have to repeatedly enter information to take advantage of services or promotions. In general, cookies allow us to identify you as a particular user; thus, providing you with a more customized service. We may also use cookies to track customer or user requests, inquiries and traffic patterns, or to determine audience size and repeated usage.

For more information see MedPoint Cookie Policy.

International Privacy Compliance

MedPoint Digital complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. MedPoint Digital has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

MedPoint Digital strives to collect, use, and disclose personal information in a manner consistent with the laws of the countries in which we do business. The EU-US Privacy Shield Policy and Swiss-U.S. Privacy Shield Frameworks (see section below) set forth the privacy principles that MedPoint Digital follows with respect to transfers of personal information between member states of the EU, Iceland, Liechtenstein, and Norway (the European Economic Area (EEA), Switzerland, and the US.

Definitions:
Description
Definition
Agent
Any third party that collects or uses personal information under the instructions of, and solely for, MedPoint Digital or to which MedPoint Digital discloses personal information for use on MedPoint Digitals behalf.
EEA
The European Economic Area
Health Care Professional (HCP)
Doctors, nurses, medical technicians, physician assistants, etc.
Personal Information
Information that is transferred from the European Union and Switzerland to the United States; is recorded in any form; is about or pertains to a specific individual; and can be linked to that individual.
Personally Identifiable Information (PII)
PII includes any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

In addition, MedPoint will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
Sponsor
A pharmaceutical, device, or biotech company or their agents that contract with MedPoint Digital to provide user services.


MedPoint Digital and Its Agents and Program Sponsors

MedPoint Digital is a US based corporation, which also operates with several international agents and sponsors. MedPoint Digital requires all agents and sponsors to honor its Privacy Policies, including the EU-US Privacy Shield Policy principles and Swiss-U.S. Privacy Shield Framework principles for data received from the EU and Switzerland with respect to Notice; Choice; User Rights; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.

Information Collected
Sources of Information include:
  • Information from the Clinical Trial Sponsor company, derived from the contract you and your institution have entered into and initially manifested as an invitation to register for a Study Support ePortal.
  • Information provided by you at the time of registration and during your participation in the program, including PII, attendance to our web conference and on-line learning assets, Polling responses, test question responses, forum posting by you, your invitations to your colleagues, forms you complete, appropriate electronic signatures, your submitted questions and similar program activities. etc.
  • Invitation lists supplied to us by our Pharmaceutical program sponsors.
  • Invitation lists provided to us by professional organizations to which you belong for programs they may be sponsoring or recommending.
Types of information Collected include:

MedPoint Digital collects the domain name and email addresses of users, information volunteered by the user such as quiz/evaluation information, and/or website registrations. Project-specific information may also include your professional title, work address and the name of your healthcare institution, department and work telephone.

Purpose of Collecting Personal Information:

This information is used to send confirmations, reminders and follow-up email correspondence regarding meetings, web conferences and other activities; to notify users about updates; provide confirmation on course completions; to configure and customize user preferences to improve their program experiences, to evaluate training program effectiveness for the user and the program itself and to identify new issues and understandings in medical science and operations.

In some cases, additional information, such as institution location, curriculum vitaes (CVs), and certifications, is collected as part of the operational requirements to administer clinical trials (e.g., to build a training program suited to the individual). Those clinical trial portals are private, secure, by-invitation-only, membership-only websites that support a pre-existing contractual relationship between the study sponsor and the research study health care professionals (HCPs.)

Creation of De-Identified Data:

We may create De-Identified Data records from personal data by excluding the information (such as your name) that makes the data personally identifiable to you. Once we create De-Identified Data, this De-Identified Data is our property. We use this De-Identified Data in many ways including analyzing request and usage patterns, creating reports and performing analytics so that we may enhance the content of our services, our compliance with equal opportunities regulations, improve Site navigation and provide meaningful analysis of habits, usage, trends, and effectiveness of marketing campaigns etc. as part of our analytics and other services. MedPoint reserves the right to use and disclose De-Identified Data to Third Party Companies in its absolute discretion.

Onward Transfers to Agents

MedPoint Digital may share some or all of your PII with necessary agents and sponsors. MedPoint Digital will obtain assurances from its agents and sponsors that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant EU-US Privacy Shield and Swiss-US Principles, EU-US Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding.

Where MedPoint Digital has knowledge that an agent is using or disclosing PII in a manner contrary to this Policy, MedPoint Digital will take reasonable steps to prevent or stop the use or disclosure.

MedPoint Digital's accountability for personal data that it receives under the Privacy Shield frameworks and subsequently transfers to a third party is described in the Privacy Shield Principles.

In particular, MedPoint Digital remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless MedPoint Digital proves that it is not responsible for the event giving rise to the damage.

Third Parties

MedPoint Digital does not release PII about users or their use of this website to any third party that does not comply with EU-US Privacy Shield and Swiss-US policies and without notification to the user. An example of a compliant third party is local event-management personnel at a hotel confirming your identity and authorization to attend a conference. Other third-party vendors and agents include, but are not limited to:

  • Voice-bridge service operators (for web conferences)
  • Technical support personnel (for web conferences)
  • Transcription services (for learning module Q & A sessions.)
  • Google Analytics
  • Hotel and destination management service providers (for live events)
  • Airlines and transportation services (for live events)
Notice of Upgrades to Our Services

MedPoint may alert you to new services and upgrades as we continue to evolve and develop our systems.

Choice and Consent

MedPoint Digital provides users with the choice and means for limiting the use and disclosure of their PII in clear and conspicuous language during the registration process and during the period of the program, and MedPoint will abide by those choices.

Users who withhold some critical information may be disqualified from program participation.

Notice will be provided before MedPoint Digital uses or discloses the Information for a purpose other than for which it was originally collected.

MedPoint Digital notifies and gives individuals the authority to affirmatively and explicitly consent (opt in) to the disclosure of their information to a non-agent third party or to withhold such consent. Also, to explicitly authorize and opt-in to a subsequent use of their information for a purpose other than the purpose for which it was originally collected or to withhold such consent.

Users have rights that include the following:

  • Withdraw your consent to the processing of your personal information at any time without penalty;
  • Access your personal information and have it corrected, amended or deleted;
  • The right to data portability: receive a copy of your personal data and transit such to others;
  • At any time, to object to and request the cessation of our processing of your personal information which we will comply with unless we demonstrate compelling legitimate grounds for processing such that overrides your rights;
  • If you believe your personal information is inaccurate, unlawful, no longer necessary for our business purposes, or if you object to our processing of your personal information, you also have the right to instruct us to restrict the processing of your data pending our investigation and/or verification of your claim.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
  • If you cannot resolve your complaint with us, you have a right to bring the complaint to the relevant data protection authority, which has the power to enforce the GDPR.
  • MedPoint does not conduct automated decision-making based on your PII or other of your collected data.

If you wish to raise a complaint and initiate and investigation on how we have handled your personal data, or request a copy of your personal information, please email us at privacy@medpt.com. We may make a small charge for this service.

Individuals may to choose (opt out) whether their PII is to be disclosed to a non-agent third party or to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual during the program registration process. Choosing to opt-out may result in the cessation of registration process and prevent participation in the program.

Users may also send such opt-out requests via email to privacy@medpt.com

Data Security

Transfers of data to countries outside of the EEA are safeguarded on the basis of the Privacy Shield Framework and as specified in EU General Data Protection Regulation 2016/679 ("GDPR.")

MedPoint Digital takes reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. MedPoint Digital has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

MedPoint Digital uses industry-standard data-encryption technology when transferring or receiving PII on any of the MedPoint Digital websites. We maintain appropriate security measures in our physical facilities to protect against loss, misuse, or alteration of information we have collected from you (users) on any of the MedPoint Digital websites.

MedPoint Digital uses a secure server and security protocol to safeguard the information users submit.

To help ensure the security of users personal and financial information (other than via an email message), MedPoint Digital uses security software to encrypt the information before and during its transmission through the Internet.

Email messages are frequently not secure. MedPoint Digital security software does not encrypt email messages. Email messages traveling through the Internet are subject to viewing, alteration and copying by potentially any party on the Internet. MedPoint Digital is not responsible for the security of confidentiality of communications sent to us through the Internet using email messages. Instead, MedPoint Digital may direct you to a secure website to read or send messages.

