HOW WE USE PERSONAL DATA
Our primary goals in collecting personal data from you are to:
- verify your identity;
- provide our services to clients;
- help us improve our Site, products and services and develop and market new products and services;
- carry out requests made by you to us;
- investigate or settle inquiries or disputes;
- comply with any applicable law, court order, other judicial process, or the requirements of a regulator;
- enforce our agreements with you;
- protect the rights, property or safety of us or third parties, including our other clients and users of the Site;
- provide support for the provision of our services;
- carry out recruitment activities; and
- use as otherwise required or permitted by law.
We set out in more detail below the specific ways in which we may use your personal data
Client administration.
We may collect personal data about our client and potential client contacts to enable us to respond to client requests, to administer client accounts with us, to conduct credit checks (if permitted by applicable law), and to verify and carry out financial transactions for payments made to us.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the services requested by our clients in an effective and efficient way.
Who do we share personal data with for this purpose?
We may share such personal data with our third party vendors (such as our payment service providers or IT providers), financial institutions, group companies, affiliates, professional advisors, regulatory bodies or other law enforcers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Informational inquiries.
We may collect information for requests for information about our company. We may also provide you with the opportunity to sign up for newsletters or to receive copies of blogs and other information that we make available. Contact information may be requested in each case, together with details of other personal information that is relevant to these inquiries. This information is used in order to enable us to respond to your requests
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the services requested by our clients in an effective and efficient way and that we provide the right information to those who request it.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, agents, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Surveys and voting.
We may collect personal data from individuals via surveys or voting polls for the purposes of obtaining feedback on our own or our clients’ products and surveys. Participation in such polls is voluntary and individuals will have the opportunity to decide whether or not to disclose personal data. Certain personal data such as contact details may be required to register to vote or to take part in a survey. We would only use that information to report the results of the survey or vote.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to provide the services requested by our clients in an effective and efficient way and to understand how our clients and their products are received in the market. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, survey partners or agents, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Industry information.
We may collect, and maintain databases containing, information about Healthcare Professionals, allied Healthcare Professionals, subject matter experts and other professionals in the medical communications, pharmaceutical, healthcare, or media industry collected by us or by our trusted third party service providers. Such information may include an individual’s name, business contact details, professional interests and affiliations. This information may be information that is voluntarily supplied to us by those individuals through our Site or in other situations (such as public speaking events), or information that is public or available in third party databases or via third party content platforms (including social media platforms). Further we may collect and/or review other publicly available media and other content including content made available through scientific literature, public news sites and social media sites to understand what people are saying about a particular therapeutic area, us and our clients. We use this information to inform the provision of our services to our clients. We may also use this information for our own internal administrative and promotional purposes.
We make efforts to minimize the use of this information to that which is strictly necessary for our legitimate business interests.
Our legal basis for processing
It is in our legitimate interests (or those of our client) to process personal data in this way so that we can provide the services requested by our clients in an effective and efficient way. Where the personal data collected is considered special personal data, we rely on the fact that the personal data has been manifestly made public by individual in order to process their personal data. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Social media.
We may collect or process individuals’ personal data who engage with us through our social media channels (including by visiting our social media pages or otherwise communicating with us via social media). We may also operate our client’s social media pages, accounts or channels acting on their behalf.
Our legal basis for processing
It is in our legitimate interests to process personal data in this way so that we can market ourselves and engage with the public. Where we carry out this activity on behalf of our clients as a data processor we do not require a legal basis for such processing.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Insight and analysis.
We may analyse individuals’ contact details with other personal data that we observe about them from their interactions with our Site, our email communications and/or with our services.
We may use log files and other tracking technologies to collect personal data from the computer hardware and software used to access the Sites, or from mobile devices. This may include an IP address to monitor Site traffic and volume.
This information is used to create insights about our visitors’ browsing habits on our Site
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of features and functionalities our visitors like to see.
We also use this information for marketing purposes (see the MARKETING COMMUNICATIONS section below for further details).
Our legal basis for processing
We will only use non-essential tracking technologies on devices with user consent. It is in our legitimate interest to process any personal data collected via the tracking technology to ensure that we can improve our services and tailor our marketing.
Who do we share personal data with for this purpose?
We may share such personal data with our group companies, affiliates, third party vendors (such as our analytics providers or other IT providers) or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Marketing communications.
We may carry out marketing activities using an individual’s personal data. In particular, we may use personal data to form a view on what we think the individual may want or need, or what may be of interest to the individual. We may use that information to provide individuals with marketing information about our events and services we feel may be of interest.
Our legal basis for processing
We rely on our legitimate interest to process personal data in this way for marketing purposes (except where consent is required by local law in which case we will obtain consent).
We also provide individuals with opt out choices regarding personal data uses, particularly around marketing and advertising. To see how you can opt out of marketing communications, please see the section entitled OPT OUT AND UNWANTED COMMUNICATIONS.
Please note if a third party asks us to share personal data so that they can send electronic marketing communications to particular individuals, we will obtain the relevant individual’s consent prior to sharing the personal data for such purpose.
Who do we share personal data with for this purpose?
We may share your data with our group companies, affiliates, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Receipt of services.
If we have engaged an organisation to provide us or our client with products or services (for example, IT support or financial advice), we will collect and process your personal data if you are a contact within the relevant organisation in order to manage our relationship or our clients with the organization, to receive products and services from the organisation and, where relevant, to provide our services to others including our clients.
Our legal basis for processing
It is necessary for us to use personal data in this way to perform our obligations in accordance with any contract that we may have with the organisation or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with the organisation and are able to provide our services to others in an effective way. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, partners, agents, third party vendors or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Recruitment
If individuals apply for a job with us or otherwise express an interest in working for us, we will collect contact details and CV or resume information from the individual. We use such personal data for the following purposes: a) to assess the individual’s suitability for any position for which they applied (or future positions for which we think the individual may be suitable) including employment or freelancer positions, summer placements or internships and also any business support or services role whether such application has been received by us online, via email or by hard copy or in person application; b) to take any steps necessary to enter into any contract of employment (or otherwise) with the individual; c) to comply with any regulatory or legal obligations in relation to any such application; and d) to review our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation.
What is our legal basis?
Where we use personal data in connection with recruitment and talent management it will be in connection with us entering into a legal contract with them or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment and talent management decisions for Omnicom Health Group or it is our legal obligation to use such personal data to comply with any legal obligations imposed upon us. We will not process any special data except where we are able to do so under applicable legislation or with the individual’s explicit consent.
Who do we share your data with for this purpose?
We may share such personal data with our group companies, affiliates, third party vendors or professional advisers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Visiting our premises
If an individual visits any of our premises we may collect contact information as part of our sign in process. We may also capture their image on our surveillance camera or CCTV.
Our legal basis for processing
It is in our legitimate interests to process personal data in this way for security reasons.
Who do we share your data with for this purpose?
We may share such personal with our clients, group companies, affiliates, recruitment partners or agents, third party vendors (such as our IT providers) or advisers or law enforcers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Business administration and legal compliance.
We may use an individual’s personal data for the following business administration and legal compliance purposes:
- to facilitate the operation or effective management of our group of businesses;
- to comply with our legal obligations (including our obligations under legislation transposing EU/2016/1148 concerning measures for a high common level of security of network and information systems across the EU (the “Network Information Security Directive”);
- to enforce or protect our legal rights;
- to deal with complaints;
- to protect the rights of third parties (including where health or security of an individual is endangered (e.g. a fire); and
- in connection with a business transition or sale such as a merger, re-organisation, acquisition by another company, or sale of all or a portion of our assets.
Our legal basis for processing
Where we use personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we will rely on our obligation to comply with law, such as a court order, to process such personal data.
We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with the individual’s explicit consent.
Who do we share personal data with for this purpose?
We may share personal data with our clients, group companies, affiliates, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
SHARING YOUR PERSONAL DATA
We may share your personal data with any of our group affiliates, or with our agents, partners, clients, contractors, professional advisors or government or regulatory bodies for the following purposes: (a) provide our services to clients or otherwise receive assistance in processing transactions; (b) fulfillment of requests for information, receiving and sending communications, updating marketing lists, analyzing data; (c) provision of IT and other support services; (d) to facilitate the operation and effective management of our group of businesses; (e) comply with a legal obligation or in connection with a legal claim or dispute or to otherwise protect our legal rights; (f) assistance in other ancillary to the operation of tasks, from time to time. Our agents, partners and contractors will use your personal data to the extent necessary to perform their functions. For more details about how we may share your personal data in connection with a particular use case, please refer to the relevant use case above
We will not sell your personal data to other companies and we will not share it with other companies for them to use without your consent, except in the circumstances listed above or in connection with the sale or merger of Omnicom Health Group or the division or office responsible for the services.
Please note, the types of third parties we share your personal data with set out above is non-exhaustive and there may be circumstances where we need to share personal information with other third parties in order to operate our Site and to provide our services. We will notify you of any other circumstances where we would share your information on a case by case basis.
OBTAINING YOUR CONSENT
Where our use of your personal data requires your consent, you can provide such consent:
- at the time that we collect your personal data following the instructions provided; or
- by informing us by e-mail, post or phone using the contact details set out in this Policy.
DATA TRANSFERS OUTSIDE THE EEA
We may transmit personal data outside the EEA to certain categories of third parties (as listed above in HOW WE USE YOUR PERSONAL DATA) and more specifically to: (1) our headquarters in New York, NY, United States (“US”); (2) our different offices in the US and other locations globally; (3) our affiliated entities in the US or in other locations globally.
In particular when transferring your personal data outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; (2) where we use certain service providers, we may use specific contracts approved by the European Commission referred to as the “model clauses” which give personal data the same protection it has in Europe; or (3) where we have partners or suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA
We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration.
To safeguard against unauthorized access to personal data by third parties outside our organization, all electronic personal data held by us is maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected from unauthorized personnel, fire detection and response systems. The location of these servers is known to a limited number of our employees.
We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:
- unauthorized access;
- improper use or disclosure;
- unauthorized modification; and
- unlawful destruction or accidental loss.
All of our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all users of our services.
Information regarding job applications is encrypted and transmitted in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the URL. Only employees or third parties who need the information to process a specific request are granted access to personally identifiable information.
YOUR DATA PROTECTION RIGHTS
You have the following rights in relation to the personal data we hold about you under certain circumstances:
- To obtain the confirmation that we process personal data about you, to access and obtain copies of the information, as well as information relating to the processing we carry out.
-
To request your personal data be corrected where appropriate.
-
If personal data we hold about you is inaccurate or incomplete, you may request that data be amended. However, please be aware that it is every person’s responsibility to provide us with accurate personal data and to inform us of any changes (e.g. new home address or change of name).
-
To request your personal data be deleted, where appropriate.
- If you demonstrate that the purpose for which the personal data is being processed is no longer legal or appropriate, the data will be deleted, unless we can demonstrate that we are required to retain the personal data by applicable law or otherwise.
- If we have shared your personal data with others, we will let them know about the deletion where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
-
To request that we restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the personal data, while we investigate your concern.
- It will not prevent us from storing your personal information.
- We will tell you before we lift any restriction.
- If we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
- If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly
- Where processing is based on your consent, to receive your personal data in a commonly used electronic format, or ask that we move your personal data in that format to another provider, where your request relates to the personal data that you gave us directly and where technically possible.
- To object to your personal data being processed where we are relying on ours or a third party’s legitimate interest to do so or for the purpose of direct marketing.
- To withdraw your consent at any time when processing relies upon consent.
- In France, to give us instructions concerning the use of your personal data after your death.
Data subjects may exercise these rights verbally or in writing using our contact information provided in the section below entitled CONTACT DETAILS. We will endeavour to promptly respond to your requests. Where you ask us to provide a copy of your personal data we are legally obliged to respond within one month of such request. If your request is denied, we will inform you about the reasons for denial.
Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.