KP Medical Communications BV

Privacy Policy

Last updated on April 1, 2025.

______________________________________________________________________________

Who we are

We are KP Medical Communications BV (“KPMC”)
Our website address is: https://kp-med.com.
Dutch Chamber of Commerce (KvK) identification: 96509260
Office location: Falkland 5, 2721KL, Zoetermeer, Netherlands

Scope of the Privacy Policy

At KPMC we value the people we work for and work with. This includes the use of personal data of all individuals. KPMC has made its privacy policy compliant with the General Data Protection Regulation (GDPR) and UK GDPR standards.

GDPR

GDPR is General Data Protection Regulation, the European regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, adopted by the European Parliament and the European Council on April 27, 2016, and current as of May 25, 2018.

UK GDPR

UK GDPR is the GDPR as incorporated into United Kingdom law by operation of section 3 of the European Union (Withdrawal) Act 2018, and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.

How we use your personal data

KPMC and its suppliers use your personal data for running medical communications programs (‘programs’) either as KPMC or on behalf of our clients. Normally the commissioning client is the Controller (i.e., the legal entity who determines the purposes and means of the processing of personal data).

We use your personal data for the following purposes:

  • Booking travel and providing other logistical support on your behalf when participating in, or providing services related to programs
  • Monitoring and keeping records of communications between you and KPMC staff
  • Evaluation of medical experts both for KPMC and our clients whom we support to deliver communication programs
  • Sharing of information, as needed, with our clients and suppliers
  • Contacting your nominated contact in event of an emergency
  • Compliance with our contracts with our clients
  • Adherence to legal and regulatory obligations, requirements, and guidance

Types of personal data we collect

The nature of the personal data collected about you will depend on your relationship with KPMC and the type of work we conduct, but may include the following:

  • Your contact details, such as title, name, email address, mobile/telephone number, and company information such as job title/role, office location, mobile/telephone number
  • Records of communications with you and other parties during on-line meetings and interactive forums
  • Information supplied by you, your colleagues, our client or third parties, such as academic, career history, medical background, clinical practice, field of research, practice, and other professional specialism information
  • Your participation in, or provision of services related to programs that may be required to be put on public record
  • Remuneration, including honoraria/fees for service and expenses payment in relation to your participation in, and contribution to, programs and services
  • Relevant activities associated with the work we undertake, on social media and other publicly available digital channels, used as part of services and business activities we undertake for or that which is necessary as part of our wider business engagement

We may with your consent, also retain the following:

  • Your date of birth, age, gender
  • Your nationality and workplace
  • Your bank account details
  • Details of nominated contacts, such as next of kin

Sources of your personal information

Most of the personal information KPMC processes is provided directly by you and by your administrative support staff. For example, you tell us your contact details and banking details. We may also obtain your personal data from our clients where we are running a program or service on their behalf. In some instances, information may be sourced from the public domain, but we will ensure this is processed lawfully and will inform you or seek consent for certain processing activities.

Legal grounds for processing your personal data

Under data protection legislation, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. Typically, for our programs we rely on Contract, Legitimate Interests, and Consent. KPMC may also be required to use your personal data to comply with a legal obligation.

Contract

Example of personal data that maybe processed using the performance of a contract:

  • The processing is necessary for the execution of a contract in which you are a party. The contract maybe with you and KPMC or you and our client.

Legitimate Interests

In certain cases, we are able to rely upon our legitimate interests to process your non-sensitive data. Examples of personal data that maybe processed using legitimate interests include:

  • Maintaining records relating to your participation in programs
  • Adhering to regulatory bodies guidance and compliance requirements
  • Audit requirements
  • Tracking and record-keeping of communications between you and KPMC staff

Consent

Example of personal data that maybe processed where you have given specific consent to the processing of your data.

  • Retaining your contact details and company information for potential future projects

Withdrawal of your consent

If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdrew consent, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Sharing your personal data

KPMC may share information with the following third parties when running programs:

  • Suppliers and agents, such as travel agents
  • Regulatory organisations

How long we retain your data

KPMC will not retain your personal information for longer than is necessary. The period for which we keep your personal data will be determined by several criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorized use or disclosure of the information, and our legal and regulatory obligations.

Typically, to comply with our legal and regulatory obligations we will retain your personal data for up to 10 years. Any such personal data that regulatory or legal requirements do not mandate to retain, is deleted once the purpose has been filled.

Confidentiality and security of your personal data

We are committed to keeping the personal data you provide to us secure, and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e., those who process your personal data on our behalf) are obliged to respect the confidentiality and integrity of the personal data of the individuals whose data we collect and users of our website.

Your rights of your personal data

You are entitled to be informed about what happens with your personal data. This means that you can exercise the following rights:

  • The right to be informed about the way we process your personal data (as in this privacy policy)
  • The right to have access to the personal data we collect about you
  • The right to know the source when these data are not directly collected from you
  • The right to know with whom your data are shared by us
  • The right to have your personal data rectified when these are incomplete, out-of-date, incorrect, or otherwise inaccurate
  • The right to have your personal data erased (the “right to be forgotten”)
  • The right to have the use of your personal data restricted for a limited period of time
  • The right to have your personal data transferred to another service provider in a structured, commonly used and machine-readable format (the “right to data portability”)
  • The right to object to automated decision-making, including profiling (see below)

Whenever you wish to exercise one of the above-mentioned rights, please contact us. The information you request will be provided by us in a commonly used electronic form.

Contact details

Should you wish to contact us with regards to our Privacy Policy or your personal data, you can reach out to as:

KP Medical Communications BV / Attention: Privacy
Falkland 5
2721KL Zoetermeer, Netherlands
Email: gdpr@kp-med.com

If you feel that we did not handle your complaints satisfactorily, you may contact:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Bezuidenhoutseweg 30, PO Box 93374
2509 AJ The Hague, Netherlands
Telephone: +31 70 8888 500
https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us

Changes to this privacy policy

We keep our Privacy Notice under regular review and reserve the right to revise it at any time. There is a date at the beginning of this policy which indicates the date it was updated. Please revisit this policy each time you consider giving personal information.