Stichting European CME Forum, with its registered office at: Maasdijk 409, 4264AS Veen, Noord-Brabant, Netherlands, is a “data controller” for the purpose of relevant data protection legislation, including the General Data Protection Regulation (“GDPR”) for the information it collects for promotional, educational, CME and employment purposes.
What personal data will we hold about you?
Personal data is any information about an individual from which that person can be identified.
In order to provide our educational products and services, we may need to collect the following types of information from you:
- Contact details, name, address and email address (to keep in contact with you)
- Identification information, including medical registration number, institution, city, country of work or residence (if you participate in our education and are requesting CME credit)
- Identification numbers, passport information, tax identification numbers, bank account details (if you work with us on a project that requires us to pay you or we arrange your travel)
- Technical information,including the internet protocol (IP) address of your computer used to access our services, and information about your visit to our websites, such as data and time of visit, page interaction information, length of visit and search terminology used (if you participate in our CME online learning activities)
We might also collect, store and disclose personal data where you have provided this to us in respect of third parties, such as beneficiaries, spouses, civil partners or dependants. You are responsible, in such situations, for confirming you are entitled to provide us with this information, and that you have informed those third parties of our identity and the purposes for which their personal data will be processed. We will not use this data except for the purpose for which you have provided it.
Why do we need to collect and store your personal data?
We require personal data, such as that listed above, in order to provide educational content and services to you. If you do not allow us to hold this information it may impede our ability to provide those content and services as intended or as contracted with you.
How will we collect your personal data?
We will collect personal data from you in a number of ways, depending on the product or service being accessed, including:
- Completing a registration form on one of our websites
- Signing up to news and update alerts through our websites
- Registering for one of our live meetings or our online education
- Personal correspondence, including telephone calls, emails, letters, or any other means
- Consenting to having your delegate badge scanned at a congress where European CME Forum is an exhibitor or running an event
- Participating in user feedback or needs assessment surveys.
- Completing pre- and/or post-education evaluations and assessments
How will we use your personal data?
We will use your personal data to provide educational products or services and to comply with our legal obligations. The main reasons for using your personal information are to:
- Deliver the contract into which we have entered with you, for example
- Confirmation of your identity in order to communicate with you.
- Provision of services that you have contracted with us to deliver
- Use of your name/image to promote the educational service and for transparency to all service users
- Provision of financial remuneration for your contracted services
- Reporting of transfers of value provided to you by a pharmaceutical funder/sponsor or medical device company, as required by national and/or international regulatory bodies
- Deliver the educational product or service to which you have sought access
- Access to one of our healthcare professional educational websites (through a log-in to permitted content)
- Creation of a user profile common across all of our educational portals, allowing easy and fast access to all relevant educational content
- Provision of online digital educational content
- Registration and access to live educational meetings and events
- Delivery of regular newsletter and therapy area update communications
- Delivery of email communications regarding new educational content or events that might be of interest to you
- Processing of any payments required for access to, or delivery of, educational content
- Personalisation of any educational content or communications to reflect your interests and areas of specialty
- Provision of, and access to, personalised CME certificates following successful completion of a CME-accredited programme
- Help us understand the impact of the services we provide
- Better understand how users interact with our educational services and websites
- Monitor usage of all educational websites
- Determine the effectiveness of programme awareness campaigns
- Determine the outcomes of user feedback and assessment surveys
- Improve our future products and services
- Manage any ad hoc enquiries and complaints
We will only use your data in ways in which the laws allow, and the data that we hold will be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid and compatible purposes aligned with the service you access or are contracted to
- Kept accurate and up to date
- Kept secure and confidential
- Kept only for so long as we are necessarily bound to do so
We will not pass on or sell your details to any third party.
On rare occasions, we may also use your personal data where we need to protect our or your interests, e.g. in the instance of legal claims, or where it is needed in the pubic interest, e.g. for the investigation, detection and prevention of crime.
How will we ensure the security of your personal data?
We have security measures in place to ensure that personal data provided by you is not accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, transmission of information via the internet is never entirely secure, and we ask that where we have provided (or you have chosen) a password to access our services, you maintain the confidentiality of this password at all times.
As part of our internal data security measures, all European CME Forum employees are required to undertake regular and appropriate training in data protection policies to support our compliance with all laws relating to this Policy.
Who will we share your personal data with?
We may share your personal data to third parties as outlined below. We fully require these third parties to respect the security of your data and to treat it in accordance with the law and only for the purpose for which it was provided.
- CME accreditation and regulatory bodies:where required we will share your data with the relevant bodies to register your learning progress for it to be recognised
- Event organisers: where you have registered to attend a live meeting or digital event, your data may be shared with event/logistical organisers or technical service providers, in order to supply our educational service as intended. Where you interact with third parties at live events (e.g. by allowing your badge to be scanned), please ensure you consent to your personal data being captured
- Financial service providers: we may share your personal data for processing purposes, e.g. payment of event registration fees or honoraria remunerations
- Legal or regulatory companies or organisations: your data may be shared when we are bound to provide data for legal reasons, e.g. in crime detection or prevention, or prevention of fraud.
In the event that European CME Forum is acquired by a third party, your data may be shared as part of the business asset transfer process.
Your rights related to this Policy
We require personal data, such as that listed above, in order to provide educational content and services to you. If you choose not to provide your person data for such use, this may impede our ability to provide those content and services as intended or as contracted with you, or to fulfil our legal obligations.
You have the right to ask us not to process your data in the ways we have outlined above. You can exert this right by ensuring any “opt-in” checkboxes contained within all of our email communications remain unchecked, or by clicking the “unsubscribe” link at any time. You can also contact us and ask directly through any of the contact methods listed in the section at the end of this Policy.
You also have the right, at any time, to request the following:
- Ask us which information we hold about you
- Request inaccurate information to be reviewed and corrected
- Request additional restrictions to the processing of personal information
- Request personal information to be erased, in certain circumstances
Your request will be fully complied with, unless we can demonstrate compelling legal or regulatory grounds as to why the processing should continue in accordance with data protection laws.
If you have a complaint regarding our use of your data, you can file a complaint with the supervisory authority for data protection issues the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), or write to them at Postbus 93374, 2509AJ, Den Haag, or phone +31 88 1805 250
For how long will we store your information?
You may request we delete your information at any time. However if you have participated in any educational activities we will maintain your personal data records for as long as is necessary to perform or deliver our educational products and services to you. For programmes that are complete, we are required to keep records for a period of 6 years in order to comply with accreditation requirements of the Accreditation Council for Continuing Medical Education (ACCME) the American Medical Association (AMA) and various European accreditation bodies.
What if you have queries about this policy?
Should you wish to make a request to exercise any of the above rights you should contact our Compliance Officer via email at cme@CMEforum.org or write to us at:
European CME Forum