Effective February 10, 2022 

MGP

User Privacy Notice

This Privacy Notice applies to the users (“user”, “you”, “your”) of theMGP Ltd website(s), including the mobile versions of the Websites (the “Apps”; collectively, the “ Websites”), that MGP Ltd and/or WebMD, LLC.(referred to hereinafter as “we”, “ MGP”, “us”) owns and operates, or of one of our Services. MGP is part of the network of websites owned and operated by WebMD, LLC (“WebMD”) and Medscape, LLC (“Medscape”) that are intended for use by healthcare professionals, including medscape.com, medscape.org, Medscape Mobile, Medscape MedPulse and Medscape CME & Education. We refer to these websites (the “Sites”) and mobile applications (the “Apps”) collectively as the “Medscape Network”, and along with the information and services made available to users of the Medscape Network, including but not limited to medical news, reference content, clinical tools, applications, sponsored programs, advertising, email communications, continuing medical education, market research opportunities and discussion forums, the “Medscape Network Services”.

MGP is committed to delivering and recommending impartial, accurate and personalized health information that meets the needs and interests ofhealthcare professionals (HCP) around the globe. The “ Services” refer to the Websites customized and personalized according to Your profile, Your interests and all information and services provided to You in connection with Your use of the Websites including newsletters, subscriptions, mobile apps, reference tools, sponsored content, advertising, email communication, e-training, continuing medical education, medical quizzes and other campaigns.

Before accessing or using the Websites and/or Services, You will be required to indicate your acknowledgement of this Privacy Notice.

This Privacy Notice sets out information about your personal data that we collect and process in the context of the Websites and the Services We offer to You. Personal information or data means any information that we can use to identify You, directly or indirectly.

1. Hosting and Content Delivery Networks (CDN)

External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b UK GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f UK GDPR).

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

Execution of a contract data processing agreement

In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.

2. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Designation of a data protection officer as mandated by law

We have appointed a data protection officer for our company.

Contact: Data Protection Officer, WebMD
Phone: +44 1442 876100
E-mail: dataprotection@mgp.co.uk

Information on data transfer to the USA

Our website uses, in particular, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of these companies. We must point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you as the data subject being able to take legal action against this. The possibility cannot therefore be excluded that US authorities (e.g. secret services) may process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 UK GDPR)

In the event that data are processed on the basis of art. 6 sect. 1 lit. E or f GDPR, you have the right to at any time object to the processing of your personal data based on grounds arising from your unique situation. This also applies to any profiling based on these provisions. To determine the legal basis, on which any processing of data is based, please consult this data protection declaration. If you log an objection, we will no longer process your affected personal data, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms or if the purpose of the processing is the claiming, exercising or defence of legal entitlements (objection pursuant to art. 21 sect. 1 UK GDPR).

If your personal data is being processed in order to engage in direct advertising, you have the right to at any time object to the processing of your affected personal data for the purposes of such advertising. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to art. 21 sect. 2 UK GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the UK GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done if it is technically feasible.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data. If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.

If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.

If you have raised an objection pursuant to Art. 21 Sect. 1 UK GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

Rejection of unsolicited e-mails

We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in our Site Notice to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

3. Recording of data on this website

Cookies

See our Cookie Policy [https://www.guidelines.co.uk/privacy/cookie-policy].

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6 Sect. 1 f UK GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6 Sect. 1 lit. b UK GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 Sect. 1 lit. f UK GDPR) or on the basis of your consent (Art. 6 Sect. 1 lit. a UK GDPR) if it has been obtained.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Registration on this website

You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise we shall reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.

We shall process the data entered during the registration process on the basis of your consent (Art. 6 Sect. 1 lit. a UK GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.

The comment function on this website

When you use the comment function on this website, information on the time the comment was generated and your e-mail-address and, if you are not posting anonymously, the username you have selected will be archived in addition to your comments.

Storage of the IP address

Our comment function stores the IP addresses of all users who enter comments. Given that we do not review the comments prior to publishing them, we need this information in order to take action against the author in the event of rights violations, such as defamation or propaganda.

Subscribing to comments

As a user of this website, you have the option to subscribe to comments after you have registered. You will receive a confirmation e-mail, the purpose of which is to verify whether you are the actual holder of the provided e-mail address. You can deactivate this function at any time by following a respective link in the information e-mails. The data entered in conjunction with subscriptions to comments will be deleted in this case. However, if you have communicated this information to us for other purposes and from a different location (e.g., when subscribing to the newsletter), the data shall remain in our possession.

Storage period for comments

Comments and any affiliated information shall be stored by us and remain on this website until the content the comment pertained to has been deleted in its entirety or if the comments had to be deleted for legal reasons (e.g., insulting comments).

Legal basis

Comments are stored on the basis of your consent (Art. 6 Sect. 1 lit. a UK GDPR). You have the right to revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

General information personal data

Who is in charge of the data processing? MGP Ltd, MGP House, East Street, Chesham, Bucks, HP5 1DG, UK and WebMD LLC, 395 Hudson Street, Third Floor, New York, NY 10014 USA, are “jointcontrollers”. Their Data Protection Officer can be contacted at dataprotection@mgp.co.uk.

4. Why is personal data being collected and used?
The personal data is collected and used for the following purposes:

(a) To allow You to access the Websites and their personalized content focused on medical information and customized based on Your specialty and centers of interests, to benefit from our Services as a healthcare professional and liaise with You in the context of your use of the Services (e.g. answer your questions, administer your account, send you administrative information about the Services, provide you with the products and services you may purchase on our Websites);

When You first access the Websites, we ask You to complete a form with Your personal data so as to enable You to register with the considered Website/App and become a member of the Medscape network. Please note that we may also collect additional information about You from third-party sources to verify and complete your registration information (e.g. medical ID, specialty) and help us provide the Services and personalize them. These third-party sources, have databases of healthcare professionals which they can share with us, under their own responsibility, on a selective basis because of the consent You provided to them or on the basis of any other legal ground that such third party source can rely on. Because the third-party sources of data change frequently, You should contact us if you wish to know if any data about You come from third party sources, and if that’s the case, from which source they originate.

Because our Services are limited to healthcare professionals, You must create an account on the Websites to access all of the Services. However, you may be able to access to certain limited Services (i.e.: part of the content of the Websites) without creating an account: we may use cookiesand other identifiers or similar technologies (referred to hereinafter as “ Cookies”) to obtain information on the referring website, type of browser used, the content viewed as well as the date and time of your access to the Website. Please read our Cookies Notice [https://www.guidelines.co.uk/privacy/cookie-policy] for more information on our use of Cookies and your options for managing Cookies.

You may also access the Websites and/or register through login credentials of third-party websites (such as Facebook).

To customize the Services we provide to You and to provide You with personalized recommendations and experience, we may process information we have about You to create a profile of You. If you are a member of the Medscape Network, we may elect to associate this information with your registration information. This processing of Your profile is necessary to deliver the Services which are tailored according to your specialty and interests (known or inferred). Personalization is necessary for the performance of the contract between You and us according to which we deliver the Services. We analyze or deduce your preferences and interests based on a number of factors including:

(i) Your profile (information provided at the registration time), enriched with other information obtained from third-party sources to ensure accuracy of our data and comply with our legal obligations;

(ii) Your interactions with our Services and the Medscape Network, such as:

- your viewing and search history,

- the time and location of Your access to our Services,

- the device you use,

- answers you give to surveys and quizzes,

(iii) Our content you post, share or recommend, including through social media. Other users with similar tastes and preferences on our Service;

(iv) Your interactions with other websites including with the Medscape Network, subject to our Cookies Notice.

This information is used to classify users into different groups or segments, using algorithms and machine-learning. This analysis helps identify links and patterns between different behaviors and characteristics to propose or recommend You relevant Services for You. This will never prevent You from accessing and browsing the Services available to You on the Websites.

For example, a User that is registered as an oncologist, but whom we believe has interest or works closely in the cardiology field (thanks notably to Their activity on the Websites), may be recommended cardiology-related content on the Websites that a User with another specialty or center of interest would not see. Similarly, Users may receive different emails containing different recommended content;

(b) To improve the Websites and develop and improve tools and effectiveness of our Services;

(c) To provide You, through emails, pop-in, banners, video, and any otheradvertising format whether existing or unknown at the Date (“ Format”), with certain communications and/or targeted advertising about our products and services (or of our affiliates)and the products and services of our third-party sponsors (“ Sponsors” means pharmaceutical companies, insurers, etc., which sponsor advertisements and other campaigns such as medical content or quizzes that we may provide to You). For instance:

(i) we may provide You with contextual advertising or other content, based on the content of the visited webpage, when You navigate on our Websites;

(ii) we may send You our newsletters, based on your specialty and interests, when You subscribed to receive them, or provide Sponsors with your personal information when You have subscribed to receive their newsletters and/or offers so as to enable them to provide You with the said subscribed services;

(iii) we may collect information on your use of the Websites, the Services and the Medscape Network through the use of Cookies or GPS coordinates to provide You with targeted advertising through emails, or banners/pop-in or other Format when You visit:

- the Websites;

- the Medscape Network; and also

- third-party websites or apps that have no link to our Websites. The advertising on these third-party websites may include advertising about MGP or advertising about third-party Sponsors.

Please read our Cookies Notice [ https://www.guidelines.co.uk/privacy/cookie-policy] for more information on the use of Cookies and your options for managing them.

(iv) We may send or recommend You emails with personalized quizzes, polls and other surveys or communications/advertising based on the consent You provided to our Sponsors. In such a case, we act as the data processor of our Sponsors and the data processing is subject to the Sponsors’ privacy Notice.

(d) To conduct the market research surveys in which You accept to participate. We may invite You to participate in market research surveys for us and market research surveys that we conduct on behalf of the Sponsors. Such market surveys may be conducted by one of our affiliates or by a third party acting on our behalf. Such market research surveys may be subject to specific rules that we will notify to You in due time on a case by case basis. For some surveys, you may be asked to provide personal information for re-contact or payment fulfillment purposes.

(e) When you post a comment on a discussion board or other public forum, by default your username, specialty and degree will be displayed within the forum along with your comment. You may choose to display additional information in your public forum profile, including a photo, by adjusting your discussion profile settings.

(f) If you provide us information about an adverse event regarding a pharmaceutical product, we will report such information to the manufacturer as required for the manufacturer to fulfill its reporting obligations to the applicable regulatory authority. We do not share inventory data that identifies you. However, we reserve the right to contact you by email after you have made a report to ask for your consent to be surveyed by form. In doing so, you are free to respond to our request or not. There is no obligation to assist MGP in resolving adverse events cases.

5. Transmission of adverse drug reactions(ADR)

However, we reserve the right to contact you by email after you have made an ADR report to ask for your consent to be surveyed by form. In doing so, you are free to respond to our request or not. There is no obligation to assist MGP in resolving ADR cases.

In case of your cooperation and consent, MGP will only forward the data you provided in the form to the responsible drug manufacturer.

You therefore determine yourself which data of yours will be forwarded to the drug manufacturer.

The implementation of this data processing is based on Art. 6 para. 1 f GDPR. MGP has a legitimate interest in supporting its customers (drug manufacturers) in the legally required monitoring of drugs for adverse effects (so-called ADR notifications). Insofar as we pass on inventory data to drug manufacturers, the legal basis for this is your consent pursuant to Art. 6 para.1 a GDPR. The recipients of this data are pharmaceutical manufacturers whose preparations are affected by the adverse event reports.

Storage period

The storage period of your data is four weeks after the submission of your data. After this period, the data you provided in the form will be deleted by MGP. The deletion does not affect the data you provided when registering on the MGP website. In the form, we will send you the privacy policy of the corresponding drug manufacturer that processes your data.

Objection

You have the option at any time to revoke the processing of your data and, in particular, to revoke your consent to the forwarding of inventory data to the drug manufacturer with effect for the future

(a) To comply with legal obligations to which we are subject or investigate potential breaches in connection with the Services.

What legal ground is MGP relying on to use personal data?

The Services and MGP Websites provide tailored content from multiple sources through a single interface. We offer a free source of customized information for healthcare professionals. Being a free service, the MGP Websites rely on advertising and partnership revenues to finance the development of specialized scientific content designed for practicing physicians to help in the diagnosis and treatment of diseases. The optimization of advertising to provide You with relevant commercial communications and messages therefore goes to the heart of our ability to finance the creation of high-quality medical content and is the reason behind many of the uses of personal data described below.

The use of the personal data is necessary, with respect to each of the above purposes mentioned in section 4 above, to, respectively:

(b) Perform the contract entered into between MGP and You in the context of the use of the Websites and MGP Services. The performance of the contract includes knowing who You are, your specialty, your preferences and centers of interests to provide tailored content, including interest-based sponsored content and tailored commercial communications. This is particularly important because the Services are designed to provide recommended content to You. Knowing who You are is also important because the Services are not available to the general public.

(c) Respond to MGP’s legitimate interests based on the improvement of its Services;

(d) When it comes to:

(i) Newsletters, sending by email interest-based advertising, we process data based on the consent You gave us or to our Sponsors, which may be revoked at any time (we may in some cases act as data processors for our Sponsors);

(ii) Interest-based advertising on our Websites and third-party websites and apps including within the Medscape Network, we process and combine data to enrich Your profile to respond to our legitimate interests based on our business model offering free and relevant Services to You. You may oppose the use of certain Cookies and data compiling thanks to an opt-out solution that we provide You (see our Cookie notice for more details on how to refuse Cookies). Our use of the legitimate interest legal basis is without prejudice to additional requirements on Cookies that may flow from Directive 2002/58 or any subsequent European legislation.

(e) In relation to the processing of your personal data in relation to adverse event reporting:

(i) MGP: has a legitimate interest in supporting its customers (drug manufacturers) in the legally required monitoring of drugs for adverse effects (so-called ADR notifications).

(ii) Insofar as we pass on inventory data to drug manufacturers, the legal basis for this is your consent. The recipients of this data are pharmaceutical manufacturers whose preparations are affected by the adverse event reports.

(f) Process your personal data based on your consent to participate to the market research surveys and the performance of the contract entered into between MGP and You in the context of such market research survey; and

(g) Comply with any legal constraints applicable to MGP or satisfy MGP’s legitimate interests based on the protection of MGP’s legal rights in connection with the Websites and other Services.

What types of data will be collected?

The data collected will include data that You provide to us, as well as other data that will be recorded by our IT systems automatically or after you consent to its recording during your website visit. The information we collect includes your name, professional address, email address, telephone number(s), date of birth, gender, IP address, device identifiers (MAC address or similar identifiers), profession and specialty, bank details and invoicing address, GPS-coordinates and any and all personal information You submit or transmit to or through the Websites or Services. If you are a member of the Medscape Network, we may elect to associate this information with your registration information. As mentioned above, we may also use data about You provided by third-parties. That will occur only when the third-party provider states that it has your consent to share your data or may rely on another legal ground to do it.

Who will we disclose your personal data to?

(h) In connection with the provision of advertising services, we may share some limited personal data (e.g. device identifiers, Cookie identifiers) with ad exchanges or agencies that manage advertising on third-party websites and apps on which You may see advertising. We may also share with third party technology service providers that we engage to provide us with security, storage, verification, hosting and other managed services in relation with the Websites.

(i) We may disclose your personal data to Our affiliates to provide services, targeted campaigns and improve your experience within the Medscape Network by showing relevant content and ads.

(j) We may disclose your personal data to Our affiliates which may (i) have a legitimate interest in receiving the information gathered via the Services, based, for example, on product development purposes, improvement of the Services or regulatory and compliance purposes, or (ii) conduct data quality checks on our request or provide us with IT services.

(k) We may use your personal data to create aggregated information and anonymised data about the Users of our Services that we may share with our Sponsors for market trend analyses and to provide them with feedback on the effectiveness of the campaigns they have sponsored (e.g. medical quiz, poll, institutional information on a specific medical topic, advertising). For example, we may provide our Sponsors with the percentage of Users, having a specific specialty, who have participated in a quiz sponsored by them.

To the extent You provided us or our Sponsors with your explicit consent, we may also provide our Sponsors with your personal information at a “User level” (e.g. name, specialty, preferences and your click responses) when You are exposed to advertising through our Services or when You participate in a campaign (e.g. do a medical quiz or access content) sponsored by the relevant Sponsor. For example, we may confirm to our Sponsors whether You clicked on an advertisement on their products or did a quiz sponsored by them when You are already in the Sponsor database. However, we would only share such information with Sponsors if You have consented or are already registered in the Sponsors’ database.

(l) We may share your personal data to continuing medical education providers so as to enable them to provide their services and comply with their reporting obligations to the accrediting bodies (e.g. Accreditation Council for Continuing Medical Education – “ACCME”), and where required for their internal recordkeeping purposes. Sponsors might receive aggregated and/or anonymised data about continuing education activities that they support including participation and outcomes measurement.

(m) If You decide to participate to a paid market research survey, we may disclose your personal information to our Sponsors or market research companies acting on their behalf, for the Sponsor’s recordkeeping and/or regulatory reporting purposes. If you choose to participate in a sponsored research market survey that is conducted by a third-party market research company, we may provide your personal information to this company. Market research companies might send us lists of individuals they wish to reach with specific surveys, and we may inform these companies which of these individuals are MGP registered users so that they can manage their survey recruitment needs accordingly. Also, some of the market research surveys made available to you through the Services require the market research company to contact you directly to conduct such survey. We will in any event inform You, before You participate in such research market surveys, of our intent to provide your contact information to the market research company that is conducting the said surveys so that you can decide not to participate in the survey. We do not disclose your answers to the associated Sponsors in a manner that identifies You.

(n) In the case You log in to third-party websites with your MGP or your Medscape Network log-in credentials, we may share your personal information to editors of such third-party websites (such as your name, specialty, occupation and email address but not your MGP log in credentials). Prior to log in with your MGP or your Medscape Network log-in credentials to such third-party websites, You should review the third party website’s privacy policy. If the privacy policy of those third party websites permits, we may receive information about your use of this third-party website, which we may then use in accordance with this Privacy Notice.

(o) MGP may disclose your personal data necessary to successors in title, to facilitate a merger, consolidation, transfer of control or other corporate reorganization in which MGP participates.

(p) Where required by law or court orders or in order to protect our legal rights, we will disclose your personal data to government agencies, regulators and competent authorities.

(q) To obtain more details on the recipients of your personal data, please contact: dataprotection@mgp.co.uk.

Will personal data be transferred abroad?

As part of providing You the Services, personal data is transferred to WebMD in the US or Our subsidiary located in India. This means that if You are located in the EU, your personal data is transferred to the US or to India, which are not considered to have the same level of data protection as in the EU. However, we have implemented appropriate safeguards as detailed hereafter so as to ensure an adequate level of protection. We comply with the EU-U.S. and Swiss-US Privacy Shield frameworks, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from Europe to the US. If there is any conflict between the terms in this privacy policy and the Privacy Shield principles, the Privacy Shield principles will govern. To view Our certification of compliance with Privacy Shield principles, pleasevisit https://www.privacyshield.gov/ and https://aptushealth.com/privacy-shield . For any complaints that cannot be resolved with Us directly, We have chosen to cooperate with BBB EU PRIVACY SHIELD . If your complaint is not resolved after following the recourse mechanisms described above, you may have the ability to invoke binding arbitration. We also entered into standard contractual clauses or Binding Corporate Rules with our affiliates located outside the EU. Information may be stored and processed in any country where We have engaged service providers such as in the US. We may also transfer aggregated information and de-identified data or, if you have consented to it, your personal data to our Sponsors located outside the EU. These operations also involve transfers to countries which do not have data protection laws considered to be equivalent to those under EU law. However, we ensure all data transfers comply with applicable legal requirements (for example, by implementing appropriate contractual clauses). To obtain more details on these transfers and where appropriate copies of the applicable safeguards that were put into place, please contact: dataprotection@mgp.co.uk.

How long will personal data be retained? MGP shall retain the User’s personal data up to one year after the User’s account deactivation subject to any relevant provisions of applicable law. Thereafter, the data will be archived (notably to comply with any applicable statute of limitations) or fully anonymised.

What are Users’ rights regarding their personal data? In so far as granted by applicable law (in particular in the European Union), You may ask for access to your personal data or ask us to rectify, erase, restrict or port your personal data and object to the use of your personal data. To exercise these rights or if You have any questions/comments regarding your personal data and its use, please contact us at dataprotection@mgp.co.uk. When the personal data processing is based on your consent, You have the right to withdraw your consent concerning such data processing, at any time, without affecting the lawfulness of processing based on consent before your withdrawal, by sending a written request to the following email address: dataprotection@mgp.co.uk. For processing necessary to perform the contract, or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that You can no longer access the Services as a MGP member.

What if You have concerns? You have a right to complain to your local data protection authority if You are concerned about how your personal data is used through or in the context of the Websites or Services.

Do I have to provide personal data? Some of the personal data is required if You become a MGP member. If You do not want to provide your (or part of your) personal data, You may not enjoy all or part of the Websites and Services.

Do we make automated decisions about You? We make no automated decisions about you that create legal effects or otherwise significantly affect You.

Our safeguards and security measures. We have implemented technology and security measures to protect your personal data from unauthorized access, disclosure, improper use, alteration, unlawful or accidental destruction, and accidental loss.

These procedures include the use of firewalls, secure connections on our websites, and frequently the use of Secured Socket Layers (SSLs) to encrypt pages that collect personal information. Personal information is stored in limited access servers and physical access to our servers requires individual authorization and authentication. In addition, we require that all of our employees and others who have access to or are associated with the processing of your data keep confidential your personal information. We regularly train our employees on proper use and handling of personal information. Our service providers are also required to maintain security measures similar to ours.

We use security methods to determine the identity of registered users, so that appropriate rights and restrictions can be enforced for these users. If You are a registered user, we use both logins and passwords to authenticate You. You are responsible for maintaining the security of your login credentials.

By using the Services or providing personal information to us, you agree that we may communicate with You electronically about security, privacy, and administrative issues relating to your use of the Services. If You have a reason to believe that your interaction with us is no longer secure, please contact us immediately at dataprotection@mgp.co.uk.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) UK GDPR.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f UK GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

Dotdigital

This website uses the services of dotdigital to send out its newsletters. The provider dotdigital is a trading name of dotdigital EMEA Limited (company number: 03762341) whose registered office is at No. 1 London Bridge, London, SE1 9BG.

Among other things, dotdigital is a service that can be deployed to organise and analyse the sending of newsletters. Whenever you enter data for the purpose of subscribing to a newsletter (e.g. your e-mail address), the information is stored on dotdigital’s platform. Dotdigital uses cloud service providers to provide a secure, responsive and scalable service. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used. Contracts including security requirements are in place, including GDPR-specific data processing Agreements and EU Model Contract Clauses. Microsoft Azure and the Google Cloud Platform are used to host infrastructure that powers dotdigital’s SaaS platform. Dotdigital’s services in the EU region utilises the Microsoft Azure North and West Europe facilities, and Google’s Europe region.

With the assistance of dotdigital’s tool, we can analyse the performance of our newsletter campaigns. If you open an e-mail that has been sent through the dotdigital tool, a file that has been integrated into the e-mail (a so-called pixel) may connect to dotdigital’s servers in the EU. As a result, it can be determined whether a newsletter message has been opened and which links the recipient possibly clicked on. Technical information is also recorded at that time (e.g. the time of access, the IP address, type of browser and operating system). This information cannot be allocated to the respective newsletter recipient. Their sole purpose is the performance of statistical analyses of newsletter campaigns. The results of such analyses can be used to tailor future newsletters to the interests of their recipients more effectively.

If you do not want to permit an analysis by dotdigital, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message.

The data is processed based on your consent (Art. 6 Sect. 1 lit. a UK GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f UK GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Privacy Policies of dotdigital at: https://dotdigital.com/trust-center/.

Execution of a contract data processing agreement

We have executed a so-called “Data Processing Agreement” with dotdigital, in which we mandate that dotdigital undertakes to protect the data of our customers and to refrain from sharing it with third parties.

7. Data Privacy Notice for E-Mail

Information Provided as Mandated by Article 13 UK GDPR

If this is your first interaction with us, Art. 12, 13 UK GDPR mandates that we make available to you the following mandatory data protection related information: If you are contacting us via e-mail, we will process your personal data only if we have a legitimate interest in the processing of this data (Art. 6 Sect. 1 lit. f UK GDPR), if you have consented to the processing of your data (Art. 6 Sect. 1 lit. a UK GDPR), if the processing of the data is required for the development, establishment, content or modification of a legal relationship between you and our company (Art. 6 Sect. 1 lit. b UK GDPR) or if any other legal provision permits the processing of this data. Your personal data will remain in our possession until you ask us to delete the data or you revoke your consent to store the data or if the purpose the data stored is required for no longer exists (e.g., once your request has been conclusively processed). This shall be without prejudice to any compelling statutory provisions – in particular tax and commercial law based retention periods. You have the right to at any time receive free information concerning the origins, recipients and purpose of your data archived by us. You also have a right to object, to data portability and a right to log a complaint with the competent supervisory agency. Moreover, you can demand the correction, eradication and, under certain circumstances, the restriction of the processing of your personal data. For more details, please consult our Data Privacy Policy. Our data protection officer can be reached at dataprotection@mgp.co.uk.

Last update: 1 2022