You are here

Privacy and cookie policy

Protecting your privacy is one of our top priorities.

Our Privacy commitment

This document sets out the basis on which BMJ Publishing Group Limited (“BMJ”) will process any personal data we collect from you and what cookies we use and why, except in the case of Evidence Based Nursing, and in which case you will be subject to the Royal College of Nursing's Privacy Policy. Other than for Evidence Based Nursing, or where we are hosting information for you (such as on BMJ Portfolio), BMJ shall be the data controller.

We will make every effort to protect your privacy by adopting a consistently high level of site security and adhering to strict company policies on how we store and use personal information. This privacy policy has been developed in accordance with our legal obligations and may be updated from time to time.

If we make any changes to our privacy policy, we will post the revisions on our site.

1.  What information is being collected and how is it used?

There are various sections of the website, for which we collect different information. What we collect and how this is used is as follows:

1.1 Registered Users

Many of our websites require subscriptions and/or registration to access certain functions, services or content. You will know what information is being collected via these processes when you complete required details prior to submission (including which information is mandatory). On some of our websites, where you submit a response for publication your name and other personal details may be published. You should check the policy on the relevant submission page on the specific BMJ website. We will collect data relating to any transactions you carry out through our website(s) and of the fulfillment of your orders. We collate data about registered users and which publications and services they have subscribed to so to understand our customers and try and easily fulfill their subscription requirements. For conferences we will use your personal data also to inform the venue and caterers of all delegates, share that with any co-owners of a conference ( where applicable), create a delegate list of attendees and sponsors which will be distributed to all attendees and sponsors. Once you start using our sites, we may track and keep a record of the pages you visit. We collect this data from groups of users to get a sense of how people are using our sites and which content and areas are most popular. This helps us improve what we offer on our sites. We will also use your data to monitor for any unauthorised use of our websites, content or subscriptions to our publications (for example individuals subscribing individually for institutions). We may also disclose your identity and contact details to any third party claiming material posted by you is defamatory or violates their intellectual property rights or right to privacy. You will be given at least one opportunity to opt in or out (as applicable) from receiving marketing emails from BMJ and third parties. For users who have opted to receive marketing emails from BMJ ( and others where indicated and there is a jointly supplied product or service), and visit our websites through links provided in these emails, we may send back information about your website usage to our third party email direct marketing provider.  This is for the purpose of understanding the effectiveness of our email marketing campaigns and for targeting future email campaigns.

1.2 BMJ Learning Users

In addition to and subject to other uses of your personal data which are set out herein, the information that you add to your BMJ Portfolio , including the areas of improvement you identify, the modules  you have started and /or completed , and other such information, is considered private. Our technicians have access to it in order to fix problems and maintain the site. However, we do not read this information unless necessary, and subject to clause 4 we will not release it to other people or organisations, without your prior consent. However we reserve the right to release anonymised group data to third parties related to the use of specific modules. You are able to give feedback about a learning module after completing it, and in the learning resources section of the site. This information is visible to other users of the site, including guest users. We will also use it to improve our site.

1.3 Foundation Programme Users

The forms you complete online and the learning modules you complete (including obtaining certificates of completion) are considered private. Our technicians have access to them in order to fix problems and maintain the site. However, we do not read this information unless necessary, and will not release it to other people or organisations, without your prior consent.

1.4 Portfolio Users

The data you enter into BMJ Portfolio website, and any files you upload to it, is considered private. Our technicians have access to this data in order to fix problems and maintain the site. We may statistically analyse the information, in aggregate form, to learn more about the interests of our user base. These statistics may be used to provide functionality that recommends useful resources to other users of BMJ Portfolio. In no case will it be possible to identify an individual through such functionality, or through the underlying aggregate data.

