Data Privacy Statement

1. The issue of data protection and confidentiality is a topic we take very seriously and we follow the applicable national and European data protection regulations.

2. Preamble

This Data Protection Information is addressed to all customers, vendors, suppliers, etc. (“Data Subjects”, “you”) of the Merck Group (“Merck”, “us”). It is meant to help you understand what personal data we collect, why we collect it, and how you are able to exercise your data protection rights. "Personal Data" in this document includes all information that relates to a natural person and with which this person can be directly or indirectly identified.

At Merck, we develop products and technologies in three different business sectors which are Healthcare, Life Science, and Electronics to enable brilliant people to solve global challenges. In these contexts, we process your personal data in various ways, depending on your specific role, the way we communicate and the products/services you use. Section 3 of these Data Protection Information therefore contain further links to guide you to the specific details for each individual situation.

Should you have questions or queries regarding the processing of your personal data by Merck, please feel free to contact our Group Data Protection Officer via privacy@merckgroup.com or the other contact details provided below.

General information

We take data protection and privacy issues very seriously and comply with the applicable national and European data protection regulations. Therefore, we would like to inform you with this declaration about data protection measures and which data we may store and how we use this data.

4. The Processing Activities in Detail

This section explains the different data processing activities in which we process your personal data.

4.1. Privacy Notice for the Merckgroup.com website

This section explains the different data processing activities in which Merck processes your personal data for the operation of the services provided on our website www.merckgroup.com (“services”).

We process your personal data for the purpose of the operation of our services. Whenever you access our services, you automatically transfer personal data to our servers for technical reasons.

This processing activity may include the following data categories:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the retrieved file;
- Transferred data volume;
- Access status (file transferred, file not found, etc.);
- Identification data of the browser and operating system used;
- Name of the provider of user's internet access; and
- Website from which access is made.
The data processing is based on our legitimate business interests. We process these data for the purpose of presenting our services and to ensure its technical stability and security (e.g., to prevent hacker attacks).
We also process the data collected within the scope of our whistleblower system ("SpeakUp Line") exclusively for the processing and follow-up of the reports received, where employees as well as external stakeholders can inform Merck confidentially about potential violations of rules and laws and non-compliant behavior so that Merck can investigate in such issues.

In such cases, we process the description of the issue (including time, place and persons involved) which we receive from the person who issued the notification. We may process further personal data, which are required to clarify and solve the individual issue which we investigate.

The data processing is usually based on our legitimate interest to avoid financial and reputation damages caused by compliance issues. The use of our whistleblower system is entirely voluntary and always possible in an anonymous way for the whistleblower. However, if the whistleblower decides to voluntarily provide personal data like his name or contact details, he provides his consent to our processing of such data for the purpose of the investigation and solution of the reported issue. In this context, he acknowledges that we may be obliged to reveal his identity to the accused person(s) due to applicable data protection laws.
We process your personal data to operate the contact form we provide in our service. This enables you to contact us, and e.g., ask for additional information or issue other service requests.

Your personal data will only be processed for the purpose of responding to your inquiry.

This processing activity may include the following data categories:
- The contact information you provided to us (such as your name and email address); and
- Other personal information that you include in your request.
The processing is based on our legitimate business interests. It serves our and your legitimate interest in answering your inquiry in a quick and competent manner.
We process your personal data if you subscribed to our email newsletter. If you would like to receive our newsletter regarding Financial Reports or Investor Comms, you may enter your email address in our registration form and click the "Send" button. You will then receive an email from us to your email address. You may complete the registration and thus verify your email address for sending newsletters by using the answer function in your email program.

This processing activity includes the following data categories: The information you provided to subscribe, such as your title, name, email address and personal/professional interests.

The processing is based on your explicit consent you provided to us in the course of the subscription process.

Your personal data will be deleted when you withdraw your consent, e.g., by filling the form on our website to unsubscribe.
We process your personal data to display maps, a service provided by Google LLC.

This processing activity may include the following data categories which will be transmitted to Google LLC in the United States of America:
- The technical data as described in Section 3.1;
- Your location;
- The content you access (e.g., places); and
- The frequency of these accesses.
The processing is based on our (and your) legitimate business interest to guide you to our premises and facilitate your route planning.

The use of the service is not possible without your data, and these are automatically provided when you open a sub-page on which Google Maps is integrated. We process no further personal data than those specified in Section 3.1. Information on data processing by Google can be found in Google's privacy policy under the following link: https://policies.google.com/privacy?hl=en.

We do not conduct automated decision-making or profiling in this context.
We use social media plugins from various social networks (e. g. Facebook). With the help of these plugins you can share content or recommend products. The plugins are deactivated by default and therefore do not send data to other websites. By clicking on the symbol of such social network on Merckgroup.com and the confirmation by a second click on “OK” on the site following, you can activate plugins and thus provide your express consent to the processing of your personal data in this context (so-called 2-click solution).

If these plugins are activated, your browser establishes a direct connection with the servers of the respective social media network as soon as you access the operator's website. The content of the respective plugin is transmitted directly from the social media network to your browser and embedded into the website.

By embedding the plugins, the social media network receives the information that you have visited the respective page of the operator. If you are logged in to the social media network, it can allocate the visit to your account. When you interact with the plugins, the corresponding information is transferred directly from your browser to the social media network and stored there.

Even if you are not logged in to social media networks, websites with active social media plugins can still send data to these networks. With an active plugin, a cookie with an identifier is placed each time the website is accessed. Since your browser sends this cookie every time you connect to a network server without being asked, the network could basically use it to create a profile of the websites visited by the user associated with the ID. And it would then also be possible to assign this identifier to a person again later - for example when logging on later to the social network.

For the purpose and scope of data collection and the further processing and use of the data by social media networks, as well as your rights and options for the protection of your privacy, and in particular your right to revoke your consent, please refer to the data protection notices of the respective networks.
- Facebook (provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304 USA): You can view Facebook’s privacy policy here:
  https://www.facebook.com/about/privacy/your-info#public-info
- Twitter (provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA): You can view Twitter’s privacy policy here:
  https://twitter.com/privacy
- LinkedIn (provided by LinkedIn Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA): You can view LinkedIn’s privacy policy here:
  https://www.linkedin.com/legal/privacy-policy
- YouTube (provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA): You can view Google’s privacy policy here:
  https://www.google.de/intl/de/policies/privacy/
- Instagram (provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA): You can view Instagram’s privacy policy here:
  https://help.instagram.com/155833707900388
Cookies improve the user experience on our services because they allow, e.g., the system to recognize returning visitors. The term "cookies" in this privacy notice refers to cookies and similar technologies. The term "computer" in this privacy notice refers to computers, smartphones and all other devices with internet access. Cookies are small, usually randomly coded text files that are sent to your computer and stored there. These cookies allow your browser to track certain information that may be retrieved and used by internet servers at a later stage. Merck uses cookies and similar technologies on its services for several reasons, for example:
- Websites load faster;
- Websites may be browsed faster;
- Your settings, such as language and time zone, may be saved;
- Security on websites is improved since your identity may be verified; and
- Your log-in to secured websites is facilitated.
We include the following three categories of cookies on our services:
These cookies are necessary to safeguard the functionalities of our services and for the website to operate. Cookies are set, in particular, in response to your actions and depend on your specific service requests (e.g., setting your privacy preferences, filling out forms, or logging in). More specifically, we set the following cookies:
- ___utmvc: This cookie is set by a third-party service to filter out malicious requests. The cookie is usually deleted within 29 seconds.
- ASP.NET_SessionId: This cookie is automatically generated by asp.net. It is created the first time the application is accessed over the browser. The cookie is usually deleted when you close your browser.
- AWSALBCORS: This cookie is managed by Amazon Web Services (AWS) and is used for load balancing. The cookie is usually deleted within seven days.
- AWSELBCORS: With CORS (cross-origin resource sharing) requests, some browsers require SameSite=None; Secure to enable stickiness. In this case, Elastic Load Balancing creates a second stickiness cookie, AWSELBCORS, which includes the same information as the original stickiness cookie (AWSELB) plus this SameSite attribute. The cookie is usually deleted when you close your browser.
- JSESSIONID: This cookie is used to maintain an anonymous user session by the server. The cookie is usually deleted when you close your browser.
- water-webgl-open-ids: This cookie is used for animated pages. The cookie is deleted when you close your browser.
The processing is based on our legitimate business interest to be able to provide our basic webservices in a secure and useful manner. Our website cannot function without these cookies and they can only be disabled by changing your browser preferences.
These cookies enable the provision of advanced functionalities and are used for personalization. The cookies are set in particular in response to your actions and depend on your specific service requests (e.g., setting the language). More specifically, we set the following cookies:
- countryCode: This cookie stores the ISO country code of your (detected) country in order to display information related to your location (e.g., automatic language selection). It expires after two years or upon the withdrawal of your consent.
- ADRUM_BTa: AppDynamics server-side agent cookie provides Okta with performance data for troubleshooting and SLA compliance. It expires after 32 seconds or upon the withdrawal of your consent.
- AKA_A2: This cookie provides an Advanced Acceleration feature, which enables DNS Prefetch and HTTP2 push. It expires after 1 hour or upon the withdrawal of your consent.
- AkamaiAnalytics_BrowserSessionId: This cookie assigns an anonymous identifier to each visitor who plays a video. Used to analyse the video media player. It expires when you close your browser or upon the withdrawal of your consent.
- Bcookie: This cookie is used for sharing the content of the website via social media. It expires after 2 years or upon the withdrawal of your consent.
- FORMASSEMBLY: This cookie is used to provide our users with online forms. User´s session will be stored within a cookie. It expires when you close your browser or upon the withdrawal of your consent.
- has_js: This cookie is used to indicate whether or not the visitor´s browser has JavaScript enabled. It expires when you close your browser or upon the withdrawal of your consent.
- HTML_BitRateBucketCsv: This cookie measures the playback time of videos in the video media player per visitor depending on the bit rate. Used to analyze the video media player. It expires when you close your browser or upon the withdrawal of your consent.
- HTML_isPlayingCount: This cookie counts the number of times a specific video was played in the video media player. Used to analyze the video media player. It expires when you close your browser or upon the withdrawal of your consent.
- HTML_VisitCountCookie: This cookie counts the number of views of a video in the video media player. Used to analyze the video media player. It expires when you close your browser or upon the withdrawal of your consent.
- HTML_VisitIntervalStartTime: This cookie measures the start time of an interval between visits to a website in the video media player. Used to analyze the video media player. It expires when you close your browser or upon the withdrawal of your consent.
- HTML_VisitValueCookie: This cookie calculates the value of the visit to the website from the playback time of a video in the video media player when it is accessed and the number of rebuffer processes during playback. Used to analyze the video media player. It expires when you close your browser or upon the withdrawal of your consent.
- incap_ses_...: This cookie is used for visitor recognition. It expires when you close your browser or upon the withdrawal of your consent.
- lang: This cookie stores the language preferences. It expires is deleted when you close your browser or upon the withdrawal of your consent.
- lidc: This cookie is used to optimize data center selection. It expires after one day or upon the withdrawal of your consent.
- merck_survey… This cookie is used to offer surveys to randomly selected users on the website. It expires after one year or upon the withdrawal of your consent.
- merck_survey_svsc: This cookie is used to offer surveys to randomly selected users on the website. It expires after one minute or upon the withdrawal of your consent.
