PeerView Privacy Policy

Last updated August 16, 2018

PVI, PeerView Institute for Medical Education, 7A rue Robert Stumper, L-2557, Luxembourg (“PeerView” or “We”) care about your privacy and are committed to protecting the privacy of the personal information that you share with us. In this Privacy Policy, We provide information about how We collect, process and share personal information about you ("Users") through websites, mobile applications and newsletters that PeerView operates (“Services”). By “personal information” or “personal data”, We mean information that identifies you or can reasonably be used to identify you.

1. What Does This Privacy Policy Cover?

This Privacy Policy only applies to Services that include a link to this Privacy Policy and may be supplemented by additional notices to you depending on the specific Service you are accessing or using. If you are located in the European Economic Area, please also see the Supplemental European Online Privacy Statement below.

2. How Do We Collect Personal Information From Users of Our Services?

(i) When You Actively Submit Personal Information. We collect certain types of personal information when you interact with our Services, such as when you:

  • Register for an account on any Service or update your profile information;
  • Participate in a medical education program;
  • Participate in or respond to an online survey;
  • Request the following from us:
    1. information about patient assistance resources, medical education programs and other medical communications;
    2. customer or technical support;
  • Submit comments, reviews, or other user-generated content on our Services; or
  • Otherwise submit personal information to us via the Services.

The personal information We collect through active submission includes your name, email address, mailing address, telephone number, certain information related to your profession (e.g., specialty, education, hospital affiliation, etc.) and any other personal information that you actively submit to us. In each such instance, you will know what personal information We collect, because you actively submit it. We endeavor to clearly label which information is required and which information is optional in all cases. If you are unable or choose not to provide us with the personal information We reasonably require, We may be unable to provide you with the information or services you have requested.

(ii) When You Passively Submit Personal Information. When you use our Services, We may also passively track information about your computer, device or Internet connection.

The information We collect through passive tracking includes the IP address of your computer and/or Internet service provider, the date and time you access our website, the Internet address of websites from which you come to our websites, the type of device you are using to access the Service, the Web browser and operating system you are using, and your movements and interactions on our Services. This data is generated and collected automatically, as part of the standard operation of the Services. Unless you also actively submit personal information to us, any information that is passively submitted typically does not allow us to identify you personally.

(iii) Publicly Available Information. Where permitted by applicable law, We may also collect information about your specialty, hospital affiliation and academic or scientific publications from public resources.

(iv) Cookies. We may place cookies on Users’ computers. Cookies can save data about individual Users, such as the User's name, password, username, screen preferences, and the pages of a site viewed by the User.

When the User revisits the website, We may recognize the User based on any cookies placed on their computer and customize the User's experience accordingly. For more information about our use of cookies, please see our Cookie Policy.

(v) Web Beacons. Web beacons are tiny graphic image files embedded in a website page that notify the home server (which can belong to the host website, a network advertiser, or some other third party) on a non-personally identifiable basis that some interaction has taken place. This notice to the home server may also result in a cookie being set on your device, as described above. We may use web beacons to track who has opened our e-mails.

3. How Do We Use the Personal Data Collected Through the Above Sources?

(i) We use personal information that We collect about you through the Services to:

  • Upon request, create an account for you for the Services;
  • Respond appropriately to your inquiries, and to provide updates to you regarding your account;
  • Provide you with a customized experience in connection with our Services;
  • Discharge our contractual obligations to you; and
  • Comply with any legal obligations that apply to us.

(ii) To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, We also use your personal information for the following purposes:

  • To invite you to participate in accredited continuing medical education ("CME") programs and other medical communications activities by e-mail. If you do not wish to receive such e-mails, you may opt out by following the opt-out instructions included in such e-mails. We may also invite you via postal mail.
  • To send you medical newsletters including relevant information about symposia, medical news and online CME activities. If you do not wish to receive such emails, you may opt out by following the opt-out instructions included in such emails.
  • To send you invitations to complete educational needs assessment surveys, by email, typically in exchange for honoraria. If you do not wish to receive such emails, you may opt out by following the opt-out instructions included in such emails.

If you respond to a survey, We only use your personal information in connection with your survey responses for the purposes of: (i) verifying your eligibility to participate in a study; (ii) validating your identity and responses for the purposes of preventing duplicate or fraudulent responses; and/or (iii) processing your honoraria payment. Unless We have obtained your explicit consent, We anonymize survey results before sharing them with third parties, although We may be required by applicable law to identify a particular respondent to comply with applicable legal requirements.