1.5 BMJ Quality Improvement Programme Users

Where you have registered and/or purchased access to a BMJ Quality Improvement Programme product or service, your name will be available for other users for the purpose of contacting you through the service. They will not have access to your contact information (unless included on a report you have written, which is published) and rather you will be sent an invitation via your BMJ account and if accepted you may communicate through these means.

1.6 All users

As you browse the website, we collect information about your use of the site including but not limited to traffic data and location data. Essentially this will normally be which pages you have visited, how long you stay online and where you are located. We will not be able to identify who you are from the information we store, but we will be able to identify where you are located - (see point 1.5 below).

1.7 What else do we collect when you use our website

Each time you use the internet, an IP address is assigned to your computer via the internet service provider. This number may either be the same or different each time. Each time your computer requests information from our website, we log your IP address on our server and may log operating systems and browser types for system administration and to report aggregate information. We may use this in order to gather information about the website traffic and usage. Whether you are a registered user or not, our web server collects certain information such as (a) IP address; (b) host names (c) domain name (d) time and date information as requested (e) the browser version and platform when it is requested, (f) a record of which pages have been requested. If you contact us, we may keep a record of that correspondence and use it to contact you in response and/or to update our records. We may use all information to enforce our legal rights and protect against unauthorised access, use, activity and/or copying, either personally or via third party contractors and advisors. This may involve using your name and subscription details on a database with other publishers’ data for detection purposes.

1.8 What else do we use personal information for?

Other than for fulfilling our obligations to you (where these exist), on some occasions we use the information provided to produce aggregate statistics in relation to pages being accessed. We may also use it to monitor usage patterns on the website in order to improve navigation and design features to help you get information more easily. This information is provided to us as daily log files. In order to help us develop the website and our services, we may provide such aggregate information to third parties. The statistics however will not include any information that can be used to identify any individual. We may contact you to notify you about changes to our service. We also may send you non marketing emails for the purpose of inviting you to partake in surveys or market research which we conduct or which third parties are conducting. In addition to responding to complaints or claims received or discovered referred to above or any breaches of our Website Terms and Conditions, we may use all information supplied or collected on this Website to enforce our legal rights and protect against unauthorised access, use, activity and/or copying, either personally or via third party contractors and advisors and/or protect the rights, property, or personal safety other users of the websites and the public. This may involve using any details supplied by you including your name and contact details.

2. How long do we keep the information we collect?

We keep (including via our contractors) your personal information for as long as necessary to fulfill our obligations to you and to protect our legal interests or as otherwise stated to you when such data is collected.

3. Cookies

3.1 What are cookies?

Cookies are small text files which a website may put on your computer or mobile device when you first visit a website. Cookies are widely used by websites to help remember small amounts of information and give you a better experience using the website. For example, a cookie will help the website to recognise your device the next time you visit so you don’t have to log on again, they will remember what items you placed in a shopping basket or recall your preferences such as which language you want to read a site in.

Certain cookies contain a limited amount of personal information. For example, if you click “remember me” when logging in, a cookie will store your username. Most cookies won’t collect information that identifies you, and will instead collect more general information to help us analyse how well our website is performing overall so we can try and improve it.

3.2 How we use Cookies

BMJ uses cookies on most of our websites to perform different functions. These are grouped into four main categories:

Technically Necessary Cookies

Some essential functions of our websites are only possible if information is stored persistently between each page you look at. For instance, if you log in to a site to access subscriber only content, we use a cookie to remember that you are logged in, so you do not have to enter your details on each page you visit.

Customisation and Personalisation Cookies

In order to allow you as an individual, or our institutional customers, to customise our products and websites, we need to remember who you are and what you want. We use cookies to record your preferences regarding website appearance, what content you’ve already read, and to present the information that is most relevant to you.

Performance  Monitoring Cookies

We utilise other cookies to analyse how our visitors use our websites and to monitor website performance. This allows us to provide a high quality experience by customising our offering and quickly identifying and fixing any issues that arise. When we send marketing emails to users who have chosen to receive them, we use a cookie that lets us track the success of campaigns. We may use this information to determine which of our emails are more interesting to users, or to query whether users who do not open our emails wish to continue receiving them. We don’t use cookies to find out how specific individuals use our products, only to gather general statistics that can help us give you a better experience.

Third Party Cookies

BMJ websites sometimes integrate with other companies’ sites. For example, we integrate with social networking sites such as Twitter and Facebook, to make it easier for you to share what you have read. These sites place their own cookies on your browser as a result of us including their icons and ‘like’ or ‘share’ buttons on our sites. Like most commercial publishers we also sell advertising space, or ‘banner ads’ on some of our websites. These ads are served directly from a 3rd party advertising broker. They place cookies on your browser in order to track how many people have seen a particular ad, and for other technical reasons.

3.3 How to remove or block Cookies

Your internet browser has tools that allow you to remove or block cookies.

More information can be found here:

3.4 What will happen if I block BMJ Cookies?

Depending on which cookies you block, the site may stop working, or certain features may stop working correctly.

If the cookies marked below as ‘technically necessary’ are blocked, the site will probably not be usable.

3.5 BMJ  Group Cookie List

 The list below shows the majority of cookies on used on our sites, or set by third parties from our sites. The list is subject to change.

Cookie Name



Further Information

_utma, _utmb, _utmc, _utmz

Performance  Monitoring, Third party cookies

Google Analytics sets these cookies. They are used for general aggregated usage statistics


Third party Cookies

This is used by the Google +1 recommendation service



Technically Necessary

This is used to handle authentication on some products



Third party Cookies

This is used to track how many people open and respond to marketing emails


Third party Cookies

This is used to indicate if you have opted out of tracking in marketing emails

Auth_token, auth_token_session, guest_id, k, pid, t1, twll

Third Party Cookies

These are used by Twitter

avr_[numeric sequence]  

Technically Necessary

This is used by our CDN service, Edgecast, to accelerate content delivery.


Performance  Monitoring

We use this to provide usage stats to institutional customers[numeric sequence]

Technically Necessary

Used by a Pluck, an online community platform we use on some sites.



Performance  Monitoring

We use this to provide usage stats to institutional customers



Performance  Monitoring

We use this to provide usage stats to institutional customers



Performance  Monitoring

We use this to provide usage stats to institutional customers


c_user, datr, locale, lu, xs  

Third Party Cookies

Facebook uses these cookies. We use facebook buttons to help people share content they find interesting.


Performance  Monitoring

We use this to provide usage stats to institutional customers


D, mc

Third Party Cookies, Performance  Monitoring

Quantserve measure site traffic independently.

Web Stats and Traffic Monitoring


Third Party Cookies

Youtube use these cookies. We use youtube to distribute videos on some of our sites.


Technically Necessary

Our websites use this to indicate if javascript is working on your browser



Customisation and Personalisation

Some of our websites use this to store your language preference



Technically Necessary

Our websites use this to enable single sign on across our products, so you don’t have to log in on each of our sites in turn.



Technically Necessary Customisation and Personalisation

Our Java based websites use this for a wide range of technical purposes


NSC_[alphabetical sequence]

Technically Necessary

Our load balancers use this cookie to help direct traffic between different back end servers



Third Party Cookies

Realmedia, our advertising partner, use this cookie to serve appropriate banner ads


Technically Necessary 

Used by one of our sites for session handling



Technically Necessary 

Used by Pluck, and online community platform we use on some sites


Uuid, uvc

Third Party Cookie

Used by Lockerz, a social networking website


Technically Necessary 

Used by Highwire Press, who deliver our journal sites



4. To whom will information be disclosed?

Other than as expressly agreed by you or stated when data is collected or within this policy we will not disclose your personal data to any third parties other than:

(i) our co-owners (where applicable), Licensors, contractors and advisors who must keep this data confidential. For the International Forum on Quality and Safety this will include transferring your data outside of the EEA to the USA. This may also be the case for other co-owners or licensors;

(ii) as required for conferences such as to venue organisers who may be outside of the EEA or where you agree with an exhibitor or sponsor to be scanned at a conference and in which case your name, work details and all contact details will be supplied to them;

(iii) as required to enforce our legal rights (including property, safety, our customers or others);

(iv) fraud protection and credit risk reduction;

(v) where you have opted for a publication of service which allows you to select a third party to see data you submit such as mentors for BMJ Quality Improvement or another BMJ service;

(vi) where our company or its assets (to which your data relates) are to be acquired by a new company location data may be shared;

(vii) in the case of BMJ Learning and BMJ Portfolio only to the BMA in relation to the fact that you have signed up for access to BMJ Learning, the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules;

(viii) in the case of registered GP’s in New Zealand who are official members of the Royal New Zealand College of GP’s, whilst we have an agreement with them, details of modules you have the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules;

 (ix) in the case of registered GPs in Denmark, who are official members of the Danish Medical Association, whilst we have an agreement with them, details of modules you have the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules;

(x) in the case of users whose access is provided by Harmoni, details of modules you have the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules; and

(xi) in the case that you are registered with BMJLearning Iraq channel then we may provide your personal data, including details of your usage of the site, including the modules that you have  started,  completed, passed or failed and any feedback you have given in relation to the modules to the Iraq Ministry of Health.

5. How personal information stored and protected

Your personal data is stored in our databases or those of our contractors which is only available to the web administrators of us and our contractors and selected authorised people on a password protected basis (except where referred to in the final paragraph of Clause 1.3 herein). The data that we collect from you may be transferred to and stored at a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us or are of our suppliers. Such staff may be engaged in among other things, hosting the fulfilment of your order, processing of your payment details and the provision of support services by submitting your personal data, you agree to this transfer, storing or process. We will take all steps reasonably necessary to ensure that your data is treated securely by us and our contractors and in accordance with this privacy policy. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. Please do not share your password(s) with anyone.

5.1 Security

We understand that the security of your information is important to you. We also understand that our continued success as a publisher on the web relies on our ability to communicate with you in a secure manner. We adhere to the highest standards of decency, fairness, and integrity in our operations. We use several measures to authenticate your identity when you visit our site. We also take steps to protect your information as it travels the internet, and to make sure all information is as secure as possible against unauthorised access and use (for example, by hackers). We review our security measures regularly. Despite our best efforts, and the best efforts of other firms, "perfect security" does not exist on the internet, or anywhere else. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

5.2 Authentication

You should not share your user name and password with other people. If you think you might lose or forget these identifiers, write them down and keep each in a separate place.

5.3 Email

Any email between you and BMJ is not encrypted. It will be stored securely within our corporate firewall (see below).

5.4 Data within our walls

The information we collect about people visiting the site is stored in secure environments that are not available to any other individual or party. We have mechanisms in place to protect data. One such mechanism is called a "firewall." A firewall is a barrier that allows only authorised traffic through. It safeguards our computer systems and your information. We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.

6. Contact us

Please contact us if any of the data we hold about you becomes inaccurate and if you have any queries or concerns about the data we are holding about you. Also we welcome your feedback about what you like or don't like about our sites. Your feedback is stored on a secure internal system that allows the appropriate person to respond to you. Please contact us through our Contact us section.

7. Linking to external sites

Occasionally, you will encounter links to other sites that are not related to BMJ. Please be aware that once you click to one of these sites, you are subject to that site's privacy policy and not to ours. You may wish to review the privacy policy for each site you visit.

8. Your consent

By submitting your information, you consent to the use of that information as set out in this policy. You should review this policy regularly, to note any changes as to how we collect and use personal information.

Thank you for reviewing this information.

If you have any questions, please send us an e-mail through our Contact us section. View Policy as a PDF

Last updated April 2013