MedPoint Privacy Policy

Effective Jun 1, 2024 to May 31st, 2025

Purpose and Overview

MedPoint Digital, Inc. ('MedPoint') serves as a data processor for international pharmaceutical and biotech companies and for professional healthcare organizations and societies. MedPoint is committed to protecting your privacy.

MedPoint uses the internet to provide various information and resources to the professional healthcare community, including medical training and education courses. Our services are not meant for the general public. We rely on our users to provide data that includes mailing and e-mail addresses and other profile information. In addition, user feedback and course evaluation data allow us to better understand the specific needs of medical professionals.

As a part of MedPoint's training and education operations, we collect, and in some cases, disclose information about users to our program sponsors and professional education accreditation providers.

If you, as a User, are uncomfortable with the terms or policies described in this statement, you may discontinue use of our website and send confidential correspondence through the postal service to the address provided below.

The privacy and security pertaining to the information that our users provide is a serious matter; therefore, MedPoint Digital has established this Privacy Policy for our organization and users. Please read the following Privacy Statement on MedPoint's policies regarding the collection, use, disclosure, and protection of user information.

Legal Basis for Processing

MedPoint does not provide services to the general public.

We provide professional services to healthcare professionals, and we must control access to this information.

In many cases, Users like you have entered into a contract to conduct clinical studies and the study sponsor has designated a MedPoint web-portal to support the study by disseminating private trial documents, communications, and alerts.

In other cases, Users like you have contracted directly with us for data services or have requested to participate in training and education courses provided by pharmaceutical and biotech sponsors and healthcare institutions to advance your professional knowledge.

In all cases, as a condition of your consuming these services, MedPoint needs to collect relevant information and to identify you and control access to this professional and private information. Should you choose not to provide these data, our services will not be provided to you.

Children

This Website is for medical information and services and is not intended for children. MedPoint does not market any products or services to children under the age of thirteen or knowingly collect any information from children under the age of thirteen. If MedPoint becomes aware that information is or has been submitted by or collected from a child under the age of thirteen, this information will be deleted.

Logging and Cookies

As part of MedPoint services, we use cookies. A cookie is a message sent to your browser from a Web server that is stored on your computer's hard drive. The message is sent back to the Web server whenever the browser requests a page from that server. Many commercial internet websites use cookies. While a code in the cookie file enables the website to label you as a particular user, it does not identify you by name or address unless you have provided the website with such information or set up preferences in your browser to do so automatically. You may opt out of accepting cookies by changing the settings on your browser. However, rejecting cookies may prevent you from using certain functions and you may have to repeatedly enter information to take advantage of services or promotions. In general, cookies allow us to identify you as a particular user; thus, providing you with a more customized service. We may also use cookies to track customer or user requests, inquiries and traffic patterns, or to determine audience size and repeated usage.

For more information see MedPoint Cookie Policy MedPoint Cookie Policy.

International Privacy Compliance

MedPoint complies with the European Union (EU) General Data Protection Regulation 2016/679 (GDPR), regarding the collection, use, and retention of personal information transferred from the EU, the United Kingdom (UK), and Switzerland to the United States (US).

MedPoint strives to collect, use, and disclose personal information in a manner consistent with the laws of the countries in which we do business.

* "Commission Implementing Decision (EU) 2021/915 of 4 June 2021 on standard contractual clauses (SCC) between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 29(7) of Regulation (EU) 2018/1725 of the European Parliament and of the Council" (EU-SCC).


MedPoint Digital and Its Agents and Program Sponsors

MedPoint is a US based corporation, which also operates with several international agents and sponsors. MedPoint requires all agents and sponsors to honor its Privacy Policies, including the EU-SCC with respect to Notice; Choice; User Rights; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.

Information Collected
Sources of Information include:
  • Information from the clinical trial sponsor company, derived from the contract you and your institution have entered into and initially manifested as an invitation to register for a clinical trial portal.
  • Information provided by you at the time of registration and during your participation in the program, including personally identifiable information (PII), attendance to our web conference and on-line learning assets, polling responses, test question responses, forum posting by you, your invitations to your colleagues, forms you complete, appropriate electronic signatures, your submitted questions, similar program activities, etc.
  • Invitation lists supplied to us by our pharmaceutical and biotech program sponsors.
  • Invitation lists provided to us by professional organizations to which you belong for programs they may be sponsoring or recommending.
Types of information Collected include:

MedPoint collects the domain name and email addresses of users, information volunteered by the user such as quiz/evaluation information, and/or website registrations. Project-specific information may also include your professional title, work address, the name of your healthcare institution, department, and work telephone.

Purpose of Collecting Personal Information:

This information is used to send confirmations, reminders, and follow-up email correspondence regarding face to face meetings, virtual meetings, and other activities; to notify users about updates; provide confirmation on course completions; to configure and customize user preferences to improve their program experiences; to evaluate training program effectiveness for the user and the program itself; and to identify new issues and understandings in medical science and operations.

In some cases, additional information, such as institution location, curricula vitae (CV), and certifications, is collected as part of the operational requirements to administer clinical trials (e.g., to build a training program suited to the individual). Those clinical trial portals are private, secure, by-invitation-only, membership-only websites that support a pre-existing contractual relationship between the study sponsor and the research study healthcare professionals (HCPs.)

Creation of De-Identified Data

We may create de-identified data records from personal data by excluding the information (such as your name) that makes the data personally identifiable to you. Once we create deidentified data, this de-identified data is our property. We use this de-identified data in many ways including analyzing request and usage patterns, creating reports, and performing analytics so that we may enhance the content of our services, our compliance with equal opportunities regulations, improve site navigation, and provide meaningful analysis of habits, usage, trends, and effectiveness of marketing campaigns, etc. as part of our analytics and other services. MedPoint reserves the right to use and disclose de-identified data to third party companies in its absolute discretion.

Onward Transfers to Agents

MedPoint may share some or all of your PII with necessary agents and sponsors. MedPoint will obtain assurances from its agents and sponsors that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the "Commission Implementing Decision (EU) 2021/915" of 4 June 2021 or being subject to another European Commission adequacy finding.

Where MedPoint has knowledge that an agent is using or disclosing PII in a manner contrary to this Policy, MedPoint will take reasonable steps to prevent or stop the use or disclosure.

In particular, MedPoint remains liable for the transfer of personal data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.

Third Parties

MedPoint does not release PII about users or their use of this website to any third party that does not comply with "EU-SCC" and without notification to the user. An example of a compliant third party is local event-management personnel at a hotel confirming your identity and authorization to attend a conference. Other third-party vendors and agents include, but are not limited to:

  • Voice-bridge service operators (for web conferences)
  • Technical support personnel (for web conferences)
  • Transcription services (for learning module question and answer [Q & A] sessions.)
  • Google Analytics
  • Hotel and destination management service providers (for live events)
  • Airlines and transportation services (for live events)
Notice of Upgrades to Our Services

MedPoint may alert you to new services and upgrades as we continue to evolve and develop our systems.

Choice and Consent

MedPoint provides users with the choice and means for limiting the use and disclosure of their PII in clear and conspicuous language during the registration process and during the period of the program, and MedPoint will abide by those choices.

Users who withhold some critical information may be disqualified from program participation.

Notice will be provided before MedPoint uses or discloses the information for a purpose other than for which it was originally collected.

MedPoint notifies and gives individuals the authority to affirmatively and explicitly consent ("opt-in") to the disclosure of their information to a non-agent third party or to withhold such consent. Also, to explicitly authorize and opt-in to a subsequent use of their information for a purpose other than the purpose for which it was originally collected or to withhold such consent.

Users have rights that include the following:

  • Withdraw your consent to the processing of your personal information at any time without penalty.
  • Access your personal information and have it corrected, amended or deleted.
  • The right to data portability: receive a copy of your personal data and transit such to others.
  • At any time, to object to and request the cessation of our processing of your personal information which we will comply with unless we demonstrate compelling legitimate grounds for processing such that overrides your rights.
  • If you believe your personal information is inaccurate, unlawful, no longer necessary for our business purposes, or if you object to our processing of your personal information, you also have the right to instruct us to restrict the processing of your data pending our investigation and/or verification of your claim.
  • The right to be forgotten, i.e., the right to ask us to delete or otherwise dispose of any of your personal data that we have.
  • If you cannot resolve your complaint with us, you have a right to bring the complaint to the relevant data protection authority, which has the power to enforce the GDPR.
  • MedPoint does not conduct automated decision-making based on your PII or other of your collected data.

If you wish to raise a complaint and initiate and investigation on how we have handled your personal data, or request a copy of your personal information, please email us at privacy@medpt.com. We may make a small charge for this service.

Individuals may to choose whether their PII is to be disclosed to a non-agent third party or to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual during the program registration process ("opt-out"). Choosing to opt-out may result in the cessation of registration process and prevent participation in the program.

Users may also send such opt-out requests via email to privacy@medpt.com

Data Security

Transfers of data to countries outside of the EEA are safeguarded as specified in EU General Data Protection Regulation 2016/679 ("GDPR.")

MedPoint takes reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. MedPoint has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

MedPoint uses industry-standard data-encryption technology when transferring or receiving PII on any of the MedPoint websites. We maintain appropriate security measures in our physical facilities to protect against loss, misuse, or alteration of information we have collected from you (users) on any of the MedPoint websites.

MedPoint uses a secure server and security protocol to safeguard the information users submit.

To help ensure the security of users personal and financial information (other than via an email message), MedPoint uses security software to encrypt the information before and during its transmission through the Internet.

Email messages are frequently not secure. MedPoint's security software does not encrypt email messages. Email messages traveling through the internet are subject to viewing, alteration and copying by potentially any party on the internet. MedPoint is not responsible for the security of confidentiality of communications sent to us through the internet using email messages. Instead, MedPoint may direct you to a secure website to read or send messages.

Data Integrity

MedPoint Digital only processes PII in a way that is compatible and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, MedPoint takes reasonable steps to ensure that PII is accurate, complete, current, and reliable for its intended use.

Data Retention

MedPoint will not retain your personal information for longer than is necessary for our business purposes (usually 24 months after project close or inactivity) or for legal requirements.

For example, in a clinical study the European Medicines Agency (EMA) and the Food and Drug Administration (FDA) require participating study HCPs training records to be maintained for subsequent submission to the approving bodies as part of the drug approval process. Studies can have lifetimes beyond 24 months. In this case, we may continue to maintain the records beyond 24 months to ensure a comprehensive submission, as well as EMA/FDA inspection readiness.

Access

Upon request, MedPoint grants to individuals reasonable access to PII that it holds about them. In addition, MedPoint takes reasonable steps to add, correct, or delete information that is demonstrated to be inaccurate or incomplete.

Options regarding correction or storage of your information

Users may obtain from us the information about them in our files. If you believe the information we have about you in our records or files is incomplete or inaccurate, you may request, via e-mail (or other form of communication), that we make any necessary additions or corrections or, to the extent that it is feasible, that we delete this information from our files. Users may send such requests via email or write to MedPoint at the address below.

MedPoint Digital, Inc.
Re: My PII Request
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

Privacy@medpt.com

Enforcement

MedPoint conducts compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee or agent that MedPoint determines is in violation of this policy is subject to disciplinary action up to and including termination of employment or commercial engagement.

MedPoint is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

EU-US Privacy Shield Dispute Resolution

Digital commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-SCC. Inquiries or complaints regarding this privacy policy should first contact MedPoint at:

MedPoint Digital, Inc.
Re: EU-SCC Privacy
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

Privacy@medpt.com

If your Privacy complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at  https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Change of Ownership

In the event of change in ownership, or a direct merger or acquisition with another entity, we reserve the right to transfer all of MedPoint user information, including personal data, to a separate entity which also abides by the EU-SCC requirements. We will use commercially reasonable efforts to notify you (by posting on our website or issuing an e-mail to the e-mail address you provided when you registered) of any change of ownership; merger or acquisition of MedPoint by a third party, and you may choose to modify any of your registration information at that time.

The Swiss Federal Act on Data Protection
The Swiss Data Protection Framework

MedPoint complies with the Swiss Federal Act on Data Protection Framework regarding the collection, use, and retention of PII from Switzerland.

MedPoint commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact MedPoint at:

MedPoint Digital, Inc.
Re: Swiss-U.S. Privacy
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

privacy@medpt.com

Amendments

This Policy may be amended from time to time consistent with the requirements of the EU-Swiss and UK Privacy regulations and their successors. We will post any revised policy on this website; please check frequently for changes.

Links

This website contains links to other websites. When users click on one of these links, they are moving to another website. Users should read the Privacy Statements of these linked websites.

Limitation on Application of Principles

Adherence by MedPoint may be limited to the extent required to respond to a legal or ethical obligation; to the extent necessary to meet national security, public interest or law enforcement requirements; and to the extent expressly permitted by an applicable law, rule or regulation.

Contact Information

Questions, comments, or complaints regarding the Company's EU-US Privacy Shield Policy or data collection and processing practices can be emailed or mailed to:

MedPoint Digital, Inc.
Re: Privacy
Attn: Data Protection Officer
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA
privacy@medpt.com

Phone: 847-869-4700
Fax: 847-869-4702

Cookies and Tracking Technologies Policy

MedPoint Digital, Inc. ('MedPoint'), uses authentication cookies and tracking technologies on our websites to enable us to analyze use of our online services, to improve and personalize your experience of our services which, on some services, may be tailored to you based on your browsing behavior and other data held about you.

MedPoint respects your right to privacy and we aim to be transparent at all times about when, how and why data about you and your browsing behaviors may be used in connection with our services. We are committed to using cookies and tracking technologies fairly and in accordance with your privacy rights. This policy describes:

  • What cookies and online tracking technologies are.
  • How we use cookies.
  • Analytics on our services.
  • Your choices (managing cookies and opting out).
  • How to contact us.

To find out more about the company and our approach to privacy please read our Privacy Policy

What are cookies and online tracking technologies?

Web Browser Cookies
A cookie is a small text file that is sent by a website to your computer or mobile device where it is stored by your web browser. A cookie contains limited non-personal data, usually a unique identifier and the name of the site. This enables a website to recognize you as you move around the site and/or each time you revisit. Cookies are used for a wide variety of purposes such as to keep you logged in or to remember your preferences and settings, to analyze how the site is used by you.

Cookies may be served to you by the website you are visiting (a "first party cookie") or by another organization providing services to that website, such as an analytics company (a "third party cookie"). They will either be stored for the duration of your visit (a "session cookie") or they will remain on your device for a fixed period, which could be months or even years, to remember you across multiple browsing sessions (a "persistent cookie").

MedPoint only uses first party, non-persistent, session cookies that expire when you log-off our membership-only Portals.
Other types of local storage, such as Flash Cookies and HTML5 Storage
Many websites use Adobe Flash Player to deliver video and game content to their users. Adobe utilize their own cookies which are used by the Flash Player to store data such as your preferences, and your viewing and browsing history.

HTML5 Storage is similar in concept to browser cookies in that the data is stored in your browser's files, and it is used for similar purposes; however, as this storage enables website publishers to store greater amounts of data, they will often use it to store usage data and preferences (alongside the unique identifier usually stored in a cookie) instead of on their own systems.

MedPoint uses Adobe Flash and HTML5 cookies only to track training module progress (resume code) and completion.
Tracking technologies: web beacons/GIFs, page tags, script
Web pages, emails and mobile apps may contain a small transparent image file or line of code to record how you interact with them. They are often used in conjunction with web browser cookies (or the unique identifier of your mobile device) and they are used to help website and app publishers to better analyze and improve their services based on your browsing behavior and interests. For example by knowing which web pages you visit or which elements of a page you viewed, when and for how long, whether you viewed and/or clicked on an advertisement on the site or whether you opened or clicked on marketing emails sent to you.

MedPoint does not use web beacons/GIFs, tracking page tags or tracking scripts.

How we use cookies on our online services

We use cookies and tracking technologies to enable us to recognize when you have logged in, to keep you logged in, to improve the security of our services, such as preventing fraudulent or disruptive activity and for system administration.

Analytics on our services
We use Google Analytics to collect statistical information about how our websites are used. They use information such as your internet protocol (IP) address, browser type, operating system, and unique identifiers stored in first party cookies on your device to record how you interact with our website and to better support our user base. We only use this data in aggregate form, and we do not merge it with any other data we hold.

MedPoint may share this aggregate data with the pharmaceutical and biotech companies who sponsor Users' portal memberships.
These analytical services help us to know how many users we have, which parts of our sites are most popular, what browsers are used (so we can maximize compatibility), the country or region where our users are located, and the demographics and interests of our users. This enables us to better understand who is using our site and to ensure we are reaching our target demographic, and to improve and tailor our services accordingly.

Your choices: Managing cookies and "opting out"

Opting out of Analytics Cookies
To find out more about the analytics services used on our websites and to opt-out, please visit:
Google Analytics - support.google.com/analytics/answer/6004245

Managing cookies and local storage on your device
Web browser cookies: You can choose how web browser cookies are handled by your device via your browser settings including to 'refuse' or 'delete' all cookies. If you choose not to receive cookies at any time, websites may not function properly, and certain services may not be provided. Each browser is different, so check the 'Help' menu of your browser to learn how to change your cookie preferences or follow the instructions provided at: www.allaboutcookies.org/managecookies/ which provides information for the most common browsers.
Local Storage (Flash and HTML5): The most common browsers clear your locally stored data when you choose to 'delete/clear' your cookies and web browsing data; consult the 'Help' function of your browser for more details. Alternatively, you can manage which websites can store information (and how much) in Flash cookies by visiting the settings panel on the Adobe website. Deleting Flash cookies and HTML5 cookies will impact 'Training Module' performance and credits.

The 'Do Not Track' (DNT) function on your web browser
DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. This website does not currently respond to DNT requests, however, you may opt-out of tracking for analytics purposes using the links provided above.
A uniform standard has not yet been adopted to determine how DNT requests should be interpreted and what actions should be taken by websites and third parties. We will continue to review DNT and other new technologies and may adopt a DNT standard once available.

Contact us

If you have any questions or concerns about MedPoint's use of cookies and other tracking technologies, or if you believe there has been a breach of this policy, please email us at: dataprotection@medpt.com.