RESEARCH PRIVACY POLICY

Introduction:

This Research privacy Policy (the "Policy") is intended to provide you with information about what personal data M3 Global Research collects about you and how it is used.

This Policy describes how we may obtain personal data, the types of personal data we may obtain, how we use, share and protect the personal data, the rights of data subjects with respect to their personal data, and how to contact us about our privacy practices.
This Policy does not apply to personal data other than the personal data relating to research. For the Privacy Policy for personnel or representatives of our clients, suppliers and other entities with whom we have entered, or may enter, business transactions, please see our Business Associate Privacy Policy.

We may revise this Privacy Policy at any time, without notice to you. You are responsible for reviewing it regularly. Your access of the Sites following the posting of changes means you agree to abide by those changes.

This Privacy Policy was last revised on April 24, 2023.


About M3 Global Research:

M3 Global Research is the trading name for the market research activities provided by M3 USA Corporation and its affiliates, including M3 (EU) Ltd, Qualitative and Quantitative Fieldwork Services AB (QQFS), Ekas Marketing Research Services (Ekas), M-Panels Research Services Private Limited (m360 Research), pharma-insight GmbH, Med Planet and Michael Allen Company.

M3 Global Research operates a panel of members who take part in "Activities" (including market research, non-interventional studies, observational studies and other surveys) on behalf of our clients. This Privacy Policy relates to the products and services offered by M3 Global Research.

About the M3 Group:

The M3 Group, named to represent Medicine, Media, and Metamorphosis, was founded with the goal of changing the world of medicine through full use of the power of the Internet. The M3 Group operates in the US, Asia, Europe and Australia with over 2 million physician members globally via its physician websites such as: m3.com, mdlinx.com, m3globalresearch.com, m-panels.com, doctors.net.uk, ekas.com.au, networksinhealth.com, medigate.net, medlive.cn, pharma-insight.com, medplanet.biz, michaelallencompany.com

M3 Inc. is a publicly traded company on the Tokyo Stock Exchange (jp:2413) with subsidiaries in major markets including USA, UK, Sweden, Japan, S. Korea, India, Australia and China. M3 Group provides services to healthcare and the life science industry. In addition to market research, these services include medical education, ethical drug promotion, clinical development, job recruitment, and clinic appointment services. M3 has offices in Tokyo, Fort Washington, PA, Oxford, London, Gothenburg, Chatswood, Bangalore and Seoul.


The Types of Personal Data We May Obtain and Process:

M3 Global Research collects personal data about its members and those that participate in our Activities. We use this personal data to provide you with services as described below. We do not sell personal data to anyone and only share it with third parties who are facilitating the delivery of our services or when you give us explicit additional permission.

Personal data you give us about yourself when you register:

We collect the personal data you provide on the registration form; your name, address, telephone number, email address, and if you are a healthcare professional information about your occupation so that we can target and tailor invitations to participate in Activities. (See “Personal data you give us within your membership profile” for more information about how we select Activity invitations for you)

In order to verify your identity, we use our Partner, Yoti (https://www.yoti.com/) to collect an ID document and biometric selfie which forms part of the registration process. We may also use details you provide on your place of work to contact them as part of the healthcare professional verification process. To prevent fraudulent transactions, we may share your personal data with our Partner, IP quality score (https://www.ipqualityscore.com) to detect Bots and prevent fraudulent accounts. Our Partners are not permitted to use the personal data for their own purposes and are prohibited from onward transfer of the personal data.

Personal data you give us within your membership profile:

M3 Global Research collects from you additional personal data either before Activities or within the member website. This is used to allow us to invite you to participate in Activities that you are more likely to be interested in and qualify for. For example; for physicians, this may include information about your medical experience and the types of patient you treat; and for patients, it may include information about your condition(s) which can include sensitive (special category) personal data.

Personal data you give us within and immediately before or after online activities:

Activities should not contain requests for you to provide personal data. However, M3 Global Research maintains systems that control access to and measure outcomes (for example; if you completed the Activity or failed to qualify) so we may need to collect personal data before and/or after the Activity. This data is not linked directly to the Activity data and is only passed to third parties with your explicit consent and/or as laid out in this policy. (See also “Payment details you give us for compensation payments” and “Personal Data we retain for an extended period”)

Online Activities offered to M3 Global Research members may be on a website provided by M3 Global Research or one provided by a third party. In the latter case, any personal data collected will be subject to the host’s privacy policy. If you take part in other forms of market research with M3 Global Research, for example, discussion groups or telephone interviews, then you will be asked to provide specific consent for any necessary processing of your personal data.

Personal data related to your previous participation in activities:

We collect and store records of the Activities you have been invited to participate in, whether you responded to them, qualified for them, completed or partially completed them. We keep this data so that we make it available via the Sites and can respond to member enquiries. On occasions we may also send you invitations to new Activities based upon your participation in previous Activities.

We use this data in aggregate to understand how many individuals of any type may participate in any future Activity and to understand trends in and patterns of participation.

We also maintain records of any data quality issues that may have been identified in the data you provided within an Activity so we can manage the quality of the data we provide to clients – this may affect your invitation to future Activities.

Personal data created about you by your use of our systems:

We use a variety of technical means to collect and/or store personal data about you. These include cookies, web beacons and device fingerprinting/watermarking. We use Google ReCAPTCHA to collect personal information to determine whether the user is human and not a bot. This involves placing a Google cookie on the computer being used. We use Imperium (https://www.imperium.com/) anti-fraud solution to prevent duplicates and fraudulent Activity responses. For more information on our use of these technologies please refer to our Cookie Notice and Policy. Additionally, we keep records of your use of our systems. These are used to improve the security of our systems and to improve the experience we offer you.

Payment details you give us for compensation payments:

We collect and use specific personal data so that we can process payment of your Activity compensation. The personal data we need to use varies depending on the form of payment but can include bank account details, name, mailing address and email address. This is used only to process these payments but may be shared with payment processing partners to process the payment. (e.g., we must share bank account details with our bank to process a bank transfer to your account.) This personal data is also retained for financial reporting, audit and tax purposes.

Personal data we get from third parties:

Clients sometimes send us lists of healthcare professionals who they would like us to include or exclude in specific Activities. We also subscribe to various lists of healthcare professionals that we use to validate registrations and to append a variety of unique identification numbers to assist with deduplicating registrations, matching client lists and with legal reporting obligations (in France). Lists of healthcare professionals are also used for direct marketing purposes outside the EU.

Our partner, Yoti provides details to us which they collect as part of the verification process at registration. This may include date of birth, gender, nationality, address and ID document details.

Personal data we retain for an extended period:

In order to manage its business, M3 Global Research needs to retain limited personal data about previous members for longer periods of time. We have carefully limited the personal data retained and the circumstances in which it is needed to the following:

  • Requests by individuals to not email them
  • Requests by individuals not to be contacted by M3 Global Research
  • Individuals who have objected to M3 Global Research processing their personal data (where there is not an overwhelming interest in us continuing to do so)
  • Individuals who have breached the Sites Terms of Use, including those suspected of fraudulent behaviour

This personal data is not shared with anyone and is only used to honour your requests or to prevent subsequent Activity participation.

Personal data we may collate about you:

We use a variety of public sources to collate information about healthcare professionals we believe may be suitable to complete specific Activities or may wish to become members of M3 Global Research. The information would include your name, contact information (address, phone number(s) and email address) and your healthcare specialty.

Personal data created by your use of third-party platforms:

Your use of third-party websites and services associated with M3 Global Research may expose your personal data. These sites are beyond our control and you should see their respective privacy policies: LinkedIn, Twitter, Facebook, M3 Global Research Blog (Wordpress)


Purpose and legal basis for processing your personal data:

This data is used to manage our contact with you, so that, for example, multiple attempts to contact you regarding the same services are eliminated or you are not re-contacted after informing us you are not interested in our services.

The legal bases we rely upon to offer these services to you are:

  • Where we have a legitimate interest (i.e., we have a valid business reason) and we have carefully balanced your individual rights against this need:
  • To fulfil a contractual obligation that we have with you; and/or
  • Your consent for direct marketing.
We will only process your personal data for the purpose it was first collected. If we process the personal data for a new purpose we will ensure it is either compatible with your original purpose, or gain your consent.

How We Use the Personal Data We Obtain:

We may use the personal data we obtain to:

  • Manage our existing and prospective relationships;
  • Communicate with Market Research Participants for marketing, newsletters and company update;
  • Processing compensation payments;
  • Safeguard and defend M3 Global Research interests; and
  • Comply with applicable legal requirements, industry standards and our policies.

How We May Share Personal Data:

M3 Global Research does not sell, rent, or trade member’s personal data. We may share your personal data only with:

  • Affiliates of M3 Global Research to whom it is reasonably necessary or desirable for M3 Global Research to disclose the personal data
  • Service providers that M3 Global Research has retained to perform services on its behalf, such as, but not limited to, IT service providers. Service providers are not permitted to use the personal data for their own purposes and are prohibited from onward transfer of the personal data without our written consent in each instance
  • Law enforcement and other government authorities if required by law or reasonably necessary to protect the rights, property, and safety of others or ourselves. This includes lawful requests by public authorities, including to meet national security or law enforcement requirements
  • Our clients or carefully selected partners, which will, where possible be anonymised data only. No identifiable personal data will be shared without your consent.

Links to other websites:

Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other websites and these other websites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.


International Data Transfers:

Within M3 Global Research:

M3 Global Research endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only in ways that are consistent with your relationship with M3 Global Research and the practices described in this Privacy Policy. Because of the global nature of our business, there may be times when we need to transfer your Personal Data to a country outside of the country you reside.

M3 Global Research uses cloud and physical servers in the UK, EU, USA, India, and Australia. UK and EU Personal Data will only be stored and processed in UK, EU or USA.

Standard Contractual Clauses:

For transfers outside of the EEA and UK, M3 Global Research uses EU Standard Contractual Clauses or UK International Data Transfer Agreements to additionally safeguard data from the EEA and UK to countries outside of these locations.

To clients and partners:

As laid out in this Privacy Policy, we may from time to time share limited information with our clients or carefully selected partners. This may involve transferring your personal data to countries outside the EEA, the UK, or Switzerland and is done within the legal restrictions of the General Data Protection Regulations (GDPR), and with M3 Global Research remaining in contractual control of the data including standard contract clauses.


How We Protect Personal Data:

We maintain appropriate technical and organizational security safeguards designed to protect Representatives' personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. We update and test our security technology on an ongoing basis. We limit access to your personal data to those employees who need access to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal data.


How Long We Retain Personal Data:

We store personal data for as long as necessary to fulfil the purposes for which we collect the data (see "How we use the Personal Data we obtain"), except if required otherwise by law. Your personal data may be kept for 10 years after the working relationship has ceased.


Changes and updates to the Privacy Policy:

As our organization, membership and benefits change from time to time, this Privacy Policy and our Terms of Use is expected to change as well. We reserve the right to amend the Privacy Policy and Terms of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy and Terms of Use at this Site. We may e-mail periodic reminders of our policy and terms and will e-mail members of material changes to it, but you should check our Site frequently to see the current Privacy Policy and Terms of Use that are in effect and any changes that may have been made to them.


Your Rights:

The European Union’s General Data Protection Regulation, the UK Data Protection Act, the California Consumer Privacy Act, as well as other countries’ and US State privacy laws provide certain rights for EEA, UK, U.S. and Swiss data subjects. Explanations of them (in English) are available at (i) the EU GDPR website (ii) the website of the United Kingdom’s Information Commissioner’s Office (iii) the website of the State of California Department of Justice, (iv) the website of the Swiss Federal Data Protection and Information Commissioner office and (v) Law Committees for each US State.

Additional information for California residents can be found in our California Privacy Policy

If you wish to confirm that M3 Global Research is processing your personal data, or to have access to the personal data M3 Global Research may have about you, please contact our Data Protection Officer.

You may request information about:

  • the purpose of the processing;
  • the legal basis for that processing;
  • the categories of personal data and the data subject concerned;
  • information on the type or identity of third parties to which your data may be disclosed to and the protection provided;
  • the source of the personal information (if you didn’t provide it directly to us); and
  • how long it will be stored.

You have a right to:

  • access your personal data
  • have inaccurate personal data rectified
  • request erasure of personal data
  • restrict the processing of your personal data
  • object to the processing your personal data
  • data portability
  • opt out of data being transferred to a third party, unless there is a legal reason to do so (see "How we may share Personal Data")
  • opt out of direct marketing
  • opt out of automated decision making

To exercise your rights, you can write the Data Protection Officer at privacy@m3globalresearch.com.

Reasonable access to your personal data will be provided at no cost to you upon your request. M3 Global Research will provide the information to you within the legal time frame. If for some reason access is denied, M3 Global Research will provide an explanation as to why access has been denied.


Contact Information:

If you have questions about this Privacy Policy, please email M3 Global Research’s Data Protection Officer at privacy@m3globalresearch.com.

For all other questions regarding your account, preference changes, compensation for surveys or our services, please e-mail support@m3globalresearch.com.