3. End-user data management

Website access and Personal Data Sharing consent

All end-user personal data is managed by Cognipharma according to its Privacy Policy and the HCP-ID service Terms of Use, in combination with specific Terms and Conditions accepted by each end-user on their first access to one of the websites using the service.

Ultimately, end-users (the HCPs) are always in charge of his profile information and contact data, and who (and which 3rd party websites / companies) they share it with.

The user is able to, at any time:

  • Access and change their personal and professional data (name, email, phone, license number, job location, etc.)
  • Select content preferences, review consents provided and remove individual consents (e.g. sharing data with 3rd party websites, content preferences, or marketing / contact preferences)
  • Delete all data, and their profile information

User data is shared with the multiple “Websites” and “Companies” using the Cognipharma HCP Engagement platform, for which the user has given his permissions.

Storage of user data

All end-user data in stored in the Cognipharma cloud, with datacenters hosted in AWS, in one of the following regions: Europe (Ireland) or US (Northern Virginia). Data is encrypted at rest, and access to production data / database is provided only to authorized Cognipharma users or its cloud service providers in the scope of deployment of new service versions / migrations, technical management, troubleshooting and issue resolution.

The service also generates some content files, which may be distributed to CDNs (Content Delivery Networks) servers distributed around the globe. These are only styles, images, and other non-user specific content.

No user data is ever stored outside of the core cloud regions defined above (although it may be accessed from customers’ websites via the authorized user profile APIs).

Extraction of User Data

In some cases, Customers may need to access the full set of user data stored and managed by Cognipharma HCP-ID. This may happen in cases such as:

  • Audit report of users that have registered/logged in to access a given website
  • Extract the full set of user data of users that have registered / accessed the customer’s website, to migrate the authentication provider to another / own authentication & authorization service
  • Manual import or synchronization of users’ data into customers’ own systems (i.e. CRM or Marketing automation platforms)

For such use cases, Cognipharma HCP Engagement Platform provides, in the management backoffice, for authorized users, the ability to list, search and download all the user information that is available to them.

  • The set of profile data visible to customers is only the one that has been accepted by the end-user to be shared with the customer / pharma company, during the process defined in “3.1. Website Registration”.
  • It does not allow access to any of the user passwords – in case of a migration to another authentication/authorization system, users will need to define a new password for such website, even in case the list of users is imported.