- muser: This cookie is used to detect if the user is a Merck KGaA employee based on their IP address. It expires after 30 days or upon the withdrawal of your consent.
- personalization_id:
  Unique identifier for the browser used to access the website. Containing the following data:
  -timestamp when the data was received
  -user_id (a unique ID for identifying the user if logged-in)
  -pixel_id (a unique ID for the advertiser’s website tag)
  -personalization_id (a secondary unique ID assigned to all visitors/users)
  -IP address of the computer (or proxy server) that called Twitter
  -URL of the web page where the tag is integrated, which is sent by browsers to Twitter servers when the tag is fired
  This cookie allows users to share posts. It expires after two years or upon the withdrawal of your consent.
- RT: This cookie is used to interface with LinkedIn. It expires after seven days or upon the withdrawal of your consent.
- VISITOR_INFO1_LIVE: This cookie is used to estimate user bandwidth on pages with built-in YouTube videos. It expires after six months or upon the withdrawal of your consent.
The processing is based on your explicit consent you provided to us in the course of the subscription process. You either grant your consent by accepting all cookies in our cookie banner or by activating the cookie type(s) you have selected. Your consent is voluntary, and you may revoke it at any time with effect for the future. You can revoke your consent by reopening our Cookie Center and deactivating the cookie type. If you do not grant your consent or revoke it, this will not result in any disadvantages for you. However, without your consent, the functions explained above will not be available to you.
These cookies may be set to learn more about your interests and show you relevant ads on other websites. These cookies work by uniquely identifying your browser and device. By integrating these cookies, we aim to learn more about your interests and your surfing behavior and to be able to place our advertising in a targeted manner. More specifically, we set the following cookies:
- AnalyticsSyncHistory: This cookie is used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries. It expires after one month or upon the withdrawal of your consent.
- _fbp: This cookie is used by Facebook to deliver a series of advertisement products on Facebook. It expires after three months or upon the withdrawal of your consent.
- _ga: This cookie is associated with Google Universal Analytics (Google LLC) – an update to Google LLC's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a customer identifier. It is included in every page request on a website and is used to calculate visitor, session and campaign data for website analytics reports. By default, it is set to expire after 2 years or upon the withdrawal of your consent.
- _gat…: This cookie is linked to Google Universal Analytics (Google LLC). It is used to throttle the request rate and limit data collection on high-volume websites. This cookie expires after 10 minutes or upon the withdrawal of your consent.
- _gat_UA-43815746-1: This cookie is used by Google Analytics to limit the request rate. It expires after one minute or upon the withdrawal of your consent.
- _gat_gtag_UA_43815746_1: This cookie is used to deliver adverts more relevant to you and your interests. It is also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. It expires after one minute or upon the withdrawal of your consent.
- _gid: This cookie contains a randomly generated user ID. This ID allows Google Analytics (Google LLC) to recognize returning users to this website and merges data from previous visits. It expires after one day or upon the withdrawal of your consent.
- _guid: Used to identify a LinkedIn Member for advertising through Google Ads. It expires after 90 days or upon the withdrawal of your consent.
- BiographicsOptOut: Determine opt-out status for 3rd party tracking. It expires after 10 years or upon the withdrawal of your consent.
- bscookie: This cookie is used for tracking the use of embedded services. It expires after two years or upon the withdrawal of your consent.
- IDE: This cookie contains a randomly generated user ID. This ID allows Google LLC to recognize you on multiple websites and provide personalized ads. It expires after one year or upon the withdrawal of your consent.
- did: Remarketing of users of the Merck website for commercial purposes. It expires after one year or upon the withdrawal of your consent.
- igodigitalst: This cookie is used to capture customer behavior to improve the quality of the experience of our online customers, including enhanced browsing experiences. It expires after one hour or upon the withdrawal of your consent.
- igodigitalstdomain: This cookie is used to capture customer behavior to improve the quality of the experience of our online customers, including enhanced browsing experiences. It expires after one hour or upon the withdrawal of your consent.
- igodigitaltc2: This cookie is used to capture customer behavior to improve the quality of the experience of our online customers, including enhanced browsing experiences. It expires after 10 years or upon the withdrawal of your consent.
- li_fat_id: Member indirect identifier for Members for conversion tracking, retargeting, analytics. It expires after one month or upon the withdrawal of your consent.
- li_oatml: Used to identify LinkedIn Members off LinkedIn for advertising and analytics outside the Designated Countries and, for a limited time, advertising in the Designated Countries. It expires after one month or upon the withdrawal of your consent.
- li_sugr: Used to make a probalisitc match of a user's identity outside the Designated Countries. It expires after 90 days or upon the withdrawal of your consent.
- lms_ads: Used to identify LinkedIn Members in the Designated Countries for advertising. It expires after one month or upon the withdrawal of your consent.
- lms_analytics: Used to identify LinkedIn Members in the Designated Countries for analyticsv. It expires after one month or upon the withdrawal of your consent.
- U: Browser Identifier for users outside the Designated Countries. It expires after 3 months or upon the withdrawal of your consent.
- UserMatchHistory: This cookie processes tags for LinkedIn Insights and Advertisement. It expires after one month or upon the withdrawal of your consent.
- visid_incap_...: This cookie is used for visitor recognition for linking certain sessions to a specific visitor. It expires after one year or upon the withdrawal of your consent.
- YSC: This cookie is used to register a unique ID to keep statistics of YouTube videos that the user has seen. It expires when you close your browser or upon the withdrawal of your consent.
- zuid: Holds the anonymous user's ID. Used for tracking user actions, such as clicks on the recommendations. It expires after 90 days or upon the withdrawal of your consent.
- test_cookie: Is set as a test to check whether the browser allows cookies to be set. Does not contain any identification features. It expires after 15 minutes o upon the withdrawal of your consent.
The processing is based on your explicit consent by activating the cookie type(s) you have selected. Your consent is voluntary, and you may revoke it at any time with effect for the future. If you do not grant your consent or revoke it, this will not result in any disadvantages for you. However, without your consent, the functions explained above will not be available to you.

