Last updated: May 2018
WHAT INFORMATION DO WE COLLECT?
Information You Provide to Us
We will collect information from you if you register, establish a personal profile to gain access to certain content or services, if you ask to be notified by email about online content, if you participate in surveys we conduct, or otherwise interact with the Services. This requires the input of personal information and preferences that may include, but is not limited to, details such as your name, username and password, address (postal and email), telephone number, professional background and educational information (including your CV if you are a NEJM CareerCenter user), demographic information and other information about your professional board membership and certifications if you are an NEJM Knowledge+ user. If you request paid content or services, including subscriptions, we will also ask for credit card and other billing information.
We also collect information that you provide when you comment on our content, register to participate in events (either in-person or online), and when you submit material to a Service.
If you choose to register and sign in using a third party social media account, the authentication of your login is handled by the third-party account and the Services may collect your name, profile photograph, email address, and any other information from your third-party account that you agree to share at the time you give permission to link your third-party account with the Services. By doing this, you are authorizing us to collect, store, and use the data they send us.
Information Collected Automatically
In addition to the information that you provide to us directly, we may collect information about your use of the Services to help us measure and analyze traffic and usage. This helps us to enhance and improve the Services. For example, we may collect:
- Device Information — such as your hardware model, IP address, other unique identifiers, operating system version, browser type and settings, and the settings of the device you use to access a Service.
- Usage Information — such as information about the Services you use, the date and time, the duration of your usage, the files downloaded or viewed, and other information about your interaction with content offered through a Service.
- Location Information — such as the general location of your device in order to provide you with more relevant content and ads for where you are in the world when you use certain Services.
Other Information We Collect
We may also collect other information about you, your device, or your use of the Services in ways that we describe to you at the point of collection or otherwise with your consent. You may choose not to provide us with certain types of information but doing so may affect your ability to use the Services.
Most web browsers automatically accept cookies but can be configured not to or to notify you when a cookie is being sent. If you wish to disable cookies, refer to your browser help menu to learn how. If you disable cookies, doing so may interfere with or prevent the proper function of a Service.
Clear Gifs (Web Beacons/Web Bugs)We may also use clear gifs, which are tiny graphics with unique identifiers that function similarly to cookies to help us to track activity. We do not use these to collect personally identifying information.
HOW IS THIS INFORMATION USED?
Information collected automatically is used to monitor users’ interests and usage patterns in order to help us enhance and improve our service offerings.
We may share information with vendors providing contracted services to us, such as hosting vendors, advertising service providers, data analytics and customer support providers, IT service providers, and list managers. We may also share your information, including your payment information, as appropriate to process your payment for a Service or to complete a transaction. When requested by you, we may also share your information with medical credentialing and accreditation organizations in connection with our continuing medical education and maintenance of certification offerings. These providers and organizations are obligated to maintain your personal information as confidential and have access to your personal information only as necessary to perform their requested function on your behalf.
We may also report aggregate information about usage to third parties, including our service providers and advertisers.
We may share your information within NEJM Group or otherwise use your information with your consent or at your direction.
For NEJM Catalyst users, we may share your information with sponsors or other third parties to provide them with an opportunity to offer products and services that may be of interest to you. If so, we will notify you and obtain your consent at the time of download or registration.
For NEJM Knowledge+ users, if your access is purchased for you through a residency program, we may share with your residency program administrators your personal information and certain usage and performance data, including your progress and time spent in various modules, your practice exam scores, and your metacognitive scores.
For NEJM Resident 360 users, the profile information you provide (including your profile photo, bio, professional specialty, employer, and the school you attend) may be made public. We may also use your profile information if you invite others to join or connect with you. You may be invited to participate in discussions, post comments, or otherwise engage in networking activities. MMS does not control what users post to these forums or social networks. You should carefully consider whether you wish to submit personal information to these forums or social networks and tailor any content you submit appropriately.
For NEJM CareerCenter users, CVs and cover letters uploaded to our site are not shared or forwarded, except at the option of the jobseeker. Jobseekers are not required to create a physician profile to apply for an open position but are encouraged to do so. The contact information included in the physician profile is controlled by and may be limited by the jobseeker and you have the option to hide your profile so that it is not available to prospective employers.
We use third-party ad servers to serve advertising through our Services. The ad servers we use do not collect any personally identifiable information regarding users who view or interact with the advertisements they serve. Our ad servers only collect non-personally identifiable ad delivery and reporting data.
WHAT SECURITY MEASURES ARE USED?
We endeavor to keep your personal information confidential and protected against unauthorized access, misuse or alteration with commercially reasonable physical, technical, and administrative measures. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of electronic data nor can we guarantee that the information you supply will not be intercepted.
HOW TO MAKE CHANGES TO YOUR INFORMATION
Once you have created an account at one of our Sites, you can update your personal information at any time. You may also choose to stop receiving offer information from us about content or services by updating your account preferences or using the “unsubscribe” or other means provided within the communications you receive from us. You may also contact our Customer Service Department by the following:
- Telephone: 800-843-6356 or +1 781-434-7888 (outside the United States and Canada)
- Email: firstname.lastname@example.org
- Mail: Customer Service, NEJM Group, 860 Winter Street, Waltham, MA 02451-1413, USA.
User-Generated Content Forums
Any data or personal information that you submit to us as user-generated content becomes public and may be used by the MMS in connection with the Services and other NEJM Group and MMS publications and offerings in any and all media.
Do Not Track Signals
Like most web services, at this time we do not alter our behavior or change our Services in response to do not track signals.
Compliance with Legal Process
We may disclose personally identifying information if we are required to do so by law or we in good faith believe that such action is necessary to (1) comply with the law or legal process; (2) protect our rights and property; (3) protect against misuse or the unauthorized use of a Service; or (4) protect the personal safety or property of our employees, users, or the public.
Cross-Border Transfer of Your Information
The Services are headquartered in the United States. Your personal information may be transferred outside of your country of residence to the United States or another country for processing. By using a Service, you consent to the collection, international transfer, storage, and processing of your information outside of your country of residence, in which case the personal data protection rules may differ from the rules in your country.
The Services are not intended for children under 13 years of age. We do not knowingly collect or store any personal information from children under 13.
Changes to This Policy
We can also be contacted by telephone at 800-834-6356 or +1 781-434-7888 (outside the United States and Canada)
NEJM Group offices are located at 860 Winter Street, Waltham, MA 02451, USA.
Additional Privacy Information for Users in the EU
For our users in the European Union we are providing some additional information below as required by the EU General Data Protection Regulation (“GDPR”).
The data controller for the Services is: Massachusetts Medical Society, 860 Winter Street, Waltham, MA 02451 USA
2. Data Protection Officer
You can contact our Data Protection Officer at: Attn: Data Protection Officer, Massachusetts Medical Society, 860 Winter Street, Waltham, MA 02451 USA
3. Representative in the EU
MMS’s representative in the EU (Art. 27 GDPR) is: Dr. Stefan Freytag, Straßer Ventroni Deubzer Freytag & Jäger Rechtsanwälte, Oberanger 30, 80331 München, Germany
4. Additional Information about Processing of Personal Data
4.1 Processing for or Prior to Entering into a Contract
4.2 Processing on the Basis of Your Consent
You may at any time revoke a consent granted hereunder in accordance with GDPR. In case of revocation, MMS will not process the personal data subject to this consent any longer unless legally required to do so. However, any revocation of your consent has by law no effect on past processing of personal data by MMS up to the point in time of your revocation. Furthermore, if your use of a Service, requires your consent, MMS will no longer able to provide the relevant Service to you after your revocation.
4.3 In Order to Comply with a Legal Obligation
4.4 Aggregated Anonymous or Pseudonymous Use of Data
4.5 Duration of Processing of Personal Data
Where MMS is processing and using your personal data as permitted by law (including in the context of a contract with you) or under your consent, MMS will store your personal data (i) only for as long as is required to fulfill the respective purposes or (ii) until you revoke your consent. However, where MMS is required by mandatory law to retain your personal data longer or where your personal data is required for MMS to assert or defend against legal claims, MMS will retain your personal data, in accordance with applicable law, until the end of the relevant retention period or until the claims in question have been settled.
4.6 Where will my personal data be processed?
MMS is a U.S. based, internationally operating organization. Consequently, whenever MMS is using or otherwise processing your personal data for the purposes set out in its privacy policies, your data may be collected from, processed, or transferred to a country outside of the EU or European Economic Area (“EEA”).
4.7 No Decisions Based Solely on Automated Processing (Art. 22 GDPR)
Our processing of your personal data does not involve decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you.
5. Data Subject’s Rights under GDPR
5.1 Data Access, Correction and Deletion Right
You can request from MMS at any time information about which personal data MMS processes about you and the correction or deletion of such personal data.
Please note that MMS can delete your personal data only if there is no legal or contractual obligation or prevailing right of MMS to retain it. Please also note that if you request that MMS delete your personal data, you will not be able to continue to use a Service that requires MMS’s use of your personal data.
If MMS uses your personal data based on your consent or to perform a contract with you, you may further request from MMS a copy of the personal data that you have provided to MMS. In this case, please contact MMS’s Data Protection Officer and specify the information or processing activities to which your request relates, the format in which you would like this information, and whether the personal data is to be sent to you or another recipient. Please also provide reasonable information and evidence that permits MMS that the request originates from you as the data subject entitled to receive such personal information and that no one else is abusively trying to access your personal data by requesting a copy of it from MMS.
Furthermore, you can request from MMS that MMS restricts your personal data from any further processing in any of the following events: (i) you state that the personal data MMS has about you is incorrect, (but only for as long as MMS requires to check the accuracy of the relevant personal data), (ii) there is no legal basis for MMS processing your personal data and you demand that MMS restricts your personal data from further processing, (iii) MMS no longer requires your personal data, but you claim that you require MMS to retain such data in order to claim or exercise legal rights or to defend against third party claims or (iv) in case you object to the processing of your personal data by MMS (based on MMS’s legitimate interest as further set out in Art. 6 (1) (f) GDPR) for as long as it is required to review as to whether MMS has a prevailing interest or legal obligation in processing your personal data.
5.2 Right to Lodge a Complaint
If you believe that MMS is not processing your personal data in accordance with applicable EU/EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EU/EEA member state in which you live or with the data protection authority of the country or state in which MMS has its registered seat.