(iii) We also perform statistical analyses of the Users of our Services to improve the content, design and navigation of the Services. In these cases, We use aggregate or statistical data that cannot reasonably be used to identify you.

4. Do We Share Your Personal Information With Others?

We do not share your personal information with others, except in the following circumstances and in accordance with applicable law:

  • With your consent;
  • To our agents and service providers, who act on our behalf and under confidentiality agreements to deliver services, provide IT support, and help us fulfill the other purposes set forth above;
  • To our affiliates and partners under confidentiality agreements who work with us to improve our and their services and business practices; If you participate in a medical education program that We sponsor and thereby obtain a CME or similar certificate, We may disclose the fact that you participated in the program to the institute or university that accredited the program for the purposes of complying with professional accreditation recordkeeping requirements.
  • As required by applicable law, including, without limitation, in response to any government or regulatory agency request, to cooperate with law enforcement investigations, or upon receipt of any court order; and
  • To courts and public authorities to protect you, us, or third parties from harm, such as fraud.

If you respond to an educational needs assessment survey, We do not share your personal information with any third party except with your consent or where required by applicable law. However, We may share educational needs assessment results with third parties in aggregate (as a collection of total responses), but individual responses of respondents are not shared in association with the respondent’s personal information.

5. What Security Measures Do We Take With Respect to Your Personal Information?

We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented technical and administrative security features to help prevent the unauthorized release of or access to personal information. Please note, however, that while We have endeavored to create a secure and reliable site for Users, the confidentiality or accuracy of any communication or material transmitted to/from us over the Internet cannot be guaranteed. You are responsible for, among other things:

  • the security of information that you transmit via the Internet; and
  • for safeguarding the username and password that you use to access our websites, if any, and to notify us immediately at the contact information below if you ever suspect that your username and/or password has been compromised.

6. You Have Opt-Out Rights

If you would like to opt out of receiving invitations to CME programs, educational needs assessment surveys or medical newsletters from us, please click the opt-out link at the bottom of our e-mails. Even after you opt out or update your preferences, please allow us sufficient time to process your preferences. It may take up to 10 days to process your e-mail related requests, and up to 30 days for all other requests. Even after you have opted out of receiving invitations to CME programs, educational needs assessment surveys and medical newsletters from us, We may still contact you for transactional or informational purposes. These include, for example, customer service issues or any questions regarding a specific inquiry you made to us.

7. How to Update Account Information

If you believe any information We have about you is no longer accurate or current or would like to access personal information We may have about you, please contact us by emailing privacy@peerview.com. Upon authenticating your request, We will update or amend your information, or provide you with access, but We reserve the right to use personal information obtained previously to verify your identity or take other actions that We believe are appropriate.

8. Collection of Personal Data From Children

We do not knowingly collect personal information from children under the age of 13, and We do not knowingly market the Services or any goods or services to such children.

9. How You Can Contact Us

If you have any questions regarding this Privacy Policy, you may contact us by emailing privacy@peerview.com.

10. Effective Date and Changes to Privacy Policy

This Privacy Policy is effective as of August 16, 2018. We reserve the right to change this Privacy Policy. If We make a material change to how We collect, use, or disclose personal information, We will prominently post an updated Privacy Policy on our Services. Where required to do so by law, We may seek your prior consent to any material changes We make to this Privacy Policy. If you disagree with our Privacy Policy changes, you may discontinue using the Services.

Supplemental European GDPR Privacy Statement ("Supplemental Statement")

As the data controller, PVI, PeerView Institute for Medical Education, 7A rue Robert Stumper, L-2557, Luxembourg is required to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA”). This is on account of the European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”).

1. Who does this Supplemental Statement Apply To?

This Supplemental Statement applies to Users who access the Services from a member state of the EEA. The Supplemental Statement applies to you in addition to the Privacy Policy.

2. What Are the Contact Details of the GDPR Representative or DPO?

PeerView has appointed a GDPR-specific representative and data protection officer. Their contact details are as follows: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich, Germany; skraska@iitr.de.

3. What Are the Legal Bases for Processing Personal Data?

We process your personal data on several different legal bases, as follows:

  • Contractual Necessity (see Article 6(1)(b) of the EU GDPR): When you access, use or register for Service, you form a contract with PeerView. This contract is based on the applicable terms of use or terms of service. We need to process your personal data to discharge our obligations in any such contract, fulfill your requests and orders, answer questions and requests from you, and provide tailored customer support.
  • To pursue our legitimate interests (see Article 6(1)(f) of the EU GDPR): We process your personal data to send you invitations to relevant continuing medical education activities (unless you have opted out), medical newsletters (unless you have opted out), invitations to relevant educational needs assessment surveys (unless you have opted out), to understand which products and services may be relevant to you, and to generally improve our products, services and business practices.
  • To comply with legal obligations (see Article 6(1)(c) of the EU GDPR): We may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process to which We are subject.
  • Your consent (see Article 6(1)(a) of the EU GDPR): We process your personal data on the basis of your consent in various instances, such as with respect to cookies that are not strictly necessary. Your consent can be withdrawn at any time, but this does not affect the lawfulness of processing based on consent before such withdrawal.

4. Disclosure of Personal Data to Affiliates

We may, subject to applicable law, disclose your personal data to affiliates who act as data controllers for the purposes of improving our products, services and business practices, as well as those of our affiliates. Please contact us at privacy@peerview.com for information about our affiliates and, if applicable, their GDPR-specific representative and data protection officer.

5. Is My Personal Data Transferred Outside of the EEA?

Yes, some recipients of your personal data are located in:

(i) Canada, which is a country outside of the EEA for which the European Commission has issued an adequacy decision. The transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (pursuant to Article 45 of the EU GDPR).

(ii) The U.S. (where the recipient is not Privacy Shield certified) and Mexico. The European Commission has not issued an adequacy decision in respect of the level of data protection for these countries. By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, We have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or law. You can ask for a copy of such appropriate data transfer agreements by contacting us using the details provided at the bottom of this Supplemental Statement.

6. How Long Will We Retain Your Personal Data?

We will delete, erase or anonymize your personal data within 1 month after your personal data is no longer necessary for us to:

  • provide you with any information or services you have requested;
  • pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your fundamental rights or privacy interests;
  • comply with any legal obligations to which We are subject; or
  • defend any legal claim against us or support any legal claim made by us, including any potential appeal.

7. What Are Your Rights as a Data Subject?

As a person whose personal data is processed, you have the following rights under the EU GDPR:

  1. You can withdraw your consent to processing: If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. However, this withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
  2. You have the right to access information: You can ask us to confirm if your personal data is being processed and, if so, to request access to the personal data. The access information includes, among other things: o the purposes of the processing; o the categories of personal data processed; and o the recipients or categories of recipients to whom the personal data have been or will be disclosed. You also have the right to obtain a copy of the personal data being processed. Subject to applicable law, We may charge a reasonable fee for copies, based on administrative costs.
  3. You can seek to rectify personal data: You have the right to ask us to rectify inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed. You can do this, among other ways, by providing us with a supplementary statement.
  4. You can ask for your personal data to be erased: To the extent it is not legally required to be retained, you have the right to ask us to erase your personal data.
  5. You can request that processing be restricted: In this case, your personal data will be marked and processed by us only for certain purposes.
  6. You have the right to receive your data in a portable format: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer the personal data to another entity without hindrance from us.
  7. You can object to our processing of your personal data: Such an objection can be made at any time, on grounds relating to your particular situation, and We can be required to no longer process your personal data. Exercising this right will not incur any cost. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to (a) take steps prior to entering into a contract; or (b) to perform a contract already concluded.
  8. You have the right to submit a complaint: In addition to contacting us, you have a right to lodge a complaint with a supervisory authority.

Please note that these rights may be limited under applicable national data protection law. To exercise your rights (except for the right to complain to a supervisory authority), please contact us as stated below.

8. Your Choices With Respect to Your Personal Data

You have a choice with respect to whether to provide us with your personal data. You are not required to provide any personal data to us; however, if you do not provide any personal data to us, you may not be able to use or receive the Services. You can also use the Services without consenting to cookies that are not strictly necessary; the only consequence is that the Services will be less tailored to you.

9. How Can I Contact You for More Information or to Exercise My Rights?

Please contact us at privacy@peerview.com for more information relating to this Supplemental Statement or to exercise your rights as described in the Supplemental Statement.