BMJ Group privacy notice
This Privacy Notice explains how BMJ Publishing Group Limited processes personal data, and what rights you have in relation to your data. Where a separate privacy notice has been provided to you by BMJ Group, please refer to that notice in the first instance (and if there is any inconsistency between that notice and this notice, the separate notice should take precedence). BMJ Group is a company registered in England (company number 3102371) with its registered office at BMA House, Tavistock Square, London, WC1H 9JR (BMJ Group, we, our, us).
You can also look at the cookies policy to find out what cookies we use and why.
For the purposes of data protection laws in England and Wales, BMJ Group is the data controller of your personal data. We are registered with the Information Commissioner’s Office (ICO) on the Data Protection Public Register under registration number Z7607533.
If you have any questions about these rights or how your personal data is used by us, you should contact the Data Protection Lead using the details below:
- Post – Data Protection Lead, BMJ Group, BMA House, Tavistock Square, London, WC1H 9JR
- Email – [email protected]
How we use your personal data will depend upon how you use our services. We have included separate sections in section part 1 of this Notice for distinct products and services we offer to help you identify how this Notice is relevant to you.
Quick links
What personal data we collect, how we use your data, who we share your data with and our legal basis for processing your data.
General processing (e.g marketing and market research, running competitions, administering websites and Apps)
BMJ Group collects your personal data from the following sources:
From you, when you:
- fill in forms on our websites or our apps, for example to order products or services, to sign up to a mailing list, or to register to use our websites and apps;
- enter a competition for which we are a promoter or submit a grant application; either online, by email, post, text or phone;
- participate in a BMJ Group discussion forum or interact on our social media accounts;
- communicate with us by post, telephone, fax, email, social media, webinars, online customer services, or in person;
- complete surveys or testimonials.
From third parties including those:
- who operate or analyse your use of our websites and apps;
- that provide our e-commerce solution;
- who process Open Access fees on our behalf;
- we appoint to host discussion forums, webinars and online chat, or administer surveys and market research on our behalf;
- the British Medical Association (BMA) who provide details of BMA members in order for us to deliver products and services that are included as part of BMA membership (or where you have consented to being contacted by us);
- your hospital, university, trust or other organisation who provide your details when they purchase our products and services so that we can register and administer your account;
- who provide us with databases of professional contacts (for example individuals who work in the media and publishing industry) which we use for business to business purposes;
- who provide online advertising services; and
- who process our payments.
- biographical information such as your name, title, date of birth, age and gender;
- images and your likeness (including your voice) as captured in a photograph, a recording or on video for webinars, interviews and when filming for BMJ’s other legitimate purposes; and
- your contact details including address, email address, phone number and social media identifiers;
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- information you provide in your communications with us (including information provided in competition entries or grant applications);
- details about how you use our website and apps including the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy😉
- your opinion as you express it in chat, forums and interviews;
- products and services you have purchased and details of financial transactions; and content and links you accessed in our marketing emails;
- where appropriate, we may obtain diversity and background information including ethnic origin, race, religious and political beliefs, health data or information concerning your sex life and sexual orientation, that you provide to us in our surveys or for our market research. We may also collect details of trade union membership, for example, where membership (such as membership of the BMA) entitles you to access to, or a discount on, our products and services. We will explain the reasons for needing such information when it is collected.
As part of a contractual relationship
We may process your personal data because it is necessary for the performance of a contract to deliver products and services you have engaged us for, or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data to provide products and services that you have requested from us and to communicate with you in relation to these products and services.
We will provide your data to the following (but only for purposes connected with our fulfilling contracts with you)
- third party service providers such as shipping companies and our website and app platform providers who assist us in delivering our products and services to you;
- our bank to whom payment details are provided in order to process a payment;
- our data storage providers and those who provide our Customer Relationship Management (CRM) platforms; and
- our parent company, the BMA or to your organisation/institution where we are required to verify your details prior to providing our products and services to you.
Legitimate interests
Your personal data will also be processed because it is necessary for BMJ Group’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- delivering access to our products and services which your organisation or institution has purchased on your behalf;
- to administer a competition that you have entered or to process a grant application;
- marketing BMJ Group and its products and services (including third party products and services) online, or by post, telephone, SMS, social media and email (except where we provide materials under contract, or in situations where it is required or appropriate to seek your consent);
- researching, identifying and contacting business contacts for marketing BMJ Group products and services on a business to business basis;
- carrying out market research;
- improving our products and services;
- measuring and understanding the effectiveness of products and services and advertising and to allow us (and third parties who advertise on our website and apps) to deliver relevant advertising to you (including ensuring that we do not advertise medical products that are not licensed in your country);
- recording calls to our call centres for staff training and quality assurance purposes (including for the purposes of establishing the existence of facts in connection to the content of a call);
- processing technical information about your use of our website and apps to ensure that content is presented in the most effective manner and to allow you to use interactive features of our website and apps;
- processing enquiries, complaints and analysing our services;
- consulting our professional advisers (including legal) where it is necessary for us to obtain their advice or assistance;
- providing your data to a buyer or prospective buyer of the whole or a part of our business;
- dealing with enquiries and investigations by authorities (for example, cooperating with the Advertising Standards Agency).
In this respect, in addition to those parties named above, we will provide your data to the following:
- our platform providers, who store your account information and who host our website and apps;
- direct marketing providers;
- Google Analytics who receive technical information in relation to how you use our website and apps;
- sponsors or other organisations who have provided prizes for competitions you have won or who are involved in the delivery of a grant award. We may also share your name and contact details with sponsors where you have entered a competition and provided consent for your details to be shared for this purpose;
- BMA and other third parties for marketing purposes where we have your consent to share your information for this purpose
Your personal data will also be processed by BMJ Group for compliance with its legal and regulatory obligations such as:
- the detection and prevention of crime and in order to assist the police and other competent authorities with investigations;
- to comply with tax legislation and subject access requests of others; and
- to comply with any legal or regulatory obligations to which we are, or may become, subject.
In this respect, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection law; the police and other law enforcement agencies; HMRC and Your personal data may also be shared with BMJ Group’s internal and external auditors, insurers, financial and legal advisors for the purpose of enabling BMJ Group to comply with its financial and legal obligations.
In some circumstances BMJ Group may seek your explicit consent to process your personal data: for example, if you ask us to send you updates or alerts by subscribing to these services. Where we rely on your consent, we will provide an easy means to withdraw that consent.
Where we process special categories of personal data, we will explain at the time what our basis for using that data is. The most common bases we seek to rely on are:
- to protect your vital interests (for example to inform an emergency contact, the NHS or emergency services in the event of your illness or other emergency);
- with your explicit consent for example if you provide information about your health, ethnicity, sexual orientation or religious beliefs in a survey for our market research or where you provide information about your BMA membership where this is relevant to access to (or a discount on) a products and services;
- where processing is necessary for the establishment, exercise or defence of a legal claim.
We may use personal characteristics such as age, gender, geographical location, role, your expressed interests and medical conditions, your previous interactions with BMJ Group to understand, and where appropriate, target our communications to a specific audience.
BMJ Group also uses a range of advertising technologies like pixels, ad tags, cookies and mobile identifiers as well as specific services used by some websites and social media networks, such as Facebook, to present BMJ Group adverts to you when you are on other websites and apps. These adverts will be based on information we hold about you about your previous use of BMJ Group sites (for example, your BMJ Group search history, the content you accessed and the adverts you clicked on).
Certain BMJ Group websites (The BMJ and JNNP) are members of the DMD Healthcare Communications Network (the “HCN”). HCN is owned and managed by DMD Marketing Corp (“DMD”) and is designed to enable DMD and HCN members to provide medically relevant business communications to authenticated health care professionals.
For healthcare workers based in the USA who have consented to the use of cookies and similar technologies, your use of these websites includes registration in the HCN. As a result, your contact and other professionally relevant information will be disclosed to DMD and each HCN member, to provide you medically relevant content as described in the HCN privacy policy available at https://HCN.health/privacy-policy. The HCN privacy policy provides details on how to manage your information, including opting out of participation in the HCN.
DMD can use the data collected to understand whether you have accessed content on other sites in the HCN. DMD, HCN members, and customers who purchase information from DMD, can access the data DMD collects. DMD may pass data to other countries.
To the extent that BMJ Group’s privacy policy conflicts with the HCN privacy policy, with respect to the use of your information by HCN, the conflict will be resolved in favour of the HCN policy
While BMJ Group works with DMD, it does not have any direct control over DMD’s processing, and questions about DMD’s processing should be directed to DMD in the first instance.
BMJ Group will, in limited circumstances, disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area. In these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission under Article 46(2)(c) GDPR).
- Where the European Commission determines that the country or territory to which the transfer is made ensures an adequate level of legal protection (Article 45 GDPR);
- Where the transfer is already permitted under applicable law (for example, where it is necessary for the performance of a contract).
We retain your data for as long as is required to provide our products and services to you; for the purpose it was collected; to meet our legal obligations; or, for our legitimate interests. In particular, we generally retain data in relation to:
Subscriptions: | Ten (10) years after your subscription has ended. |
Cookies: | Thirty (30) days. |
Competition entries: | Up to two (2) years (but if you are a prize winner, your details may be archived indefinitely). |
Telephone call recordings: | Twelve (12) months. |
Marketing: | Until you ‘unsubscribe’ or otherwise inform us that you no longer wish to hear from us (but your preference may be retained on our suppression list to ensure that you no longer receive this type of communication from us). |
Comments (posted on our website or app): | Three (3) years (unless you delete it earlier) |
BMJ Best Practice, Learning, On Examination, and Research to Publication (R2P)
BMJ Group collects your personal data from the following sources:
From you, when you:
- register and subscribe for BMJ Best Practice, BMJ Learning, OnExamination, Webinars or (R2P) on our website or applications and when you use our online tools;
- complete feedback forms and surveys in connection with our products and services;
- correspond with us or make enquiries via our website or apps, email, post or telephone
From third parties including:
- your hospital, university, trust or other organisation who may have provided us with your details so that we can provide you with access to our products and services;
- the British Medical Association (BMA), if BMA membership entitles you to access our products and services;
- Worldpay, our payment provider who will confirm details of your payment;
- our software platform providers who host and operate our website and applications; and
- those who operate or analyse your use of our websites and apps.
What categories of personal data are collected?
We collect the following categories of personal data:
Identification and contact details
- biographical information such as your name, title, date of birth, age and gender;
- your contact details including address, email address and phone number;
- log in details that you are assigned as part of registration;
- images and your likeness (including your voice) as captured in a photograph, a recording or on video for webinars;
- your social media identifiers
Professional
- your qualifications and professional experience;
- your hospital, university, trust or other organisation you belong to;
- your BMA membership number if this is relevant to the provision of our products and services;
- content you have accessed, courses and assessments you have attempted or completed and your assessment results, in connection to our products and services;
- reviews you post on our websites in relation to our products and services;
Online and transactional
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- details about how you use our website and apps including the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy;
- information you provide in your communications with us;
- information you provide in chat, forums and interviews;
- information on the number and type of different devices you are using to access your BMJ Group accounts;
- payment details and your financial transactions in relation to your subscription.
Special categories of personal data
- details of trade union membership (such as BMA membership) where this is relevant to access to (or a discount on) our products and services.
We may process your personal data because it is necessary for the performance of a contract to deliver the products and services you have engaged us for, or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to create and administer your account and subscription payments;
- to enable you to use online tools and to track your usage for Continuing Medical Education(CME) and Career Professional Development(CPD) purposes;
- access authentication and authorisation.
In this respect we will provide your data to the following (but only for purposes connected with our fulfilling contracts with you):
- our bank to whom payment details are provided in order to process a payment;
- our platform providers who host our websites and apps.
- our data storage providers and those who provide our Customer Relationship Management (CRM) platforms.
Your personal data will also be processed because it is necessary for BMJ Group’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- delivering access to our products and services which your organisation or institution has purchased on your behalf;
- detecting breaches of our subscription terms and conditions
- marketing BMJ Group and its products and services (including third party products and services) online, or by post, telephone, SMS, social media and email (except where we provide material under contract, or in situations where it is required or appropriate to seek your consent);
- recording calls to our call centres for staff training and quality assurance purposes (including for the purposes of establishing the existence of facts in connection to the content of a call);
- processing technical information about your use of our products and services to ensure that content is presented in the most effective manner and to allow you to use interactive features of our products and services;
- processing (and replying to) enquiries, complaints, surveys, feedback forms and to analyse our services;
- sharing information in relation to your use of our products and services (such as assessment results and content you have accessed) if your hospital, university, trust or other organisation (including BMA) has provided you with access to our products and services. BMJ Group will share this data with your parent organisation so that your organisation can;
- offer you relevant support or if your organisation is a Continuing Medical Education (CME) or Continuing Professional Development (CPD) provider and requires the data in order to certify your CME or CPD achievement; and/or
- to enable them to assess the value of offering BMJ Group’s products and services to you;
- consulting our professional advisers where it is necessary for us to obtain their advice or assistance.
addition to those parties named above, we will provide your data to the following:
- direct marketing providers;
- Google Analytics who receive technical information in relation to how you use our website and apps;
- BMA and other third parties for marketing purposes (unless it is required or appropriate for us to request your consent to share your information for this purpose).
Your personal data will also be processed by BMJ Group for compliance with its legal obligations. For example:
- for the detection and prevention of crime and in order to assist the police and other competent authorities with investigations;
- to comply with tax legislation, safeguarding duties and subject access requests of others; and
- to comply with any legal or regulatory obligations to which we are, or may become, subject.
In this respect, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection law;
the police and other law enforcement agencies; and HMRC. Your personal data may also be shared with BMJ Group’s internal and external auditors, insurers, financial and legal advisors for the purposes of enabling BMJ Group to comply with its financial and legal obligations.
Where you provide information concerning your health or BMA membership , we will inform you of the reasons for that processing at the time of collection
We may use personal characteristics such as age, gender, geographical location, role, your expressed interests and medical conditions, your previous interactions with BMJ Group to understand, and where appropriate, target our communications to a specific audience.
BMJ Group also uses a range of advertising technologies like pixels, ad tags, cookies and mobile identifiers as well as specific services used by some websites and social media networks, such as Facebook, to present BMJ Group adverts to you when you are on other websites and apps. These adverts will be based on information we hold about you about your previous use of BMJ Group sites (for example, your BMJ Group search history, the content you accessed and the adverts you clicked on).
Certain BMJ Group websites (The BMJ and JNNP) are members of the DMD Healthcare Communications Network (the “HCN”). HCN is owned and managed by DMD Marketing Corp (“DMD”) and is designed to enable DMD and HCN members to provide medically relevant business communications to authenticated health care professionals. members to provide medically relevant business communications to authenticated health care professionals.
For healthcare workers based in the USA who have consented to the use of cookies and similar technologies, your use of these websites includes registration in the HCN. As a result, your contact and other professionally relevant information will be disclosed to DMD and each HCN member, to provide you medically relevant content as described in the HCN privacy policy available at https://HCN.health/privacy-policy. The HCN privacy policy provides details on how to manage your information, including opting out of participation in the HCN.
DMD can use the data collected to understand whether you have accessed content on other sites in the HCN. DMD, HCN members, and customers who purchase information from DMD, can access the data DMD collects. DMD may pass data to other countries.
To the extent that BMJ Group’s privacy policy conflicts with the HCN privacy policy, with respect to the use of your information by HCN, the conflict will be resolved in favour of the HCN policy.
While BMJ Group works with DMD, it does not have any direct control over DMD’s processing, and questions about DMD’s processing should be directed to DMD in the first instance.
BMJ Group will, in limited circumstances, disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area (EEA). For example, we may transfer data to your institution, for the purposes given above, which may be established outside of the EEA. We may also pass personal information to our agents outside the EEA (e.g. USA and Mexico) in order for them to contact users for support and marketing purposes.
n these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission under Article 46(2)(c) GDPR);
- the European Commission determines that the country or territory to which the transfer is made ensures an adequate level of legal protection (Article 45 GDPR);
- under an approved certification mechanism (Article 42 GDPR);
- the transfer is already permitted under applicable law (for example, where it is necessary for the performance of a contract).
We retain your data for as long as is required to provide our products and services to you; as necessary for the purpose it was collected; to meet for our legal obligations; or for our legitimate interests. In particular, we generally retain data in relation to:
Subscriptions: | Ten (10) years after your subscription has ended. |
Cookies: | Thirty (30) days. |
Competition entries: | Up to two (2) years (but if you are a prize winner, your details may be archived indefinitely). |
Telephone call recordings: | Twelve (12) months. |
Marketing: | Until you ‘unsubscribe’ or otherwise inform us that you no longer wish to hear from us (but your preference may be retained on our suppression list to ensure that you no longer receive this type of communication from us). |
Comments (posted on our website or app): | Three (3) years (unless you delete it earlier). |
Reading BMJ Journals
BMJ Group collects your personal data from the following sources:
From you, when you:
- register and subscribe for BMJ Group publications through our website, by post, email or phone or online customer services
- correspond with us and make enquiries through our website or by post, email, phone or online customer services;
- participate or interact in a BMJ Group discussion (for example, by leaving a comment or review).
From third parties such as:
- your hospital, university, trust or other organisation if they have subscribed on your behalf for BMJ’s publications;
- British Medical Association (BMA) if you receive a subscription as part of your BMA membership;
- Worldpay, our payment provider who will confirm details of your payment;
- our platform providers who host and operate our website and apps;
- those who operate or analyse your use of our websites and apps.
What categories of personal data are collected?
We collect the following categories of personal data:
Identification and contact details
- biographical information such as your name, title, date of birth, age and gender;
- your contact details including address, email address and phone number;
- log in details that you are assigned as part of registration; and
- your social media identifiers.
Professional
- your qualifications, licences and professional experience;
- your institution or the society you belong to;
- your ORCID ID (if you have one);
- your primary speciality (if applicable);
- your BMA membership number where this is required;
Online and transactional
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- information you provide in your communications with us;
- details about how you use our website and apps including the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy;
- information on the number and type of different devices you are using to access your BMJ Group subscriptions;
- details of your current and previous subscriptions;
- payment details and your financial transactions in relation to your subscription;
- information when you disclose it in comments and reviews.
- details of trade union membership (such as BMA membership) where this is relevant to access to (or a discount on) our subscriptions.
How your personal data is collected
BMJ Group collects your personal data from the following sources:
From you, when you:
- register and subscribe for BMJ Group publications through our website, by post, email or phone or online customer services;
- correspond with us and make enquiries through our website or by post, email, phone or online customer services;
- participate or interact in a BMJ Group discussion (for example, by leaving a comment or review).
From third parties such as:
- your hospital, university, trust or other organisation if they have subscribed on your behalf for BMJ Group’s publications;
- British Medical Association (BMA) if you receive a subscription as part of your BMA membership;
- Worldpay, our payment provider who will confirm details of your payment;
- our platform providers who host and operate our website and apps
- those who operate or analyse your use of our websites and apps.
What categories of personal data are collected?
We collect the following categories of personal data
Identification and contact details
- biographical information such as your name, title, date of birth, age and gender;
- your contact details including address, email address and phone number;
- log in details that you are assigned as part of registration; and
- your social media identifiers.
Professional
- your qualifications, licences and professional experience;
- your institution or the society you belong to;
- your ORCID ID (if you have one);
- your primary speciality (if applicable);
- your BMA membership number where this is required;
Online and transactional
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- information you provide in your communications with us;
- details about how you use our website and apps including the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy;
- information on the number and type of different devices you are using to access your BMJ Group subscriptions;
- details of your current and previous subscriptions;
- payment details and your financial transactions in relation to your subscription;
- information when you disclose it in comments and reviews.
Special categories of personal data
- details of trade union membership (such as BMA membership) where this is relevant to access to (or a discount on) our subscriptions
As part of a contractual relationship
We may process your personal data because it is necessary for the performance of a contract, for example, to deliver the subscriptions you have requested, or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following purposes:
- to administer and correspond with you about your subscriptions;
- to administer your subscription plan and payments;
- to provide you with access to the platforms, websites and apps on which our publications reside;
- to conclude transactions with you for the purchase of print or online subscriptions or individual articles;
In this respect we will provide your data to the following (but only for purposes connected with our fulfilling contracts with you):
- our bank to whom payment details are provided in order to process a payment;
- our data storage providers and those who provide our Customer Relationship Management (CRM) platforms;
- our website and app platform providers, who may store details such as name, email address and login details to enable online access;
- third party editorial offices;
- transport and distribution agents.
- journal owners and/or replacement publishers where BMJ Group ceases to publish a journal.
Your personal data will also be processed because it is necessary for BMJ Group’s legitimate interests, or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include
- delivering access to our journals which your organisation or institution has purchased on your behalf;
- detecting breaches of our subscription terms and conditions;
- marketing BMJ Group’s products and services online, or by post, telephone, SMS, social media and email (except where we provide material under contract, or in situations where it is required or appropriate to seek your consent);
- recording calls to our call centres for staff training and quality assurance purposes (including for the purposes of establishing the existence of facts in connection to the content of a call);
- processing technical information about your use of our website and apps to ensure that content and advertising on our site is presented in the most effective and relevant manner and to allow you to use interactive features of our website and apps (including ensuring that we do not advertise medical products or services that are not licensed in your country);
- processing enquiries, complaints, surveys, feedback forms and to analyse our services;
- providing your data to an owner of a publication which is made available by us;
- providing your data to a buyer or prospective buyer of the whole or a part of a publication which is made available by us;
- consulting our professional advisers where it is necessary for us to obtain their advice or assistance.
consulting our professional advisers where it is necessary for us to obtain their advice or assistance.
- direct marketing providers;
- Google Analytics who receive technical information in relation to how you use our website and apps;
- BMA, owners and co-owners of journals (apart from where it is required or appropriate to have your consent to sharing your information for this purpose).
Your personal data will also be processed by BMJ Group for compliance with its legal obligations. For example:
for the detection and prevention of crime and in order to assist the police and other competent authorities with investigations.
- to comply with tax legislation and subject access requests of others;
- to comply with any legal or regulatory obligations to which we are, or may become, subject.
In this respect, we may in specific circumstances need to share your personal data
with third parties who have made legitimate requests under data protection law; the police and other law enforcement agencies; and HMRC. Your personal data may also be shared with BMJ Group’s internal and external auditors, insurers, financial and legal advisors for the purpose of enabling BMJ Group to comply with its financial and legal obligations.
Special categories of personal data
Where we process special categories of personal data our bases for processing are:
- your have given your explicit consent (for example, where we process information about your trade union membership);
BMJ Group’s legal obligations
- it is necessary for the establishment, exercise or defence of a legal claim.
Profiling and automated decision making
We may use personal characteristics such as age, gender, geographical location, role, your expressed interests and medical conditions, your previous interactions with BMJ Group to understand, and where appropriate target our communications to a specific audience.
BMJ Group also uses a range of advertising technologies like pixels, ad tags, cookies and mobile identifiers as well as specific services used by some websites and social media networks, such as Facebook, to present BMJ Group adverts to you when you are on other websites and apps. These adverts will be based on information we hold about you about your previous use of BMJ Group sites (for example, your BMJ Group search history, the content you accessed and the adverts you clicked on).
Certain BMJ Group websites (The BMJ and JNNP) are members of the DMD Healthcare Communications Network (the “HCN”). HCN is owned and managed by DMD Marketing Corp (“DMD”) and is designed to enable DMD and HCN members to provide medically relevant business communications to authenticated health care professionals.
For healthcare workers based in the USA who have consented to the use of cookies and similar technologies, your use of these websites includes registration in the HCN. As a result, your contact and other professionally relevant information will be disclosed to DMD and each HCN member, to provide you medically relevant content as described in the HCN privacy policy available at https://HCN.health/privacy-policy. The HCN privacy policy provides details on how to manage your information, including opting out of participation in the HCN.
DMD can use the data collected to understand whether you have accessed content on other sites in the HCN. DMD, HCN members, and customers who purchase information from DMD, can access the data DMD collects. DMD may pass data to other countries.
To the extent that BMJ Group’s privacy policy conflicts with the HCN privacy policy, with respect to the use of your information by HCN, the conflict will be resolved in favour of the HCN policy
While BMJ Group works with DMD, it does not have any direct control over DMD’s processing, and questions about DMD’s processing should be directed to DMD in the first instance.
BMJ Group will, in limited circumstances, disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area. For example, we will transfer data to our data storage providers, our journal platform provider or distribution agents (for example, in the USA and India).
In these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission under Article 46(2)(c) GDPR). If you wish to obtain a copy of the standard clauses we use, please contact us;
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection (Article 45 GDPR);
- the transfer is already permitted under applicable law (for example, it is necessary for the performance of a contract).
We retain your data for as long as is required to provide our products and services to you; for the purpose it was collected; to meet our legal obligations; or, for our legitimate interests. In particular, we generally retain data in relation to:
Subscriptions: | Ten (10) years after your subscription has ended. |
Cookies: | Thirty (30) days. |
Competition entries: | Up to two (2) years (but if you are a prize winner, your details may be archived indefinitely). |
Telephone call recordings: | Twelve (12) months. |
Marketing: | Until you ‘unsubscribe’ or otherwise inform us that you no longer wish to hear from us (but your preference may be retained on our suppression list to ensure that you no longer receive this type of communication from us). |
Comments (posted on our website or app): | Three (3) years (unless you delete it earlier). |
BMJ Group Events
BMJ Group collects your personal data from the following sources:
From you, when you
- register or buy tickets through our website, email, post or phone
- use our online event and webinar platforms
- participate in a chat room, discussion, forum, webinar, or generally at an event;
- make a submission for any other BMJ Group-run awards event) through our website, email, post or phone;
- when you meet with one of our representatives or correspond with us through our website or by post, email and phone
- when you complete feedback forms and surveys.
From third parties such as:
- ticketing agencies who sell tickets or process ticket orders on our behalf;
- your hospital, university, trust or other organisation who may purchase tickets on your behalf or register your details with us;
- our website and online platform providers and those who analyse your use of them;
- those we appoint to host our forums, webinars and events, or administer surveys and market research on our behalf;
- those who provide online advertising services;
- our ticketing platform providers;
- and e-commerce providers such as Worldpay, who process your order and payment.
What categories of personal data are collected?
We may collect the following categories of personal data:
- biographical information such as your name, title, date of birth, age and gender;
- your contact details including address, email address and phone number;
- your image and voice (for example, when captured at a recorded BMJ Group event or webinar)
- your identifier when you participate in online events;
- your social media identifiers.
Professional
- your role qualifications, licences and professional experience
- your institution;
- your areas of professional interest.
Online and transactional
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- information you provide in your communications with us;
- details about how you use our website and apps including how you navigate and participate in online events, the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy;
- information you provide in webinars, questions, chat, forums and interviews;
- BMJ Group events you have attended previously and forthcoming events you have registered for;
- payment details and your financial transactions in relation to your purchase;
Special categories of personal data
- provided by you or your organisation, concerning your health (for example your dietary requirements) to enable us to make appropriate adjustments;
details of your trade union membership (such as your British Medical Association (BMA) membership number) where relevant for the purposes of administering any discount.
As part of a contractual relationship
We may process your personal data because it is necessary for the performance of a contract, for example, to deliver the products and services you have engaged us for, or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data
- to deliver the event/webinar to you and;
- to communicate with you in relation to those services (for example, to send you pre-event information.).
We will provide your data to the following (but only for purposes connected with our fulfilling contracts with you):
- third party contractors and service providers who we may engage to assist in delivering the event; for example, event organisers, conference providers, caterers, and instructors;
- our bank to whom payment details are provided in order to process a payment;
- our website and app providers, who assist us in delivering our services to you and administering your order;
- our data storage providers and those who provide our Customer Relationship Management (CRM) platforms;
- our parent company, the BMA, or to your organisation/institution where we are required to verify your details prior to providing our services to you.
Legitimate interests
Your personal data will also be processed because it is necessary for BMJ Group’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- providing access to our events which your organisation or institution has purchased on your behalf;
- creating a delegate or speaker list and distributing the list to speakers and attendees;
- sharing attendee details with co-organisers, collaborators and sponsors of an event (except in circumstances where it is appropriate to gain your consent);
- marketing BMJ Group and its products and services (including third party products and services) online, or by post, telephone, SMS, social media and email (except where we provide material under contract, or in situations where it is required or appropriate to seek your consent;
- recording our /webinars for promotional and educational purposes (for example, when interviewing attendees and recording speakers)
- recording calls to our call centres for staff training and quality assurance purposes (including for the purposes of establishing the existence of facts in connection to the content of a call);
- processing technical information about your use of BMJ Group websites to ensure that content on our site (including advertising) is presented in the most effective and relevant manner, and to allow you to use interactive features of our website;
- consulting our professional advisers where it is necessary for us to obtain their advice or assistance;
- detecting breaches of our subscription terms and conditions;
- processing enquiries, complaints, surveys, feedback forms and to analyse our services.; and
- where you are participating in a panel or other group, details of your gender for the purposes of monitoring diversity and inclusion
In addition to those parties named above, we will provide your data to the following:
- direct marketing providers;
- Google Analytics who receive technical information in relation to how you use our website and apps;
- sponsors or other organisations involved with the relevant event or webinar;
- BMA and other third parties for marketing purposes and to update you on products and services that you may be interested in (unless it is appropriate to gain your consent before sharing your information in this way).
BMJ Group’s legal obligations
Your personal data will also be processed by BMJ Group for compliance with its legal and regulatory obligations. For example:
- for the detection and prevention of crime and in order to assist the police and other competent authorities with investigations;
- to comply with tax legislation and subject access requests of others; and
- to comply with any legal or regulatory obligations to which we are, or may become, subject (for example, health and safety).
In this respect, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection law; the police and other law enforcement agencies; and HMRC. Your personal data may also be shared with BMJ Group’s internal and external auditors, insurers, financial and legal advisors for the purpose of enabling BMJ Group to comply with its financial and legal obligations.
Special categories of personal data
Where we process special categories of personal data our bases for processing are:
- to protect your vital interests for example to inform your specified emergency contact, the NHS or emergency services in the event of your illness or other emergency;
- your explicit consent, for example if we require information about your dietary or access requirements that we need to process in relation to the event;
- where processing is necessary for the establishment, exercise or defence of a legal claim.
Profiling and automated decision making
We may use personal characteristics such as age, gender, geographical location, role, your expressed interests and medical conditions, your previous interactions with BMJ Group to understand, and where appropriate, target our communications to a specific audience.
BMJ Group also uses a range of advertising technologies like pixels, ad tags, cookies and mobile identifiers as well as specific services used by some websites and social media networks, such as Facebook, to present BMJ Group adverts to you when you are on other websites and apps. These adverts will be based on information we hold about you about your previous use of BMJ Group sites (for example, your BMJ Group search history, the content you accessed and the adverts you clicked on).
Certain BMJ Group websites (The BMJ and JNNP) are members of the DMD Healthcare Communications Network (the “HCN”). HCN is owned and managed by DMD Marketing Corp (“DMD”) and is designed to enable DMD and HCN members to provide medically relevant business communications to authenticated health care professionals.
For healthcare workers based in the USA who have consented to the use of cookies and similar technologies, your use of these websites includes registration in the HCN. As a result, your contact and other professionally relevant information will be disclosed to DMD and each HCN member, to provide you medically relevant content as described in the HCN privacy policy available at https://HCN.health/privacy-policy. The HCN privacy policy provides details on how to manage your information, including opting out of participation in the HCN.
DMD can use the data collected to understand whether you have accessed content on other sites in the HCN. DMD, HCN members, and customers who purchase information from DMD, can access the data DMD collects. DMD may pass data to other countries.
To the extent that BMJ Group’s privacy policy conflicts with the HCN privacy policy, with respect to the use of your information by HCN, the conflict will be resolved in favour of the HCN policy.
While BMJ Group works with DMD, it does not have any direct control over DMD’s processing, and questions about DMD’s processing should be directed to DMD in the first instance.
BMJ Group will, in limited circumstances, disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area. For example, where events may take place outside the EEA (such as the International Forum on Quality and Safety) we may transfer data to those countries. In these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission under Article 46(2)(c) GDPR). If you wish to obtain a copy of the standard clauses we use, please contact us;
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection (Article 45 GDPR);
We retain your data for as long as is required: to provide our products and services to you; for the purpose it was collected; to meet our legal obligations; or, for our legitimate interests. In particular, we generally retain data in relation to:
Recordings: | Five (5) years after the relevant event or webinar has ended. |
Cookies: | Thirty (30) days. |
Competition entries: | Up to two (2) years (but if you are a prize winner, your details may be archived indefinitely). |
Telephone call recordings: | Five (5) years. |
Marketing: | Until you ‘unsubscribe’ or otherwise inform us that you no longer wish to hear from us (but your preference may be retained on our suppression list to ensure that you no longer receive this type of communication from us). |
Comments (posted on our event/webinar website or app): | Five (5) years (unless you delete it earlier). |
Authors, reviewers, and patients
BMJ Group collects your personal data from the following sources:
From you, when you:
- register with us for the purpose of preparing or submitting an article, peer-review or patient review;
- correspond with us through our website, or by post, email and phone;
- when you submit letters for publication or articles directly to BMJ Group;
From third parties including:
- those who operate and analyse your use of our websites and platforms through which articles, peer-reviews and patient reviews are submitted;
- the providers of our e-commerce solutions;
- other peer-reviewers and patient reviewers who review your articles and provide feedback to BMJ Group’s editorial teams;
- authors peer reviewers and patients reviewers who may recommend you as a potential reviewer or editor to BMJ’s editorial team;
- publicly available sources in order to identify potential authors, contributors, editors, peer reviewers and patient reviewers;
- providers of commercial databases (such as web of knowledge); and
- authors who submit a manuscript which includes any patient data or acknowledges another author.
What categories of personal data are collected?
We collect the following categories of personal data:
Identification and contact details
- biographical information such as your name, title, date of birth, age and gender;
- your contact details including address, email address and phone number;
- log in details that you are assigned as part of registration for third party platforms
- identifiers such as names, codes, (for example, your ORCiD or Ringgold identifier);
- identifying features in a patient consent form or manuscript including patient data;
- images of your likeness as captured in a patient photograph included in a manuscript; and
- your social media identifiers
Professional
- your qualifications and professional experience;
- your institution;
- any opinions and assessments provided in your article, or in your review of an article;
- any competing interests that may relate to an article you have submitted or reviewed;
Online and transactional
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- information you provide in your communications with us, or in an article or review;
- details about how you use our website and apps including the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy;
- articles or reviews you have submitted previously or which are currently being processed;
- payment details and your financial transactions.
Special categories
We collect the following special categories of personal data from authors, peer-reviewers and patient reviewers:
- racial and ethnic origin
Where you are a patient reviewer, we also collect the following additional special categories of personal data where appropriate, relating to your review and reviewer registration preferences:
- health information in relation to your medical situation
- genetic data;
- information relating to your sex life and sexual orientation; and
- your religious and philosophical beliefs
Where you are a case study or featured in a submitted article, special categories of personal data may include:
- data relating to health;
- genetic data;
- data about your sexual life or sexual orientation;
- information about your race or ethnicity; and
- data about your religious or philosophical beliefs.
We may also collect data concerning criminal behaviour or allegations of criminal behaviour referenced in a submitted article.
As part of a contractual relationship
We will process your personal data because it is necessary for the performance of a contract to deliver the services you have engaged us for, or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to edit, review and publish your article, letter or review;
- to process article processing charges (APC)and any related discounting;
- to check for plagiarism and to obtain copyright clearance;
- to credit you as the author, researcher or reviewer of an article or review.
- our data storage providers and those who provide our Customer Relationship Management (CRM) platforms;
- to enable your reviewer profile to be searched more effectively by users of our database (data profiling) through targeted keywords linked to your author or reviewer profile.
In this respect we will provide your data to the following (but only for purposes connected with our fulfilling contracts with you):
- authors, peer reviewers and patient reviewers;
- contractors who provide editorial, publishing and printing services;
- third parties who provide copyright clearance services;
- your organisation / institution where we are required to verify your details in order to process a payment or discount;
- our third party e-commerce solutions and our bank in order to process payments;
- our platform providers that host our websites and apps;
- our data storage providers;
- journal owners and/or replacement publishers where BMJ Group ceases to publish a journal.
Legitimate interests
Your personal data will also be processed because it is necessary for BMJ Group’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- researching you using publicly available sources in order to identify suitable reviewers and editors (once we have identified you as suitable for these purposes we will add you to our reviewers’ database and we will contact you to inform you that this has happened and to give you an opportunity to object to such use of your personal data);
- contacting authors and reviewers (and allowing the editorial team to do the same) in relation to writing and reviewing articles;
- contacting authors and reviewers (and instructing researchers to do the same) for development, monitoring and quality improvement of our processes;
- identifying your suitability to review a certain article – some authors may specifically request that certain individuals should not review their article, for example where there is a conflict of interest;
- marketing BMJ Group and its products and services (including third party products and services) online, or by post, telephone, SMS, social media and email (except where we provide material under contract, or in situations where it is required or appropriate to seek your consent);
- recording calls to our call centres for staff training and quality assurance purposes (including for the purposes of establishing the existence of facts in connection to the content of a call);
- processing technical information about your use of the BMJ Group website to ensure that content on our site is presented in the most effective manner and to allow you to use interactive features of our website;
- consulting our professional advisers where it is necessary for us to obtain their advice or assistance;
- processing enquiries, complaints, surveys, feedback forms and to analyse our services;
- monitoring diversity and inclusion
- to raise concerns with a research council, ethics committee or other supervisory body if we felt it was appropriate for us to do so;
- sharing the lay summary of your journal article and the respective authors’ email addresses with companies that provide services for authors and publishers such as Kudos Innovations Limited (www.growkudos.com). Kudos provides services for authors and publishers and invites authors to register directly with Kudos to use its services, for example to generate his/her own shareable PDF directly on the Kudos website post-publication;
- to enable your reviewer profile to be searched more effectively by users of our database (data profiling) through targeted keywords linked to your reviewer profile;
- providing your data to the owner of a journal which we publish on their behalf;
- detecting breaches of our publication terms and conditions.
In this respect, in addition to those parties named above, we will provide your data to the following:
- direct marketing providers;
- Google Analytics who receive technical information in relation to how you use our website and apps;
- BMA and owners and co-owners of journals for marketing purposes and to update you on products and services that you may be interested in (unless it is appropriate to gain your consent before sharing your information in this way).
BMJ Group’s legal obligations
Your personal data will also be processed by BMJ Group for compliance with its legal and regulatory obligations. For example:
- for the detection and prevention of crime and in order to assist the police and other competent authorities with investigations.
- to comply with tax legislation and subject access requests of others; and
- to comply with any legal or regulatory obligations to which we are, or may become, subject.
In this respect, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection law; the police and other law enforcement agencies; HMRC. Your personal data may also be shared with BMJ’s internal and external auditors, insurers financial, and legal advisors for the purpose of enabling BMJ Group to comply with its financial and legal obligations.
Special categories of personal data
Where you are a patient whose data has been included in a research study or article we will require that the corresponding author either retains or provides evidence of your written understanding that your data will be processed for the purposes of journalism.
Where you are a patient reviewer, any special categories or personal data you disclose:
- in your profile will be searchable within our author and reviewer database; and or in your review will be published on our website (group.bmj.com).
- or in your review will be published on our website (group.bmj.com).
Where you are an author, reviewer or patient reviewer we may also monitor and record details on racial or ethnic origin for the purposes of monitoring diversity and inclusion.
Profiling and automated decision making
We may use personal characteristics such as age, gender, geographical location, role, your expressed interests and medical conditions, your previous interactions with BMJ Group to understand, and where appropriate target our communications to a specific audience.
Where you are a patient reviewer, your profile will be linked to specific keywords to enable your profile to be searched more effectively by users of our database. The keywords linked to your profile will be chosen to try to reflect the information you have provided to us on registration and may include the names of any health conditions you have disclosed to us.
BMJ Group also uses a range of advertising technologies like pixels, ad tags, cookies and mobile identifiers as well as specific services used by some websites and social media networks, such as Facebook, to present BMJ Group adverts to you when you are on other websites and apps. These adverts will be based on information we hold about you about your previous use of BMJ Group sites (for example, your BMJ Group search history, the content you accessed and the adverts you clicked on).
Certain BMJ Group websites (The BMJ and JNNP) are members of the DMD Healthcare Communications Network (the “HCN”). HCN is owned and managed by DMD Marketing Corp (“DMD”) and is designed to enable DMD and HCN members to provide medically relevant business communications to authenticated health care professionals
For healthcare workers based in the USA who have consented to the use of cookies and similar technologies, your use of these websites includes registration in the HCN. As a result, your contact and other professionally relevant information will be disclosed to DMD and each HCN member, to provide you medically relevant content as described in the HCN privacy policy available at https://HCN.health/privacy-policy. The HCN privacy policy provides details on how to manage your information, including opting out of participation in the HCN.
DMD can use the data collected to understand whether you have accessed content on other sites in the HCN. DMD, HCN members, and customers who purchase information from DMD, can access the data DMD collects. DMD may pass data to other countries.
To the extent that BMJ’s privacy policy conflicts with the HCN privacy policy, with respect to the use of your information by HCN, the conflict will be resolved in favour of the HCN policy.
While BMJ Group works with DMD, it does not have any direct control over DMD’s processing, and questions about DMD’s processing should be directed to DMD in the first instance.
International transfers of personal data
BMJ Group will, in limited circumstances, disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside of the UK and the European Economic Area. For example, we will transfer data to our data storage providers and also to platforms that host our journals. In these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission). If you wish to obtain a copy of the standard clauses we use, please contact us;
- the European Commission determines that the country or territory to which the transfer is made ensures an adequate level of protection (Article 45 GDPR);
- the transfer is already permitted under applicable law (for example, where the transfer is necessary for the performance of a contract).
How long we retain your information
We retain your data for as long as is required to provide our products and services to you or is necessary for our legal purposes or our legitimate interests. In particular, we generally retain data in relation to:
Cookies: | Thirty (30) days. |
Telephone call recordings: | Twelve (12) months. |
Marketing: | Until you ‘unsubscribe’ or otherwise inform us that you no longer wish to hear from us (but your preference may be retained on our suppression list to ensure that you no longer receive this type of communication from us). |
Data stored in your author / reviewer / patient reviewer profile: | Three (3) years. |
Published articles and reviews: | Indefinitely. |
Unpublished articles and reviews: | Three (3) months from the decision not to publish. |
Please be aware that where your article or review is published, any personal data you have disclosed in that article or review will be available on our website and the public domain. As such, any personal data disclosed in your article or review may no longer be within our control and consequently may remain available in the public domain indefinitely
How your personal data is collected
BMJ Group collects your personal data from the following sources:
From you, when you
- register for an account for BMJ Careers on our website or app;
- subscribe to BMJ Careers email alerts;
- you use the BMJ Careers platform tools; (for example by uploading your CV or fill in your online profile);
- correspond with us or make enquiries via our website or app, email, post or telephone.
From third parties such as:
- those who operate or analyse your use of our website and apps.
We collect the following categories of personal data:
Identification and contact details
- biographical information such as your name, title and gender;
- the country in which you are working or studying;
- contact details such as your address, email address and phone number;
- log in details that you are assigned as part of registration; and
- your social media identifiers.
