Data Privacy Declaration

The issue of data protection and confidentiality is a topic we take very seriously and we follow the applicable national and European data protection regulations.

General information

We take data protection and privacy issues very seriously and comply with the applicable national and European data protection regulations. Therefore, we would like to inform you with this declaration about data protection measures and which data we may store and how we use this data.

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if you activate the IP anonymization on this website, your IP address will be shortened previously by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services related to website and internet use. The IP address transmitted by your browser within the scope of Google Analytics will not be aggregated with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie is set that prevents future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout/eula.html?hl=en

For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/privacy.html. Please note that on the website Google Analytics has been extended by the code "anonymizeIP" in order to guarantee an anonymous registration of IP addresses (so-called IP masking).

The legal basis for processing is Art. 6 para. 1 f GDPR, whereby our authorization arises from the fact that, on the one hand, Merck KGaA, Darmstadt, Germany, has an interest in evaluating the website data for purposes of website optimization and, on the other hand, a concerned person can reasonably foresee at the time when the personal data is collected and in view of the circumstances under which it is carried out (in particular the above-mentioned measures) that it will possibly be processed for this purpose.

We use social media plugins from various social networks (e. g. Facebook). With the help of these plugins you can share content or recommend products. The plugins are deactivated by default and therefore do not send data to other websites. By clicking on the button “Share" and the confirmation by a second click on “OK” you can activate plugins (so-called 2-click solution).

If these plugins are activated, your browser establishes a direct connection with the servers of the respective social media network as soon as you access the operator's website. The content of the respective plugin is transmitted directly from the social media network to your browser and embedded into the website.

By embedding the plugins, the social media network receives the information that you have visited the respective page of the operator. If you are logged in to the social media network, it can allocate the visit to your account. When you interact with the plugins, the corresponding information is transferred directly from your browser to the social media network and stored there.

For the purpose and scope of data collection and the further processing and use of the data by social media networks, as well as your rights and options for the protection of your privacy, please refer to the data protection notices of the respective networks.

If you do not want social media networks to collect information about you through the operator's website, you must log out or disable the social media plugins before you visit our website.

Even if you are not logged in to social media networks, websites with active social media plugins can still send data to these networks. With an active plugin, a cookie with an identifier is placed each time the website is accessed. Since your browser sends this cookie every time you connect to a network server without being asked, the network could basically use it to create a profile of the websites visited by the user associated with the ID. And it would then also be possible to assign this identifier to a person again later - for example when logging on later to the social network.

Further information can be found in the data privacy statements of the social media platforms following these links: Facebook, Twitter, LinkedIn, Google+ and YouTube, Instagram and Xing. In case you disagree with the data collection by these platforms you can deactivate the plugins in your browser. To avoid the connection with your existing user profile on these platforms you have to logout from the following platforms prior to your visit of our websites:

The operator uses the following plugins:

Facebook (provided by FacebookInc., 1601 S. California Ave, Palo Alto, CA 94304 USA): You can view Facebook’s privacy policy here:
https://www.facebook.com/about/privacy/your-info#public-info
Twitter (provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA): You can view Twitter’s privacy policy here:
https://twitter.com/privacy
LinkedIn (provided by LinkedIn Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA): You can view LinkdIn´s privacy policy
https://www.linkedin.com/legal/privacy-policy
Google+ and YouTube (provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA): You
can view Google’s privacy policy here:
https://www.google.de/intl/de/policies/privacy/
Instagram (provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA): You can view Instagram’s privacy policy here:
https://help.instagram.com/155833707900388
Xing (provided by XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany): You can view Xing´s privacy policy here:
https://privacy.xing.com/en/privacy-policy

At Merck KGaA, Darmstadt, Germany, those bodies within our company receive your data that are required to fulfill our contractual and legal obligations. Somedata must be disclosed under strict contractual and legal requirements:

Due to legal obligation:
In certain cases, we are required by law to transfer data to a requesting public authority.
Upon submission of a court order, we are obliged pursuant to § 101 of the German Copyright Act to provide owners of copyright and ancillary copyrights with information about customers who are alleged to have offered copyright-protected works on internet file-sharing sites. In these cases, our information contains the user ID of an IP address allocated at the time requested and, if known, the name and address of the customer.
In other respects, personal data will only be transferred to state institutions and public authorities within the framework of mandatory national legal provisions or if disclosure is necessary in the event of attacks on the network infrastructure for legal or criminal prosecution. The legal basis for processing is Art. 6 Para. 1 c GDPR or § 24 Para. 2 No. 1 German Federal Data Protection Act.
To external service providers for data processing:
When service providers get access to our customers' personal data, this usually takes place in the course of so-called order processing of personal data. This is expressly provided for by law. In this case, Merck KGaA, Darmstadt, Germany, remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which we ensure by means of strict contractual regulations, technical and organizational measures and supplementary controls.
Merck KGaA, Darmstadt, Germany, works with service suppliers as processors. These are Group companies and service providers for IT services (e. g. for technical-administrative tasks and for usage analysis), telecommunications, consulting and advisory services as well as sales and marketing.
The data protection regulations for instruction-bound order processing of personal data are complied with.
To Group companies:
Merck KGaA, Darmstadt, Germany, may transfer your personal data to Group companies to carry out a business relationship with you or for the purposes of legitimate interests.
If data are transferred abroad, they are based within the EU or the EEA or in a country which, according to the decision of the EU Commission, has an appropriate level of data protection. In the case of data transfers to Group companies domiciled in other countries, Merck KGaA, Darmstadt, Germany,ensures by way of guarantees that the data-importing Group company has been obligated to an appropriate level of data protection.

Beyond this, we do not transfer data to third parties unless you have given your express consent, the transfer is obviously necessary for the provision of an offer or service requested by you or this is provided for by law. We also do not intend to transfer your data beyond this to a third country or international organization.

Privacy Policy

The following terms apply to the personal information of California residents as defined in the California Consumer Privacy Act and regulations (“CCPA”). These provisions supplement the other sections of our Privacy Policy. Any terms that are defined in the CCPA have the same meaning here.

Your Personal Information

The categories of personal information we may have collected from you, the sources of that personal information, and how and with whom we may have used or shared such personal information during the past year include the following:

Category of Personal Information Collected	Source of Information	Purpose for Collection	Categories of Recipients
Contact information: such as your name, address, email address, telephone numbers, or other contact information	From you, your authorized agent, or family member; from public data sources; from your health care provider or other caregiver; from other parties such as conference organizers or publishers which have received personal information from you.	To communicate with you; to enroll you in programs or services; to send you catalogs, information, newsletters, promotional materials and other offerings from us or on behalf of our partners and affiliates; to offer you the chance to participate in contests or other promotional activities; when you contact us; when you request customer service or support; to complete your registration on our websites (“Sites”); to administer your account with us.	Our service providers, and our co-marketing partners, including select partners and affiliates that we believe may have or facilitate offers that may be of interest to you.
Payment information: name, card issuer and card type, credit or debit card number, expiration date, CVV code and billing address.	From you and your payment card issuer.	To check that the right person is using the right card or account, meets the requirements of the card brands or account issuers, and to make sure we are paid for what you buy.	Our service providers who process payments for us and who are contractually required to comply with laws and requirements applicable to payment processing, which may include Payment Card Industry Data Security Standards.
Legal information: fraud checks or flags raised about your transactions, the payment card you want to use, payment card refusals, suspected crimes, complaints, claims and accidents.	From you, the police, crime and fraud prevention agencies, payment card providers, the public, regulators, your and our professional advisors and representatives.	To protect you, other customers and our business against criminal activities and risks, make sure we understand and can meet our legal obligations to you and others and can defend ourselves.	Our service providers who help us with fraud protection and credit risk reduction, and law enforcement and other governmental authorities in accordance with applicable law.
Preference information: your marketing preferences, your account settings (including any default preferences), any preferences you have indicated, the types of services/offers that interest you, the areas of our Sites or Apps that you have visited or ways that you interact with our Sites or Apps.	From you, from our website technology interaction with your browser/devices and cookies and other similar technologies tracking the pages you visit, the marketing messages you open and the links you follow.	To enhance your online shopping experience, including as a way to recognize you and welcome you to the Sites or applications (“Apps”), to provide you with customized Site or App content, targeted offers from us or others, promotions and advertising on our Sites or Apps, through other third party sites or apps, via email, text messages, or App push notifications that are offered by us or others that might be of interest to you.	Our third-party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your shopping experiences through our Sites, our Apps or elsewhere.
Communications: communications we have with you. Please note that we may record calls to our customer service team or other sites for quality assurance.	From you	To handle your requests, to contact you when necessary or requested, including responding to your questions and comments and providing customer support, and to obtain customer feedback and improve our customer service and customer shopping experience.	Our service providers who assist us with customer service.
Voluntary information: any voluntary information you provide us with, such as responses to surveys or competitions and social media account details.	From you and your social media account provider.	To know you better, make our communications with you more personal, learn and improve from your survey feedback, organize events and pick competition winners.	Our service providers who administer surveys and promotions, and our co-marketing partners.
Personalization: your journey online and how you use our Sites and Apps, whether and when you open our marketing emails and respond to our advertisements.	From you, from our Sites or Apps technology interaction with your browser or devices and cookies tracking the pages you visit.	To improve our Sites, Apps, products and services, customer service, and customer shopping experience.	Our third-party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your shopping or website experience for our Sites, our Apps or elsewhere.
Device information: IP address, internet provider, operating system and browser used, type of device (such as laptop or smart phone), device cookie settings and other device details (such as MAC address and geolocation), if you use our Sites or Apps and permit them to obtain your precise geolocation.	From you and from our website or app technology’s interaction with your browser or devices.	To make sure our website and app technology works properly with your device and make sure you can see and use our intended website and apps on the device you are using, for analytical and demographic purposes, and to provide offers that may be of interest to you. We also will use this information to protect the security and integrity of the Site and our business, such as by protecting against and preventing fraud, unauthorized transactions, and managing risk exposure, including by identifying potential hackers and other unauthorized users.	Our service providers who help us with fraud protection, and third-party vendors and service providers that perform website analytic services for us or enable more relevant offers to you on our Sites, our Apps or elsewhere.
Information automatically collected from your browser: when you use our Sites or Apps, some data is automatically transferred from your browser to our server, including your browser type, operating system type or mobile device model, viewed webpages, links that are clicked, IP address, mobile device identifier or other unique identifier, sites or apps visited before coming to our Sites or Apps, the amount of time you spend viewing or using the Sites or Apps, the number of times you return, or other click-stream or site usage data, emails we send that you open, forward, or click through to our Sites or Apps.	From you and from our website or app technology’s interaction with your browser or devices.	We will use this information in an aggregated non-specific format for analytical and demographic purposes. We also will use this information to protect the security or integrity of our websites and our business, such as by protecting against and preventing fraud, unauthorized transactions, and managing risk exposure, including by identifying potential hackers and other unauthorized users.	Our third-party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your shopping or website experience and the relevance of offers to you on our Sites, our Apps or elsewhere.

Your California Privacy Rights

If you are a California resident, California law provides you with the following rights with respect to your personal information:

The right to know what personal information we have collected, used or disclosed about you.
The right to request that we delete any personal information we have collected about you.

No Sale of Personal Information

We do not sell your personal information, as defined in the CCPA.

Submitting Requests

You may submit requests to delete and/or to know personal information we have collected about you by accessing our California Consumer Rights request portal at:

https://privacyportal.onetrust.com/webform/e0f8496a-cdec-4d5c-8c10-313a8c4189a9/d2476ac7-0cf2-420c-8026-a452fe8d31d3

or by contacting our Toll-Free Telephone Number at:

+1 (888) 914-9661 (PIN 659429)

We will respond to your request in compliance with the requirements of CCPA or other applicable law.

