Data Privacy Statement
This Data Protection Information is addressed to all customers, vendors, suppliers, etc. (“Data Subjects”, “you”) of the Merck Group (“Merck”, “us”). It is meant to help you understand what personal data we collect, why we collect it, and how you are able to exercise your data protection rights. "Personal Data" in this document includes all information that relates to a natural person and with which this person can be directly or indirectly identified.
At Merck, we develop products and technologies in three different business sectors which are Healthcare, Life Science, and Electronics to enable brilliant people to solve global challenges. In these contexts, we process your personal data in various ways, depending on your specific role, the way we communicate and the products/services you use. Section 3 of these Data Protection Information therefore contain further links to guide you to the specific details for each individual situation.
Should you have questions or queries regarding the processing of your personal data by Merck, please feel free to contact our Group Data Protection Officer via email@example.com or the other contact details provided below.
We take data protection and privacy issues very seriously and comply with the applicable national and European data protection regulations. Therefore, we would like to inform you with this declaration about data protection measures and which data we may store and how we use this data.
4. The Processing Activities in Detail
This section explains the different data processing activities in which we process your personal data.
4.1. Privacy Notice for the Merckgroup.com website
This section explains the different data processing activities in which Merck processes your personal data for the operation of the services provided on our website www.merckgroup.com (“services”).
4.2. Processing of Your Personal Data in Other Contexts
We also process your personal data upon your interaction with us regarding the products and services we offer. This includes the processing of your personal data for marketing purposes, to communicate with you for commercial reasons, and in the course of our scientific researches. This usually involves the processing of data categories which we require to pursue these purposes, such as your contact data, preferences and payment details.
Such processing of your personal data is usually based on our legitimate business interest to develop and offer our products and services, learn more about your interests and continuously improve our offerings. Please refer to the below explanations and/or individual privacy notices which we provide in the context of our business communication with you to learn more about the corresponding processing of your personal data in this context.
5. Data Deletion, Data Transfers, etc.
Unless otherwise stated in this Data Protection Information, your personal data are regularly deleted as soon as we do not need them any more to meet our business interests, no statutory data retention obligations apply, or you withdrew your consent. If we make use of automated decision-making or profiling, you will be informed through a separate privacy notice.
In general, you are neither contractually nor statutorily obliged to provide your personal data for the above purposes, however your decision to not provide your data may lead to negative consequences, such as reduced features and functionalities, the impossibility to use our information and services offered in this context, the denial of access to our services and/or exclusion from our business activities to the extent the processing of your personal data is key in these contexts.
We might share your personal data with third parties, such as financial institutions to process payments, lawyers and auditors, other Merck-entities, etc. to the extent required to meet our business goals. Please note that we in ensure to enter into adequate data protection agreements with these parties to the extent legally required and in this context safeguard that these recipients agree on technical and organizational measures to protect your data adequately.
Should such data transfer involve the transmission of your personal data to countries outside the EU/EEA, and this country does not have an adequate level of data protection compared to the EU, we usually safeguard such level of data protection by entering into standard contractual clauses with any such recipients. This ensures that your data protection rights are protected. You may download a copy of these standard contractual clauses under the following URL: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
6. Your Data Protection Rights
Regarding the data processing in the European Union, you have the following data protection rights:
- Right of access: You have the right to obtain information on the processing of your personal data and to receive a copy these data.
- Right to rectification: You have the right to ask us to correct or complete your personal data to the extent they prove to be wrong and/or incomplete.
- Right to erasure: Under certain circumstances, you have the right to ask us to delete your personal data.
- Right to restriction of processing: You may also have the right to ask us to limit the processing of your personal data.
- Right to data portability: You have the right to receive your personal data in a structured, common and machine-readable format and request that these data are transferred to another data controller.
- Right to object: You have the right to object to the processing of your personal data by us, in particular if the processing of your personal data is based on (i) the necessity of the performance of a task in the public interest, or (ii) legitimate interests. We will then stop the processing of your personal data unless we remain legally authorized to do so.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.
In case you granted us your consent to process your personal data, you may withdraw this consent with effect for the future. We will then stop the processing of your personal data, unless we have a legal permission to do so. Please note that your withdrawal has effect for future processing operations only and does not make data processing operations, which we executed before such withdrawal, unlawful.
To withdraw your consent, you may e.g., send an email to firstname.lastname@example.org. If you withdraw your consent, you may no longer be able to use the services affected by the withdrawal. Apart from that, you will not suffer any further disadvantages.
If you do not specify your withdrawal to a specific processing operation, we will assume that you withdraw your consent regarding all processing of your personal data that is based on your consent.
This data privacy declaration is up-to-date and dates from May 2021. We reserve the right to amend the data privacy declaration at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies.