prIME Oncology Privacy Policy

 

  1. INTRODUCTION

This privacy policy applies to all services, products, websites, and other (automated) communication (hereinafter: “services”), provided by prIME Oncology LLC (Atlanta, GA, United States) and prIME Oncology BV (The Hague, the Netherlands).

At prIME Oncology we value the people we work for and work with. This includes the use of personal data of individuals. As prIME Oncology has offices in both the US and the EU, prIME Oncology has made its privacy policy compliant to the General Data Protection Regulation (GDPR) standards.

In this privacy policy we explain what we do with your personal data. Please note that this privacy policy forms part of our terms of use and cookie policy.

This privacy policy is updated regularly. The latest version is published on our website and takes effect from the day of publication.

  1. DEFINITIONS

For a proper understanding of this privacy policy, some knowledge of legal definitions is helpful:

What are “personal data”?

Personal data refers to any information related to an identified or identifiable natural person. There are general and special personal data. Special personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, genetic data, biometric data which may identify you as a unique person, and data concerning a person’s sex life or sexual orientation. All other data which may identify you as a natural person are general personal data. In this privacy policy we will use the general term “personal data” or “data”, unless otherwise specified.

What is “processing” of personal data?

Processing means any operation, whether or not automated, which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, making available, combination, restriction, erasure, or destruction. In this privacy policy and for reasons of readability we will use the words “collect(ing)”, “use/using” and “process(ing)” to refer to the legal definition of processing.

What is a “data subject”?

A data subject is any living natural person whose personal data are processed. For reasons of readability we will use the words “person” and “you(r)” to indicate the data subject.

What is a “controller”

A controller is the legal person who determines the purposes and means of the processing of personal data. In this privacy policy, that’s us (hereinafter referred to as: “prIME Oncology”, “we/us/our”).

What is a “processor”

A processor is a legal person who processes personal data on behalf of and at the instructions of the controller.

What does “GDPR” mean?

GDPR means General Data Protection Regulation, the European regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, adopted by the European Parliament and the European Council on April 27, 2016, and current as of May 25, 2018.

  1. COLLECTING PERSONAL DATA

What personal data do we collect?

prIME Oncology collects personal data directly from you or indirectly from third parties, such as our business partners and/or third-party vendors.

The personal data we collect are always and merely connected to you in your professional capacity. The data we collect include your names (first names, last name), gender, title, company and company address, e-mail address, telephone numbers, degrees, professional specialties, special professional interests, billing data such as credit card numbers or bank account numbers, possible billing address, and personalized registration numbers for events. If you ask us to book a flight or a hotel, we also collect location data (travel data). When you are a faculty member who contributes to one of our services (symposia, meetings, etc), we assess whether there are relevant financial relationships that may influence the content of your contribution and/or our services. Sometimes we ask faculty members to provide us with recent photographs to use on our promotional material.

We do not collect special personal data, except for – at your request – dietary information or special needs which may (or may not) relate to your health or religious beliefs.

When do we collect personal data?

Your personal data are collected when:

  • you make an account on our website
  • you register (or are registered with your consent) for one of our events and/or other services
  • you subscribe to our newsletters
  • you contribute to symposia, publications, meetings, boards, presentations, or surveys, and/or you contact us or we contact you to do so
  • you will be reimbursed for any contribution to our services
  • you ask us to provide extra services such as booking flights or hotels
  • you engage with us on or through social media (by mentioning/tagging us or by contacting us directly)
  • one of our business partners provides us with a list of personal data to provide specific services and/or these lists are provided by third-party vendors.
  • you have confirmed intent to participate as chair or faculty member in one of our programs

Do we collect data of patients?

No, we do not. All information concerning patients’ personal data is always anonymized before we receive it.

Do we collect data of children?

No, we do not. Our business is not aimed at children.

  1. USE OF PERSONAL DATA

How we make use of personal data?

We use the personal data that we collect to provide you with the information and services that you expect and/or request from us. This may be access to (online) events, meetings, presentations, and publications, as well as receipt of newsletters and e-mails that inform you about our business activities.

Whenever you have registered for one of our events or other services, we use your personal data to meet our obligations to provide you with the information and services you asked for. Whenever this includes billing or reimbursement, we use the billing data you provided to exercise our financial rights and obligations.

Your personal data are also used for our internal business purposes, such as improving our services and communication, enhancing our website, and monitoring the use of our website. Data such as specialties, special interests, and degrees, combined with (general) data such as name and (e-mail) address, are used for direct marketing purposes (see below).

We rarely use special data (see definition above). These are only used in the event that you have responded to our questions concerning dietary requirements and/or special needs, which may relate to your health and/or religious beliefs.

Is this use lawful?

Yes, it is. Pursuant to the GDPR, there are various legal grounds for processing personal data. Insofar as is relevant, these are:

  • you have given us consent to use your personal data for specific purposes
  • we need the personal data for the performance of the contract (or entering into a contract) between you and us
  • there is a legal obligation to process the personal data
  • we – or a third party we work with – have a legitimate interest to process these data

In most cases, we have asked for your consent directly. In other cases, your personal data are provided to us by a business partner (ie, the party that has asked us to organize an event or render other services) or by third-party vendors (ie, parties that are specialized in compiling lists of professionals for whom our services may be of interest). In these two cases, prIME Oncology acts as processor rather than controller.

Since our core business is providing you with the knowledge, information, and other services you asked for, we need these data for performance of the agreement we have or will enter into. Without these data, access to our services, information, and knowledge is impossible.

Moreover, it may happen that we (have to) make use of these data to comply with a legal obligation to which prIME Oncology is subject, for example fiscal or medical (accreditation) legislation, court orders, or criminal charges.

Finally, we have our own legitimate interests in processing these data, which include the interests of our business partners. These interests are improving our services, our communication, our website, and business development. Our legitimate interests involve profiling for direct marketing purposes. If you wish to opt out from our direct marketing activities, see below.

As for the processing of special personal data (dietary requirements and/or special needs), this only takes place after your explicit consent. With that consent, we have met the legal obligation for the processing of special personal data.

  1. SHARING PERSONAL DATA

Since prIME Oncology consists of a group of companies, all legal entities share personal data with other entities within the group. All entities within the group use the same data for the same purposes.

We will never sell your personal data to any third party. However, in order to provide our services to you, we acquire personal data from third parties from time to time. To these data, this privacy policy, as well as all security measures we take, are equally applicable.

We always work with trusted service providers, who help us to carry out our services and make us improve our work and our (online and offline) communication and act as processors. Since these service providers have skills and capabilities we may not have, it is in our and your interest that we collaborate with these third parties. These service providers are never allowed to process the personal data of prIME Oncology for other (commercial or noncommercial) purposes than the purposes previously defined by us.

In the context of an onward transfer of personal data, prIME Oncology shall remain responsible for the processing of personal data to a third party who acts as a processor on our behalf. Whenever this third party processes personal data in a manner that is inconsistent with our instructions, we shall remain liable for the consequences, unless we can prove that we are not responsible for the event giving rise to the damage.

Where appropriate we share your personal data with third parties, such as CME providers, organizers of live events, travel agencies and hotels/hotel booking agencies, credit card companies, and banks, for the performance of contractual obligations.

If necessary we also share personal data to meet legal obligations, such as combating fraud, adhering to medical law and accreditation regulations), and maintaining compliance with the EFPIA Code and Sunshine Act.

On our website you can find buttons for social media, such as Facebook, Twitter, LinkedIn, and Google+. When you use these features, these social media may collect your IP address and information about the pages you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our website. Please note that this privacy policy does not apply to these features. Your interactions with these features are governed by the privacy policies of the companies providing them.

  1. DATA MINIMIZATION, ACCURACY, & STORAGE LIMITATION

prIME Oncology complies to the principles of data minimization, accuracy, and storage limitation. In short, this means that we will merely retain the personal data for as long as it is necessary, and that we clean up our databases containing personal data from time to time. Given the fact that we use personal data for different purposes, our retention periods may vary.

Along with own responsibility in this regard, you can at all times exercise your rights concerning the accuracy of the personal data we collected from you (see below).

  1. SECURITY

We do our utmost to keep the security of your personal data up to date. This implies technical and organizational measures such as encryption techniques, login procedures, firewalls, and regular updates of our technical infrastructure.

As part of this, we see to it that access to (part of) our systems is restricted to employees who actually work with personal data. An account with access to (part of) our systems is created for an employee only after authorization.

  1. YOUR RIGHTS AS DATA SUBJECT

As data subject, you are entitled to be informed about what happens with your personal data. This means that you can exercise the following rights:

  1. the right to be informed about the way we process your personal data (as in this privacy policy)
  2. the right to have access to the personal data we collected about you: you can request a copy of your personal data collected by us, which will be provided to you in a machine readable form
  3. the right to know the source when these data are not directly collected from you
  4. the right to know with whom your data are shared by us
  5. the right to have your personal data rectified when these are incomplete, out-of-date, incorrect, or otherwise inaccurate
  6. the right to have your personal data erased (the “right to be forgotten”)
  7. the right to obtain a restriction of processing by us for a period of time when the use of the personal data is contested on the ground that this use is inaccurate, unlawful, or no longer necessary or when you have objected to processing pursuant to article 21 (1) GDPR (profiling), pending the verification
  8. the right to have your personal data transferred to another service provider
  9. the right to object to automated decision making, including profiling (see below)

Whenever you wish to exercise one of the above-mentioned rights, please contact us. The information you request shall be provided by us in a commonly used electronic form.

  1. DIRECT MARKETING

You have the right to object at any time to the processing of your personal data for direct marketing purposes. Whenever you do, we shall no longer use your data for direct marketing. However, this doesn’t mean that we will no longer use these data for other specified, explicit and legitimate purposes.

If you have created an account on our website, you can simply amend your preferences or follow the unsubscribe links provided in our direct marketing e-mails and our other direct marketing communication. If you do not wish to see personalized marketing content, you can clear the cookies in your browser settings (see our cookie policy).

If you have any difficulties or complaints regarding our direct marketing activities, which cannot be solved in the above mentioned way, please contact us.

  1. PRIVACY SHIELD

prIME Oncology complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. prIME Oncology has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield you can visit the US Department of Commerce’s Privacy Shield List at: https://www.privacyshield.gov.

With respect to personal data received or transferred pursuant to the Privacy Shield, prIME Oncology is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC) and/or the Department of Transportation. In certain situations, prIME Oncology may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, prIME Oncology commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact prIME Oncology at: info@prIMEoncology.org. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information, see: https://www.privacyshield.gov/article?id=A-Scope.

  1. COMPLAINTS

prIME Oncology shall, at all times, cooperate with EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU and Switzerland.

If you have any complaints about our way of processing your personal data or if you wish to speak to us about our privacy policy, please contact us. If you feel that we didn’t handle your complaints satisfactorily, you can apply to:

  1. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time. When the changes are significant, we will notify all our account holders and visitors of our website. Along with this, we advise you to check this page regularly to acquaint yourself with the latest version.

This Privacy Policy was last updated on JUNE 14, 2018.