Verification of Your Identity

When you exercise these rights and submit a request to us, we or our partners will verify your identity by asking you to authenticate your identity via standard authentication procedures. For example, we may ask for your email address, order numbers of previous orders of our products and services, the last four digits of a credit or debit card or bank account number used to make a purchase, or the date of your last purchase from us. We also may use a third-party verification provider to verify your identity.

Non-Discrimination

If you make a request under the CCPA, we will not discriminate against you in any way. For example, we will not deny you goods or services, charge you different prices or rates for goods or services, deny you discounts or other benefits or impose penalties on you, or provide you with or suggest that you will receive a different level or quality of goods or services.

Authorized Agents

You may permit an authorized agent to submit a request to know or to delete your personal information. If we receive a request on your behalf, we will ask that person to give us proof that you gave that person written permission to make a request for you. If that person does not provide us with written proof, we will deny their request so that we can protect your personal information.

Which cookies are used?

We use cookies on our website. If you do not want to take advantage of our cookies, you can find out in the help function of your browser how to set your browser to prevent it from accepting new cookies or deleting existing cookies. There you will also learn how to block your browser for all new cookies or which settings you should make to receive a notification of new cookies.

Please see the following table for cookies that we currently use on our website:

Cookie List (03/2019)

Name of Cookie	1st or 3rd party Cookie? If 3rd party: Who is setting it?	Purpose of the Cookie?	What data holds the Cookie?	Is it a session or persistent Cookie?	If persistent, how long is its lifespan?
___utmvc	3rd party - mwfs.merckgroup.com			persistent	23 seconds
__sharethis_cookie_test__	1st party			session
__stid	3rd party - .sharethis.com	Used to monitor “click-stream” activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc.		persistent	1 year
__unam	1st party	Used to monitor “click-stream” activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc.		persistent	9 months
_fbp	3rd party - .facebook.com	Used by Facebook to deliver a series of advertisement products on Facebook.		persistent	3 months
_ga	3rd party - google-analytics.com	Used to distinguish users.	different values	persistent	2 years
_gat	3rd party - google-analytics.com	Used to throttle request rate.	different values	persistent	10 minutes
_gid	3rd party - google-analytics.com	Used to throttle request rate against Google Analytics.	Stores the number of requests against Google Analytics.	persistent	1 minute
_pk_id...	1st party			persistent	1 year
_pk_ses...	1st party			persistent	30 minutes
_utma	3rd party - google-analytics.com	Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.	different values	persistent	2 years from set/update
_utmb	3rd party - google-analytics.com	Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.	different values	persistent	30 mins from set/update
_utmt	3rd party - google-analytics.com	Used to throttle request rate.	different values	persistent	10 minutes
_utmv	3rd party - google-analytics.com	Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVarmethod. The cookie is updated every time data is sent to Google Analytics.	different values	persistent	2 years from set/update
_utmz	3rd party - google-analytics.com	Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.	different values	persistent	6 months from set/update
ACOOKIE	3rd party - sdc01.merck.de			persistent	10 years
ADRUM_BT	3rd party - pub.s7.exacttarget.com	Used to give real-time insight into application performance.		persistent	32 seconds
AKA_A2	1st party			persistent	1 hour
AMCV S_...	1st party			session
AMCV_...	1st party	Used to identify a unique visitor.		persistent	2 years
AMP_TOKEN	3rd party - google-analytics.com	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	different values	persistent	30 seconds to 1 year
ASP.NET_SessionId	3rd party - sitetours.merckgroup.com	Used to keep the user's status for all page requests.		session
AWSALB	3rd party - qfx.tools.investis.com	Used to deliver the provider´s service seamlessly from multiple services using a load balancer, so the cookie simply records which server cluster is serving you.		persistent	7 days
AWSELB	3rd party - irs.tools.investis.com	Used to map the session to the instance.		session
demdex	3rd party - .demdex.net	Used to assign a unique ID to a site visitor.		persistent	6 months
dpm	3rd party - .dpm.demdex.net			persistent	6 months
dtCookie	1^st party	Tracks a visit across multiple requests.		session
dtLatC	1^st party	Measures server latency for performance monitoring.		session
dtPC	1^st party	Required to identify proper endpoints for beacon transmission; includes session ID for correlation.		session
dtSa	1^st party	Intermediate store for page-spanning actions.		session
ev_sync_dd	3^rd party - .everesttech.net	Used to record the date when synchronization will be performed.		persistent	1 month
everest_g_v2	3rd party - .everesttech.net	Used to map clicks to other events on the client's website.		persistent	2 years
everest_session_v2	3rd party - .everesttech.net			session
FORMASSEMBLY	3rd party - advenio.tfaforms.net	Used to provide our users with online forms. User´s session will be stored within a cookie.		persistent	25 years
fr	3rd party - .facebook.com	Used to display a range of advertising products, such as real-time bids from third party advertisers.		persistent	3 months
gac_<property-id>	3rd party - google-analytics.com	Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.	different values	persistent	90 days
GPS	3rd party - .youtube.com	Used to enable tracking based on geographical GPS location (mobile devices).		persistent	30 minutes
has_js	1st party	Used to indicate whether or not the visitor´s browser has JavaScript enabled.		session
IDE	3rd party - .doubleclick.net	Used to register and report the user's actions on the website after viewing or clicking on one of the provider's ads.		persistent	1 year
igodigitalst	3rd party - .igodigital.com	Used to capture customer behavior to improve the quality of the experience of our online customers, including enhanced browsing experiences.		session
igodigitaltc2	3rd party - .igodigital.com	Used to capture customer behavior to improve the quality of the experience of our online customers, including enhanced browsing experiences.		persistent	10 years
incap_ses_...	3rd party - .tools.investis.com	Used for visitor recognition.		session
JSESSIONID	1st party	Session ID needed for e.g. Registration	SESSION ID	session
loglevel	1st party			session
m_survey…	3rd party - .myaudience.de			persistent	1 year
mbox	1^st party	Used to collect user identification information and individual browser settings.		persistent	2 years
merck_survey...	3rd party - mafo1.myaudience.de		different values	persistent	1 year
muser	1st party	Used to detect if the user is a Merck KGaA, Darmstadt, Germany, employee based on their IP address	different values	persistent	30 days
nlbi_...	3rd party - .tools.investis.com	Used for visitor recognition.		session
OldSearchTerm	1st party			session
personalization_id	3^rd party - .twitter.com	Allows users to share posts.		persistent	2 years
PHPSESSID	1st party	Identify the current browser session	SESSION ID	session	The cookie is deleted when the browser is closed
PREF	3rd party - .youtube.com	Used to keep statistics on how visitors use YouTube videos on various websites.		persistent	8 months
RT	1^st party	Used to interface with LinkedIn.		persistent	7 days
rxVisitor	1^st party	Used to monitor site performance, analyze website usage and to track user behavior.	Visitor ID	session
s_cc	1st party	Set and read by the JavaScript code to determine if cookies are enabled.		session
s_getNewRepeat	1st party			persistent	1 year
search	1st party			session
st_shares_...	1st party			session
TAFSessionId	1st party		SESSION ID	session
TAFTrackingId	1st party			persistent	90 years
UID	3rd party - .scorecardresearch.com	Used to monitor “click-stream” activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc.		persistent	2 years
visid_incap_...	3rd party - .tools.investis.com	Used for visitor recognition.		persistent	1 year
VISITOR_INFO1_LIVE	3rd party - .youtube.com	Used to estimate user bandwidth on pages with built-in YouTube videos.		persistent	6 months
water-webgl-open-ids	1^st party	Used for animated pages.		session
WT_FPC	3rd party - Webtrends	Used to distinguish users	different values	persistent	2 years
YSC	3rd party - .youtube.com	Used to register a unique ID to keep statistics of YouTube videos that the user has seen.		session

Group Data Protection Officer

at Merck KGaA, Darmstadt, Germany

+49 6151 72-0

Data Privacy Declaration

General information

Which cookies are used?

Cookie List (03/2019)

Group Data Protection Officer

Cookie Disclaimer

Redirect

Share Disclaimer