Privacy Policy

Who are we?  

Any reference to “BMJ”"we""us" and "our" is to BMJ Publishing Group Limited, except where the relevant service is provided by another BMJ group company, in which case references to we, us or our shall, in respect of those services, be references to that BMJ group company.

BMJ Publishing Group Limited (“BMJ”) is a company registered in England and Wales (registered number is 3102371) with registered office at BMJ, BMA House, Tavistock Square, London WC1H 9JR, UK

We are registered on the Data Protection Public Register. Our Data Protection Registration Number is Z7607533.

Any reference to “website(s)” or “site(s)” is to a website owned or controlled by BMJ Publishing Group Limited.

Any reference to “you” or “your” is a reference to you as a user of a BMJ website or service.

Your privacy  

Protecting your privacy is one of our top priorities. Please take a few minutes to read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

From time to time we may change this Privacy Policy without further notice to you. We will post revisions on the Website.

We recommend that you regularly review this policy for any changes. It is your responsibility for doing so. 

Our privacy commitment  

This document sets out the basis on which BMJ will process any personal data we collect from you and what cookies we use and why, except in the case of Evidence Based Nursing, and in which case you will be subject to the Royal College of Nursing's Privacy Policy Other than for Evidence Based Nursing, or where we are hosting information for you (such as on BMJ Portfolio), the BMJ shall be the data controller.

We will make every effort to protect your privacy by adopting a consistently high level of site security and adhering to strict company policies on how we store and use personal information. This privacy policy has been developed in accordance with our legal obligations and may be updated from time to time.

We recommend that you read this Privacy Policy prior to using our site and thereafter regularly review any changes. It is your responsibility for doing so. 

From time to time we may change this Privacy Policy without further notice to you. We will post revisions on the Website.

Language of Terms  

Where this Privacy Policy has been translated into a language which is not English, this has been done for your convenience only to aid your interpretation of the policy.

1.      What information is being collected and how is it used?

There are various sections of the website which correspond to different aspects of BMJ’s business. The nature and purpose of the personal data we collect from you will differ depending on which area of the site(s) you access (for example whether you are registering for one of our products or simply contacting us to provide feedback).

What data we collect and how this is used is set out in detail in this policy but general categories include:

information that you provide by filling in forms on our website which may include: your name, address, postcode, email address, date of birth, telephone number, payment details and service details (if applicable); technical information about your use of BMJ services including details of your domain name, location and internet protocol (IP) address, operating system, browser version, the content you view, how long you stayed on a page, data collected through the use of "cookies" and/or other devices. For full details, see our Cookie Policy which is contained in section 5 below. other data from time to time to help us provide you with improved products and services – for example when we ask you to fill in a survey or questionnaire. In addition to the uses specified below, we may use information provided by you in the following ways:

to ensure that content on our site is presented in the most effective manner for you; monitor, develop and improve our products and services; to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; to allow you to participate in interactive features of our service, when you choose to do so; and to notify you about changes to our service including to contact you with service messages. By way of example, if any service for which you have registered is no longer available, we may contact you to let you know that it has closed and inform you of any similar services offered by us and/or any company within our group of companies and/or a third party partner on our behalf. 1.1.                

Registered Users

Many of our websites require subscriptions and/or registration to access certain functions, services or content. You will know what information is being collected via these processes when you complete the relevant forms and provide the required details prior to submitting the application for the relevant subscription or registration.

On some of our websites, where you submit a response for publication your name and other personal details may be published. You should check the policy on the relevant submission page on the specific BMJ operated website.

We will collect data relating to any transactions you carry out through our website(s) and of the fulfilment of your orders.

We collate data about registered users including which BMJ publications and services they have subscribed to in order that we can understand our customers and try and easily fulfil their subscription requirements.

Where you have supplied information relating to a conference (for instance where you are attending a conference, or speaking at a conference), we will use your personal data to inform the venue and caterers of delegates, share that information with any co-owners, co-organisers or relevant suppliers and contractors of a conference (where applicable). We may also use your data to create a delegate or speaker list which will be distributed to all attendees and sponsors.

Once you start using our sites, we may track and keep a record of the pages you visit. We collect this data from groups of users to get a sense of how people are using our sites and what content and which business areas or sections of the site are most popular. This helps us improve what we offer on our sites.

We will also use your data to monitor for any unauthorised use of our websites, content or subscriptions to our publications (for example individuals subscribing individually on behalf of institutions).

We may also disclose your identity and contact details to any third party claiming material posted by you is defamatory or violates their intellectual property rights or right to privacy.

You will be given at least one opportunity to opt in or out (as applicable) from receiving marketing emails from the BMJ and third parties. For users who have opted to receive marketing emails from BMJ (and others where indicated and there is a jointly supplied product or service), and visit our websites through links provided in these emails, we may send information about your website usage to our third party email direct marketing provider. This is for the purpose of understanding the effectiveness of our email marketing campaigns and for targeting future email campaigns.

1.2.                 BMJ Learning Users

In addition to and subject to other uses of your personal data which are set out herein (see clause 3in particular), the information that you add to your BMJ Portfolio, including the areas of improvement you identify, the BMJ Learning modules you have started and /or completed, and other such information, is considered private save that our technicians have access to it in order to fix problems and maintain the site. However, subject to clause 3and the BMA exception described below we do not read this information unless it is necessary to do so, and we will not release it to other people or organisations, without your prior consent.

In the case of BMJ Learning and BMJ Portfolio only (and in accordance with clause 3(vii)), we may disclose certain personal data to the British Medical Association (“BMA”) including in relation to the fact that you have signed up for access to BMJ Learning, the modules that you have started, completed, passed or failed and any feedback you have given in relation to the modules.

We reserve the right to release anonymised group data to third parties related to the use of specific modules. You are able to give feedback about a learning module after completing it, and in the learning resources section of the site. This information is visible to other users of the site, including guest users. We will also use it to improve our site.

1.3.                Foundation Programme Users

The forms you complete online and the learning modules you complete (including obtaining certificates of completion) are considered private. Our technicians have access to them in order to fix problems and maintain the site. However, we do not read this information unless necessary, and will not release it to other people or organisations, without your prior consent.

1.4.                Portfolio Users

Subject to clause 3(vii), the data you enter into the BMJ Portfolio website, and any files you upload to it, is considered private. Our technicians have access to this data in order to fix problems and maintain the site. We may statistically analyse the information, in aggregate form, to learn more about the interests of our user base. These statistics may be used to provide functionality that recommends useful resources to other users of BMJ Portfolio. In no case will it be possible to identify an individual through such functionality, or through the underlying aggregate data.

1.5.                BMJ Quality Improvement Programme Users

Where you have registered and/or purchased access to a BMJ Quality Improvement Programme product or service, your name will be available for other users for the purpose of contacting you through the service. They will not have access to your contact information directly (unless such information is included on a report you have written, which is published) instead, you will be sent an invitation via your BMJ account and if you accept such invitation you may choose to communicate through these means.

1.6.                All users

As you browse our websites, we collect information about your use of the site including but not limited to traffic data and location data. Essentially this will normally be which pages you have visited, how long you stay online and where you are located. We will not be able to identify who you are from the information we store, but we will be able to identify where you are located - (see point 1.7 below).

1.7.                What else do we collect when you use one of our websites?

Each time you use the internet, an Internet Protocol (“IP”) address is assigned to your computer or internet-capable device via the internet service provider. This number may either be the same or different each time you access the internet. Each time your computer or internet-capable device requests information from one of our websites, we log your IP address on our server. We may also log operating systems and browser types for the purposes of system administration and to report aggregate information. We may use this in order to gather information about the website traffic and usage.

To clarify, whether you are a registered user or not, our web server collects certain information including (a) IP address; (b) host names (c) domain name (d) time and date information as requested (e) the browser version and platform when it is requested, (f) a record of which pages have been requested (g) location data from your IP address. Location data may be necessary for us to “geo-block” or regionalise our website content or services.

If you contact us, we may keep a record of that correspondence and use it to contact you and/or to update our records. We may use all information we obtain to enforce our legal rights and protect against unauthorised access, use, activity and/or copying, either personally or via third party contractors and advisors. This may involve using your name and subscription details on a database with other publishers’ data for detection purposes.

1.8.                What else do we use personal information for?

Other than for fulfilling our obligations to you (where these exist), on some occasions we use the information you provide to produce aggregate statistics in relation to pages being accessed. We may also use it to monitor usage patterns on our websites in order to improve navigation and design features and to help you get information more easily. This information is provided to us as daily log files. In order to help us develop our websites and our services, we may provide such aggregate information to third parties. The statistics however will not include any information that can be used to identify any individual. We may contact you to notify you about changes to our service. We may also send you non marketing emails which includes for internal record keeping and to improve our services and/or for the purpose of inviting you to partake in surveys or market research which we conduct or which third parties are conducting.

In addition to responding to complaints or claims received or discovered referred to above or any breaches of our Website Terms and Conditions, we may use all information supplied or collected on our Websites to enforce our legal rights and protect against unauthorised access, use, activity and/or copying, either personally or via third party contractors and advisors and/or protect the rights, property, or personal safety other users of the websites and the public. This may involve using any details supplied by you including your name and contact details.

2.      How long do we keep the information we collect?

We keep (including via our contractors) your personal information for as long as necessary to fulfil our obligations to you and to protect our legal interests or as otherwise stated to you when such data is collected.

3.      To whom will information be disclosed?

Other than as expressly agreed by you or stated when data is collected or stated within this policy we will not disclose your personal data to any third parties other than:

     (i)            to third parties authorised by us such as our co-owners (where applicable), licensors, contractors and advisers who must keep this data confidential. For the International Forum on Quality and Safety and certain other BMJ services, this may include transferring your data outside of the European Economic Area (“EEA”) including to the USA. This may also be the case for other co-owners or licensors;

     (ii)           as required for conferences such as to venue organisers who may be outside of the EEA or where you agree with an exhibitor or sponsor to be scanned at a conference and in which case your name, work details and all contact details will be supplied to them;

     (iii)           as required to enforce our legal rights (including property, safety, our customers or others);

     (iv)           fraud protection and credit risk reduction;

     (v)            where you have opted for a publication of service which allows you to select a third party to see data you submit such as mentors for BMJ Quality Improvement or another BMJ service;

     (vi)            where our company or its assets (to which your data relates) are to be acquired by a new company location data may be shared;

     (vii)           in the case of BMJ Learning and BMJ Portfolio only to the BMA in relation to the fact that you have signed up for access to BMJ Learning, the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules;

     (viii)           in the case of registered GPs in New Zealand who are official members of the Royal New Zealand College of GPs, whilst we have an agreement with them, details of modules you have the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules ;

     (ix)            in the case of registered GPs in Denmark, who are official members of the Danish Medical Association, whilst we have an agreement with them, details of modules you have the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules ;

     (x)            in the case of users whose access is provided by Harmoni, details of modules you have the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules;

     (xi)           in the case that you are registered with the BMJ Learning Iraq channel then we may provide your personal data, including details of your usage of the site, including the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules to the Iraq Ministry of Health;

     (xii)           to any member of our group, which means our subsidiaries and our ultimate holding company, the BMA; and

     (xiii)          where we have your consent to do so, to third parties for the purposes of providing  BMJ marketing communications to you.

4.      How personal information stored and protected

Your personal data is stored in our databases or those of our contractors which is only available to our web administrators and our contractors and selected authorised people on a password protected basis (except where referred to in the final paragraph of Clause 1.3herein). The data that we collect from you (or which you supply to us by email or otherwise) may be transferred to and stored at a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us or are of our suppliers. Such staff may be engaged in among other things, hosting the fulfilment of your order, processing of your payment details and the provision of support services by submitting your personal data, you agree to this transfer, storing or process. We will take all steps reasonably necessary to ensure that your data is treated securely by us and our contractors and in accordance with this privacy policy. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. Please do not share your password(s) with anyone.

4.1.              Security

We understand that the security of your information is important to you. We also understand that our continued success as a publisher on the web relies on our ability to communicate with you in a secure manner. We adhere to the highest standards of decency, fairness, and integrity in our operations. We use several measures to authenticate your identity when you visit our site. We also take steps to protect your information as it travels the internet, and to make sure all information is as secure as possible against unauthorised access and use (for example, by hackers). We review our security measures regularly. Despite our best efforts, and the best efforts of other firms, "perfect security" does not exist on the internet, or anywhere else. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

4.2.                Authentication

You should not share your user name and password with other people. If you think you might lose or forget these identifiers, write them down and keep each in a separate place.

4.3.                Email

Any email between you and the BMJ is not encrypted.

4.4.                Data within our walls

The information we collect about people visiting the site is stored in secure environments that are not available to any other individual or party without our consent. We have mechanisms in place to protect data. One such mechanism is called a "firewall." A firewall is a barrier that allows only authorised traffic through. It safeguards our computer systems and your information. We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.

5.      Cookies

5.1.              What are cookies?

Cookies are small text files which a website may put on your computer or mobile device when you first visit a website. Cookies are widely used by websites to help remember small amounts of information and give you a better experience using the website. For example, a cookie will help the website to recognise your device the next time you visit so you don’t have to log on again, they will remember what items you placed in a shopping basket or recall your preferences such as which language you want to read a site in.

Certain cookies contain a limited amount of personal information. For example, if you click “remember me” when logging in, a cookie will store your username. Most cookies won’t collect information that identifies you, and will instead collect more general information to help us analyse how well our website is performing overall so we can try and improve it.

5.2.                How we use Cookies

BMJ uses cookies on most of our websites to perform different functions. These are grouped into four main categories:

Technically Necessary Cookies

Some essential functions of our websites are only possible if information is stored persistently between each page you look at. For instance, if you log in to a site to access subscriber only content, we use a cookie to remember that you are logged in, so you do not have to enter your details on each page you visit.

Customisation and Personalisation Cookies

In order to allow you as an individual, or our institutional customers, to customise our products and websites, we need to remember who you are and what you want. We use cookies to record your preferences regarding website appearance, what content you’ve already read, and to present the information that is most relevant to you.

Performance Monitoring Cookies

We utilise other cookies to analyse how our visitors use our websites and to monitor website performance. This allows us to provide a high quality experience by customising our offering and quickly identifying and fixing any issues that arise. When we send marketing emails to users who have chosen to receive them, we use a cookie that lets us track the success of campaigns. We may use this information to determine which of our emails are more interesting to users, or to query whether users who do not open our emails wish to continue receiving them. We don’t use cookies to find out how specific individuals use our products, only to gather general statistics that can help us give you a better experience.

Third Party Cookies

BMJ websites sometimes integrate with other companies’ sites. For example, we integrate with social networking sites such as Twitter and Facebook, to make it easier for you to share what you have read. These sites place their own cookies on your browser as a result of us including their icons and ‘like’ or ‘share’ buttons on our sites. Like most commercial publishers we also sell advertising space, or ‘banner ads’ on some of our websites. These ads are served directly from a 3rd party advertising broker. They place cookies on your browser in order to track how many people have seen a particular ad, and for other technical reasons.

5.3.              How to remove or block Cookies

Your internet browser has tools that allow you to remove or block cookies. More information can be found here:

5.4.              What will happen if I block BMJ Cookies?

Depending on which cookies you block, the site may stop working, or certain features may stop working correctly. If the cookies marked below as ‘technically necessary’ are blocked, the site will probably not be usable.