MedInvite

Supplemental European Economic Area and United Kingdom Privacy Statement

This Privacy Statement is addressed to you only if you are located in the European Economic Area (EEA) or United Kingdom (UK) and you use any websites, mobile applications or newsletters that we, MedInvite, operate (“Services”). If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. References to the “GDPR” are references to the General Data Protection Regulation as it applies in the country where you are located. Please also refer to the Privacy Policy that applies to the Service that you are using for additional information about what categories of personal data we collect, the purposes for which we process it, and the types of third parties to whom we disclose the personal data. Unless the Service you are using prominently displays its own Privacy Policy, the MedInvite Privacy Policy applies to the Service.

1. Data Controller.

Doctor's Guide Publishing Limited, 1, rue Hildegard von Bingen, L-1282 Luxembourg, Luxembourg is the controller of your personal data. “We” in this document refers to this entity. Our data protection officer’s name and contact details are as follows: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich, Germany; email@iitr.de. Our UK GDPR-specific representative contact details are as follows: Rickerts Services Ltd UK, PO Box 1487, Peterborough, PE1 9XX, United Kingdom; art-27-representative@rickert-services.uk.

2. Legal Bases for Processing Personal Data.

We rely on the following legal bases to process your personal data, as appropriate:

More information is provided below. For additional details regarding the lawful bases that we rely on to process your personal data specifically, please contact us using the contact details at the end of this Privacy Statement.

Purposes of Use or Disclosure

Legal Bases of Processing and, if applicable, Legitimate Interests

Manage our relationship with you, including to:

● Create an account for you for the Services upon request;

● Respond appropriately to your inquiries;

● Update you regarding your account;

● Provide you with, maintain, secure, and improve our Services;

● Provide you with a customized experience in connection with our Services;

● Collect personal data about you from public resources, such as national or local registries of physicians, national or local medical associations, the public websites of hospitals, medical offices, clinics and educational institutions, academic journals, and professional social networking platforms such as LinkedIn, to validate your identity and better understand which medical news, education activities and surveys may be of most interest to you.

● Improve the accuracy and relevance of the results you see when you interact with the search engine and the search engine's integrated chatbot functionality that is part of our Services.

● If we are contractually obligated to perform the processing based on the terms that apply to the applicable Service, Contract Performance Legal Basis.

● If the GDPR requires us to perform the processing to comply with the GDPR, Legal Obligations Legal Basis.

● In all other cases, Legitimate Interest Legal Basis—namely, to provide you and our other users with a good experience with our Services, prevent fraud and illegal conduct, administer and enforce our contractual and legal rights, and manage and improve our business operations and relationships with third parties.

Discharge our contractual obligations to you.

● Contract Performance Legal Basis.

Comply with any legal obligations that apply to us.

● If you are in the UK and the legal obligation emanates from UK law, or if you are in the EEA and the legal obligation emanates from a law of a Member State or the EEA, Legal Obligations Legal Basis. An example is to comply with the GDPR.

● Otherwise, Legitimate Interest Legal Basis—namely, to ensure that our Services comply with all applicable laws.

Send you invitations, newsletters and other related information as part of our Services, including:

● Invitations to participate in online medical education activities, including accredited continuing medical education activities, and information about medical activities and promotional communications;

● Invitations to learn more about and request information from us about patient assistance resources, such as sample activities and co-pay incentive activities;

● Medical newsletters including the top medical news in your field of interest and medical alerts; and

● Invitations to complete market research surveys, typically in exchange for honoraria.

● If consent is not legally required and you would reasonably expect to receive such information, Legitimate Interest Legal Basis—namely, to deliver to you invitations, newsletters and other related information that we believe may be relevant to you, to help pharmaceutical and other life sciences companies reach a greater audience, and increase medical professionals’ awareness of relevant education activities, patient assistance resources, and medical news.

● Otherwise, Consent Legal Basis.

Use cookies, web beacons and similar technologies to customize your experience with our Services and track who is opening our electronic communications.

● If consent is not legally required and you would reasonably expect us to engage in such processing, Legitimate Interest Legal Basis—namely, to provide you with a better experience on our Services, to help us improve our Services, and to take steps to confirm whether an individual wishes to continue to receiving our electronic communications if they are not opening them and potentially delete their personal data if appropriate.

● Otherwise, Consent Legal Basis.

If you respond to a survey, we process your personal data to: (i) verify your eligibility to participate in a study; (ii) validate your identity and responses; (iii) process your honoraria payment; (iv) provide anonymized survey results to third parties; and (v) identify a particular respondent to comply with applicable legal requirements, such as adverse events reporting requirements.

● Where we are contractually obligated to perform the processing based on the terms that apply to our administration of the survey, Contract Performance Legal Basis.

● If you are in the UK and the legal obligation emanates from UK law, or if you are in the EEA and the legal obligation emanates from a law of a Member State or the EEA, Legal Obligations Legal Basis. An example is to comply with local adverse event reporting laws as applicable.

● In all other cases, Legitimate Interest Legal Basis—namely, to prevent duplicate or fraudulent responses, to maintain the integrity of the responses to the survey, to provide anonymized survey results to third parties to help inform their business activities, and to comply with legal requirements outside of your jurisdiction, such as adverse event reporting requirements, as applicable.

If you participate in a medical education activity that we publish and thereby obtain a continuing medical education or similar certificate, we may disclose the fact that you participated in the activity to the medical school or institute that accredited the activity for the purposes of complying with professional accreditation recordkeeping requirements.

● Legitimate Interest Legal Basis—namely, to allow the medical school or institute to comply with professional accreditation recordkeeping requirements and to assist you in meeting your professional accreditation recordkeeping requirements.

If we publish an activity from another medical education provider, and thereby obtain a continuing medical education or similar certificate, we may disclose the fact that you participated in the activity to the medical education provider for the purposes of complying with professional accreditation recordkeeping requirements.

● Legitimate Interest Legal Basis—namely, to allow the medical education provider to comply with professional accreditation recordkeeping requirements and to assist you in meeting your professional accreditation recordkeeping requirements.

Disclosures of personal data to courts and public authorities to protect you, us, or third parties from harm, such as fraud.

● Legitimate Interest Legal Basis—namely, to protect you, us or third parties from harm, such as fraud or the effects of illegal conduct. These circumstances are rare and we may provide you with additional information prior to such processing where required by applicable law.

Disclosures of personal data to our agents and service providers for the purposes described above.

● See the legal bases and, where applicable, the legitimate interests described above.

3. Personal Data Transfers Outside of the EEA or UK.

Some recipients of your personal data are located in Canada and Ireland. In this case, the transfer is thereby recognized as providing an adequate level of data protection from an EEA and UK data protection law perspective (pursuant to Article 45 of the GDPR).

Some recipients of your personal data are located in the U.S. and Mexico. By entering into appropriate data transfer agreements based on the Standard Contractual Clauses approved by the authorities of your jurisdiction, we have established that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer is subject to appropriate onward transfer requirements as required by the applicable contract or law.

You can ask for a copy of such appropriate data transfer agreements by contacting us as set out at the bottom of this notice.

4. Data Retention.

We will delete, erase or anonymize your personal data within one month after your personal data is no longer necessary for us to provide you with any information or services you have requested, pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your interests or fundamental rights and freedoms, comply with any legal obligations to which we are subject, or defend any legal claim against us or support any legal claim made by us, including any potential appeal.

5. Data Subject Rights.

Please note that these rights may be limited under the applicable national data protection law. To exercise your rights please contact us as stated below.

6. Your Choices.

You are not required to provide any personal data to us, but if you do not provide us with the personal data that we request from you, you may not be able to use or receive the Services. You can use the Services without consenting to cookies that are not strictly necessary; the only consequence is that the Services will be less tailored to you.

7. Contact Us.

For more information or to exercise your rights as described herein, please contact us at privacy@medinvite.com.