This Policy describes how we may obtain personal data, the types of personal data we may obtain, how we use, share and protect the personal data, the rights of data subjects with respect to their personal data, and how to contact us about our privacy practices.
About M3 Global Research:
M3 Global Research is the trading name for the market research activities provided by M3 USA Corporation and its affiliates, including M3 (EU) Ltd. and Qualitative and Quantitative Fieldwork Services AB.
About the M3 Group:
The M3 Group, named to represent Medicine, Media, and Metamorphosis, was founded with the goal of changing the world of medicine through full use of the power of the Internet. The M3 Group operates in the US, Asia, and Europe with over 2 million physician members globally via its physician websites such as: m3.com, mdlinx.com, m3globalresearch.com, doctors.net.uk, thesmartestdoc.com, networksinhealth.com, medigate.net, medlive.cn
M3 Inc. is a publicly traded company on the Tokyo Stock Exchange (jp:2413) with subsidiaries in major markets including USA, UK, Sweden, Japan, S. Korea, and China. M3 Group provides services to healthcare and the life science industry. In addition to market research, these services include medical education, ethical drug promotion, clinical development, job recruitment, and clinic appointment services. M3 has offices in Tokyo, Fort Washington, PA, Oxford, London, Gothenburg, and Seoul.
The Types of Personal Data We May Obtain and Process:
M3 Global Research collects personal data about its members and those that participate in our Activities. We use this personal data to provide you with services as described below. We do not sell personal data to anyone and only share it with third parties who are facilitating the delivery of our services or when you give us explicit additional permission.
Personal data you give us about yourself when you register:
We collect the personal data you provide on the registration form; your name, address, telephone number, email address, and if you are a healthcare professional information about your occupation so that we can target and tailor invitations to participate in Activities. (See “Personal data you give us within your membership profile” for more information about how we select Activity invitations for you)
In order to verify your identity, we use our Partner, Yoti (https://www.yoti.com/) to collect an ID document and biometric selfie which forms part of the registration process.
Personal data you give us within your membership profile:
M3 Global Research collects from you additional personal data either before Activities or within the member website. This is used to allow us to invite you to participate in Activities that you are more likely to be interested in and qualify for. For example; for physicians, this may include information about your medical experience and the types of patient you treat; and for patients, it may include information about your condition(s) which can include sensitive (special category) personal data.
Personal data you give us within and immediately before or after online activities:
Activities should not contain requests for you to provide personal data. However, M3 Global Research maintains systems that control access to and measure outcomes (for example; if you completed the Activity or failed to qualify) so we may need to collect personal data before and/or after the Activity. This data is not linked directly to the Activity data and is only passed to third parties with your explicit consent and/or as laid out in this policy. (See also “Payment details you give us for compensation payments” and “Personal Data we retain for an extended period”)
Personal data related to your previous participation in activities:
We collect and store records of the Activities you have been invited to participate in, whether you responded to them, qualified for them, completed or partially completed them. We keep this data so that we make it available via the Sites and can respond to member enquiries. On occasions we may also send you invitations to new Activities based upon your participation in previous Activities.
We use this data in aggregate to understand how many individuals of any type may participate in any future Activity and to understand trends in and patterns of participation.
We also maintain records of any data quality issues that may have been identified in the data you provided within an Activity so we can manage the quality of the data we provide to clients – this may affect your invitation to future Activities.
Personal data created about you by your use of our systems:
We use a variety of technical means to collect and/or store personal data about you. These include cookies, web beacons and device fingerprinting/watermarking. We use Google ReCAPTCHA to collect personal information to determine whether the user is human and not a bot. This involves placing a Google cookie on the computer being used. We use Imperium (https://www.imperium.com/) anti-fraud solution to prevent duplicates and fraudulent Activity responses. For more information on our use of these technologies please refer to our Cookie Notice and Policy. Additionally, we keep records of your use of our systems. These are used to improve the security of our systems and to improve the experience we offer you.
Payment details you give us for compensation payments:
We collect and use specific personal data so that we can process payment of your Activity compensation. The personal data we need to use varies depending on the form of payment but can include bank account details, name, mailing address and email address. This is used only to process these payments but may be shared with payment processing partners to process the payment. (e.g., we must share bank account details with our bank to process a bank transfer to your account.) This personal data is also retained for financial reporting, audit and tax purposes.
Personal data we get from third parties:
Clients sometimes send us lists of healthcare professionals who they would like us to include or exclude in specific Activities. We also subscribe to various lists of healthcare professionals that we use to validate registrations and to append a variety of unique identification numbers to assist with deduplicating registrations, matching client lists and with legal reporting obligations (in France). Lists of healthcare professionals are also used for direct marketing purposes outside the EU.
Our partner, Yoti provides details to us which they collect as part of the verification process at registration. This may include date of birth, gender, nationality, address and ID document details.
Personal data we retain for an extended period:
In order to manage its business, M3 Global Research needs to retain limited personal data about previous members for longer periods of time. We have carefully limited the personal data retained and the circumstances in which it is needed to the following:
This personal data is not shared with anyone and is only used to honour your requests or to prevent subsequent Activity participation.
Personal data we may collate about you:
We use a variety of public sources to collate information about healthcare professionals we believe may be suitable to complete specific Activities or may wish to become members of M3 Global Research. We may also receive a referral from one of your colleagues and process that information in a similar way. The information would include your name, contact information (address, phone number(s) and possibly email address) and your healthcare specialty.
Personal data created by your use of third-party platforms:
Your use of third-party websites and services associated with M3 Global Research may expose your personal data. These sites are beyond our control and you should see their respective privacy policies: LinkedIn, Twitter, Facebook, M3 Global Research Blog (Wordpress)
Purpose and legal basis for processing your personal data:
This data is used to manage our contact with you, so that, for example, multiple attempts to contact you regarding the same services are eliminated or you are not re-contacted after informing us you are not interested in our services.
The legal bases we rely upon to offer these services to you are:
How We Use the Personal Data We Obtain:
We may use the personal data we obtain to:
How We May Share Personal Data:
M3 Global Research does not sell, rent, or trade member’s personal data. We may share your personal data only with:
Links to other websites:
International Data Transfers:
Within M3 Global Research:
Standard Contractual Clauses:
M3 uses EU Standard Contractual Clauses to additionally safeguard data from the EEA and UK to countries outside of these locations.
This includes transfers to the US where, prior to the decision of the Court of Justice of the European Union making the Privacy Shield invalid, M3 used this mechanism. M3 continues to certify and abide by the Privacy Shield which demonstrates commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for EU individuals.
Privacy Shield Compliance:
M3 Global Research has its headquarters in the USA and personal data we collect from you may be processed in the USA. M3 Global Research complies with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, and United Kingdom or Switzerland to the United States.
The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield became operational after the European Commission and the Swiss Federal Data Protection and Information Commissioner issued formal decisions that Privacy Shield provides adequate protection to allow personal data to be transferred to the United States. Privacy Shield obligates U.S. companies to protect European, UK and Swiss personal data and requires the U.S. government to monitor Privacy Shield certified companies and to cooperate with European, ICO, and Swiss Data Protection Authorities.
M3 Global Research is responsible for the processing of personal data it receives under the Privacy Shield Framework and for subsequent transfers to third parties acting on its behalf. M3 Global Research complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions.
M3 Global Research submits to being subject to the investigatory and enforcement powers of the FTC or any other U.S. authorized statutory body with regards to our self-certification and implementation of the Privacy Shield Principles, and acknowledges the right of EEA, the UK, and Swiss individuals, under certain conditions, to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing M3 Global Research’s adherence to these practices.
To clients and partners:
How We Protect Personal Data:
We maintain appropriate technical and organizational security safeguards designed to protect Representatives' personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. We update and test our security technology on an ongoing basis. We limit access to your personal data to those employees who need access to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal data.
How Long We Retain Personal Data:
We store Representatives' personal data for as long as necessary to fulfil the purposes for which we collect the data (see "How we use the Personal Data we obtain"), except if required otherwise by law. Your personal data may be kept for 10 years after the working relationship has ceased.
Privacy Shield, the European Union’s General Data Protection Regulation as well as other countries’ privacy laws provide certain rights for EEA, U.S. and Swiss data subjects. Explanations of them (in English) are available at (i) the Privacy Shield website (ii) the website of the United Kingdom’s Information Commissioner’s Office and (iii) the website of the Swiss Federal Data Protection and Information Commissioner office
If you wish to confirm that M3 Global Research is processing your personal data, or to have access to the personal data M3 Global Research may have about you, please contact our Data Protection Officer.
You may request information about:
You have a right to:
To exercise your rights, you can write the Data Protection Officer at email@example.com.
Reasonable access to your personal data will be provided at no cost to you upon your request. M3 Global Research will provide the information to you within the legal time frame. If for some reason access is denied, M3 Global Research will provide an explanation as to why access has been denied.
Independent Dispute Resolution Mechanism:
M3 Global Research commits to resolve complaints about our collection or use of your personal data. Individuals in the European Union or Switzerland with inquiries or complaints regarding our Privacy Shield policy should first contact our Data Protection Officer.
If you have a privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
For all other questions regarding your account, preference changes, compensation for surveys or our services, please e-mail firstname.lastname@example.org.