Professional
- your qualifications, professional experience and any other information you provide if you upload your CV or submit a job application;
- your job aspirations, profession and speciality when you create an account or register for email alerts;
Online and transactional
- information you provide in your communications with us;
- when you visit our website or use our apps we collect details of your Internet Protocol (IP) address, location (including institution), browser type and version, and operating system;
- details about how you use our website and apps including the content you accessed, any searches you conducted, your length of visit, login details, time and date of visit and what method you used to browse away from our website (for detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy
Legitimate interests
Your personal data will also be processed because it is necessary for BMJ’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- delivering any products and services which you have purchased;
- to create and administer your account;
- to enable you to use BMJ Careers’ online tools;
- to share a job application you have submitted with prospective employers and recruiters;
- to match you with prospective employers and recruiters who we believe meet the parameters indicated in your profile;
- marketing BMJ Group and its products and services (including third party products and services) online, or by post, telephone, SMS, social media and email (except where we provide material under contract, or in situations where it is required or appropriate to seek your consent);
- processing technical information about your use of our products and services to ensure that content(including advertising) is presented in the most effective and relevant manner, to allow you to use interactive features of our products and to operate our business (and ensuring that we do not advertise medical products or services that are not licensed in your country);
- recording calls to our call centres for staff training and quality assurance purposes (including for the purposes of establishing the existence of facts in connection to the content of a call);
- processing (and replying to) enquiries, complaints, surveys, feedback forms and to analyse our services;
- consulting our professional advisers where it is necessary for us to obtain their advice or assistance.
In this respect, in addition to those parties named above, we will provide your data to the following:
- our platform providers, who host our website and apps.
- direct marketing providers;
- BMA and other third parties for marketing purposes (apart from where it is required or appropriate for us to have your consent to share your information for this purpose).
BMJ Group’s legal obligations
Your personal data will also be processed by BMJ Group for compliance with its legal and regulatory obligations. For example:
- for the detection and prevention of crime and in order to assist the police and other competent authorities with investigations.
- to comply with tax legislation and subject access requests of others; and
- to comply with any legal regulatory obligations to which we are, or may become, subject
In this respect, we may in specific circumstances need to share your personal data with the police and other law enforcement agencies and HMRC. Your personal data may also be shared with BMJ’s internal and external auditors, insurers financial, and legal advisors for the purpose of enabling BMJ Group to comply with its financial and legal obligations.
Profiling and automated decision making
We may use personal characteristics such as age, gender, geographical location, role, your expressed interests and medical conditions, your previous interactions with BMJ Group to understand, and where appropriate, target our communications to a specific audience.
BMJ Group also uses a range of advertising technologies like pixels, ad tags, cookies and mobile identifiers as well as specific services used by some websites and social media networks, such as Facebook, to present BMJ Group adverts to you when you are on other websites and apps. These adverts will be based on information we hold about you about your previous use of BMJ Group sites (for example, your BMJ Group search history, the content you accessed and the adverts you clicked on).
Certain BMJ Group websites (The BMJ and JNNP) are members of the DMD Healthcare Communications Network (the “HCN”). HCN is owned and managed by DMD Marketing Corp (“DMD”) and is designed to enable DMD and HCN members to provide medically relevant business communications to authenticated health care professionals.
For healthcare workers based in the USA who have consented to the use of cookies and similar technologies, your use of these websites includes registration in the HCN. As a result, your contact and other professionally relevant information will be disclosed to DMD and each HCN member, to provide you medically relevant content as described in the HCN privacy policy available at https://HCN.health/privacy-policy. The HCN privacy policy provides details on how to manage your information, including opting out of participation in the HCN.
DMD can use the data collected to understand whether you have accessed content on other sites in the HCN. DMD, HCN members, and customers who purchase information from DMD, can access the data DMD collects. DMD may pass data to other countries.
To the extent that BMJ’s privacy policy conflicts with the HCN privacy policy, with respect to the use of your information by HCN, the conflict will be resolved in favour of the HCN policy.
While BMJ Group works with DMD, it does not have any direct control over DMD’s processing, and questions about DMD’s processing should be directed to DMD in the first instance.
International transfers of data
BMJ Group uses Google Analytics who will transfer information gained from our use of cookies to its storage centres in the USA. In these circumstances, your personal data will only be transferred under using the standard contractual clauses in accordance with Article 42 GDPR.
How long we retain your information
We retain your data for as long as is required to provide our products and services to you; for the purpose it was collected; to meet our legal obligations; or, for our legitimate interests. In particular, we generally retain data in relation to:
Your profile (including any CV uploaded): | 3 years following your last interaction with BMJ Careers |
Cookies: | Thirty (30) days |
Telephone call recordings: | Twelve (12) months |
Marketing: | Until you ‘unsubscribe’ or otherwise inform us that you no longer wish to hear from us (but your preference may be retained on our suppression list to ensure that you no longer receive this type of communication from us). |
Your rights under data protection legislation
- To receive a copy of, the personal data we hold about you;
- To object to how or why we collect and use your personal data;
- To ask us not to use your data for direct marketing
- To ask us to erase your personal data;
- To request that we restrict our data processing activities in relation to your personal data;
- To provide, in a machine-readable format the data you have provided to us, (either directly or generated by your use of BMJ Group products and services). You can ask us to send this to you or to send it directly to another organisation;
- To ask us to correct the personal data we hold about you if it is incorrect; and
- To ask us to ensure that any automated decision we make (which would have a significant effect on you) be reviewed by a human being.
However, Please note that these rights are not absolute, and we can refuse your request in certain situations where an exception applies.
If you would like to make a request please contact our Customer Services team, and they will record the immediate information we need Your request will then be followed up by our Data Protection Lead who may contact you directly if we need further information from you in relation to your request.
If you are not satisfied with how your personal data is used by BMJ Group you can make a complaint to the Information Commissioner (www.ico.org.uk).
v.08 April 2019 (www.ico.org.uk).
Your rights under the California Consumer Privacy Act (CCPA) If you are a resident of the US state of California, you have the right to request that we disclose to you the following information covering the 12 months preceding your request:
- the categories of personal information we have collected about you;
- the categories of sources from which we have collected your personal information;
- the specific pieces of personal information we collected about you;
- the business or commercial purpose for collecting personal information about you; and
- the categories of personal information about you that we shared or disclosed about you for a business purpose.
You also have the right to request that we delete the personal information we have collected from you.
BMJ Group does not sell personal information to third parties within the scope of the application of the CCPA.
BMJ Group’s EU representative for data protection
Wherever you are in the world, you can get in touch with BMJ Group in the first instance through our email address: [email protected]. However, in accordance with the requirements of the GDPR (Article 27), BMJ Group has a data protection representative in the EU:
activeMind.legal Rechtsanwaltsgesellschaft m.b.H.
Geschäftsführer: RA Klaus Foitzick
Kurfürstendamm 56
10707 Berlin
HRB 185355 Amtsgericht München
Email: [email protected]
Tel: +49 (0) 30 / 770191070
Web: www.activemind.legal