11 weeks ago I wrote a boring post entitled, “What is GDPR and should you care?” It was two days before GDPR was going into effect.
I was unprepared. GDPR was too boring for me to get my head around, so I procrastinated.
Then I caught a Facebook post by Adrian Leontovich, who wrote, “GDPR means if you have a website, it needs to be compliant. Period. It doesn’t matter where in the world the website lives, or who it serves.”
Then he invited clueless people to reach him. Which was my calling.
I was, like, “Oh, I will totally pay for Adrian to take care of everything GDPR. I won’t have to think about it again.”
What Adrian taught me
In addition to teaching me how important proper alignment is when you’re singing barbershop, Adrian taught me private information is more than personally identifiable information (such as an email address).
It includes even the IP address of your visitor’s machine (every web server logs these for each visit). Google Analytics uses it.
In other words, if you even place a cookie on a person’s computer, that’s a GDPR thing.
So you need to:
• Provide a way for users to be notified you’re capturing info;
• tell them how to opt out; and,
• remove their information if they request it.
Implication for you
Again with the “I’m not a lawyer, do your own homework” caveat, I believe the following approach, which I adopted, can work for you too.
Start from now. Especially easy for WordPress users like me, install a free plug-in to warn new visitors about data collection.
Based on Adrian’s recommendation, I use “Cookie Notice” and like its simplicity.
In essence, by updating my policy for GDPR, all existing subscribers are bound by the policy.
Plus, I’ve given them the chance to unsubscribe at the bottom of each email communication. I think I’m covered.
Copy. Paste. Find. Replace.
Now the meaty part for you. I think you can pretty much copy this whole thing and paste it onto your site. Then please find and replace all mentions specific to my companies.
Here you go. I only ask for a “thank you” email in return.
Web Site Terms and Conditions of Use
Medical Marcom LLC d/b/a “Medical Devices Group” and the “10x Medical Device” family of events (“MM” or “we”, “us”, “our”) provides this Web site (“site”) as a service to professionals in and serving the medical device industry.
By accessing this web site, you are agreeing to be bound by these web site Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this web site are protected by applicable copyright and trade mark law.
2. Use License
- Permission is granted to temporarily download one copy of the materials (information or software) on MM’s web site for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
- modify or copy the materials;
- use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
- attempt to decompile or reverse engineer any software contained on Medical Devices Group’s web site;
- remove any copyright or other proprietary notations from the materials; or
- transfer the materials to another person or “mirror” the materials on any other server.
- This license shall automatically terminate if you violate any of these restrictions and may be terminated by MM at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
The materials on any MM web site are provided “as is”. MM makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, MM does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.
In no event shall MM or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on any MM Internet site, even if MM or an MM authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Revisions and Errata
The materials appearing on any MM web site could include technical, typographical, or photographic errors. MM does not warrant that any of the materials on its web site are accurate, complete, or current. MM may make changes to the materials contained on its web site at any time without notice. MM does not, however, make any commitment to update the materials.
MM has not reviewed all of the sites linked to its Internet web site and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by MM of the site. Use of any such linked web site is at the user’s own risk. You should assume affiliate links are used whenever they are available when linking to products for your convenience and if you click on them and buy something, MM may earn a small percentage of the seller’s profit and should not impact the price you pay.
8. Governing Law
Any claim relating to any MM web site shall be governed by the laws of the State of Washington without regard to its conflict of law provisions.
MM is committed to safeguarding the privacy of personal data (“Information”). This Privacy Notice outlines the collection, use, and disclosure of personal Information provided to us. When Information is submitted to us, or you use our websites and other services, you consent to the collection, use, and disclosure of that Information as described in this Privacy Notice.
MM gathers non-personally identifiable Information.
As users access the site, MM collects and aggregates Information indicating, among other things, which pages were visited, the order in which they were visited, and which hyperlinks were employed. Collecting such Information involves the logging of IP addresses, operating system, and browser software used by each visitor. Although such Information is not personally identifiable, MM can determine from the IP address a visitor’s Internet Service Provider and the geographic location of the user’s point of connectivity.
The non-personally identifiable Information collected helps in diagnosing any server problems, administering the site, identifying the most popular areas of the site, and determining the effectiveness of promotional activities.
For the same purposes, MM uses “cookies” – that is, small text files placed on your computer’s hard drive – to help determine the type of content and sites visited, the length of time spent on a particular site, and the usage of services offered via the site. For Information on how users can control their Web browser’s acceptance of cookies, please refer to the documentation accompanying the browser.
GDPR privacy notice
The purpose of the General Data Protection Regulation (“GDPR”) is to protect all European Union (“EU”) citizens from privacy and data breaches by allowing citizens to maintain control of the personal data kept and processed by organizations, which includes MM. The GDPR also protects the personal data of individuals, regardless of citizenry, in the EU. As a result, this site employs technology to be served, at a minimum, to visitors accessing the site from all EU geographies and at a minimum of once per month. At that time, the visitor is given the option to accept or decline the placement of cookies on the visitor’s device and, in cases where the visitor chooses neither option, MM will assume consent is given to access the visitor’s Information.
MM also gathers personally identifiable Information.
Certain areas of the site may require that users provide personally identifiable Information (such as name, e-mail address, and phone). In addition, when registering to set up an account to use certain services on the site such as e-mail, discussion forums, or to receive newsletters or specifically targeted Information (“services”), MM may require users to provide additional personally identifiable Information.
