This Policy was last revised on April 3, 2020.
About M3 Global Research
M3 Global Research operates an ISO 26362 certified market research panel with the highest quality data collection and project management capabilities that cover the spectrum of quantitative and qualitative research techniques utilized today. M3 Global Research is the trading name for the market research activities provided by M3 USA Corporation and its affiliates, including M3 (EU) Ltd. and Qualitative and Quantitative Fieldwork Services AB.
About the M3 Group
The M3 Group, named to represent Medicine, Media, and Metamorphosis, was founded with the goal of changing the world of medicine through full use of the power of the Internet. The M3 Group operates in the US, Asia, and Europe with over 2 million physician members globally via its physician websites such as: m3.com, mdlinx.com, m3globalresearch.com, doctors.net.uk, thesmartestdoc.com, networksinhealth.com, medigate.net, medlive.cn
M3 Inc. is a publicly traded company on the Tokyo Stock Exchange (jp:2413) with subsidiaries in major markets including USA, UK, Sweden, Japan, S. Korea, and China. M3 Group provides services to healthcare and the life science industry. In addition to market research, these services include medical education, ethical drug promotion, clinical development, job recruitment, and clinic appointment services. M3 has offices in Tokyo, Fort Washington, PA, Oxford, London, Gothenburg, and Seoul.
The Types of Personal Data We May Obtain and Process
M3 Global Research obtains personal data of Representatives that is disclosed or otherwise processed by M3 Global Research upon entering into and performing agreements, communicating with Business Associates in relation to agreements and making and receiving payments under agreements. We also may obtain Representatives' personal data from public sources in anticipation of a prospective business relationship.
We use a variety of public sources to collate information about potential Business Associates we believe may be suitable for our services. We may also receive a referral from one of your colleagues and process that information in a similar way. Personal data is any information that allows an individual (in this case, the Representative) to be identified.
We may process the following types of personal data about Representatives:
- Names, postal or e-mail addresses, fax numbers, and phone numbers
- Employment information (e.g., job titles) relating to Representatives
- Communication preferences
As a matter of practice, we will not collect any sensitive (special category) personal data relating to Representatives. To the extent that there is a need for us to process sensitive personal data, we will obtain the Representative's prior written consent.
Purpose and legal basis for processing your personal data
This data is used to manage our contact with you, so that, for example, multiple attempts to contact you regarding the same services are eliminated or you are not re-contacted after informing us you are not interested in our services. We also use it as we generate lists of potential Business Associates to contact.
We process personal data on the basis of our legitimate interest (i.e., we have a valid business reason) and we have carefully balanced your individual rights against this need. "Legitimate Interests" means the interests of our company in conducting and managing our business to provide you with Activity opportunities and complete Activities on behalf of our clients. For example, we have an interest in making sure our Activity invitations are relevant to you, so we may process your information to send you invitations that are tailored to your specialty. It can also apply to processing that is in your interests as well. For example, we may process your personal data to protect you against fraud when accessing our website, and to ensure our systems are secure. When we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to do so by law.
We will only process your personal data for the purpose it was first collected. If we process the personal data for a new purpose, we will ensure it is either compatible with your original purpose, or gain your consent.
How we use the Personal Data we obtain
We may use the personal data we obtain about Representatives to:
- Manage our existing and prospective Business Associates relationships;
- Communicate with Representatives for marketing, newsletters and company updates (for example, concerning services we offer or intend to offer in connection with our services);
- Perform accounting, auditing, billing, and collection activities;
- Safeguard and defend M3 Global Research interests; and
- Comply with applicable legal requirements, industry standards and our policies.
How we may share Personal Data
M3 Global Research does not sell, rent, or trade Representatives' personal data. We may share your personal data only with:
- Affiliates of M3 Global Research to whom it is reasonably necessary or desirable for M3 Global Research to disclose the personal data;
- Service providers that M3 Global Research has retained to perform services on its behalf, such as, but not limited to, IT service providers. Service providers are not permitted to use the personal data for their own purposes and are prohibited from onward transfer of the personal data without our written consent in each instance;
- Law enforcement and other government authorities if required by law or reasonably necessary to protect the rights, property, and safety of others or ourselves. This includes lawful requests by public authorities, including to meet national security or law enforcement requirements; and
Industry standards or guidelines that require disclosure about our Business Associate.
