Supplemental UK and EU GDPR Privacy Statement (“Supplemental Statement”)
As the data controller, PVI, PeerView Institute for Medical Education, 1, rue Hildegard von Bingen, L-1282 Luxembourg, Luxembourg is required to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA”) and the United Kingdom (“UK”). This is on account of the European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and the UK General Data Protection Regulation (“UK GDPR ”).
- Who Does This Supplemental Statement Apply To?
This Supplemental Statement applies to Users who access the Services from a member state of the EEA or the UK. The Supplemental Statement applies to you in addition to the Privacy Policy.
- What Are the Contact Details of the GDPR Representative or DPO?
PeerView has appointed a data protection officer. Their contact details are as follows: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich, Germany; email@iitr.de.
We have appointed an UK GDPR-specific representative for the UK GDPR. Their contact details are as follows: Rickerts Services Ltd UK, PO Box 1487, Peterborough, PE1 9XX, United Kingdom; art-27-representative@rickert-services.uk.
- What Are the Legal Bases for Processing Personal Data?
We process your personal data on several different legal bases, as follows:
- Contractual Necessity (see Article 6(1)(b) of the EU GDPR): When you access, use or register for Service, you form a contract with PeerView. This contract is based on the applicable terms of use or terms of service. We need to process your personal data to discharge our obligations in any such contract, fulfill your requests and orders, answer questions and requests from you, and provide tailored customer support.
- To pursue our legitimate interests (see Article 6(1)(f) of the EU GDPR): We process your personal data to send you invitations to relevant continuing medical education activities (unless you have opted out), medical newsletters (unless you have opted out), invitations to relevant educational needs assessment surveys (unless you have opted out), to understand which products and services may be relevant to you, and to generally improve our products, services and business practices.
- To comply with legal obligations (see Article 6(1)(c) of the EU GDPR): We may need to process your personal data to comply with relevant laws, regulatory requirements, and to respond to lawful requests, court orders, and legal process to which We are subject.
- Your consent (see Article 6(1)(a) of the EU GDPR): We process your personal data on the basis of your consent in various instances, such as with respect to cookies that are not strictly necessary. Your consent can be withdrawn at any time, but this does not affect the lawfulness of processing based on consent before such withdrawal.
Purposes of Use or Disclosure | Legal Bases of Processing and, if applicable, Legitimate Interests |
Manage our relationship with you, including to:
|
|
Discharge our contractual obligations to you. |
|
Comply with any legal obligations that apply to us. |
|
Send you invitations, newsletters and other related information as part of our Services, including:
|
|
Use cookies, web beacons and similar technologies to customize your experience with our Services and track who is opening our electronic communications. |
|
If you respond to a survey, we process your personal data to: (i) verify your eligibility to participate in a study; (ii) validate your identity and responses; (iii) process your honoraria payment; (iv) provide anonymized survey results to third parties; and (v) identify a particular respondent to comply with applicable legal requirements, such as adverse events reporting requirements. |
|
If you participate in a medical education activity that we publish and thereby obtain a continuing medical education or similar certificate, we may disclose the fact that you participated in the activity to the medical school or institute that accredited the activity for the purposes of complying with professional accreditation recordkeeping requirements. |
|
If we publish an activity from another medical education provider, and thereby obtain a continuing medical education or similar certificate, we may disclose the fact that you participated in the activity to the medical education provider for the purposes of complying with professional accreditation recordkeeping requirements. |
|
Disclosures of personal data to courts and public authorities to protect you, us, or third parties from harm, such as fraud. |
|
Disclosures of personal data to our agents and service providers for the purposes described above. |
|
- Disclosure of Personal Data to Affiliates.
We may, subject to applicable law, disclose your personal data to affiliates who act as data controllers for the purposes of improving our products, services, and business practices, as well as those of our affiliates. Please contact us at privacy@peerview.com for information about our affiliates and, if applicable, their UK GDPR-specific representative and data protection officer.
- Is My Personal Data Transferred Outside of the EEA or the UK?
Yes, some recipients of your personal data are located in:
(i) Canada, which is a country outside of the EEA for which the European Commission has issued an adequacy decision. The transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (pursuant to Article 45 of the EU GDPR).
(ii) The U.S. and Mexico. The European Commission has not issued an adequacy decision in respect of the level of data protection for these countries. By entering into appropriate data transfer agreements based on Standard Contractual Clauses approved by the authorities of your jurisdiction, We have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or law. You can ask for a copy of such appropriate data transfer agreements by contacting us using the details provided at the bottom of this Supplemental Statement.
- How Long Will We Retain Your Personal Data?
We will delete, erase or anonymize your personal data within 1 month after your personal data is no longer necessary for us to:
- Provide you with any information or services you have requested;
- Pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your fundamental rights or privacy interests;
- Comply with any legal obligations to which We are subject; or
- Defend any legal claim against us or support any legal claim made by us, including any potential appeal.
- How Long Will We Retain Your Personal Data?
As a person whose personal data is processed, you have the following rights under the EU GDPR and the UK GDPR:
(i) You can withdraw your consent to processing: If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. However, this withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
(ii) You have the right to access information: You can ask us to confirm if your personal data is being processed and, if so, to request access to the personal data. The access information includes, among other things:
- The purposes of the processing;
- The categories of personal data processed; and
- The recipients or categories of recipients to whom the personal data have been or will be disclosed. You also have the right to obtain a copy of the personal data being processed. Subject to applicable law, We may charge a reasonable fee for copies, based on administrative costs.
(iii) You can seek to rectify personal data: You have the right to ask us to rectify inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed. You can do this, among other ways, by providing us with a supplementary statement.
(iv) You can ask for your personal data to be erased: To the extent it is not legally required to be retained, you have the right to ask us to erase your personal data.
(v) You can request that processing be restricted: In this case, your personal data will be marked and processed by us only for certain purposes.
(vi) You have the right to receive your data in a portable format: You have the right to receive your personal data which you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer the personal data to another entity without hindrance from us.
(vii) You can object to our processing of your personal data: Such an objection can be made at any time, on grounds relating to your particular situation, and We can be required to no longer process your personal data. Exercising this right will not incur any cost. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to (a) take steps prior to entering into a contract; or (b) to perform a contract already concluded.
(viii) You have the right to submit a complaint: In addition to contacting us, you have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under applicable national data protection law. To exercise your rights (except for the right to complain to a supervisory authority), please contact us as stated below.
- Your Choices With Respect to Your Personal Data.
You have a choice with respect to whether to provide us with your personal data. You are not required to provide any personal data to us; however, if you do not provide any personal data to us, you may not be able to use or receive the Services. You can also use the Services without consenting to cookies that are not strictly necessary; the only consequence is that the Services will be less tailored to you.
- How Can I Contact You for More Information or to Exercise My Rights?
Please contact us at privacy@peerview.com for more information relating to this Supplemental Statement or to exercise your rights as described in the Supplemental Statement.