This Privacy Notice applies to the users ("User", "You", "your") of one or several Univadis websites (i.e.: www.univadis.com and/or its local versions such as www.univadis.fr), including the mobile versions of the Websites (the "Apps"; collectively, the "Websites"), that Aptus Health International, Inc. (referred to hereinafter as "we", "Aptus Health", "us") owns and operates, or of one of our Services. Websites are owned and operated by Aptus Health - a wholly-owned subsidiary of Merck & Co., Inc. Kenilworth, NJ, USA (“MSD”). Aptus Health maintains its own independent editorial process, business and financial operations, and governance, including independent officers, board of directors, and audit and compliance committees. Aptus Health maintains full confidentiality and information segregation from MSD.The "Services" refer to the Websites and all information and services provided to You in connection with your use of the Websites including newsletters, mobile apps, reference tools, sponsored content, advertising, email communication, e-training, continuing medical education, medical quizzes and other campaigns. Before accessing or using the Websites and/or Services, You will be required to indicate your acceptance of this Privacy Notice.
This Privacy Notice sets out information about your personal data that we collect and process in the context of the Websites and the Services we offer to You. Personal information or data means any information that we can use to identify You, directly or indirectly.
- Who is in charge of the data processing? Aptus Health., 55 Walkers Brook Drive, Suite 500, Reading MA 01867, USA, is considered as the "data controller" with regard to the processing of personal data in the context of the Services. Aptus Health appointed Aptus Health International France SAS, 5 place de la Pyramide Tour Ariane – 92800 Puteaux, ("Aptus Health France") as a data processor ensuring the management of the Websites and Services on its behalf and on its instructions.
2. Why is personal data being collected and used? The personal data is collected and used for the following purposes:
(a) To allow You to access the Websites and their content focused on medical information, to benefit from our Services as a healthcare professional and liaise with You in the context of your use of the Services (e.g.: answer your questions, administer your account, send you administrative information about the Services, provide you with the products and services you may purchase on our Websites);
You may also access the Websites and/or register through login credentials of third-party websites (such as Facebook).
- (b) To improve the Websites and develop and improve tools and effectiveness of our Services;
(c) To provide You, through emails, pop-in, banners, video, and any advertising format referred to on the IAB website or any other advertising format whether existing or unknown at the Date ("Format"), with certain communications and/or targeted advertising about our products and services (or of our affiliates) and the products and services of our third-party sponsors ("Sponsors" means pharmaceutical companies, insurers, etc., which sponsor advertisements and other campaigns such as medical content or quizzes that we may provide to You). For instance:
- (i) we may provide You with contextual advertising or other content, based on the content of the visited webpage or other information we have about You, when You navigate on our Websites;
- (ii) we may send You our newsletters, based on your specialty and interests, when You subscribed to receive them, or provide Sponsors with your personal information when You have subscribed to receive their newsletters and/or offers so as to enable them to provide You with the said subscribed services;
- - the Websites; and also
- - third-party websites or apps that have no link to our Websites. The advertising on these third-party websites may include advertising about Univadis or advertising about third-party Sponsors.
- (iv) we may send You emails with quizzes, polls and other surveys or communications/advertising based on the consent You provided to our Sponsors. In such a case, we act as the data processor of our Sponsors and the data processing is subject to the Sponsors' privacy Notice.
- (d) To conduct the market research surveys in which You accept to participate. We may invite You to participate in market research surveys for us and market research surveys that we conduct on behalf of the Sponsors. Such market surveys may be conducted by one of our affiliates or by a third party acting on our behalf. Such market research surveys may be subject to specific rules that we will notify to You in due time on a case by case basis.
- (e) To comply with legal obligations to which we are subject or investigate potential breaches in connection with the Services.
- (a) To allow You to access the Websites and their content focused on medical information, to benefit from our Services as a healthcare professional and liaise with You in the context of your use of the Services (e.g.: answer your questions, administer your account, send you administrative information about the Services, provide you with the products and services you may purchase on our Websites);
What legal ground is Aptus Health relying on to use personal data? Univadis Websites are free sources of information for healthcare professionals. Being a free service, the Univadis Websites rely on advertising and partnership revenues to finance the development of specialized scientific content designed for practicing physicians to help in the diagnosis and treatment of diseases. The optimization of advertising therefore goes to the heart of our ability to finance the creation of high-quality medical content, and is the reason behind many of the uses of personal data described below.
The use of the personal data is necessary, with respect to each of the above purposes mentioned in section 2 above, to, respectively:
- (a) Perform the contract entered into between Aptus Health and You in the context of the use of the Websites and Aptus Health's Services. The performance of the contract includes knowing who You are, and your specialty. This is particularly important because the Websites is not designed to be available to the general public.
- (b) Respond to Aptus Health's legitimate interests based on the improvement of its Services;
(c) When it comes to:
- (i) Newsletters, interest-based advertising using GPS coordinates or to sharing granular User data with Sponsors, we process data based on the consent You gave us or to our Sponsors, which may be revoked at any time (we may in some cases act as data processors for our Sponsors);
- (d) Process your personal data based on your consent to participate to the market research surveys and the performance of the contract entered into between Aptus Health and You in the context of such market research survey; and
- (e) Comply with any legal constraints applicable to Aptus Health or satisfy Aptus Health's legitimate interests based on the protection of Aptus Health's legal rights in connection with the Websites and other Services.
- What types of data will be collected? The data collected will include your name, professional address, email address, telephone number(s), date of birth, gender IP address, device identifiers (MAC address or similar identifiers), profession and specialty, bank details and invoicing address, GPS-coordinates and any and all personal information You submit or transmit to or through the Websites or Services. As mentioned above, we may also use data about You provided by third-parties such as IMS Health. That will occur only when the third-party provider states that it has your consent to share your data or may rely on another legal ground to do it.
Who will we disclose your personal data to?
- (a) In connection with the provision of advertising services, we may share some limited personal data (e.g. device identifiers, Cookie identifiers) with ad exchanges or agencies that manage advertising on third-party websites and apps on which You may see advertising. We may also share with third party technology service providers that we engage to provide us with security, storage, verification, hosting and other managed services in relation with the Websites
- (b) We may disclose your personal data to Aptus Health's affiliates which may (i) have a legitimate interest in receiving the information gathered via the Services, based, for example, on product development purposes, improvement of the Services or regulatory and compliance purposes, or (ii) conduct data quality checks on our request or provide us with IT services.
(c) We may use your personal data to create aggregated information and anonymised data about the Users of our Services that we may share with our Sponsors for market trend analyses and to provide them with feedback on the effectiveness of the campaigns they have sponsored (e.g. medical quiz, poll, institutional information on a specific medical topic, advertising). For example, we may provide our Sponsors with the percentage of Users, having a specific specialty, who has participated in a quiz sponsored by them.
To the extent You provided us or our Sponsors with your explicit consent, we may also provide our Sponsors with your personal information at a "User level" (e.g. name, specialty, and your click responses) when You are exposed to advertising through our Services or when You participate in a campaign (e.g. do a medical quiz or access content) sponsored by the relevant Sponsor. For example, we may confirm to our Sponsors whether You clicked on an advertisement on their products or did a quiz sponsored by them when You are already in the Sponsor database. However, we would only share such information with Sponsors if You have consented or are already registered in the Sponsors' database.
- (d) We may share your personal data to continuing medical education providers so as to enable them to provide their services and comply with their reporting obligations to the accrediting bodies (e.g. Accreditation Council for Continuing Medical Education – "ACCME"), and where required for their internal recordkeeping purposes. Sponsors might receive aggregated and/or anonymised data about continuing education activities that they support including participation and outcomes measurement.
- (e) If You decide to participate to a paid market research survey, we may disclose your personal information to our Sponsors or market research companies acting on their behalf, for the Sponsor's recordkeeping and/or regulatory reporting purposes. If you choose to participate in a sponsored research market survey that is conducted by a third party market research company, we may provide your personal information to this company. Market research companies might send us lists of individuals they wish to reach with specific surveys, and we may inform these companies which of these individuals are Univadis registered users so that they can manage their survey recruitment needs accordingly. Also, some of the market research surveys made available to you through the Services require the market research company to contact you directly to conduct such survey. We will in any event inform You, before You participate in such research market surveys, of our intent to provide your contact information to the market research company that is conducting the said surveys so that you can decide not to participate in the survey. We do not disclose your answers to the associated Sponsors in a manner that identifies You.
- (g) Aptus Health may disclose your personal data necessary to successors in title, to facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Aptus Health participates.
- (h) Where required by law or court orders or in order to protect our legal rights, we will disclose your personal data to government agencies, regulators and competent authorities.
- Will personal data be transferred abroad? As part of providing You the Services, personal data is transferred to Aptus Health in the US or an Aptus Health's subsidiary located in India. This means that if You are located in the EU, your personal data is transferred to the US or to India, which are not considered to have the same level of data protection as in the EU. However, we have implemented appropriate safeguards as detailed hereafter so as to ensure an adequate level of protection. We also entered into standard contractual clauses or Binding Corporate Rules with our affiliates located outside the EU. Information may be stored and processed in any country where Aptus Health has engaged service providers such as in the US. We may also transfer aggregated information and de-identified data or, if you have consented to it, your personal data to our Sponsors located outside the EU. These operations also involve transfers to countries which do not have data protection laws considered to be equivalent to those under EU law. However, we ensure all data transfers comply with applicable legal requirements (for example, by implementing appropriate contractual clauses). To obtain more details on these transfers and where appropriate copies of the applicable safeguards that were put into place, please contact: email@example.com
- How long will personal data be retained? Aptus Health shall retain the User's personal data up to one year after the User's account deactivation or last use by the non-registered User of the Websites or Services, subject to any relevant provisions of applicable law. Thereafter, the data will be archived (notably to comply with any applicable statute of limitations) or fully anonymised.
- What are Users' rights regarding their personal data? You may ask for access to your personal data or ask us to rectify, erase, restrict or port your personal data and object to the use of your personal data. To exercise these rights or if You have any questions/comments regarding your personal data and its use, please contact: Contact us at firstname.lastname@example.org. When the personal data processing is based on your consent, You have the right to withdraw your consent concerning such data processing, at any time, without affecting the lawfulness of processing based on consent before your withdrawal, by sending a written request to the following email address: email@example.com. For processing necessary to perform the contract, or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that You can no longer access the Services as a Univadis member.
- What if You have concerns? You have a right to complain to your local data protection authority if You are concerned about how your personal data is used through or in the context of the Websites or Services.
- Do I have to provide personal data? Some of the personal data is required if You become a Univadis member. If You do not want to provide your (or part of your) personal data, You may not enjoy all or part of the Websites and Services.
- Do we make automated decisions about You? We make no automated decisions about you that create legal effects or otherwise significantly affect You.
Our safeguards and security measures. We have implemented technology and security measures to protect your personal data from unauthorized access, disclosure, improper use, alteration, unlawful or accidental destruction, and accidental loss.
These procedures include the use of firewalls, secure connections on our websites, and frequently the use of Secured Socket Layers (SSLs) to encrypt pages that collect personal information. Personal information is stored in limited access servers and physical access to our servers requires individual authorization and authentication. In addition, we require that all of our employees and others who have access to or are associated with the processing of your data keep confidential your personal information. We regularly train our employees, service providers and contractors on proper use and handling of personal information. Our service providers are also required to maintain security measures similar to ours.
We use security methods to determine the identity of registered users, so that appropriate rights and restrictions can be enforced for these users. If You are a registered user, we use both logins and passwords to authenticate You. You are responsible for maintaining the security of your login credentials.
By using the Services or providing personal information to us, You agree that we may communicate with You electronically about security, privacy, and administrative issues relating to your use of the Services. If You have a reason to believe that your interaction with us is no longer secure, please contact us immediately at firstname.lastname@example.org.
We also implemented standard contractual clauses and BCR so as to ensure the security of the data transfers within Aptus Health group and towards third-parties. Aptus Health is also Privacy Shield certified.
- Privacy Dashboard. By following this link https://www.univadis.co.uk/account?account_privacy_settings, You may be able to adjust your preferences and information we gathered about You and refuse the sharing of your personal information "at a User level" with our Sponsors.