Data Privacy Declaration

Data collection by this website

Whenever a user accesses the website, the user's internet browser automatically transfers the following data to our web server for technical reasons:

• IP address of the requesting computer
• date and time of access
• name and URL of the retrieved file
• transferred data volume
• access status (file transferred, file not found etc.)
• identification data of the browser and operating system used
• name of the provider of user's internet access
• website from which access is made

This data is collected, processed and used for enabling the use of the website (connection setup), system security and technical administration of the network infrastructure. A comparison with other databases or a transfer to third parties, also in excerpts, does only take place after an anonymization of the IP address of the accessing computer. The legal basis for processing is Art. 6 para. 1 b GDPR.

The data collected as part of the voluntary entries under "Contacts & Service" will be used and processed exclusively for processing the enquiry and to carry out the services you may have requested.

On our website we sometimes provide a chatbot. It is possible to use the chatbot without entering personal data. Please do not enter any personal data in the free text field. We use your data exclusively to answer your inquiry. If we process the request internally for improvement purposes, this is done anonymously.

The data is processed on the basis of statutory provisions which permit data processing because it is necessary to answer your enquiry (Art. 6 Para. 1 lit. b GDPR) or because we have a legitimate interest in preventing fraud and, where applicable, effective legal defence (Art. 6 Para. 1 f) GDPR).

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if you activate the IP anonymization on this website, your IP address will be shortened previously by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services related to website and internet use. The IP address transmitted by your browser within the scope of Google Analytics will not be aggregated with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie is set that prevents future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout/eula.html?hl=en

For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/privacy.html. Please note that on the website Google Analytics has been extended by the code "anonymizeIP" in order to guarantee an anonymous registration of IP addresses (so-called IP masking).

The legal basis for processing is Art. 6 para. 1 f GDPR, whereby our authorization arises from the fact that, on the one hand, Merck KGaA, Darmstadt, Germany, has an interest in evaluating the website data for purposes of website optimization and, on the other hand, a concerned person can reasonably foresee at the time when the personal data is collected and in view of the circumstances under which it is carried out (in particular the above-mentioned measures) that it will possibly be processed for this purpose.

We use social media plugins from various social networks (e. g. Facebook).  With the help of these plugins you can share content or recommend products. The plugins are deactivated by default and therefore do not send data to other websites. By clicking on the button “Share" and the confirmation by a second click on “OK” you can activate plugins (so-called 2-click solution).

If these plugins are activated, your browser establishes a direct connection with the servers of the respective social media network as soon as you access the operator's website. The content of the respective plugin is transmitted directly from the social media network to your browser and embedded into the website.

By embedding the plugins, the social media network receives the information that you have visited the respective page of the operator. If you are logged in to the social media network, it can allocate the visit to your account. When you interact with the plugins, the corresponding information is transferred directly from your browser to the social media network and stored there.

For the purpose and scope of data collection and the further processing and use of the data by social media networks, as well as your rights and options for the protection of your privacy, please refer to the data protection notices of the respective networks.

If you do not want social media networks to collect information about you through the operator's website, you must log out or disable the social media plugins before you visit our website.

Even if you are not logged in to social media networks, websites with active social media plugins can still send data to these networks. With an active plugin, a cookie with an identifier is placed each time the website is accessed. Since your browser sends this cookie every time you connect to a network server without being asked, the network could basically use it to create a profile of the websites visited by the user associated with the ID. And it would then also be possible to assign this identifier to a person again later - for example when logging on later to the social network.

Further information can be found in the data privacy statements of the social media platforms following these links: Facebook, Twitter, LinkedIn, Google+ and YouTube, Instagram and Xing. In case you disagree with the data collection by these platforms you can deactivate the plugins in your browser. To avoid the connection with your existing user profile on these platforms you have to logout from the following platforms prior to your visit of our websites:

The operator uses the following plugins:

• Facebook (provided by FacebookInc., 1601 S. California Ave, Palo Alto, CA 94304 USA): You can view Facebook’s privacy policy here: 
  https://www.facebook.com/about/privacy/your-info#public-info  
• Twitter (provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA): You can view Twitter’s privacy policy here:
  https://twitter.com/privacy
• LinkedIn (provided by LinkedIn Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA): You can view LinkdIn´s privacy policy
  https://www.linkedin.com/legal/privacy-policy
  
• Google+ and YouTube (provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA): You
  can view Google’s privacy policy here:
  https://www.google.de/intl/de/policies/privacy/
• Instagram (provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA): You can view Instagram’s privacy policy here:
  https://help.instagram.com/155833707900388
• Xing (provided by XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany): You can view Xing´s privacy policy here:
  https://privacy.xing.com/en/privacy-policy

We collect and process your personal data only if you request certain  services and we need your data for this purpose or if you have voluntarily given us your express consent. The legal basis for processing is Art. 6 Para. 1 b GDPR and Art. 6 Para. 1 a GDPR.

You can do this, for example, by completing a registration form or sending us an email, ordering products or services, submitting inquiries to us, requesting materials or registering. Unless otherwise required by law, we will only use your personal data for the purposes for which you have given your consent.

The data collected within the scope of our whistleblower system ("SpeakUp-Line") are processed exclusively for the processing and follow-up of the reports received. The legal basis for the processing is Art. 6 para. 1 f DSGVO.

For special services such as newsletters, sweepstakes, etc. the respective special data protection provisions apply.

At Merck KGaA, Darmstadt, Germany, those bodies within our company receive your data that are required to fulfill our contractual and legal obligations. Somedata must be disclosed under strict contractual and legal requirements:

• Due to legal obligation:
  In certain cases, we are required by law to transfer data to a requesting public authority.
  Upon submission of a court order, we are obliged pursuant to § 101 of the German Copyright Act to provide owners of copyright and ancillary copyrights with information about customers who are alleged to have offered copyright-protected works on internet file-sharing sites. In these cases, our information contains the user ID of an IP address allocated at the time requested and, if known, the name and address of the customer.
  In other respects, personal data will only be transferred to state institutions and public authorities within the framework of mandatory national legal provisions or if disclosure is necessary in the event of attacks on the network infrastructure for legal or criminal prosecution. The legal basis for processing is Art. 6 Para. 1 c GDPR or § 24 Para. 2 No. 1 German Federal Data Protection Act.
  
  
• To external service providers for data processing:
  When service providers get access to our customers' personal data, this usually takes place in the course of so-called order processing of personal data. This is expressly provided for by law. In this case, Merck KGaA, Darmstadt, Germany, remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which we ensure by means of strict contractual regulations, technical and organizational measures and supplementary controls.
  Merck KGaA, Darmstadt, Germany, works with service suppliers as processors. These are Group companies and service providers for IT services (e. g. for technical-administrative tasks and for usage analysis), telecommunications, consulting and advisory services as well as sales and marketing.
  The data protection regulations for instruction-bound order processing of personal data are complied with.
  
  
• To Group companies:
  Merck KGaA, Darmstadt, Germany, may transfer your personal data to Group companies to carry out a business relationship with you or for the purposes of legitimate interests.
  If data are transferred abroad, they are based within the EU or the EEA or in a country which, according to the decision of the EU Commission, has an appropriate level of data protection. In the case of data transfers to Group companies domiciled in other countries, Merck KGaA, Darmstadt, Germany,ensures by way of guarantees that the data-importing Group company has been obligated to an appropriate level of data protection.

Beyond this, we do not transfer data to third parties unless you have given your express consent, the transfer is obviously necessary for the provision of an offer or service requested by you or this is provided for by law. We also do not intend to transfer your data beyond this to a third country or international organization.

We store data as long as it is legally necessary or necessary for the provision of the service requested by you, or as long as it has been agreed upon in a declaration of consent.

What other rights do I have regarding my stored data?
You may at any time and free of charge request information about the scope, origin and recipients of the stored data as well as the purpose of the storage; in addition, you have the right to rectification, erasure or restriction of the processing of your data in accordance with data protection regulations, a right to object to the processing as well as a right to data portability. Please note that there is a right of appeal to a supervisory authority.

You have the right to withdraw your consent to the use of your data at any time. Just send an email  or send a letter to the following address:

Merck KGaA | Frankfurter Str. 250 | 64293 Darmstadt | Germany

The data processing performed based on your consent is legal until the time of withdrawal.

If you have any questions or comments, please feel free to contact the Group Data Protection Officer of Merck KGaA, Darmstadt, Germany, at any time:

Merck KGaA, Darmstadt, Germany
Group Data Protection Officer
Frankfurter Strasse 250
64293 Darmstadt
Email

This data privacy declaration is up-to-date and dates from May 25, 2018. We reserve the right to amend the data privacy declaration at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies.