MMG GDPR Privacy Policy

Updated:  January 2021

We at Matthews Media Group Inc (MMG) (“we”, “us” or “our”) respect your privacy.

This privacy policy (“Policy”) is intended to meet the requirements of the Regulation (EU) 2016/79 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as “GDPR”).

Who Processes Your Personal Data

This Policy applies to the processing of personal data by Matthews Media Group Inc (MMG).

For the purpose of this Policy and the GDPR, to the extent the above entity processes your personal data in connection with use cases identified in this Policy, it will be considered a “data controller” of your personal data.

Purpose of This Policy

This Policy explains our approach to any personal data that we might collect from you using this website (the “Site”) and any personal data about you we might collect/process in other situations or interactions with us, and the purposes for which we process your personal data.

This Policy also sets out your rights in respect of our processing of your personal data.

This Policy will inform you of the nature of the personal data about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it or otherwise object to our processing of it for a specific purpose. This Policy is intended to assist you in making informed decisions when using the Site or otherwise providing personal data to us or in other situations where we may process your personal data.

Type of Personal Data We Collect/Process

When we talk about personal data we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance. Categories of personal data we may collect and process about you include:

  • Contact information (e.g. name, physical address, telephone number, email address)
  • Age
  • Gender
  • Health information
  • Health interests
  • Other information pertinent to the needs of the research studies, application, or service
  • Information for hiring and human resources (e.g. employment and education history, work eligibility status, date of birth, financial account information, government-issued identification information), and
  • Any additional information you submit to us.

For more information about the personal data we collect please refer to the How We Use Personal Data section below and the Cookie Policy section.

How We Use Personal Data

We may collect and receive your personal information for various purposes using different methods. These include:

  • • Clinical trial recruitment
  • We collect and store personal information which allows us to determine if there are clinical studies or health-related news and information that match your areas of medical interest.
  • Our legal basis for processing data for clinical trial recruitment is consent. You provide this information to us when you complete our questionnaires/screeners. You will be asked to give your consent when we collect this information.
  • Where you have been identified as possibly being eligible for a clinical trial, your contact information is shared with the clinical site conducting the clinical trial for which you have been identified as a possible participant.
  • • Clinical trial management
  • We collect and store contact information of research center staff and other study personnel so that we may contact them for the purposes of providing recruitment and retention support, and for shipping materials to them.
  • It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure that we provide the services requested by our clients.
  • We may share this personal data with our clients, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in the Sharing Your Personal Data section below in connection with this purpose.
  • • Business administration and legal compliance
  • We may use an individual's personal data for the following business administration and legal compliance purposes:
    • to facilitate the operation or effective management of our group of businesses;
    • to comply with our legal obligations;
    • to enforce or protect our legal rights;
    • to deal with complaints;
    • to protect the rights of third parties (including where health or security of an individual is endangered, e.g. a fire); and
    • in connection with a business transition or sale such as a merger, reorganization, acquisition by another company, or sale of all or a portion of our assets.
  • Where we use personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we will rely on our obligation to comply with law, such as a court order, to process such personal data.
  • We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with the individual’s explicit consent.
  • We may share personal data with our clients, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in the Sharing Your Personal Data section below in connection with this purpose.
  • • Personal information you provide to us
  • You may give us your personal information directly. This will be the case when, for example, you contact us with enquiries or provide feedback to us otherwise through your interactions with us.
  • We will process your personal information where there is a legitimate interest in us doing so.
  • We may share this personal data with our clients, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in the Sharing Your Personal Data section below in connection with this purpose.
  • • Personal information we collect from you automatically
  • When you access and use our Site, we will automatically collect certain technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies (see Cookie Policy section below).
  • It is in our legitimate interest to collect information from visitors to our website to help us improve our services and enhance your interaction with our Site.
  • We may share this personal data with our third party vendors or professional advisers or such other third parties as indicated in the Sharing Your Personal Data section below in connection with this purpose.
  • • Personal information we receive from third parties
  • From time to time, we may receive personal information about you from third parties. Such third parties may include research centers, analytics providers, payment providers, hotel and transport providers and third parties that provide technical services to us so that we can operate our Site and provide our services.
  • Where we receive personal data from third parties it is in our legitimate interest to process this data in order to provide services to our clients or to improve our services.
  • We may share this personal data with our clients, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in the Sharing Your Personal Data section below in connection with this purpose.

Sharing Your Personal Data

We may share your personal information with our agents, partners, clients or contractors or professional advisers or government or regulatory bodies for the following purposes: (a) provide our services to clients or otherwise receive assistance in processing transactions; (b) fulfillment of requests for information, receiving and sending communications, analyzing data; (c) provision of IT and other support or internal administrative business services; or (d) assistance in other ancillary to the operation of tasks, from time to time. Our agents, partners and contractors will only use your information to the extent necessary to perform their functions.

We will not sell your personal data to other companies and we will not share it with other companies for them to use without your consent, except in the circumstances listed above or in connection with the sale or merger of MMG or the division or office responsible for the services.

Please note, the types of third parties we share your personal data with set out above is non-exhaustive and there may be circumstances where we need to share personal information with other third parties in order to operate our Site and to provide our services. We will notify you of any other circumstances where we would share your information on a case by case basis.

Obtaining Your Consent

Where our use of your personal data requires your consent, you can provide such consent: at the time that we collect your personal data following the instructions provided; or by informing us by e-mail, post or phone using the contact details set out in this Policy.

Please note that if you specifically consent to additional uses of your personal data, we may use your personal data in a manner consistent with that consent.

Personal Data of Children

We do not intend to or knowingly collect personal information from children.

For clinical studies conducted within the United States, we do not allow persons younger than 18 to provide information about themselves. We require a parent or a caregiver to answer screening questions for them and act as the primary contact. We collect parent/caregiver contact information in addition to the name of the person younger than 18. This information is also held in accordance with this Policy.

Trials conducted outside of the United States in the field of pediatrics will be managed in accordance with those laws and policies of the specific country involved and with approval from the relevant review board.

Data Transfers Outside The EEA (European Economic Area) And The United Kingdom

We may transmit personal data outside of the EEA and the United Kingdom to certain categories of third parties (as listed above in How We Use Your Personal Data) and to our data center in Phoenix, Arizona, United States and our office in Rockville, Maryland, United States (“US”).

In particular when transferring your personal data outside the EEA or the United Kingdom, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; (2) where necessary we will use specific contracts approved by the European Commission referred to as “model clauses” which give personal data the same protection it has in Europe.

Compliance with The Privacy Shield

MMG is certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks developed by the U.S. Department of Commerce, and the European Commission and Swiss Federal Data Protection and Information Commissioner respectively, regarding the transfer of personal information from the EEA and United Kingdom to the U.S. Click here to view our EU/Swiss-U.S. Privacy Shield Privacy Policy. Please note that MMG no longer rely on the EU-U.S. Privacy Shield to transfer personal information to the U.S.

Confidentiality and Security of Your Personal Data

We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration.

To safeguard against unauthorized access to personal data by third parties outside our organization, all electronic personal data held by us is maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected from unauthorized personnel, fire detection and response systems. The location of these servers is known to a limited number of our employees.

We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:

  • unauthorized access;
  • improper use or disclosure;
  • unauthorized modification; and
  • unlawful destruction or accidental loss.

All of our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all users of our services.

Information regarding job applications is encrypted and transmitted in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the URL. Only employees or third parties who need the information to process a specific request are granted access to personally identifiable information.

Your Data Protection Rights

You have the following rights in relation to the personal data we hold about you under certain circumstances:

  • To obtain the confirmation that we process personal data about you, to access and obtain copies of the information, as well as information relating to the processing we carry out.
  • To request your personal data be corrected, where appropriate.
    • If personal data we hold about you is inaccurate or incomplete, you may request that data be amended. However, please be aware that it is every person’s responsibility to provide us with accurate personal data and to inform us of any changes (e.g. new home address or change of name).
  • To request your personal data be deleted, where appropriate.
    • If you demonstrate that the purpose for which the personal data is being processed is no longer legal or appropriate, the data will be deleted, unless we can demonstrate that we are required to retain the personal data by applicable law or otherwise.
    • If we have shared your personal data with others, we will let them know about the deletion where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
  • To request that we restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the personal data, while we investigate your concern.
    • It will not prevent us from storing your personal information.
    • We will tell you before we lift any restriction.
    • If we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
    • If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
  • Where processing is based on your consent, to receive your personal data in a commonly used electronic format, or ask that we move your personal data in that format to another provider, where your request relates to the personal data that you gave us directly and where technically possible.
  • To object to your personal data being processed where we are relying on ours or a third party’s legitimate interest to do so or for the purpose of direct marketing.
  • To withdraw your consent at any time when processing relies upon consent.
  • In France, to give us instructions concerning the use of your personal data after your death.

Data subjects may exercise these rights verbally or in writing using our contact information provided in the section below entitled Contact Details. We will endeavor to promptly respond to your requests. Where you ask us to provide a copy of your personal data we are legally obliged to respond within one month of such request. If your request is denied, we will inform you about the reasons for denial.

Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

Opt Out and Unwanted Communications

To opt-out of any future promotional or marketing communications or any other commercial communications from us, send a request to us at the contact information in the section entitled Contact Details.

Enforcement Rights and Mechanisms

We will ensure that this Policy is observed and duly implemented. Violations of the applicable data protection legislation in the EEA or the United Kingdom may lead to penalties and/or claims for damages. If at any time you believe that your personal data has been processed in violation of this Policy, or if you have any inquiries or complaints about the use or limitation of use of your personal data, you may contact the relevant individuals in the Contact Details section.

Please note that if you have a complaint about our privacy practices, you may contact your local EU Data Protection Authority (“DPA”). We are committed to cooperating with DPAs and to comply with their dispute resolution procedures in cases of complaints. We are also committed to complying with any regulations or guidelines that DPAs may issue from time to time in accordance with EEA, United Kingdom and Member State data protection legislation.

We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Third Party Links and Services

This Site contains links to third party websites and services. Please remember that when you use a link to go from our Site to another website or you request a service from a third party, this Policy no longer applies to these third-party websites and third-party service providers unless we are acting as joint controllers in respect of your personal data with such third party.

Your browsing and interaction on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties.

This Site may integrate with social networking services. You understand that we do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Site, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.

We use cookies and similar technologies to collect personal information from the computer or other device you use to access the Site. “Cookies” are pieces of information that may be placed on your device for the purpose of collecting data to facilitate and enhance your communication and interaction with our Site.

  • We use session cookies to gather data for technical purposes, such as improving navigation through our website and generating statistics about how the website is used. Session cookies are temporary text files that expire when you leave a website. When cookies expire, they are automatically deleted from your computer.
  • We use persistent cookies to gather aggregate statistics about website usage. Persistent cookies are cookies that are stored over more than a single session on your computer. We use persistent cookies to collect personal information such as IP address, and we do not share data collected from persistent cookies.

You can review your Internet browser settings to exercise choices you have for certain cookies. If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Site.

How Long Do We Keep Your Personal Data?

We retain personal data only for as long as is necessary for the purposes described in this Policy, after which it is deleted from our systems.

Modifications to The Policy

We reserve the right to modify this Policy as needed, for example, to comply with changes in laws, regulations or requirements introduced by DPAs. Changes must be approved by our privacy points of contact, the office of the corporate legal department, or their designees who will seek input as they reasonably deem appropriate from corporate executives for the amended Policy to enter into force. If we make changes to the Policy, this amended Policy will be submitted for renewed approval according to the relevant applicable provisions of the law. We will inform data subjects of any material changes in the Policy. We will post all changes to the Policy on relevant internal and external websites.

Effective with the implementation of this Policy, all existing and applicable EU company privacy guidelines relating to the collection and/or processing of personal data will, where in conflict, be superseded by the terms of this Policy. No other internal policy that conflicts with this Policy shall be applicable with respect to the protection of personal data handled by us in the EU. We encourage you to review this Policy periodically to be informed of how we use your personal data.

Contact Details

For questions or concerns about this Policy, or to ask questions or express concerns about our collection, management and processing of personal data, or to exercise your rights, you may contact us by:

  • clicking the "Send email to MMG Privacy" button at the bottom of the EU/Swiss-U.S. Privacy Shield page; or
  • sending a letter to:
    • MMG
    • Attn: Catherine Clarke, SVP Finance
    • 700 King Farm Blvd
    • Suite 500
    • Rockville, MD 20850
    • USA