Who are we?
Any reference to “BMJ”, "we", "us" and "our" is to BMJ Publishing Group Limited, except where the relevant service is provided by another BMJ group company, in which case references to we, us or our shall, in respect of those services, be references to that BMJ group company.
BMJ Publishing Group Limited (“BMJ”) is a company registered in England and Wales (registered number is 3102371) with registered office at BMJ, BMA House, Tavistock Square, London WC1H 9JR, UK
We are registered on the Data Protection Public Register. Our Data Protection Registration Number is Z7607533.
Any reference to “website(s)” or “site(s)” is to a website owned or controlled by BMJ Publishing Group Limited.
Any reference to “you” or “your” is a reference to you as a user of a BMJ website or service.
Protecting your privacy is one of our top priorities. Please take a few minutes to read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We recommend that you regularly review this policy for any changes. It is your responsibility for doing so.
Our privacy commitment
Language of Terms
1. What information is being collected and how is it used?
There are various sections of the website which correspond to different aspects of BMJ’s business. The nature and purpose of the personal data we collect from you will differ depending on which area of the site(s) you access (for example whether you are registering for one of our products or simply contacting us to provide feedback).
What data we collect and how this is used is set out in detail in this policy but general categories include:
to ensure that content on our site is presented in the most effective manner for you; monitor, develop and improve our products and services; to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; to allow you to participate in interactive features of our service, when you choose to do so; and to notify you about changes to our service including to contact you with service messages. By way of example, if any service for which you have registered is no longer available, we may contact you to let you know that it has closed and inform you of any similar services offered by us and/or any company within our group of companies and/or a third party partner on our behalf. 1.1.
Many of our websites require subscriptions and/or registration to access certain functions, services or content. You will know what information is being collected via these processes when you complete the relevant forms and provide the required details prior to submitting the application for the relevant subscription or registration.
On some of our websites, where you submit a response for publication your name and other personal details may be published. You should check the policy on the relevant submission page on the specific BMJ operated website.
We will collect data relating to any transactions you carry out through our website(s) and of the fulfilment of your orders.
We collate data about registered users including which BMJ publications and services they have subscribed to in order that we can understand our customers and try and easily fulfil their subscription requirements.
Where you have supplied information relating to a conference (for instance where you are attending a conference, or speaking at a conference), we will use your personal data to inform the venue and caterers of delegates, share that information with any co-owners, co-organisers or relevant suppliers and contractors of a conference (where applicable). We may also use your data to create a delegate or speaker list which will be distributed to all attendees and sponsors.
Once you start using our sites, we may track and keep a record of the pages you visit. We collect this data from groups of users to get a sense of how people are using our sites and what content and which business areas or sections of the site are most popular. This helps us improve what we offer on our sites.
We will also use your data to monitor for any unauthorised use of our websites, content or subscriptions to our publications (for example individuals subscribing individually on behalf of institutions).
We may also disclose your identity and contact details to any third party claiming material posted by you is defamatory or violates their intellectual property rights or right to privacy.
You will be given at least one opportunity to opt in or out (as applicable) from receiving marketing emails from the BMJ and third parties. For users who have opted to receive marketing emails from BMJ (and others where indicated and there is a jointly supplied product or service), and visit our websites through links provided in these emails, we may send information about your website usage to our third party email direct marketing provider. This is for the purpose of understanding the effectiveness of our email marketing campaigns and for targeting future email campaigns.
1.2. BMJ Learning Users
In addition to and subject to other uses of your personal data which are set out herein (see clause 3in particular), the information that you add to your BMJ Portfolio, including the areas of improvement you identify, the BMJ Learning modules you have started and /or completed, and other such information, is considered private save that our technicians have access to it in order to fix problems and maintain the site. However, subject to clause 3and the BMA exception described below we do not read this information unless it is necessary to do so, and we will not release it to other people or organisations, without your prior consent.
In the case of BMJ Learning and BMJ Portfolio only (and in accordance with clause 3(vii)), we may disclose certain personal data to the British Medical Association (“BMA”) including in relation to the fact that you have signed up for access to BMJ Learning, the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules.
We reserve the right to release anonymised group data to third parties related to the use of specific modules. You are able to give feedback about a learning module after completing it, and in the learning resources section of the site. This information is visible to other users of the site, including guest users. We will also use it to improve our site.
1.3. Foundation Programme Users
The forms you complete online and the learning modules you complete (including obtaining certificates of completion) are considered private. Our technicians have access to them in order to fix problems and maintain the site. However, we do not read this information unless necessary, and will not release it to other people or organisations, without your prior consent.
1.4. Portfolio Users
Subject to clause 3(vii), the data you enter into the BMJ Portfolio website, and any files you upload to it, is considered private. Our technicians have access to this data in order to fix problems and maintain the site. We may statistically analyse the information, in aggregate form, to learn more about the interests of our user base. These statistics may be used to provide functionality that recommends useful resources to other users of BMJ Portfolio. In no case will it be possible to identify an individual through such functionality, or through the underlying aggregate data.
1.5. BMJ Quality Improvement Programme Users
Where you have registered and/or purchased access to a BMJ Quality Improvement Programme product or service, your name will be available for other users for the purpose of contacting you through the service. They will not have access to your contact information directly (unless such information is included on a report you have written, which is published) instead, you will be sent an invitation via your BMJ account and if you accept such invitation you may choose to communicate through these means.
1.6. All users
As you browse our websites, we collect information about your use of the site including but not limited to traffic data and location data. Essentially this will normally be which pages you have visited, how long you stay online and where you are located. We will not be able to identify who you are from the information we store, but we will be able to identify where you are located - (see point 1.7 below).
1.7. What else do we collect when you use one of our websites?
Each time you use the internet, an Internet Protocol (“IP”) address is assigned to your computer or internet-capable device via the internet service provider. This number may either be the same or different each time you access the internet. Each time your computer or internet-capable device requests information from one of our websites, we log your IP address on our server. We may also log operating systems and browser types for the purposes of system administration and to report aggregate information. We may use this in order to gather information about the website traffic and usage.
To clarify, whether you are a registered user or not, our web server collects certain information including (a) IP address; (b) host names (c) domain name (d) time and date information as requested (e) the browser version and platform when it is requested, (f) a record of which pages have been requested (g) location data from your IP address. Location data may be necessary for us to “geo-block” or regionalise our website content or services.
If you contact us, we may keep a record of that correspondence and use it to contact you and/or to update our records. We may use all information we obtain to enforce our legal rights and protect against unauthorised access, use, activity and/or copying, either personally or via third party contractors and advisors. This may involve using your name and subscription details on a database with other publishers’ data for detection purposes.
1.8. What else do we use personal information for?
Other than for fulfilling our obligations to you (where these exist), on some occasions we use the information you provide to produce aggregate statistics in relation to pages being accessed. We may also use it to monitor usage patterns on our websites in order to improve navigation and design features and to help you get information more easily. This information is provided to us as daily log files. In order to help us develop our websites and our services, we may provide such aggregate information to third parties. The statistics however will not include any information that can be used to identify any individual. We may contact you to notify you about changes to our service. We may also send you non marketing emails which includes for internal record keeping and to improve our services and/or for the purpose of inviting you to partake in surveys or market research which we conduct or which third parties are conducting.
In addition to responding to complaints or claims received or discovered referred to above or any breaches of our Website Terms and Conditions, we may use all information supplied or collected on our Websites to enforce our legal rights and protect against unauthorised access, use, activity and/or copying, either personally or via third party contractors and advisors and/or protect the rights, property, or personal safety other users of the websites and the public. This may involve using any details supplied by you including your name and contact details.
2. How long do we keep the information we collect?
We keep (including via our contractors) your personal information for as long as necessary to fulfil our obligations to you and to protect our legal interests or as otherwise stated to you when such data is collected.
3. To whom will information be disclosed?
Other than as expressly agreed by you or stated when data is collected or stated within this policy we will not disclose your personal data to any third parties other than:
(i) to third parties authorised by us such as our co-owners (where applicable), licensors, contractors and advisers who must keep this data confidential. For the International Forum on Quality and Safety and certain other BMJ services, this may include transferring your data outside of the European Economic Area (“EEA”) including to the USA. This may also be the case for other co-owners or licensors;
(ii) as required for conferences such as to venue organisers who may be outside of the EEA or where you agree with an exhibitor or sponsor to be scanned at a conference and in which case your name, work details and all contact details will be supplied to them;
(iii) as required to enforce our legal rights (including property, safety, our customers or others);
(iv) fraud protection and credit risk reduction;
(v) where you have opted for a publication of service which allows you to select a third party to see data you submit such as mentors for BMJ Quality Improvement or another BMJ service;
(vi) where our company or its assets (to which your data relates) are to be acquired by a new company location data may be shared;
(vii) in the case of BMJ Learning and BMJ Portfolio only to the BMA in relation to the fact that you have signed up for access to BMJ Learning, the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules;
(viii) in the case of registered GPs in New Zealand who are official members of the Royal New Zealand College of GPs, whilst we have an agreement with them, details of modules you have the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules ;
(ix) in the case of registered GPs in Denmark, who are official members of the Danish Medical Association, whilst we have an agreement with them, details of modules you have the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules ;
(x) in the case of users whose access is provided by Harmoni, details of modules you have the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules;
(xi) in the case that you are registered with the BMJ Learning Iraq channel then we may provide your personal data, including details of your usage of the site, including the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules to the Iraq Ministry of Health;
(xii) to any member of our group, which means our subsidiaries and our ultimate holding company, the BMA; and
(xiii) where we have your consent to do so, to third parties for the purposes of providing BMJ marketing communications to you.
4. How personal information stored and protected
We understand that the security of your information is important to you. We also understand that our continued success as a publisher on the web relies on our ability to communicate with you in a secure manner. We adhere to the highest standards of decency, fairness, and integrity in our operations. We use several measures to authenticate your identity when you visit our site. We also take steps to protect your information as it travels the internet, and to make sure all information is as secure as possible against unauthorised access and use (for example, by hackers). We review our security measures regularly. Despite our best efforts, and the best efforts of other firms, "perfect security" does not exist on the internet, or anywhere else. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You should not share your user name and password with other people. If you think you might lose or forget these identifiers, write them down and keep each in a separate place.
Any email between you and the BMJ is not encrypted.
4.4. Data within our walls
The information we collect about people visiting the site is stored in secure environments that are not available to any other individual or party without our consent. We have mechanisms in place to protect data. One such mechanism is called a "firewall." A firewall is a barrier that allows only authorised traffic through. It safeguards our computer systems and your information. We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.
5.1. What are cookies?
Cookies are small text files which a website may put on your computer or mobile device when you first visit a website. Cookies are widely used by websites to help remember small amounts of information and give you a better experience using the website. For example, a cookie will help the website to recognise your device the next time you visit so you don’t have to log on again, they will remember what items you placed in a shopping basket or recall your preferences such as which language you want to read a site in.
Certain cookies contain a limited amount of personal information. For example, if you click “remember me” when logging in, a cookie will store your username. Most cookies won’t collect information that identifies you, and will instead collect more general information to help us analyse how well our website is performing overall so we can try and improve it.
Technically Necessary Cookies
Some essential functions of our websites are only possible if information is stored persistently between each page you look at. For instance, if you log in to a site to access subscriber only content, we use a cookie to remember that you are logged in, so you do not have to enter your details on each page you visit.
Customisation and Personalisation Cookies
Performance Monitoring Cookies
Third Party Cookies
BMJ websites sometimes integrate with other companies’ sites. For example, we integrate with social networking sites such as Twitter and Facebook, to make it easier for you to share what you have read. These sites place their own cookies on your browser as a result of us including their icons and ‘like’ or ‘share’ buttons on our sites. Like most commercial publishers we also sell advertising space, or ‘banner ads’ on some of our websites. These ads are served directly from a 3rd party advertising broker. They place cookies on your browser in order to track how many people have seen a particular ad, and for other technical reasons.
5.3. How to remove or block Cookies
Your internet browser has tools that allow you to remove or block cookies. More information can be found here: http://www.aboutcookies.org/
5.4. What will happen if I block BMJ Cookies?
Depending on which cookies you block, the site may stop working, or certain features may stop working correctly. If the cookies marked below as ‘technically necessary’ are blocked, the site will probably not be usable.