Links to other websites
International Data Transfers
M3 uses EU Standard Contractual Clauses to additionally safeguard data from the EEA and UK to countries outside of these locations.
This includes transfers to the US where, prior to the decision of the Court of Justice of the European Union making the Privacy Shield invalid, M3 used this mechanism. M3 continues to certify and abide by the Privacy Shield which demonstrates commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for EU individuals.
M3 Global Research has its headquarters in the USA and personal data we collect from you may be processed in the USA. M3 Global Research complies with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom or Switzerland to the United States.
The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield became operational after the European Commission and the Swiss Federal Data Protection and Information Commissioner issued formal decisions that Privacy Shield provides adequate protection to allow personal data to be transferred to the United States. Privacy Shield obligates U.S. companies to protect European, United Kingdom and Swiss personal data and requires the U.S. government to monitor Privacy Shield certified companies and to cooperate with European, UK, and Swiss Data Protection Authorities.
M3 Global Research is responsible for the processing of personal data it receives under the Privacy Shield Framework and for subsequent transfers to third parties acting on its behalf. M3 Global Research complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, the UK, and Switzerland, including the onward transfer liability provisions.
M3 Global Research submits to being subject to the investigatory and enforcement powers of the FTC or any other U.S. authorized statutory body with regards to our self-certification and implementation of the Privacy Shield Principles, and acknowledges the right of EEA, UK, and Swiss individuals, under certain conditions, to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing M3 Global Research’s adherence to these practices.
How we protect Personal Data
We maintain appropriate technical and organizational security safeguards designed to protect Representatives' personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. We update and test our security technology on an ongoing basis. We limit access to your personal data to those employees who need access to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal data.
How long we retain Personal Data
We store Representatives' personal data for as long as necessary to fulfil the purposes for which we collect the data (see "How We Use the Personal Data We Obtain"), except if required otherwise by law. Your personal data may be kept for 10 years after the working relationship has ceased.
Privacy Shield, the European Union’s General Data Protection Regulation as well as other countries’ privacy laws provide certain rights for EEA, U.S. and Swiss data subjects. Explanations of them (in English) are available at (i) the Privacy Shield website (ii) the website of the United Kingdom’s Information Commissioner’s Office and (iii) the website of the Swiss Federal Data Protection and Information Commissioner office.
If you wish to confirm that M3 Global Research is processing your personal data, or to have access to the personal data M3 Global Research may have about you, please contact our Data Protection Officer.
You may request information about:
- the purpose of the processing;
- the legal basis for that processing;
- the categories of personal data and the data subject concerned;
- information on the type or identity of third parties to which your data may be disclosed to and the protection provided;
- the source of the personal information (if you didn’t provide it directly to us); and
- how long it will be stored.
You have a right to:
- access your personal data
- have inaccurate personal data rectified
- request erasure of personal data
- restrict the processing of your personal data
- object to the processing your personal data
- data portability
- opt out of data being transferred to a third party, unless there is a legal reason to do so (see "How we may share Personal Data")
- opt out of direct marketing
To exercise your rights, you can write the Data Protection Officer at firstname.lastname@example.org.
Reasonable access to your personal data will be provided at no cost to you upon your request. M3 Global Research will provide the information to you within the legal time frame. If for some reason access is denied, M3 Global Research will provide an explanation as to why access has been denied.
Independent Dispute Resolution Mechanism
M3 Global Research commits to resolve complaints about our collection or use of your personal data. Individuals in the European Union or Switzerland with inquiries or complaints regarding our Privacy Shield policy should first contact our Data Protection Officer.
If you have a privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
M3 Global Research is headquartered in Fort Washington, Pennsylvania in the USA. M3 Global Research has appointed an internal data protection officer for you to contact if you have any questions, requests on your personal data, concerns or complaints please send an email to email@example.com.