Last updated: August 14, 2023.
WHO WE ARE
MD Analytics provides industry-leading healthcare and pharmaceutical marketing research, supported by our proprietary panel of healthcare professionals. We developed our platform and services to achieve larger sample sizes and increased accuracy with surveys conducted in accordance with market dynamics and industry codes of conduct. Our goal is to deliver intuitive visual story-based reporting based on the best research data.
MD Analytics operates in Canada and the United States, incorporated as MD Analytics ULC, based in Vancouver, Canada, and MD Analytics (WA) Inc. based in Marysville, Washington, USA. Established in 2003, our proprietary healthcare professionals panel is managed within North America. Our panelists include primary care physicians, medical specialists, pharmacy professionals, physician assistants, nurses, and other healthcare professionals. We also survey individuals representing a variety of health issues, providing valuable market research data by geographical location, age bracket, and other significant factors. We operate the MD Analytics website located at https://www.mdanalytics.com/, our related online survey and study platform powered by third-party software, and related research and other services and business activities (collectively referred to as “Services”).
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. Under specific laws, Personal Information may include any information relating to a household. Personal Information does not include publicly available information from government records or de-identified or aggregated consumer information.
“De-identified data” or “de-identified information” means information that cannot reasonably be linked to an identified or identifiable natural person or a device linked to such person. MD Analytics takes reasonable measures to ensure that de-identified information cannot be associated with a natural person and where use of de-identified information is used as specified herein, MD Analytics does not attempt to re-identify the data.
PERSONAL INFORMATION WE PROCESS
We process Personal Information that you actively submit to us, that we automatically collect through your use of our Services, and that we collect from third-party sources. We may process your Personal Information with or without automatic means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of your Personal Information. We will not collect Personal Information indiscriminately and will limit our collection of your Personal Information to what is reasonably necessary to provide our Services and/or as authorized by law.
Personal Information that you actively submit to us.
We collect Personal Information that you actively submit to us when you register an account with us, participate in surveys, interviews, and focus groups, subscribe to email services, contact us, request or provide business services, interact with us through social media, or send us feedback. This information includes:
- Identifiers such as a real name, alias, postal address, email address, unique personal or online identifier, Internet Protocol address, account name;
- Education, employment status, medical information;
- Race, religion, gender identity, marital status, medical conditions, ethnicity, disability, age; and
- Professional or employment-related information.
More specific examples and the categories of sources of the information are provided below. You will know when we collect your Personal Information because we will directly ask you for the information. We will require certain Personal Information for you to use our Services or for us to be able to contact you. There may also be circumstances where providing Personal Information is optional and does not impact your access to Services.
Your Account. When you register as a panelist, either as a healthcare professional or as an individual participant, we ask you to provide your name, email, and password, and to select whether you prefer the language be set to English or French. For professionals joining the professional panels, we gather key information regarding your profession, employment, and experience. For individuals joining our consumer health ailment panels, we gather key information from you, including your mailing address, residential city and postcode, gender, employment status, marital status, income, ethnicity, religion, gender, health issue diagnosis, and status of medical treatment. Some of the questions are optional. If you have an MD Analytics account, we rely upon you to keep your information up to date. You may edit your profile information at any time through your account settings.
Participation in Surveys, Interviews, and Focus Groups. Participants will provide information specific to the market research being conducted, including in the form of online surveys, telephone interviews, focus groups, opinions, and general feedback. Where applicable, payment is made in the form of a cheque and is sent to the address on file.
Email Subscriptions. Members have an option to subscribe to email communications of interest and can opt-in to the following:
- Latest topical data findings and company news.
Contact Us / Request More Information. We provide an online form for users to contact us or submit their requests for more information. We collect your name, email address, company, request type, and a description of the request. We also provide a phone number or an option to write to us directly.
Social Media. We invite users to join us on social media, through platforms like Twitter, LinkedIn, and Facebook, with links available directly from the MD Analytics website.
Personal Information we automatically collect through your use of the Services.
We receive some Personal Information automatically when you visit the MD Analytics website or access our Services. This includes internet or other electronic network activity information, including browsing history, search history, and information regarding your interaction with an internet website or advertisement, and information about the device, browser, and operating system you use when accessing our Services, your IP address, the website that referred you, which pages you request and visit, and the date and time of each request you make.
Personal Information of minors.
The Services are not intended for users younger than 13. We do not actively collect or otherwise process Personal Information from users under the age of 13. If we become aware that an individual under the age of 13 has submitted Personal Information without verifiable parental consent, we will delete his or her information from our files. If you believe we might have any information from or about a child under the age of 13, please contact our Privacy Officer using the contact information listed at the end of this Policy.
COOKIES AND SIMILAR TRACKING TECHNOLOGIES
Regarding consent, we will obtain your consent to collect, use, or disclose Personal Information except where we are authorized or required by law to do so without consent, e.g., Information is publicly available, obtaining legal advice, and investigations. Your consent in some jurisdictions can be express, implied, or given through an authorized representative such as a lawyer, agent, or broker. It can also be given verbally, in writing, electronically, through inaction upon notice, or otherwise. You may withdraw consent at any time (subject to legal, contractual, and other restrictions) if you give reasonable notice to us. After we have received such notice, we will inform you of the likely consequences of withdrawing consent, which may include our inability to provide certain services to you or to continue our relationship with you.
HOW WE USE YOUR PERSONAL INFORMATION
We use your Personal Information we collect for one or more of the following purposes:
- for our business purposes, including payments, employee training, data analysis, security monitoring, auditing, research;
- to operate our Services;
- fulfill our contractual obligations in our service contracts with customers;
- to analyze the use of the Services in order to understand how we can improve our content and service offerings and products;
- authenticating your identity and confirming your credentials;
- determining your eligibility to participate in surveys;
- contacting you to participate in surveys, interviews, and focus groups;
- clarifying your responses to surveys;
- determining your eligibility for prizes;
- providing and administering requested products and services to you;
- protecting MD Analytics, yourself and others from fraud and error;
- managing or transferring MD Analytics’ assets or liabilities, for example in the case of an acquisition or merger, the provision of security for a credit facility or the change of a supplier;
- for administrative and other business purposes;
- to fulfill any other purpose for which you provide it;
- to comply with applicable laws, exercise legal rights, and meet tax and other regulatory requirements; and
- for any other purpose with your consent.
In this context, the legal basis for our processing of your Personal Information is either the necessity to perform contractual and other obligations, our legitimate business interest as a provider of market research services, regulatory requirements, or in some instances your explicit consent.
DISCLOSURE OF PERSONAL INFORMATION
We may share your Personal Information in the following circumstances:
Our Customers. We disclose aggregate survey responses with our customers; we do not disclose personally identifiable information about you to our customers without prior written consent (unless we are required or authorized to do so by law).
Service Providers. We may share information we collect about you with third-party service providers to perform tasks on our behalf in supporting the Services. The types of service providers, or sub-processors, to whom we entrust Personal Information include: (i) payment providers; (ii) providers of hosting services; (iii) sales and marketing providers; (iv) providers of analytic data services; and (v) other services such as system support.
Governing Bodies. We may disclose your Personal Information to governing bodies such as colleges of physicians and surgeons.
Regulatory Bodies, Government Departments, Agencies, and Law Enforcement. We may access and disclose your Personal Information to regulatory bodies if we have a good-faith belief that doing so is required under applicable law or regulation. This may include submitting Personal Information required by tax authorities. We may disclose your Personal Information in response to lawful requests by public authorities or law enforcement, including to meet national security or law enforcement requirements. If we are going to release your Personal Information in this instance, our policy is to provide you with notice unless we are prohibited from doing so by law or court order.
Other Disclosures. We may also disclose your Personal Information to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the Services, of any individuals, or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations. Disclosures may be made to courts of law, attorneys, and law enforcement, or other relevant third parties in order to meet these purposes.
Please note that we share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling, and other similar purposes. In addition, our Services may contain links to other websites not controlled by us, and these other websites may reference or link to our Services; we encourage you to read the privacy policies applicable to these other websites.
Additionally, we may disclose Personal Information for any other purpose disclosed by us when you provide the information or with your consent.
The categories of Personal Information we may disclose, and in the preceding twelve (12) months, have disclosed for a business purpose, includes:
- Identifiers such as a real name, alias, postal address, email address, unique personal or online identifier, Internet Protocol address, account name;
- Education, employment status, medical information
- Race, religion, gender identity, marital status, medical conditions, ethnicity, disability, age;
- Internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with an internet website, or advertisement; and
- Professional or employment-related information
We DO NOT sell Personal Information.
RETENTION OF PERSONAL INFORMATION
MD Analytics retains Personal Information for a reasonable time period to fulfill the processing purposes mentioned above. Personal Information is then archived for time periods required or necessitated by law or legal considerations. When archival is no longer required, Personal Information is deleted from our records. We will keep Personal Information used to make a decision affecting you for at least one year after using it to make the decision.
We retain your account information, including Personal Information in your profile, while your account is active. After termination or deactivation of your account, we delete your account as part of our standard delete function. If you participated in market research, your contribution becomes part of the market data is retained indefinitely, with data anonymized and aggregated.
We will destroy, erase, or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that: (a) the original purpose is no longer being served by retention of the information, and (b) retention is no longer necessary for legal or business purposes. Please note we may retain information within our internal systems for backup, archival, audit, or other purposes.
We retain Personal Information that we are required to retain to meet our regulatory obligations including tax records and transaction history. We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policies.
PROTECTION OF PERSONAL INFORMATION
MD Analytics protects the Personal Information in its custody or control by making reasonable security arrangements to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. MD Analytics will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of Personal Information protection is implemented by its suppliers and agents who assist in providing products and services to you. Some specific safeguards include:
- physical measures such as locked filing cabinets;
- organizational measures such as restricting access to files and databases as appropriate; and
- electronic measures such as encryption, passwords, and firewalls.
We will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of Personal Information protection is implemented by the suppliers and others whom we ask to assist in providing services to you and us. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems. Please be aware that despite our best efforts to ensure the security of your data, we cannot guarantee that your information will be 100% secure. Note that confidentiality and security are not assured when information is transmitted through email or wireless communication.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. To do so, contact our Privacy Officer using the contact information listed at the end of this Policy. Only you, or someone legally authorized to act on your behalf, may make a request to know related to your Personal Information. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Once we receive your request and confirm your identity, we will disclose to you:
- the categories of Personal Information we collected about you;
- the categories of sources for the Personal Information we collected about you;
- our business or commercial purpose for collecting or sharing that Personal Information;
- the categories of third parties with whom we share that Personal Information; and
- the specific pieces of Personal Information we collected about you.
Right to Delete
You have the right to request that we delete any of your Personal Information that we collect from you and retained, subject to certain exceptions. To do so, contact our Privacy Officer using the contact information listed at the end of this Policy. Only you, or someone legally authorized to act on your behalf, may make a request to delete related to your Personal Information. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Accessing and Correcting Your Information
You may contact our Privacy Officer using the contact information at the end of this Policy to request access to, correct or delete any Personal Information that you have provided to us. If you demonstrate the inaccuracy or incompleteness of the Personal Information, MD Analytics will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed. When a challenge regarding the accuracy of Personal Information is not resolved to your satisfaction, MD Analytics will annotate the Personal Information under its control with a note that a correction was requested but not made.
Response Timing and Format
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If MD Analytics denies your request invoking your rights as described more fully above, you have the right to appeal our decision within a reasonable period of time after receipt of our initial decision. We will inform you in writing, within 45 days of receipt of an appeal, of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. To exercise your right to appeal described above, please submit an authenticated consumer appeal request to our Privacy Officer using the contact information listed at the end of this Policy.
If you believe a business, service provider, third-party, or contractor has violated the CCPA, you can submit a complaint by visiting www.cppa.ca.gov/webapplications/complaint.You can also file a paper complaint by printing and filling out this form and mailing the complaint to:
California Privacy Protection Agency
Attn: Consumer Complaint Unit
2101 Arena Blvd,
Sacramento, CA 95834.
If you submit an appeal to MD Analytics as outlined above and your appeal is denied, or you believe your rights under the Virginia Consumer Data Protection Act have been violated, you may contact the Attorney General to submit a complaint:
202 North 9th Street
Richmond, Virginia 23219
For additional information on how to file a complaint, visit the website of the Office of the Attorney General: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint. For further assistance, you can call the Consumer Protection Hotline at 1-800-552-9963 if calling from Virginia, or (804) 786-2042 if calling from the Richmond area or from outside Virginia.
If you submit an appeal to MD Analytics as outlined above and your appeal is denied, or if you believe your rights under the Colorado Privacy Act have been violated, you may contact the Attorney General to submit a complaint:
Office of the Attorney General
Colorado Department of Law
Ralph L. Carr Judicial Building
1300 Broadway, 10th Floor
Denver, CO 80203
For additional information on how to file a complaint, visit the website of the Office of the Attorney General: https://coag.gov/file-complaint/
If you submit an appeal to MD Analytics as outlined above and your appeal is denied, or you believe your rights under the Connecticut Data Privacy Act have been violated, you may contact the Attorney General to submit a complaint:
Office of the Attorney General
165 Capitol Avenue
Hartford, CT 06106
For additional information on how to file a complaint, visit the website of the Office of the Attorney General: https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Promotional Offers from the Company. If you do not wish to have your email address/contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by contacting our Privacy Officer using the contact information listed at the end of this Policy. For email subscriptions, you may opt-out at any time by selecting the “Unsubscribe” link at the end of the email communication. Similarly, for email communication of a marketing nature, we provide the ability for you to unsubscribe directly from the email.
We will not discriminate against you for exercising any of your rights under this Policy or law.
CANADIAN PRIVACY RIGHTS
The Personal Information of residents of Canada are generally subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) except that the Personal Information of residents of Alberta, British Columbia or Quebec are subject to the laws of their province instead of PIPEDA. The Personal Information laws of Alberta, British Columbia and Quebec have been deemed by Canadian government officials as substantially similar to PIPEDA. Personal Information of Canadian residents that qualifies as “personal health information” is governed by applicable provincial health care laws that are not deemed substantially similar to PIPEDA. Such laws not deemed substantially similar to PIPEDA include those governing personal health information in the provinces of Ontario, New Brunswick, Nova Scotia and Newfoundland and Labrador.
CROSS-BORDER DATA TRANSFERS
Personal Information collected on our websites and services, or received by MD Analytics from you or third parties, may be stored and processed in the United States, Canada, or any other country where we or our service providers maintain facilities.
While in either jurisdiction, data may be subject to lawful access requests by the authorities in that jurisdiction.
EFFECTIVE DATE AND AMENDMENTS
MD Analytics’ Privacy Officer:
Inquiries may be made through any of the following means:
Privacy Officer: Meeta Nordahl
Online Form: https://www.mdanalytics.com/contact-us/
Phone: 604-633-1927, ext. 1513
Toll Free: 1-866-617-0741
Attention: Meeta Nordahl
555 Burrard Street, 1st Floor,
Vancouver, BC V7X 1M8