Last updated: Feb 17th, 2021
Goes into effect: March 12th, 2021
QxMD
User Privacy Notice
This Privacy Notice applies to the users (“User“, “You“, “your“) of one or several QxMD websites (i.e.: www.qxmd.com), including the apps, websites, emails and educational content, such as Calculate by QxMD, Read by QxMD, Learn by QxMD and Pedi STAT (the “Apps“; collectively, the “Websites“), that QxMD Software Inc. and/or WebMD, LLC. (referred to hereinafter as “we“, ” QxMD“, “us“) owns and operates, or of one of our Services. QxMD is part of the network of websites owned and operated by WebMD LLC (“WebMD“) and Medscape, LLC (“Medscape“) that are intended for use by healthcare professionals, including medscape.com, medscape.org, Medscape Mobile, Medscape MedPulse and Medscape CME & Education. We refer to these websites (the “Sites”) and mobile applications (the “Apps”) collectively as the “Medscape Network,” and along with the information and services made available to users of the Medscape Network, including but not limited to medical news, reference content, clinical tools, applications, sponsored programs, advertising, email communications, continuing medical education, market research opportunities and discussion forums, the “Medscape Network Services.”
QxMD is committed to delivering and recommending impartial, accurate and personalized health information that meet the needs and interests of healthcare professionals (HCPs) around the globe. The “Services” refer to the Websites customized and personalized according to Your profile, Your interests and all information and services provided to You in connection with Your use of the Websites including newsletters, mobile apps, reference tools, sponsored content, advertising, email communication, e-training, continuing medical education, medical quizzes and other campaigns.
Before accessing or using the Websites and/or Services, You will be required to indicate your acceptance of this Privacy Notice.
This Privacy Notice sets out information about your personal data that we collect and process in the context of the Websites and the Services we offer to You. Personal information or data means any information that we can use to identify You, directly or indirectly.
- Who is in charge of the data processing? QxMD Sofware Inc. at 201 – 445 6th avenue West Vancouver, BC, Canada, V5Y 1L3 and WebMD LLC, 395 Hudson Street Third Floor New York, NY 10014 USA, are “joint controllers”. Aptus Health International France SAS, 5 place de la Pyramide Tour Ariane – 92800 Puteaux FRANCE (“Aptus Health France“) is their representative in the European Union.
- Why is personal data being collected and used? The personal data is collected and used for the following purposes:
- To allow You to access the Websites and their personalized content focused on medical information and customized based on Your specialty and centers of interests, to benefit from our Services as a healthcare professional and liaise with You in the context of your use of the Services (e.g.: answer your questions, administer your account, send you administrative information about the Services, provide you with the products and services you may purchase on our Websites);
When You first access to the Websites, we ask You to complete a form with Your personal data so as to enable You to register with the considered Website/App and become a member of the Medscape network. Please note that we may also collect additional information about You from third-party sources to verify and complete your registration information (e.g. medical ID, specialty) and help us provide the Services and personalize them. These third-party sources, like IQVIA, have databases of healthcare professionals which they can share with us, under their own responsibility, on a selective basis because of the consent You provided to them or on the basis of any other legal ground that such third party source can rely on. Because the third-party sources of data change frequently, You should contact us if you wish to know if any data about You come from third party sources, and if that’s the case, from which source they originate.
Because our Services are limited to healthcare professionals, You must create an account on the Websites to access all of the Services. However, you may be able to access to certain limited Services (i.e.: part of the content of the Websites) without creating an account: we may use cookies and other identifiers or similar technologies (referred to hereinafter as “Cookies“) to obtain information on the referring website, type of browser used, the content viewed as well as the date and time of your access to the Website. Please read our Cookies Notice for more information on our use of Cookies and your options for managing Cookies [link to the Cookie policy to be inserted].
You may also access the Websites and/or register through login credentials of third-party websites (such as Facebook).
To customize the Services we provide to You and to provide You with personalized recommendations and experience, we may process information we have about You to create a profile of You. If you are a member of the Medscape Network, we may elect to associate this information with your registration information. This processing of Your profile is necessary to deliver the Services which are tailored according to your specialty and interests (known or inferred). Personalization is necessary for the performance of the contract between You and us according to which we deliver the Services. We analyze or deduct your preferences and interests based on a number of factors including:
(i) Your profile (information provided at the registration time), enriched with other information obtained from third-party sources such as IQVIA to ensure accuracy of our data and comply with our legal obligations;
(ii) Your interactions with our Services and the Medscape Network, such as:
– your viewing and search history,
– the time and location of Your access to our Services,
– the device you use,
– answers you give to surveys and quiz,
(iii) our content you post, share or recommend, including through social media. Other users with similar tastes and preferences on our Service;
(iv) Your interactions with other websites including with the Medscape Network, subject to our Cookies Notice.
This information is used to classify users into different groups or segments, using algorithms and machine-learning. This analysis helps identify links and patterns between different behaviors and characteristics to propose or recommend You relevant Services for You. This will never prevent You from accessing and browse the Services available to You on the Websites.
For example, a User that is registered as an oncologist, but whom we believe has interest or work closely in the cardiology field (thanks notably to his activity on the Websites), may be recommended cardiology-related content on the Websites that a User with another specialty or center of interest would not see. Similarly, Users may receive different emails containing different recommended content; - To improve the Websites and develop and improve tools and effectiveness of our Services;
- To provide You, through emails, pop-in, banners, video, and any advertising format referred to on the IAB website or any other advertising format whether existing or unknown at the Date (“Format“), with certain communications and/or targeted advertising about our products and services (or of our affiliates) and the products and services of our third-party sponsors (“Sponsors” means pharmaceutical companies, insurers, etc., which sponsor advertisements and other campaigns such as medical content or quizzes that we may provide to You). For instance:
(i) we may provide You with contextual advertising or other content, based on the content of the visited webpage, when You navigate on our Websites;
(ii) we may send You our newsletters, based on your specialty and interests, when You subscribed to receive them, or provide Sponsors with your personal information when You have subscribed to receive their newsletters and/or offers so as to enable them to provide You with the said subscribed services;
(iii) we may collect information on your use of the Websites, the Services and the Medscape Network through the use of Cookies or GPS coordinates to provide You with targeted advertising through emails, or banners/pop-in or other Format when You visit:
– the Websites;
– the Medscape Network; and also
– third-party websites or apps that have no link to our Websites. The advertising on these third-party websites may include advertising about QxMD or advertising about third-party Sponsors.
Please read our Cookies Notice for more information on the use of Cookies and your options for managing them.
(iv) we may send or recommend You emails with personalized quizzes, polls and other surveys or communications/advertising based on the consent You provided to our Sponsors. In such a case, we act as the data processor of our Sponsors and the data processing is subject to the Sponsors’ privacy Notice. - To conduct the market research surveys in which You accept to participate. We may invite You to participate in market research surveys for us and market research surveys that we conduct on behalf of the Sponsors. Such market surveys may be conducted by one of our affiliates or by a third party acting on our behalf. Such market research surveys may be subject to specific rules that we will notify to You in due time on a case by case basis. For some surveys, you may be asked to provide personal information for re-contact or payment fulfillment purposes.
- When you post a comment on a discussion board or other public forum, by default your username, specialty and degree will be displayed within the forum along with your comment. You may choose to display additional information in your public forum profile, including a photo, by adjusting your discussion profile settings.
- If you provide us information about an adverse event regarding a pharmaceutical product, we may be required to report such information along with your contact information to the manufacturer as required for the manufacturer to fulfill its reporting obligations to the applicable regulatory authority. If you do not want this information reported to the applicable manufacturer and regulatory authority, then do not provide us with adverse event information.
- To comply with legal obligations to which we are subject or investigate potential breaches in connection with the Services.
- To allow You to access the Websites and their personalized content focused on medical information and customized based on Your specialty and centers of interests, to benefit from our Services as a healthcare professional and liaise with You in the context of your use of the Services (e.g.: answer your questions, administer your account, send you administrative information about the Services, provide you with the products and services you may purchase on our Websites);
- What legal ground is QxMD relying on to use personal data? The Services and QxMD Websites provide tailored content from multiple sources through a single interface. We offer a free source of customized information for healthcare professionals. Being a free service, the QxMD Websites rely on advertising and partnership revenues to finance the development of specialized scientific content designed for practicing physicians to help in the diagnosis and treatment of diseases. The optimization of advertising to provide You with relevant commercial communications and messages therefore goes to the heart of our ability to finance the creation of high-quality medical content, and is the reason behind many of the uses of personal data described below.
The use of the personal data is necessary, with respect to each of the above purposes mentioned in section 2 above, to, respectively:- Perform the contract entered into between QxMD and You in the context of the use of the Websites and QxMD Services. The performance of the contract includes knowing who You are, your specialty, your preferences and centers of interests to provide tailored content, including interest-based sponsored content and tailored commercial communications. This is particularly important because the Services are designed to provide recommended content to You. Knowing who You are is also important because the Services are not available to the general public.
- Respond to QxMD’s legitimate interests based on the improvement of its Services;
- When it comes to:
(i) Newsletters, sending by email interest-based advertising using GPS coordinates or to sharing granular User data with Sponsors, we process data based on the consent You gave us or to our Sponsors, which may be revoked at any time (we may in some cases act as data processors for our Sponsors);
(ii) Interest-based advertising on our Websites and third-party websites and apps including within the Medscape Network, we process and combine data to enrich Your profile to respond to our legitimate interests based on our business model offering free and relevant Services to You. You may oppose the use of certain Cookies and data compiling thanks to an opt-out solution that we provide You (see section 13 below, and our Cookie notice for more details on how to refuse Cookies). Our use of the legitimate interest legal basis is without prejudice to additional requirements on Cookies that may flow from Directive 2002/58 or any subsequent European legislation. - Process your personal data based on your consent to participate to the market research surveys and the performance of the contract entered into between QxMD and You in the context of such market research survey; and
- Comply with any legal constraints applicable to QxMD or satisfy QxMD’s legitimate interests based on the protection of QxMD’s legal rights in connection with the Websites and other Services.
- Perform the contract entered into between QxMD and You in the context of the use of the Websites and QxMD Services. The performance of the contract includes knowing who You are, your specialty, your preferences and centers of interests to provide tailored content, including interest-based sponsored content and tailored commercial communications. This is particularly important because the Services are designed to provide recommended content to You. Knowing who You are is also important because the Services are not available to the general public.
- What types of data will be collected? The data collected will include your name, professional address, email address, telephone number(s), date of birth, professional identifier (such as your National Provider Identifier (NPI) or other professional licence number), academic background, IP address, device identifiers (MAC address or similar identifiers), profession and specialty and any and all personal information You submit or transmit to or through the Websites or Services. If you are a member of the Medscape Network, we may elect to associate this information with your registration information. As mentioned above, we may also use data about You provided by third-parties such as IQVIA. That will occur only when the third-party provider states that it has your consent to share your data or may rely on another legal ground to do it.
- Who will we disclose your personal data to?
- In connection with the provision of advertising services, we may share some limited personal data (e.g. device identifiers, Cookie identifiers) with ad exchanges or agencies that manage advertising on third-party websites and apps on which You may see advertising. We may also share with third party technology service providers that we engage to provide us with security, storage, verification, hosting and other managed services in relation with the Websites.
- We may disclose your personal data to WebMD’s or QxMD’s affiliates to provide services, targeted campaigns and improve your experience within the Medscape Network by showing relevant content and ads.
- We may disclose your personal data to WebMD’s or QxMD’s affiliates which may (i) have a legitimate interest in receiving the information gathered via the Services, based, for example, on product development purposes, improvement of the Services or regulatory and compliance purposes, or (ii) conduct data quality checks on our request or provide us with IT services.
- We may use your personal data to create aggregated information and anonymised data about the Users of our Services that we may share with our Sponsors for market trend analyses and to provide them with feedback on the effectiveness of the campaigns they have sponsored (e.g. decision support tools, featured research, polls, digital education on a specific medical topic, advertising). For example, we may provide our Sponsors with the percentage of Users, having a specific specialty, who has participated in a course sponsored by them.
To the extent You provided us or our Sponsors with your explicit consent, we may also provide our Sponsors with your personal information at a “User level” (e.g. name, specialty, preferences and your click responses) when You are exposed to advertising through our Services or when You participate in a campaign (e.g. access content) sponsored by the relevant Sponsor. For example, we may confirm to our Sponsors whether You clicked on an advertisement on their products when You are already in the Sponsor database. However, we would only share such information with Sponsors if You have consented or are already registered in the Sponsors’ database. - We may share your personal data to continuing medical education providers so as to enable them to provide their services and comply with their reporting obligations to the accrediting bodies (e.g. Accreditation Council for Continuing Medical Education – “ACCME“), and where required for their internal record keeping purposes. Sponsors might receive aggregated and/or anonymised data about continuing education activities that they support including participation and outcomes measurement.
- If You decide to participate in a paid market research survey, we may disclose your personal information to our Sponsors or market research companies acting on their behalf, for the Sponsor’s record keeping and/or regulatory reporting purposes. If you choose to participate in a sponsored research market survey that is conducted by a third party market research company, we may provide your personal information to this company. Market research companies might send us lists of individuals they wish to reach with specific surveys, and we may inform these companies which of these individuals are QxMD registered users so that they can manage their survey recruitment needs accordingly. Also, some of the market research surveys made available to you through the Services require the market research company to contact you directly to conduct such survey. We will in any event inform You, before You participate in such research market surveys, of our intent to provide your contact information to the market research company that is conducting the said surveys so that you can decide not to participate in the survey. We do not disclose your answers to the associated Sponsors in a manner that identifies You.
- In the case You log in to third-party websites with your QxMD or your Medscape Network log-in credentials, we may share your personal information to editors of such third-party websites (such as your name, specialty, occupation and email address but not your QxMD log in credentials). Prior to log in with your QxMD or your Medscape Network log-in credentials to such third-party websites, You should review the third party website’s privacy policy. If the privacy policy of those third party websites permits, we may receive information about your use of this third-party website, which we may then use in accordance with this Privacy Notice.
- QxMD may disclose your personal data necessary to successors in title, to facilitate a merger, consolidation, transfer of control or other corporate reorganization in which QxMD participates.
- Where required by law or court orders or in order to protect our legal rights, we will disclose your personal data to government agencies, regulators and competent authorities.
- In connection with the provision of advertising services, we may share some limited personal data (e.g. device identifiers, Cookie identifiers) with ad exchanges or agencies that manage advertising on third-party websites and apps on which You may see advertising. We may also share with third party technology service providers that we engage to provide us with security, storage, verification, hosting and other managed services in relation with the Websites.
- Will personal data be transferred abroad? As part of providing You the Services, personal data is transferred to QxMD in Canada. The European Commission has recognised Canada as providing an adequate protection to personal data. To provide You the Services, your personal data is also transferred to WebMD in the US. This means that if You are located in the EU, your personal data is transferred to the US, which is not considered to have the same level of data protection as in the EU. However, we have implemented appropriate safeguards by entering into standard contractual clauses with our affiliates located outside the EU so as to ensure an adequate level of protection. Information may be stored and processed in any country where QxMD has engaged service providers such as in the US. We may also transfer aggregated information and de-identified data or, if you have consented to it, your personal data to our Sponsors located outside the EU. These operations may also involve transfers to countries which do not have data protection laws considered to be equivalent to those under EU law. However, we ensure all data transfers comply with applicable legal requirements (for example, by implementing appropriate contractual clauses).
- How long will personal data be retained? QxMD shall retain the User’s personal data up to one year after the User’s account deactivation subject to any relevant provisions of applicable law. Thereafter, the data will be archived (notably to comply with any applicable statute of limitations) or fully anonymised.
- What are Users’ rights regarding their personal data? In so far as granted by applicable law (in particular in the European Union), You may ask for access to your personal data or ask us to rectify, erase, restrict or port your personal data and object to the use of your personal data. To exercise these rights or if You have any questions/comments regarding your personal data and its use, please contact us at [email protected]. When the personal data processing is based on your consent, You have the right to withdraw your consent concerning such data processing, at any time, without affecting the lawfulness of processing based on consent before your withdrawal, by sending a written request to the following email address: [email protected]. For processing necessary to perform the contract, or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that You can no longer access the Services as a QxMD member.
- What if You have concerns? You have a right to complain to your local data protection authority if You are concerned about how your personal data is used through or in the context of the Websites or Services.
- Do I have to provide personal data? Some of the personal data is required if You become a QxMD member. If You do not want to provide your (or part of your) personal data, You may not enjoy all or part of the Websites and Services.
- Do we make automated decisions about You? We make no automated decisions about you that create legal effects or otherwise significantly affect You.
- Our safeguards and security measures. We have implemented technology and security measures to protect your personal data from unauthorized access, disclosure, improper use, alteration, unlawful or accidental destruction, and accidental loss.
These procedures include the use of firewalls, secure connections on our websites, and frequently the use of Secured Socket Layers (SSLs) to encrypt pages that collect personal information. Personal information is stored in limited access servers and physical access to our servers requires individual authorization and authentication. In addition, we require that all of our employees and others who have access to or are associated with the processing of your data keep confidential your personal information. We regularly train our employees on proper use and handling of personal information. Our service providers are also required to maintain security measures similar to ours.
We use security methods to determine the identity of registered users, so that appropriate rights and restrictions can be enforced for these users. If You are a registered user, we use both logins and passwords to authenticate You. You are responsible for maintaining the security of your login credentials.
By using the Services or providing personal information to us, You agree that we may communicate with You electronically about security, privacy, and administrative issues relating to your use of the Services. If You have a reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].