HAExpert Website Privacy Notice
This HAExpert website is operated by Meridian HealthComms Ltd on behalf of its sponsor CSL Behring. The following privacy notice describes to you the purposes for collecting and using your personal data, the categories of personal data we collect for those purposes, how we collect your personal data, what your rights you have in relation to the personal data we hold, and how you can exercise these rights.
At Meridian HealthComms, (“we”, “us”, “Meridian”) we are committed to protecting your privacy. When you use this website, we will collect certain information that can be used to identify you (“personal data”).
Meridian is the “data controller” of the personal data we collect. This means that we are responsible for decisions about the collection and use of personal data. It also means we are responsible for responding to your questions and requests in relation to the personal data we hold about you.
- Categories of Personal Data We Collect
We may collect the following types of personal data from you when you use this website:
- Contact details in connection with event and webinar registrations that allows us to contact you, such as your name, address, telephone numbers, email addresses and salutation (Mr./Mrs.).
- Demographic information about your professional background which can help us to identify you more precisely, such as country of practice.
- Institution and profession information about your area of expertise, institutional affiliation, area(s) of speciality.
- Messages and notes you send to us when using the contact options on this website (whether by online message or email).
- Information about how you use our website may be limited to statistical, non-identifiable information about the pages our website visitors look at and how they use them.
- Location information: your smartphone or computer’s IP address may tell us your approximate location when you connect to our website (this will usually be no more precise than a country or city location). Any Geolocation data is anonymized, and no personally identifiable information is available to Meridian.
- How We Collect Your Personal Data
We will collect personal data from a number of sources. These include:
- Directly from you, for example, we will collect personal data directly from you when you register for an event or webinar, contact us by phone, email, or communicate with us directly in some other way.
- Our website: we will collect information we observe about the way you use our website including last log on date and date of registration. Google Analytics data is also used but no personally identifiable information is available to Meridian.
- How and Why We Use Your Personal Data
We collect and use your personal data for the purposes described in the below table.
|Purpose of processing||Categories of data typically processed for the described purposes|
|To register you for the event on this virtual platform and create a user profile.||Contact details|
|To share your contact details with the sponsor (CSL Behring) for them to contact you regarding future expert events and webinars, educational and scientific events, or publications.||Contact details (with your opt-in)|
We will only use your personal data when the law allows us to. Most commonly, we will rely on the lawful grounds listed below when we use your personal data.
- Consent: if you have consented to the collection and use of your personal data.
- Legitimate interest: if our use of your personal data is for our legitimate interests (or those of a third party) in the context of you registering for expert events or webinars. This includes purposes that enable us to enhance the services we provide on our website and in the context of our events and webinars.
We do not collect and process sensitive personal data (such as health data) about you.
- Your Consent
Under certain circumstances, where the legal basis for using your personal data is that you have provided your consent, you may withdraw your consent at any time. If you withdraw your consent, this will not make processing which we undertook before you withdrew your consent unlawful. You can withdraw your consent by contacting us using the contact details listed below.
- How We Will Keep Your Data Secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost or used, accessed, altered, or disclosed in an unauthorized way. In addition, we limit access to your personal data by our employees and service providers, to individuals who need access to perform their job or provide a service to us. They will only use your personal data on our instructions and are required to keep your personal data confidential.
We have put in place procedures to deal with suspected data breaches and will notify you and any applicable regulators of breaches in accordance with relevant legal requirements.
- How Long Will We Keep Your Personal Data?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
- Who Has Access to Your Personal Data?
We may share personal information with the following:
- Our staff – your personal data will be accessed by our staff but only where this is needed for their job role.
- Companies in the same group of companies as us – for the purpose of providing a service to you.
- Third party service providers – to deliver the virtual event.
- Event Sponsor – with your opt-in consent.
- The government or our regulators – where we are required to do so by law or to assist with their investigations or initiatives, including relevant data protection and healthcare regulators. Such parties use the personal data for their own purpose and their own privacy notice will apply to the use of the personal data they hold.
We do not disclose personal information except as set out above or where we have a legal obligation to do so, or we need to share information to assist with the investigation and prevention of crime.
- Do We Transfer Your Personal Data Outside of Europe?
To process your personal data for the purposes set out in this notice, we may transfer your personal data to third parties and other companies in our group. However, we have set out systems and processes that ensure that your personal data is only processed within the EU, UK and EEA (”Europe”).
- What Rights Do You Have?
Under certain circumstances you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can also object to receiving direct marketing.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you under certain circumstances, for example, if you want us to restrict processing while the accuracy of the personal data is being established.
- Request that we transfer personal data that you have provided to us to you or another party.
- Request not to be subjected to automated decision-making. We will not use automated decision making and profiling for our online operations but if there are changes in the future, you have the right to request not to be subjected to it.
You can exercise your rights by contacting our data representative on firstname.lastname@example.org.
We will investigate any request you make immediately and will respond to you within 30 days of your request. That period may be extended by us for a further two months where this is needed to help us respond properly (for example if the request is complicated for us to deal with and we need more time) but we will let you know the reasons for the delay.
If we decide not to take action on the request, we will inform you of the reasons for not taking action. If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of data protection laws in Europe, you can lodge a complaint with a data protection regulator in Europe.
- Direct Marketing
If you are a healthcare professional or provider and, depending on the marketing preferences that you indicate to us at the time we collect your personal data, we may contact you via post, telephone or electronic methods with information about our website, planned events and webinars. You can opt-out by the options provided to you within our communications or by contacting us using the contact details at the end of this notice.
When you use our website, we may collect information about your use of the website through cookies. A cookie is a small text file, which contains small amounts of information that passes to the device you are viewing the website on, through your web browser, so that the website can recognize and remember your device.
If you prefer, you can remove or reject browser cookies through the settings on your browser or device. However, rejecting or removing cookies could affect the availability and functionality of our services.
You can find more information about how to change your browser cookie settings at www.allaboutcookies.org. Further information about Google Analytics can be found here, and you may opt-out of Google Analytics here.
- Contact Us
If you have any questions about how we process your personal data or want to exercise one of your rights, you can contact us or our Data Protection Officer using the following email email@example.com
- Updates to this Notice
We may update this notice from time to time to reflect changes in the way we process personal data (e.g., if we implement new systems or processes that involve new uses of personal data) or to clarify information we have provided in the notice. Our changes will be in accordance with applicable data protection laws.
We recommend that you check for updates to this notice from time to time, but we will notify you directly about changes to this notice or the way we use your personal data when we are legally required to do so.
LAST UPDATED: 3 December 2021