Data Integrity

MedPoint Digital only processes PII in a way that is compatible and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, MedPoint Digital takes reasonable steps to ensure that PII is accurate, complete, current, and reliable for its intended use.

Data Retention

MedPoint will not retain your personal information for longer than is necessary for our business purposes (usually 24 months after project close or inactivity) or for legal requirements.

"Or for Legal Requirements"

For example, in a clinical study the EMA and the FDA require participating study health care professionals training records to be maintained for subsequent submission to the approving bodies as part of the drug approval process. Studies can have lifetimes beyond 24 months. In this case, we would continue to maintain the records beyond 24 months to ensure a comprehensive submission.

Access

Upon request, MedPoint Digital grants individuals reasonable access to PII that it holds about them. In addition, MedPoint Digital takes reasonable steps to add, correct, or delete information that is demonstrated to be inaccurate or incomplete.

Options regarding correction or storage of your information

Users may obtain from us the information about them in our files. If you believe the information we have about you in our records or files is incomplete or inaccurate, you may request, via e-mail (or other form of communication), that we make any necessary additions or corrections or, to the extent that it is feasible, that we delete this information from our files. Users may send such requests via email or write to MedPoint at the address below.

MedPoint Digital, Inc.
Re: My PII Request
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

Privacy@medpt.com

Enforcement

MedPoint Digital conducts compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee or agent that MedPoint Digital determines is in violation of this policy is subject to disciplinary action up to and including termination of employment or commercial engagement.

MedPoint Digital is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

EU-US Privacy Shield Dispute Resolution

In compliance with the EU-US Privacy Shield Principles, MedPoint Digital commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss residents with inquiries or complaints regarding this privacy policy should first contact MedPoint Digital at:

MedPoint Digital, Inc.
Re: Privacy Shield
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

Privacy@medpt.com

MedPoint Digital has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel (consisting of one or three arbitrators, as agreed by the parties).

Change of Ownership

In the event of change in ownership, or a direct merger or acquisition with another entity, we reserve the right to transfer all of MedPoint Digital user information, including Personal Data, to a separate entity which also abides by the EU-US Privacy Shield requirements. We will use commercially reasonable efforts to notify you (by posting on our website or issuing an e-mail to the e-mail address you provided when you registered) of any change of ownership; merger or acquisition of MedPoint Digital by a third party, and you may choose to modify any of your registration information at that time.

Swiss-U.S. Privacy Shield

MedPoint Digital complies with the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of PII from Switzerland. MedPoint Digital has certified that it adheres to the Swiss-U.S. Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the principles in this Policy and the Swiss-U.S. Privacy Shield Principles, the Swiss-U.S. Privacy Shield Principles shall govern. To learn more about the Swiss-U.S. Privacy Shield Framework and to view our certification page, please visit https://www.privacyshield.gov/Swiss-US-Privacy-Shield-FAQs.

Swiss-U.S. Privacy Shield Framework Dispute Resolution

In compliance with the Swiss-U.S. Privacy Shield Framework Principles, MedPoint Digital commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact MedPoint Digital at:

MedPoint Digital, Inc.
Re: Swiss-U.S. Privacy Shield
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

privacy@medpt.com

MedPoint Digital has further committed to refer unresolved privacy complaints under the Swiss-U.S. Privacy Shield Framework to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Amendments

This Policy may be amended from time to time consistent with the requirements of the EU-US Privacy Shield and Swiss-U.S. Privacy Shield and their successors. We will post any revised policy on this website; please check frequently for changes.

Links

This website contains links to other websites. When users click on one of these links, they are moving to another website. Users should read the Privacy Statements of these linked websites.

Limitation on Application of Principles

Adherence by MedPoint Digital to these EU-US Privacy Shield Principles may be limited to the extent required to respond to a legal or ethical obligation; to the extent necessary to meet national security, public interest or law enforcement requirements; and to the extent expressly permitted by an applicable law, rule or regulation.

Contact Information

Questions, comments, or complaints regarding the Company's EU-US Privacy Shield Policy or data collection and processing practices can be emailed or mailed to:

Re: Privacy
privacy@medpt.com
Attn: Data Protection Officer
MedPoint Digital, Inc.
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

Phone: 847-869-4700
Fax: 847-869-4702