MedPoint Privacy Policy

Effective Jun 1, 2022 to May 31st, 2023

Purpose and Overview

MedPoint Digital serves as a data processor for international pharmaceutical and biotech companies and for professional healthcare organizations and societies. MedPoint is committed to protecting your privacy.

MedPoint Digital uses the Internet to provide various information and resources to the professional healthcare community, including medical training and education courses. Our services are not meant for the general public. We rely on our users to provide data that includes mailing and e-mail addresses and other profile information. In addition, user feedback and course evaluation data allow us to better understand the specific needs of medical professionals.

As a part of MedPoint Digital's training and education operations, we collect, and in some cases, disclose information about users to our program sponsors and professional education accreditation providers.

If you, as a User, are uncomfortable with the terms or policies described in this statement, you may discontinue use of our website and send confidential correspondence through the postal service to the address provided below.

The privacy and security pertaining to the information that our users provide is a serious matter; therefore, MedPoint Digital has established this Privacy Policy for our organization and users. Please read the following Privacy Statement on MedPoint Digital's policies regarding the collection, use, disclosure, and protection of user information.

Legal Basis for Processing

MedPoint does not provide services to the general public.

We provide professional services to healthcare professionals and we must control access to this information.

In many cases, Users like you have entered into a contract to conduct clinical studies and the Study Sponsor has designated a MedPoint web-portal to support the study by disseminating private trial documents, communications and alerts.

In other cases, Users like you have contracted directly with us for data services or have requested to participate in training and education courses provided by pharmaceutical sponsors and healthcare institutions to advance your professional knowledge.

In all cases, as a condition of your consuming these services, MedPoint needs to collect relevant information and to identify you and control access to this professional and private information. Should you not provide these data, our services will not be provided to you.


This Website is for medical information and services and is not intended for children. MedPoint does not market any products or services to children under the age of thirteen or knowingly collect any information from children under the age of thirteen. If MedPoint becomes aware that information is or has been submitted by or collected from a child under the age of thirteen, this information will be deleted.

Logging and Cookies

As part of MedPoint services, we use cookies. A cookie is a message sent to your browser from a Web server that is stored on your computer's hard drive. The message is sent back to the Web server whenever the browser requests a page from that server. Many commercial Internet websites use cookies. While a code in the cookie file enables the website to label you as a particular user, it does not identify you by name or address unless you have provided the website with such information or set up preferences in your browser to do so automatically. You may opt out of accepting cookies by changing the settings on your browser. However, rejecting cookies may prevent you from using certain functions and you may have to repeatedly enter information to take advantage of services or promotions. In general, cookies allow us to identify you as a particular user; thus, providing you with a more customized service. We may also use cookies to track customer or user requests, inquiries and traffic patterns, or to determine audience size and repeated usage.

For more information see MedPoint Cookie Policy MedPoint Cookie Policy.

International Privacy Compliance

MedPoint Digital complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union , the United Kingdom and Switzerland to the United States, in reliance on Privacy Shield.  MedPoint Digital has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification, please visit

MedPoint Digital strives to collect, use, and disclose personal information in a manner consistent with the laws of the countries in which we do business. The EU-US Privacy Shield Policy and Swiss-U.S. Privacy Shield Frameworks (see section below) set forth the privacy principles that MedPoint Digital follows with respect to transfers of personal information between member states of the EU, Iceland, Liechtenstein, and Norway (the European Economic Area (EEA), Switzerland, the UK and the US.

MedPoint Digital and Its Agents and Program Sponsors

MedPoint Digital is a US based corporation, which also operates with several international agents and sponsors. MedPoint Digital requires all agents and sponsors to honor its Privacy Policies, including the EU-US Privacy Shield Policy principles and Swiss-U.S. Privacy Shield Framework principles for data received from the EU and Switzerland with respect to Notice; Choice; User Rights; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.

Information Collected
Sources of Information include:
  • Information from the Clinical Trial Sponsor company, derived from the contract you and your institution have entered into and initially manifested as an invitation to register for a Study Support ePortal.
  • Information provided by you at the time of registration and during your participation in the program, including PII, attendance to our web conference and on-line learning assets, Polling responses, test question responses, forum posting by you, your invitations to your colleagues, forms you complete, appropriate electronic signatures, your submitted questions and similar program activities. etc.
  • Invitation lists supplied to us by our Pharmaceutical program sponsors.
  • Invitation lists provided to us by professional organizations to which you belong for programs they may be sponsoring or recommending.
Types of information Collected include:

MedPoint Digital collects the domain name and email addresses of users, information volunteered by the user such as quiz/evaluation information, and/or website registrations. Project-specific information may also include your professional title, work address and the name of your healthcare institution, department and work telephone.

Purpose of Collecting Personal Information:

This information is used to send registration instructions, confirmations, reminders and follow-up email correspondence regarding meetings, web conferences and other activities; to notify users about updates; provide confirmation on course completions; to configure and customize user preferences to improve their program experiences, to evaluate training program effectiveness for the user and the program itself and to identify new issues and understandings in medical science and operations.

In some cases, additional information, such as institution location, curriculum vitaes (CVs), and certifications, is collected as part of the operational requirements to administer clinical trials (e.g., to build a training program suited to the individual). Those clinical trial portals are private, secure, by-invitation-only, membership-only websites that support a pre-existing contractual relationship between the study sponsor and the research study health care professionals (HCPs.)

Creation of De-Identified Data:

We may create De-Identified Data records from personal data by excluding the information (such as your name) that makes the data personally identifiable to you. Once we create De-Identified Data, this De-Identified Data is our property. We use this De-Identified Data in many ways including analyzing request and usage patterns, creating reports and performing analytics so that we may enhance the content of our services, our compliance with equal opportunities regulations, improve Site navigation and provide meaningful analysis of habits, usage, trends, and effectiveness of marketing campaigns etc. as part of our analytics and other services. MedPoint reserves the right to use and disclose De-Identified Data to Third Party Companies in its absolute discretion.

Onward Transfers to Agents

MedPoint Digital may share some or all of your PII with necessary agents and sponsors. MedPoint Digital will obtain assurances from its agents and sponsors that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant EU-US Privacy Shield and Swiss-US Principles, EU-US Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding.

Where MedPoint Digital has knowledge that an agent is using or disclosing PII in a manner contrary to this Policy, MedPoint Digital will take reasonable steps to prevent or stop the use or disclosure.

MedPoint Digital's accountability for personal data that it receives under the Privacy Shield frameworks and subsequently transfers to a third party is described in the Privacy Shield Principles.

In particular, pursuant to the Privacy Shield, MedPoint Digital, Inc. remains liable for the transfer of personal data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.

Third Parties

MedPoint Digital does not release PII about users or their use of this website to any third party that does not comply with EU-US Privacy Shield and Swiss-US policies and without notification to the user. An example of a compliant third party is local event-management personnel at a hotel confirming your identity and authorization to attend a conference. Other third-party vendors and agents include, but are not limited to:

  • Voice-bridge service operators (for web conferences)
  • Technical support personnel (for web conferences)
  • Transcription services (for learning module Q & A sessions.)
  • Google Analytics
  • Hotel and destination management service providers (for live events)
  • Airlines and transportation services (for live events)
Notice of Upgrades to Our Services

MedPoint may alert you to new services and upgrades as we continue to evolve and develop our systems.

Choice and Consent

MedPoint Digital provides users with the choice and means for limiting the use and disclosure of their PII in clear and conspicuous language during the registration process and during the period of the program, and MedPoint will abide by those choices.

Users who withhold some critical information may be disqualified from program participation.

Notice will be provided before MedPoint Digital uses or discloses the Information for a purpose other than for which it was originally collected.

MedPoint Digital notifies and gives individuals the authority to affirmatively and explicitly consent (opt in) to the disclosure of their information to a non-agent third party or to withhold such consent. Also, to explicitly authorize and opt-in to a subsequent use of their information for a purpose other than the purpose for which it was originally collected or to withhold such consent.

Users have rights that include the following:

  • Withdraw your consent to the processing of your personal information at any time without penalty;
  • Access your personal information and have it corrected, amended or deleted;
  • The right to data portability: receive a copy of your personal data and transit such to others;
  • At any time, to object to and request the cessation of our processing of your personal information which we will comply with unless we demonstrate compelling legitimate grounds for processing such that overrides your rights;
  • If you believe your personal information is inaccurate, unlawful, no longer necessary for our business purposes, or if you object to our processing of your personal information, you also have the right to instruct us to restrict the processing of your data pending our investigation and/or verification of your claim.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
  • If you cannot resolve your complaint with us, you have a right to bring the complaint to the relevant data protection authority, which has the power to enforce the GDPR.
  • MedPoint does not conduct automated decision-making based on your PII or other of your collected data.

If you wish to raise a complaint and initiate and investigation on how we have handled your personal data, or request a copy of your personal information, please email us at We may make a small charge for this service.

Individuals may to choose (opt out) whether their PII is to be disclosed to a non-agent third party or to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual during the program registration process. Choosing to opt-out may result in the cessation of registration process and prevent participation in the program.

Users may also send such opt-out requests via email to

Data Security

Transfers of data to countries outside of the EEA, UK and Switzerland are safeguarded on the basis of the Privacy Shield Framework and as specified in EU General Data Protection Regulation 2016/679 ("GDPR.")

MedPoint Digital takes reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. MedPoint Digital has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

MedPoint Digital uses industry-standard data-encryption technology when transferring or receiving PII on any of the MedPoint Digital websites. We maintain appropriate security measures in our physical facilities to protect against loss, misuse, or alteration of information we have collected from you (users) on any of the MedPoint Digital websites.

MedPoint Digital uses a secure server and security protocol to safeguard the information users submit.

To help ensure the security of users personal and financial information (other than via an email message), MedPoint Digital uses security software to encrypt the information before and during its transmission through the Internet.

Email messages are frequently not secure. MedPoint Digital security software does not encrypt email messages. Email messages traveling through the Internet are subject to viewing, alteration and copying by potentially any party on the Internet. MedPoint Digital is not responsible for the security of confidentiality of communications sent to us through the Internet using email messages. Instead, MedPoint Digital may direct you to a secure website to read or send messages.

Data Integrity

MedPoint Digital only processes PII in a way that is compatible and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, MedPoint Digital takes reasonable steps to ensure that PII is accurate, complete, current, and reliable for its intended use.

Data Retention

MedPoint will not retain your personal information for longer than is necessary for our business purposes (usually 24 months after project close or inactivity) or for legal requirements.

"Or for Legal Requirements"

For example, in a clinical study the EMA and the FDA require participating study health care professionals training records to be maintained for subsequent submission to the approving bodies as part of the drug approval process. Studies can have lifetimes beyond 24 months. In this case, we would continue to maintain the records beyond 24 months to ensure a comprehensive submission.


Upon request, MedPoint Digital grants individuals reasonable access to PII that it holds about them. In addition, MedPoint Digital takes reasonable steps to add, correct, or delete information that is demonstrated to be inaccurate or incomplete.

Options regarding correction or storage of your information

Users may obtain from us the information about them in our files. If you believe the information we have about you in our records or files is incomplete or inaccurate, you may request, via e-mail (or other form of communication), that we make any necessary additions or corrections or, to the extent that it is feasible, that we delete this information from our files. Users may send such requests via email or write to MedPoint at the address below.

MedPoint Digital, Inc.
Re: My PII Request
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA


MedPoint Digital conducts compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee or agent that MedPoint Digital determines is in violation of this policy is subject to disciplinary action up to and including termination of employment or commercial engagement.

MedPoint Digital is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

EU-US Privacy Shield Dispute Resolution

In compliance with the EU-US Privacy Shield Principles, MedPoint Digital commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints regarding this privacy policy should first contact MedPoint Digital at:

MedPoint Digital, Inc.
Re: Privacy Shield
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

MedPoint Digital has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at

Change of Ownership

In the event of change in ownership, or a direct merger or acquisition with another entity, we reserve the right to transfer all of MedPoint Digital user information, including Personal Data, to a separate entity which also abides by the EU-US Privacy Shield requirements. We will use commercially reasonable efforts to notify you (by posting on our website or issuing an e-mail to the e-mail address you provided when you registered) of any change of ownership; merger or acquisition of MedPoint Digital by a third party, and you may choose to modify any of your registration information at that time.

Swiss-U.S. Privacy Shield Framework

MedPoint Digital complies with the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of PII from Switzerland. MedPoint Digital has certified that it adheres to the Swiss-U.S. Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the principles in this Policy and the Swiss-U.S. Privacy Shield Principles, the Swiss-U.S. Privacy Shield Principles shall govern. To learn more about the Swiss-U.S. Privacy Shield Framework and to view our certification page, please visit

Swiss-U.S. Privacy Shield Framework Dispute Resolution In compliance with the Swiss-U.S. Privacy Shield Framework Principles, MedPoint Digital commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact MedPoint Digital at:

MedPoint Digital, Inc.
Re: Swiss-U.S. Privacy Shield
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

MedPoint Digital has further committed to refer unresolved privacy complaints under the Swiss-U.S. Privacy Shield Framework to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.


This Policy may be amended from time to time consistent with the requirements of the EU-US Privacy Shield and Swiss-U.S. Privacy Shield and their successors. We will post any revised policy on this website; please check frequently for changes.


This website contains links to other websites. When users click on one of these links, they are moving to another website. Users should read the Privacy Statements of these linked websites.

Limitation on Application of Principles

Adherence by MedPoint Digital to these EU-US Privacy Shield Principles may be limited to the extent required to respond to a legal or ethical obligation; to the extent necessary to meet national security, public interest or law enforcement requirements; and to the extent expressly permitted by an applicable law, rule or regulation.

Contact Information

Questions, comments, or complaints regarding the Company's EU-US Privacy Shield Policy or data collection and processing practices can be emailed or mailed to:

Re: Privacy
Attn: Data Protection Officer
MedPoint Digital, Inc.
909 Davis Street, Suite 450
Evanston, Illinois 60201 USA

Phone: 847-869-4700
Fax: 847-869-4702

Cookies and Tracking Technologies Policy

MedPoint Digital, Inc. ('MEDPOINT'), uses authentication cookies and tracking technologies on our websites to enable us to analyze use of our online services, to improve and personalize your experience of our services which, on some services, may be tailored to you based on your browsing behavior and other data held about you.

MEDPOINT respects your right to privacy and we aim to be transparent at all times about when, how and why data about you and your browsing behaviors may be used in connection with our services. We are committed to using cookies and tracking technologies fairly and in accordance with your privacy rights. This policy describes:

  • What cookies and online tracking technologies are
  • How we use cookies
  • Analytics on our services
  • Your choices (managing cookies and opting out)
  • How to contact us

To find out more about the company and our approach to privacy please read our Privacy Policy

What are cookies and online tracking technologies?

Web Browser Cookies
A cookie is a small text file that is sent by a website to your computer or mobile device where it is stored by your web browser. A cookie contains limited non-personal data, usually a unique identifier and the name of the site. This enables a website to recognize you as you move around the site and/or each time you revisit. Cookies are used for a wide variety of purposes such as to keep you logged in or to remember your preferences and settings, to analyze how the site is used by you.

