CMEUnion LogoCMEUnion

GDPR Compliance

Last updated: 6/5/2025

Our Commitment to GDPR

At CMEUnion, we are committed to ensuring the privacy and protection of your personal data in compliance with the General Data Protection Regulation (GDPR). As a platform serving healthcare professionals in the European Union, we understand the importance of data protection and privacy rights.

Data Controller Information

CMEUnion acts as a data controller for the personal information collected through our website and services. Our Data Protection Officer can be contacted at dpo@cmeunion.com.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary for the performance of our contract with you (e.g., providing CME courses and certificates)
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and preventing fraud
  • Legal Obligation: Processing necessary to comply with legal obligations (e.g., maintaining records for tax purposes)
  • Consent: Processing based on your explicit consent (e.g., for marketing communications)

Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You can request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your personal data in certain circumstances.
  • Rights Related to Automated Decision-Making: You have rights related to automated decision-making and profiling.

How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us at privacy@cmeunion.com. We will respond to your request within 30 days. If we need more time, we will inform you of the delay and provide an explanation.

International Data Transfers

CMEUnion primarily stores and processes data within the European Economic Area (EEA). If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, particularly when implementing new technologies.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer at dpo@cmeunion.com.

You also have the right to lodge a complaint with your local data protection authority if you believe that we have not complied with applicable data protection laws.

Return to Home