MM does not control the acts of this site’s members or visitors. In the event visitors encounter any user on this site who is improperly collecting or using Information provided by the site’s members or visitors, please contact [email protected]
How MM Uses/Does Not Use Gathered Information
Use of non-personally identifiable Information. MM uses non-personally identifiable Information in aggregate form to build higher quality, more useful online services by performing statistical analyses of the collective characteristics and behavior of the site visitors, and by measuring demographics and interests regarding specific areas of the site.
The site may contain links to other Internet Web site, including co-branded or other affiliated sites that may or may not be owned or operated by MM. Unless otherwise explicitly stated, MM is not responsible for the privacy practices or the content of such sites, including such sites’ use of any Information (such as IP number, browser type, or operating system) collected when visitors to the site click through links to those sites. Even though such Information might not identify the user personally, users should be familiar with the privacy practices of those other sites.
Use of personally identifiable Information. MM provides notice to potential registrants of this site whose personally identifiable Information will be collected during the registration or other processes including the voluntarily submission of any form on the site. Such notice is provided simultaneously with the user’s registration on this site; moreover, this policy itself serves as notice that such Information is collected under those circumstances. Although users may not “opt out” of the registration process and still receive access to the services, users may choose to “opt out” of receiving promotional materials from MM and/or other business partners. If the user does not “opt out” of receiving such promotional materials, MM reserves the right to release user’s personally identifiable registration Information to third parties who provide goods or services that MM believes may be of interest to the user. If the user decides to discontinue receiving promotional Information from such third parties, please contact those third parties directly, or contact MM at [email protected]
We collect Information from individuals only as necessary in the exercise of our legitimate interests, functions, and responsibilities. Examples and rationale for these include, but are not limited to:
- Online discussions. In order to properly attribute your commentaries to you, we display your name on our online discussion forums and attempt, but do not guarantee, we will be able to hyperlink your name to your LinkedIn profile URL, when available.
- Site or content access.In cases where you access restricted content which requires your subscription (i.e., to log on as a user), your Information is collected and retained by us until you ask us to remove your Information from our databases and further, when the restricted content is supplied by a Third Party, you should assume your Information will be given to the Third Party in exchange for your access to that content.
- Contractual work. MM may share information with Third Parties who have entered into contracts with MM to perform functions on behalf of MM, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
MM limits its own e-mail contact and solicitations to those users who have not “opted out” of receiving such communications. The solicitations are limited in that they, among other things, will clearly indicate the originator of the e-mail and provide the user with a method of “opting out” of receiving future communications of a similar nature.
Finally, MM may use individual members’ data to “pre-populate” forms, which are displayed for the purpose of collecting individual data by MM. In no case does pre-populating a form transfer any data to any third party. Only if the user voluntarily requests that such data be transferred will any transfer take place – for example, if/when a user clicks a “submit form” button or other button.
MM reserves the right to release any and all Information contained within access logs concerning any visitor when that visitor is in violation of MM’s “Terms of Service” agreement or other published guidelines, or partakes (or is reasonably suspected of partaking) in any illegal activity, even without a subpoena, warrant, or other court order, and to release such Information in response to discovery requests, or in response to any circumstance in which MM, in its sole discretion, deems an emergency. MM cooperates with law enforcement agencies in identifying those who may be using its servers or services for illegal activities. MM also reserves the right to report any suspected illegal activity to law enforcement for investigation or prosecution.
Third Party use of Sensitive Information
We may disclose your Sensitive Information and other Information as follows:
- Consent: We may disclose Information if we have your consent to do so.
- Public Information: We may share your Information if you have made it public.
- Archiving: We may share your Information for archival purposes in the public interest, and for historical research and statistical purposes.
- Legal Obligation: We may share your Information when the disclosure is required or permitted by international, federal, and state laws and regulations.
- Service Providers: We use third parties who have entered into a contract with MM to support our operations and policies. In such cases, we share your Information with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
- De-Identified and Aggregate Information: We may use and disclose Information in de-identified or aggregate form without limitation.
Retention and Destruction of your Information
Your Information will be retained by MM in accordance with applicable state and federal laws, and will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your Information given the level of sensitivity, value, and criticality to MM.
Where authorized and subject to all applicable laws, you may have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of your Information. You also have the right to withdraw consent to the use of your Information, without affecting the legitimacy of MM’s use of the Information prior to receipt of your request.
Information created in the European Union will be transferred out of the European Union to MM. If you feel MM has not complied with applicable foreign laws regulating such Information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.
If users would like to have personally identifiable Information changed or removed from MM’s database, please contact [email protected] Keep in mind that there will be residual Information remaining within the databases, access logs, and other records, which may or may not contain such personally identifiable Information. The residual Information will not be used for commercial purposes; however, MM reserves the right, from time to time, to re-contact former customers or users of this site if lawful.
Updates to this Policy
MM may update or change this policy at any time. Your continued use of this site after any such change indicates your acceptance of such changes.
Questions regarding the Terms, Conditions, or Privacy Policies should be directed to MM at [email protected]
Medical Marcom LLC
14246 180th AVE NE
Woodinville, WA 98072
[Updated July 19, 2018]
If you’re reading this sentence, 3312 words into this post, you either are (a) deliriously grateful for the time I saved you or (b) bored out of your mind.
For the second camp, enjoy this ridiculous gif and 81-year-old photograph.
Saturday night in a saloon, photo by Russell Lee, Craigville, Minnesota, September 1937 from r/HumanPorn
Thank you for joining me on The Journey.
See you next week – or sooner – if you choose to reply to this email,
P.S. I sent my first Medical Devices Group announcement from Drip instead of LinkedIn yesterday. Early results suggest it went well.