Cookies may be served to you by the website you are visiting (a "first party cookie") or by another organization providing services to that website, such as an analytics company (a "third party cookie"). They will either be stored for the duration of your visit (a "session cookie") or they will remain on your device for a fixed period, which could be months or even years, to remember you across multiple browsing sessions (a "persistent cookie").

MedPoint only uses first party, non-persistent, session cookies that expire when you log-off our membership-only Portals.
Other types of local storage, such as Flash Cookies and HTML5 Storage
Many websites use Adobe Flash Player to deliver video and game content to their users. Adobe utilize their own cookies which are used by the Flash Player to store data such as your preferences, and your viewing and browsing history.

HTML5 Storage is similar in concept to browser cookies in that the data is stored in your browser's files, and it is used for similar purposes, however as this storage enables website publishers to store greater amounts of data, they will often use it to store usage data and preferences (alongside the unique ID usually stored in a cookie) instead of on their own systems.

MedPoint uses Adobe Flash and HTML5 cookies only to track training module progress (resume code) and completion.
Tracking technologies: web beacons/GIFs, page tags, script
Web pages, emails and mobile apps may contain a small transparent image file or line of code to record how you interact with them. They are often used in conjunction with web browser cookies (or the unique identifier of your mobile device) and they are used to help website and app publishers to better analyze and improve their services based on your browsing behavior and interests. For example by knowing which web pages you visit or which elements of a page you viewed, when and for how long, whether you viewed and/or clicked on an advert on the site or whether you opened or clicked on marketing emails sent to you.

MedPoint does not use web beacons/GIFs, tracking page tags or tracking scripts.

How we use cookies on our online services

We use cookies and tracking technologies to enable us to recognize when you have logged in, to keep you logged in, to improve the security of our services, such as preventing fraudulent or disruptive activity and for system administration.

Analytics on our services
We use Google Analytics to collect statistical information about how our websites are used. They use information such as your IP address, browser type and unique identifiers stored in first party cookies on your device to record how you interact with our website. We only use this data in aggregate form and we do not merge it with any other data we hold.

MedPoint may share this aggregate data with the Pharmaceutical and Biotech companies who sponsor Users' portal memberships.
These analytical services help us to know how many users we have, which parts of our sites are most popular, what browsers are used (so we can maximize compatibility), the country or region where our users are located, and the demographics and interests of our users. This enables us to better understand who is using our site and to ensure we are reaching our target demographic, and to improve and tailor our services accordingly.

Your choices: Managing cookies and "opting out"

Opting out of Analytics Cookies
To find out more about the analytics services used on our websites and to opt-out, please visit:
Google Analytics -

Managing cookies and local storage on your device
Web browser cookies: You can choose how web browser cookies are handled by your device via your browser settings including to 'refuse' or 'delete' all cookies. If you choose not to receive cookies at any time, websites may not function properly and certain services may not be provided. Each browser is different, so check the 'Help' menu of your browser to learn how to change your cookie preferences or follow the instructions provided at:, which provides information for the most common browsers.
Local Storage (Flash and HTML5): The most common browsers clear your locally stored data when you choose to 'delete/clear' your cookies and web browsing data; consult the 'Help' function of your browser for more details. Alternatively, you can manage which websites can store information (and how much) in Flash cookies by visiting the settings panel on the Adobe website. Deleting Flash cookies and HTML5 cookies will impact 'Training Module' performance and credits.

The 'Do Not Track' (DNT) function on your web browser
DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. This website does not currently respond to DNT requests, however, you may opt-out of tracking for analytics purposes using the links provided above.
A uniform standard has not yet been adopted to determine how DNT requests should be interpreted and what actions should be taken by websites and third parties. We will continue to review DNT and other new technologies and may adopt a DNT standard once available.

Contact us

If you have any questions or concerns about MEDPOINT's use of cookies and other tracking technologies, or if you believe there has been a breach of this policy, please email us at: