Privacy Policy

Last modified: August 27, 2018

This privacy policy pertains to the collection of personal data by Merck KGaA, Darmstadt, Germany and its affiliates ("Company", "us" or "we"). The Controllers of your personal data in the meaning of the General Data Protection Regulation ("GDPR") are Merck KGaA, Darmstadt, Germany or its respective affiliates with which you have a business relationship or whose products/services you are using. The different entities and their contact details as well as the contact details of our group data protection officer are listed below.

With this data protection declaration, we explain to you which personal data is processed for which purposes. "Personal data" is any information relating to an identified or identifiable natural person.

1. Which data do we process and for which purpose?
  We process personal data that we receive from you as part of our business relationship, i.e. during the initiation, implementation and execution of the contract for the product or service you purchased or personal data that we collect about you in connection with the use of the product or service. We also process data that you voluntarily provide to us, including while attending tradeshows or through our web forms or surveys. Additionally, we process personal data we received from third party websites in case you fill out a form from one of our advertisements for example to receive a download or sign up for a newsletter.
  1.1 Browsing our websites
    By browsing our websites, you provide us with automatic information. The term "Automatic Information" is information automatically collected by our web server that your web browser makes available whenever you visit one of our websites. The browsing data we collect includes the website you are accessing, the time and duration of your visit, the pages you have visited, your searches and temporarily, your IP address(1) as well as the items you have added to your cart, if applicable.(2) Your IP address is used to identify the city of from which you are accessing the site as well as the company to which the IP address has been registered. We use browsing data of our users for creating aggregated statistics, to learn what is of interest to users in order to improve various aspects of our websites and to provide services like troubleshooting, and to recognize users who have already visited our websites in order to customize their website experiences for their future visits. We also use the browsing data to study traffic patterns and maintaining or restoring the security of our websites or to detect and correct technical defects and errors.
  1.2 Providing you with services you requested
    In order to provide you with access to some services on our websites, we ask for information from you like your name or an email address, for example, when you register for an account on one of our websites. We use your data to provide you with information or services that you have requested such as providing information about relevant products, services and/or promotions, answering questions about our products or services or sending you newsletters or other marketing/promotional materials based on your selections or providing access to an on-line platform or application.(3) In order to provide you with the information that you have requested or that you may be interested in, we may individualize the content you requested based on the information we collect about you.(4) We use your information like your name, address, email address, financial information, job profession, area of expertise and your purchasing history to complete the sales transaction if you purchased one of our products via a website or to offer you any of our services you requested.(5)
    Please note that the provision of some information will be necessary in order for us to take action regarding an order for products or services that you have purchased. For example, we need your address to be able to send you the product you ordered. Our online forms clearly identify which fields are required in order for us to complete the transaction. If you don’t provide these information to us, we will not be able to complete the transaction.
  1.3 Customer Management
    We process your personal data like your contact information in order to provide you with a satisfactory customer management experience, e.g. sales transaction follow-up or process your inquiries.(6) For this purpose we also process your personal data as part of our management and development of our client relationships in order to provide you with individualized content and to assess your needs as a customer.(7) We process your personal data to analyse your preferences and habits to improve our services and to ensure that we can deliver the highest quality services and support to our customers.
  1.4 Legal obligation and legal enforcement
    In some cases, we are under a legal obligation to process personal data.(8) A typical example is providing data to a government agency which has identified the potential misuse of a drug or the processing within the scope of the so-called pharmacovigilance, i.e. the obligation to investigate and share data when potential side effects of drugs become known.
    Where required, we can also use your data to enforce our or third party rights (such as copyright infringements).
  1.5 Providing you with information that may interest you
    We aim to present you information that could be of interest to you and to communicate seamlessly over various channels (phone, email, SMS, mail, social media messages) without sending redundant information.(9) Our communication with you is based on the information we collect about you and are permitted to use. For example, we use the combination of your email address and your browsing data so we can provide you with information about a product you look up on one of our websites. Based on the information we collect, we may internally indicate that you are interested in certain categories of information.
    Generally, we will use collected information to inform you about our new products, innovations, promotions, seminars, webinars and events like trade and vendor shows.
    We only provide you with such information where we are permitted to, for example when you have chosen to receive our promotional emails and where you did not object to our use of your data for marketing-related purposes.
  1.6 Profiling
    We use profiling procedures to optimize and personalize our customer relationship management and our advertising measures.(10) To optimize and personalize our advertising measures, we create customer profiles and assign customers to specific customer segments on the basis of these customer profiles. On the basis of this segmentation, we can manage the type, content and frequency of specific advertising measures for specific target groups. For profiling purposes, we use data that we receive from you as part of our business relationship. This includes personal data like your purchasing behaviour and browsing behaviour. Profiling may be based in particular on usage data that we create with the customer's consent by measuring and evaluating the customer's interaction with electronic advertising, in particular by measuring and evaluating the opening and click rate in email newsletters.
2. Cookies, analytics tools, social plugins and advertising
  2.1 Cookies:
    We use cookies in order to enable and facilitate the use of our websites (e.g. to optimize the presentation or display of country-specific content). "Cookies" are small text files that enable our websites to store information on your computer and retrieve it later (e.g. when you visit our website again later). The use of cookies, for example, enables our websites to "remember" the language in which we are allowed to present our content to you.
    The following categories of cookies are concerned:
   
  • cookies that optimize the presentation or display of country-specific content (e.g. the presentation of the website in your national language and corresponding country- specific product availability and pricing),
  • cookies that help us to remember your settings
  • web audience cookies
    You can disable or block cookies in your browser software; however, this may result in restrictions regarding the usability of our websites.
    For more information on the cookies used on our websites please click here.
  2.2 Google Analytics:
    Our websites use Google Analytics, a web analysis service provided by Google Inc. ("Google") to store "analytical cookies" on your device. This means that information about users and the use of our websites is transmitted to Google and processed on our behalf for the purpose of compiling reports on website activity, measuring website visits and visitors and providing similar services for us. This includes the transmission of your IP address, but it will not be merged with other Google data. In addition, your IP address is shortened (usually within the European Union) and saved by Google only in an abridged form. For data storage in the United States, Google's self-certification according to the Privacy Shield provides an appropriate level of data protection.
    You can object to the processing of your data for these purposes by installing a browser plugin (https://tools.google.com/dlpage/gaoptout). Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html.
  2.3 Adobe Analytics:
    Our websites use Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited ("Adobe") to store "analytical cookies" on your device. This means that information about users and the use of our websites is transmitted to Adobe and processed by us on our behalf for the purpose of compiling reports on website activity, measuring website visits and visitors and providing similar services to us. This includes the transmission of your IP address, but will not be merged with other Adobe data. In addition, it is pseudonymized prior to the geolocalization and replaced by a generic IP address before storage.
    You can object to the processing of your data for statistical purposes by using the following link ("Use of Adobe Marketing Cloud by our business customers" section): https://www.adobe.com/privacy/opt-out.html.
  2.4 Social Plugins
    We use the following social plugins on our websites:
    2.4.1 Facebook Social Plugins
    We use Facebook social plugins on our websites, which are operated by Facebook Inc.,1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identified with a Facebook logo or a notation “Facebook Social Plugin”. When you view one of our websites that contains such a plugin, your browser will create a direct link to the Facebook servers. The content of the plugin will be transmitted by Facebook directly to your browser and from there embedded in the website. By embedding the plugins, Facebook obtains information that you have viewed the relevant pages of our website. If you are logged into Facebook, Facebook will record the visit to your Facebook account. If you interact with the plugins, perhaps by clicking “Like” or posting a comment, then the relevant information will be transmitted from your browser directly to Facebook and stored there. To learn about the purpose and scope of data collection and the additional processing and use of the data by Facebook and about your relevant rights and options for adjusting your settings to protect your privacy, please visit and view Facebook’s data privacy policy. If you do not wish to have Facebook collect data about you on our websites, then you must log-out of Facebook before you visit one of our websites.
    2.4.2 Twitter Social Plugins
    We use Twitter social plugins on our websites (Twitter plugin). Twitter is operated by Twitter, Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Every time an individual page of our websites, on which a Twitter button is integrated, is viewed, your Internet browser automatically downloads the presentation of the Twitter plugin to Twitter using the Twitter plugin. You can obtain further information on the Twitter plugin at https://about.twitter.com/en/resources/buttons. Through the Twitter plugin, Twitter learns which individual pages of our websites you visit. The purpose of this is to retransmit the contents of this Internet page to you through Tweets in order to promote our offerings. If you are logged into Twitter, Twitter can capture your surfing behaviour on our websites as well as the Twitter plugin activity, and attribute this to your Twitter account. Information regarding your surfing behaviour will be processed if you are logged into Twitter, regardless of whether you click on the Twitter plugin. You can prevent this transmission by logging out of Twitter before viewing our websites. You can obtain the Twitter data protection declaration (privacy policy) at https://twitter.com/privacy?lang=en.
    2.4.3 Pinterest Social Plugins
    We use Pinterest social plugins on our websites (Pinterest plugin). Pinterest is a social network with a focus on circulating pictures and images. Pinterest is operated by Pinterest, Inc., 808 Brannan Street, San Francisco, CA 94103, USA. Every time an individual page of our websites, on which a Pinterest plugin is integrated, is viewed, your Internet browser automatically downloads the presentation of the Pinterest plugin to Pinterest using the Pinterest plugin. You can obtain further information about Pinterest at https://pinterest.com/. Through the Pinterest plugin, Pinterest learns which individual pages of our websites you visit. The purpose of this is to enable you to use Pinterest in connection with our websites in order to promote our offerings. If you are logged into Pinterest, Pinterest can capture your surfing behaviour on our websites as well as the Pinterest plugin activation, and attribute this to your Pinterest account. Information regarding your surfing behaviour will be processed if you are logged into Pinterest, regardless of whether you click on the Pinterest plugin. You can prevent this transmission by logging out of Pinterest before viewing our websites. You can obtain the Pinterest privacy policy at https://about.pinterest.com/privacy-policy.
    2.4.4 Google+ Social Plugins
    We use Google+ social plugins on our websites (Google+ plugin). Google+ is operated by Google Inc., 1600 Amphitheatre Pkwy Mountain View, CA 94043-1351, USA. Every time an individual page of our websites, on which a Google+ plugin is integrated, is viewed, your Internet browser automatically downloads the presentation of the Google+ plugin to Google+ using the Google+ plugin. You can obtain further information about Google+ at https://developers.google.com/+/. Through the Google+ plugin, Google+ learns which individual pages of our websites you visit. The purpose of this is to enable you to use Google+ in connection with our websites in order to promote our offerings through your recommendation (Google+1 button). Google+1 saves your recommendation and makes this public through Google+ terms and conditions that you accepted. Thus, the Google+1 recommendation is processed together with other personal data, such as your name and your photo in other Google services, e.g. Google search engine, your Google account or on the Internet, e.g. in connection with advertisements. Google processes information about your visit to our websites in order to improve Google’s future services. If you are logged into Google+, Google+ can capture your surfing behaviour on our websites as well as the Google+ plugin activation, and attribute this to your Google+ account. Information regarding your surfing behaviour will be processed if you are logged into Google+, regardless of whether you click on the Google+ plugin. You can prevent this transmission by logging out of your Google+ account before viewing our websites. You can obtain the Google+ privacy policy at https://policies.google.com/privacy. You can find additional information from Google regarding the Google+ button at https://developers.google.com/+/web/buttons-policy.
    2.4.5 LinkedIn Social Plugins
    We use LinkedIn social plugins on our websites (LinkedIn plugin), LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside of the USA, LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible. When you view one of our websites that contains the LinkedIn plugin, your internet browser is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. LinkedIn receives information via the LinkedIn component that the data subject has visited our websites, provided that the data subject is logged in at LinkedIn at the time of visiting our website. Information regarding your surfing behaviour will be processed if you are logged in to LinkedIn regardless of whether you click on the LinkedIn plugin. You can prevent this transmission by logging out of your LinkedIn account before viewing one of our websites. You can obtain the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy
  2.5 Advertising
    We work with third party online marketing services (e.g. Google Adwords, ResearchGate, Sprinklr, Facebook custom audience, LinkedIn Contact Targeting and Doubleclick), which provide our advertising to internet users who have previously visited our websites on their network or websites. The purpose of these services is to create advertising based on the needs and interests of the relevant internet users.
  2.6 Links to other websites
    Our websites contain links to third party websites. If you follow a link to any of these websites, please note that they have their own privacy policies which should be reviewed. We have no liability or responsibility for the content or practices of these websites.
3. Recipients of personal data
  3.1 Data transfer to our affiliates
    As part of a global group of companies, we involve our affiliates to support us in hosting and administration. These group companies process the data solely for the purposes set out in this Privacy Policy.
  3.2 Data transfer to third parties
    We pass on your personal data as set forth below:
   
  • Service Providers: We share your personal data with third party service providers who use this data to perform services for us, such as payment processors, hosting providers, marketing technology providers, auditors, advisors, consultants, customer service and support providers.
  • Legally required: We may disclose your personal data if we are required to do so by law or where it is necessary to respond to claims asserted against us or comply with legal processes.
  • Business transfers: We may disclose or transfer personal data as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event.
4. Data transfer to third countries
    We are transferring your personal data outside the EU/EEA. We will take all steps reasonably necessary to ensure that appropriate safeguards are in place to guarantee that your personal data are adequately protected according to the requirements of the data protection laws of the European Union by means of Standard Contractual Clauses approved by the EU Commission.
    You have the right to contact privacy@emdgroup.com for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when it is transferred as mentioned above.
5. Data retention
    We store data for as long as necessary for the provision of the service requested by you. For example, when you subscribe to a newsletter we will store the associated data at least until you unsubscribe. Based on the information we collected, we may internally indicate that you are interested in certain categories of information. This information will be kept and updated as long as we consider engaging with you.
    Your IP address which is collected while browsing our websites and which can legally be considered personal data is stored for a period of time of 7 days unless a reasonably justified incident indicates a longer storage period (e.g. due to a hacking attack).
    Under certain circumstances, your data must also be kept longer, e.g. if a so-called Legal Hold or Litigation Hold (i.e. a ban on deleting data for the duration of the procedure) is ordered in connection with official or legal proceedings.
    Data without any personal identifiable information may be stored permanently.
6. Children's personal data
    We do not knowingly process personal data of children under the age of 16, unless where we process personal data of children intentionally for our campaigns or events. If this is the case, we will inform you separately. Parents and legal guardians shall ensure that their children do not transmit any personal data through our services or websites without permission. If personal data has been transmitted by children, please inform us so that we can delete the personal data and any associated account.
7. Your Rights
    As a data subject you have the following rights:
   
  • You can request access to your personal data, including the provision of a copy of the personal data undergoing processing
  • You can ask us to update or correct any inadequate, incomplete or inaccurate data
  • You can request the erasure of your personal data, if the legal requirements are satisfied. This is the case, in particular, if:
    • your personal data is no longer needed for the purposes of which it was collected
    • the sole legal basis for processing such data was your consent, and you have withdrawn such consent;
    • you have objected to processing on the legal grounds relating to your particular situation, and we cannot prove that there are overriding legitimate grounds for processing;
    • your personal data were processed unlawfully; or
    • your personal data must be erased in order to comply with legal requirements
  • You can restrict the processing of personal data under certain conditions. The requirements are:
    • the accuracy of your personal data is contested by you and we must verify the accuracy of the personal data;
    • the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
    • We no longer needs the personal data for the purposes of processing, but you require the data to establish, exercise or defend your legal claims;
    • you have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds.
  • You have the right to data portability, e.g. you can ask us to provide your personal data in a structured, commonly used and machine-readable format for your use or transfer to another controller
  • You can lodge a complaint with a supervisory authority
  • Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
  • Right to object - to the extent that we are relying on our legitimate interests to use your personal data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.

If you want to exercise any of these rights or have any questions or concerns about how we treat your personal data, please contact privacy@emdgroup.com.

Contact Details

If you have any requests or questions, please feel free to contact our Group Data Protection Officer:

Address:

Group Data Protection Officer
Merck KGaA
Frankfurter Straße 250
64293 Darmstadt, Germany

E-Mail: privacy@emdgroup.com

Please find the contact details of our entities here.

References

(1) Legal basis: Our legitimate interests according to Art. 6 (1) (f) GDPR
(2) Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
(3) Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
(4) Legal basis: Our legitimate interests according to Art. 6 (1) (f) GDPR
(5) Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
(6) Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
(7) Legal basis: Our legitimate interests according to Art. 6 (1) (f) GDPR
(8) Legal basis: Legal obligation according to Art. 6 (1) (c) GDPR
(9) Legal basis: Our legitimate Interests according to Art. 6 (1) (f) GDPR; Your Consent according to Art. 6 (1) (a) GDPR
(10) Legal basis: Your consent according to Art. 6 (1) (a) GDPR