Privacy Policy

Introduction

M3 Global Research operates a panel of members who take part in "Activities" (including market research, non-interventional studies, observational studies and other surveys) on behalf of our clients. This Privacy Policy relates to the products and services offered by M3 Global Research via www.m3globalresearch.com/research, www.m3globalresearch.blog and hub.m3globalresearch.com (the “Sites”).

This Privacy Policy is intended to provide you with information about what personal data M3 Global Research collects about you and how it is used.

We may revise this Privacy Policy at any time, without notice to you. You are responsible for reviewing it regularly. Your access of the Sites following the posting of changes means you agree to abide by those changes. PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE SITES.

This Privacy Policy was last revised on May 23, 2018.

Read More

M3 Inc. is a publicly traded company on the Tokyo Stock Exchange (jp:2413) with subsidiaries in major markets including USA, UK, Japan, S. Korea, and China. M3 provides services to healthcare and the life science industry. In addition to market research, these services include medical education, ethical drug promotion, clinical development, job recruitment, and clinic appointment services. M3 has offices in Tokyo, Fort Washington, PA, Oxford, London, Gothenburg, and Seoul.

M3 Global Research is the trading name for the market research activities provided by M3 USA Corporation and its affiliates, including M3 (EU) Ltd. and QQFS.

Data Protection Officer

M3 Global Research is headquartered in Fort Washington, Pennsylvania in the USA. M3 Global Research has appointed an internal data protection officer for you to contact if you have any questions, requests on your personal data, concerns or complaints please send an email to Privacy@m3globalresearch.com

How we collect and use (process) your personal data

M3 Global Research collects personal data about its members and those that participate in our Activities. We use this personal data to provide you with services as described below. We do not sell personal data to anyone and only share it with third parties who are facilitating the delivery of our services or when you give us explicit additional permission.

Personal data you give us about yourself when you register

Personal data we collect and process: We collect the personal data you provide on the registration form; your name, address, telephone number, email address, and if you are a healthcare professional information about your occupation so that we can target and tailor invitations to participate in Activities. (See “Personal data you give us within your membership profile” for more information about how we select Activity invitations for you)

Read More

Purpose and legal basis for processing your personal data: We collect this personal data to provide the services to you that you are registering for, to tailor them to your needs and to provide services to our clients. Mandatory fields are marked on the registration form and without them you will not be able to register. Without this minimum amount of data, we cannot provide these services to you or conduct our business.

We process your personal data on the basis of our legitimate interest (i.e. we have a valid business reason to do this) and we have carefully balanced your individual rights against this need. For more information on legitimate interests please click here.

Sharing your personal data with others: We occasionally share restricted amounts of your personal data with M3 Global Research partners. This is primarily to ensure that you are not invited by multiple companies to participate in the same Activity and to prevent fraudulent completion of Activities. It is done within the legal restrictions of GDPR and M3 Global Research remains in contractual and legal control of your personal data. Any other transfers to third parties are only done with your specific consent at the time.

Your rights: As well as some general rights, you have the right to object to us processing your data in this way (see “Your Rights” for more information)

Data Retention: We retain your personal data for 10 years after you end your membership so that we can comply with our data obligations to clients to maintain records for a minimum period. The data is then deleted.

Personal data you give us within your membership profile

Personal data we collect and process: M3 Global Research collects from you additional personal data either before Activities or within the member website. This is used to allow us to invite you to participate in Activities that you are more likely to be interested in and qualify for. For example; for physicians, this may include information about your medical experience and the types of patient you treat; and for patients, it may include information about your condition(s) which can including sensitive (special category) personal data.

Read More

Purpose and legal basis for processing your personal data: We rely upon your consent to collect and process this personal data. It is used as described above.

Providing this information is voluntary. By providing this information, you allow us to invite you to participate in the most appropriate Activities. Without this information, you will be invited to participate in and may qualify for fewer Activities. On occasion, you will not be able to participate in Activities unless you provide this information and consent its use.

We are obliged to inform you of any automated processing (including profiling) we perform. Our member profiling system uses only semi-automated processing to determine which profile questions to show you and whether to invite you to an Activity. Simple rules are configured by our staff to decide what data to collect, e.g. if a doctor tells us they treat cancer then we may ask them which types. Similarly, if a patient tells us they suffer from a specific condition we may ask them if they suffer from any related conditions. Our staff then selects the combination of question answers likely to qualify for a specific Activity and our systems automatically send Activity invites to the people with these answers.

Sharing your personal data with others: We may share this personal data with our clients by linking it to Activity responses you provide, or including it when we redirect you to online Activities on third party websites, so that they can save you time in Activities by not asking questions where we already have your answers. It is not linked to your registration information without your specific consent at the time.

Your rights: In addition to your general rights (see “Your Rights” section) you have the right to withdraw your consent for us to process your personal data in this way. Please note that if you do, it will only affect future Activities you participate in and it will make it more difficult for us to invite you to participate in the most appropriate Activities for you.

Data Retention: We retain your personal data for 10 years after you end your membership so that we can comply with our data obligations to clients to maintain records for a minimum period. The data is then deleted.

Personal data you give us within and immediately before or after online Activities

Personal data we collect and process: Activities should not contain requests for you to provide personal data. However, M3 Global Research maintains systems that control access to and measure outcomes (for example; if you completed the Activity or failed to qualify) so we may need to collect personal data before and/or after the Activity. This data is not linked directly to the Activity data and is only passed to third parties with your explicit consent and/or as laid out in this policy. (See also “Payment details you give us for compensation payments” and “Data we retain for an extended period”)

Online Activities offered to M3 Global Research members may be on a website provided by M3 Global Research or one provided by a third party. In the latter case, any personal data collected will be subject to the host’s privacy policy. If you take part in other forms of market research with M3 Global Research, for example, discussion groups or telephone interviews, then you will be asked to provide specific consent for any necessary processing of your personal data.

Read More

Purpose and legal basis for processing your data: Personal data collected before and after online Activities can include your name and address as well as “Data created about you by your use of our systems”. Together this data is used to prevent you taking the same Activity more than once and to protect us against potential fraud.

We process your personal data on the basis of our legitimate interest (i.e. we have a valid business reason to do this) and we have carefully balanced your individual rights against this need. For more information on legitimate interests please click here.

Sharing your personal data with others: We occasionally share restricted amounts of your personal data with M3 Global Research partners and clients to avoid you being invited to the same Activity by multiple companies. This may involve transferring your personal data to countries outside the EU and is done within the legal restrictions of “GDPR, and with M3 Global Research remaining in contractual control of the data including standard EU data protection clauses.

Your rights: You have the right to object to us processing your data in this way (see “Your Rights” for more information) although this may mean you cannot be included in our Activities.

Data Retention: We retain your personal data for 10 years after the Activity is completed by all participants and then it is deleted.

Personal data created about you by your use of our systems

Personal data we collect and process: We use a variety of technical means to collect and/or store personal data about you. These include cookies, web beacons and device fingerprinting/watermarking. For more information on our use of these technologies please refer to our Cookie Notice and Policy . Additionally, we keep records of your use of our systems. These are used to improve the security of our systems, prevent duplicate and fraudulent Activity responses, and to improve the experience we offer you.

Read More

Purpose and legal basis for processing your personal data: This data is used to improve the security of our systems, prevent duplicate and fraudulent Activity participation, and to improve the experience we offer you.

We process your personal data on the basis of our legitimate interest (i.e. we have a valid business reason to do this) and we have carefully balanced your individual rights against this need. For more information on legitimate interests please click here.

Sharing your personal data with others: This personal data is not shared with third parties although our device fingerprinting and watermarking is provided by a third party who collects information about your computer from your browser.

Your rights: You have the right to object to us processing your data in this way (see “Your Rights” for more information)

Data Retention: We retain your personal data for 10 years and then the data is deleted.

Payment details you give us for compensation payments

Personal data we collect and process: We collect and use specific personal data so that we can process payment of your Activity compensation. The personal data we need to use varies depending on the form of payment but can include bank account details, name, mailing address and email address. This is used only to process these payments but may be shared with payment processing partners to process the payment. (e.g., we have to share bank account details with our bank to process a bank transfer to your account.) This personal data is also retained for financial reporting, audit and tax purposes.

Read More

Purpose and legal basis for processing your data: We collect this personal data to process the payments and to maintain records for tax, audit and to defend ourselves in case of any claims. This information is necessary to perform the contract between M3 Global Research and you, without it we would not be able to process your payments.

Sharing your personal data with others: Where necessary, we share this personal data with service providers that M3 Global Research contracts with to deliver compensation payments. For example, if you select a bank transfer, we will share this information when we instruct our bank to make the payment. If you select a cheque payment then the necessary personal data is shared with providers that print and mail cheques on our behalf. This may involve transferring your personal data to countries outside the EU and is done within the legal restrictions of GDPR, and with M3 Global Research remaining in contractual control of the data including standard EU data protection clauses.

Reporting Compensation and Tax Information: In the USA, if you participate in an Activity that pays compensation, M3 Global Research may have an obligation to report such payments. By participating in such Activity, you are permitting us to disclose your earned compensation as appropriate to comply with all laws and other reporting requirements. In addition, IRS regulations prevent us from paying individuals in excess of $600 in any given tax year without valid tax identification information. If tax identification information is not provided within 12 months after completing an Activity, compensation above $600 in any tax year is forfeited.

Your rights: Please see “Your Rights” section for your general rights. There are no additional rights specific to this processing.

Data Retention: We retain your personal financial data for 10 years to comply with financial reporting requirements and then the data is deleted.

Personal data we get from third parties

Personal data we get: Clients sometimes send us lists of healthcare professionals who they would like us to include or exclude in specific Activities. We also subscribe to various lists of healthcare professionals that we use to validate registrations and to append a variety of unique identification numbers to assist with deduplicating registrations, matching client lists and with legal reporting obligations (in France). Lists of healthcare professionals are also used for direct marketing purposes outside the EU.

Read More

Purpose and legal basis for processing your personal data: For lists of potential Activity participants, we process them on behalf of the data owner/controller (our client) so that we can meet their Activity participant selection criteria.

For lists used to validate our healthcare professional members and append unique identification numbers, we process these lists to ensure the quality of the data we deliver to clients and to help us with matching client lists.

In both cases, we process your personal data on the basis of our legitimate interest (i.e. we have a valid business reason to do this) and we have carefully balanced your individual rights against this need. For more information on legitimate interests please click here.

For lists used for direct marketing (outside the EU) we hold and process the data based upon the consent you granted to the list provider.

Sharing your personal data with others:

  • Individuals outside the EU may be included in direct marketing lists we share with service providers (e.g. sending emails on our behalf) under contract to M3 Global Research. This does not include the transferring of personal data about EU residents.
  • When we process lists of our clients desired Activity participants, we do sometimes share these with our clients or partners to avoid you being invited to an Activity by more than one company. This may involve transferring your personal data to countries outside the EU and is done within the legal restrictions of GDPR, and with M3 Global Research remaining in contractual control of the data including standard EU data protection clauses.

Your rights: You may have the right to object to us processing your personal data in this way and/or withdraw your consent to us doing so. (See “Your Rights” for more information

Data Retention: We retain your personal data received from third parties for no longer than 10 years and then it is deleted.

Personal data we retain for an extended period

Personal data we collect and process: In order to manage its business, M3 Global Research needs to retain limited personal data about previous members for longer periods of time. We have carefully limited the personal data retained and the circumstances in which it is needed to the following:

  • Requests by individuals to not email them
  • Requests by individuals not to be contacted by M3 Global Research
  • Individuals who have objected to M3 Global Research processing their personal data (where there is not an overwhelming interest in us continuing to do so)
  • Individuals who have breached the Sites Terms of Use , including those suspected of fraudulent behaviour

This personal data is not shared with anyone and is only used to honour your requests or to prevent subsequent Activity participation.

Read More

Purpose and legal basis for processing your personal data: M3 Global Research has an obligation to protect its business from suspicious and unlawful activity as well as to respond to requests from individuals to cease contact or processing of their personal data. To do this we need to keep records and process personal data.

If you ask us not to email you, we keep a copy of your email address in our systems to prevent any emails to that email address being sent – this is referred to as our Do Not Email List and it is the only way we can comply with your request.

If you ask us not to contact you, or have objected to us processing your personal data, we keep a record of your name, address, medical specialty (if you are a healthcare professional) and email address. Your email address is added to our Do Not Email List. The other details listed are maintained in our systems so we can make our best efforts to remove you from any lists we use – it is the only way we can comply with such requests.

Personal data about individuals suspected of fraudulent behaviour or breaching our terms of use is maintained to prevent these individuals from registering with M3 Global Research and from participating in our Activities as a non-member. We keep a record of name, address, medical specialty (if you are a healthcare professional) and email address for this purpose.

We process your personal data on the basis of our legitimate interest (i.e. we have a valid business reason to do this) and we have carefully balanced your individual rights against this need. For more information on legitimate interests please click here.

Sharing your personal data with others: This information is not shared with others

Your rights: You have the right to object to your personal data being used in this way as well as certain other rights. Please see ”Your Rights” for more information

Data Retention: This data is held for 50 years to ensure we meet our obligations as described above and then it is deleted.

Personal data we may collate about you

Personal data we collect and process: We use a variety of public sources to collate information about healthcare professionals we believe may be suitable to complete specific Activities or may wish to become members of M3 Global Research. We may also receive a referral from one of your colleagues and process that information in a similar way. The information would include your name, contact information (address, phone number(s) and possibly email address) and your healthcare specialty.

Read More

Purpose and legal basis for processing your personal data:; This data is used to manage our contact with you, so that for example multiple people do not try and contact you regarding the same project or you are not contacted again after you have already told us you are not interested in a specific project. We also use it as we generate lists of potential people to contact.

We process your personal data on the basis of our legitimate interest (i.e. we have a valid business reason to do this) and we have carefully balanced your individual rights against this need. For more information on legitimate interests please click here.

If you wish to be excluded from our programs entirely then please let us know either when an agent next contacts you or by emailing Privacy@m3globalresearch.com with your request. You will then be added to our do not contact list. (Please see "Personal Data we retain for an extended period" for more information about how we process this data.)

Sharing your personal data with others: This personal data is not shared with third parties.

Your rights: You have the right to object to us processing your data in this way (see "Your Rights" for more information)

Data Retention: We retain this personal data for 2 months after the specific project has been completed, or for no more than 6 months if it does not relate to a specific project, and then the data is deleted.

Personal data created by your use of third party platforms

Your use of third party websites and services associated with M3 Global Research may expose your personal data. These sites are beyond our control and you should see their respective privacy policies: LinkedIn, Twitter, Facebook, M3 Global Research Blog (Wordpress)

Links to other websites

Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other websites and these other websites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Overseas transfers

Within M3 Global Research

M3 Global Research has its headquarters in the USA. Personal data we collect from you will be processed in the USA. The USA has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. M3 Global Research relies on Model Clauses (Article 46), and EU-U.S.Privacy Shield (to which we self-certify) and derogations for specific situations as set forth in Article 49 of the GDPR.

M3 Global Research endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only in ways that are consistent with your relationship with M3 Global Research and the practices described in this Privacy Policy.

Privacy Shield Compliance

M3 Global Research complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. M3 Global Research has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

M3 Global Research is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. M3 Global Research complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

M3 Global Research submits to being subject to the investigatory and enforcement powers of the FTC, the Department of Transportation, or any other U.S. authorized statutory body with regards to our self-certification and implementation of the Principles, and acknowledges the right of the EU individual, under certain conditions, to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing M3 Global Research’s adherence to these practices.

To suppliers and contractors

As laid out in this Privacy Policy, we may from time to time share limited information with carefully selected partners. This may involve transferring your personal data to countries outside the EU and is done within the legal restrictions of GDPR, and with M3 Global Research remaining in contractual control of the data including standard EU data protection clauses.

To clients

As laid out in this Privacy Policy, we may from time to time share limited information with our clients. This may involve transferring your personal data to countries outside the EU and is done within the legal restrictions of GDPR, and with M3 Global Research remaining in contractual control of the data including standard EU data protection clauses.

Security of your personal data

To protect the privacy of personal data you provide us with, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know this information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal data. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Your Rights

The European Union’s General Data Protection Regulation and some other countries’ privacy laws provide certain rights for EU data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office.

If you wish to confirm that M3 Global Research is processing your personal data, or to have access to the personal data M3 Global Research may have about you, please contact our Data Protection Officer

You may also request information about:

You have a right of:

  • access, rectification, erasure, restriction, objection and data portability on your personal data. To exercise your rights, you can write the Data Protection Officer at privacy@m3globalresearch.com. You can also lodge a complaint with the Data protection authority (www.ico.org.uk)

.

Reasonable access to your personal data will be provided at no cost to M3 Global Research members, and Activity participants and others upon request made to M3 Global Research via our Data Protection Officer. M3 Global Research will provide you the information within the legal time frame. If for some reason access is denied, M3 Global Research will provide an explanation as to why access has been denied.

Independent Dispute Resolution Mechanism

M3 Global Research commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact M3, refer to our Contact Information section below.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request .

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

In addition, you may lodge a complaint to a supervisory authority if you consider that your personal data has been processed in breach of applicable legislation or this privacy policy; refer to the following link for a complete list of Data Protection Authorities (http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm)

Changes and updates to the Privacy Policy

As our organization, membership and benefits change from time to time, this Privacy Policy and our Terms of Use is expected to change as well. We reserve the right to amend the Privacy Policy and Terms of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy and Terms of Use at this Site. We may e-mail periodic reminders of our policy and terms and will e-mail M3 Global Research members of material changes to it, but you should check our Site frequently to see the current Privacy Policy and Terms of Use that are in effect and any changes that may have been made to them.

Contact Information

If you have questions about this Privacy Policy, please email M3 Global Research’s Data Protection Officer at privacy@m3globalresearch.com.

For all other questions regarding your account, preference changes, compensation for surveys or our services, please e-mail support@m3globalresearch.com.

Legitimate Interest

"Legitimate Interests" means the interests of our company in conducting and managing our business to provide you with Activity opportunities and complete Activities on behalf of our clients. For example, we have an interest in making sure our Activity invitations are relevant to you, so we may process your information to send you invitations that are tailored to your specialty.

It can also apply to processing that is in your interests as well. For example, we may process your personal data to protect you against fraud when accessing our website, and to ensure our systems are secure.

When we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to do so by law.

GDPR

The General Data Protection Regulation (GDPR) is a set of rules, enforced by law in member states of the European Union that provide rights to individuals and impose obligations upon organisations that collect, store and process data about individuals.

For more information (In English) see the United Kingdom's Information Commissioner's Office website.