Please note that the use of Google Analytics has been extended by the plug-in "AnonymizeIP", to ensure an anonymized collection of your IP address, so that we cannot relate your data to your person. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Some computer browsers automatically accept all cookies. In this case, you may not see the Cookie Center which allows you to manage your cookies individually. However, you can change your browser settings to block all cookies. You may also be able to configure your browser settings so that only certain types of cookies are blocked or so that you are notified as soon as a new cookie is to be stored on your computer. In this case, you can accept or reject cookies individually. If this function is available to you, you will find more detailed explanations in the help function of your browser. There you will also find information on how to delete all or certain cookies for which you have given us your consent. For more information on managing and deleting cookies for popular browsers, please see the following links: Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Microsoft Edge, Apple Safari.

4.2. Processing of Your Personal Data in Other Contexts

We also process your personal data upon your interaction with us regarding the products and services we offer. This includes the processing of your personal data for marketing purposes, to communicate with you for commercial reasons, and in the course of our scientific researches. This usually involves the processing of data categories which we require to pursue these purposes, such as your contact data, preferences and payment details.

Such processing of your personal data is usually based on our legitimate business interest to develop and offer our products and services, learn more about your interests and continuously improve our offerings. Please refer to the below explanations and/or individual privacy notices which we provide in the context of our business communication with you to learn more about the corresponding processing of your personal data in this context.

Merck processes your personal data for the initiation and execution of contracts, including the administrative management of related order inquiries and assignments.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, place of work, etc.);
- Your payment details (e.g., bank account number, bank code, credit institute, tax identification number).
The processing of these personal data is necessary for the performance of a contract with you as an individual or is necessary to safeguard our legitimate interests of conducting business with your employer. Without your provision of your data, we cannot establish and maintain contact with you in the context of the specific contract.
If and to the extent that we provide services or goods to you, or receive them from you, we may process your personal data, e.g., to receive your services and/or provide our goods and prepare invoicing.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
- Accounting data (e.g., purchased goods and services, bank details, customer number, tax identification number, tax category);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department).
The processing of these personal data is based on the necessity for the performance of a contract with you as an individual or is necessary to safeguard our legitimate interests of conducting business with your employer. Without your provision of these personal data, we usually cannot establish and maintain contact with you, issue and receive invoices as well as receive or deliver services and/or goods in the context of the specific contract.
Merck may process your personal data for the purpose of an orderly and lawful accounting. This is for instance necessary to process and record invoices, issue monetary compensation or refunds and to verify claims. In addition, Merck is subject to legal documentation and retention obligations based on tax and accounting laws which also involve the processing of your personal data. The record keeping, documentation and archiving of such documents at Merck usually takes place in our IT systems, in some cases also in the form of paper files.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, etc.);
- Accounting data (e.g., purchased goods and services, bank details, customer number, tax identification number, tax category, etc.);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, etc.).
The data processing is necessary for Merck to manage, document, maintain and archive files and documents in order to fulfill legal obligations under tax, commercial and corporate laws. If and to the extent such laws do not apply for the processing of your personal data in this context, this processing activity relies on our legitimate business interest to establish and maintain an adequate accounting process, in particular to issue or settle invoices.
We may process your personal data for the purpose of maintenance and improvement of health-related topics by developing and applying measures to prevent, diagnose, treat, recover, or cure diseases, illness, injuries, and other physical and mental impairments. We process personal data especially in the fields of general medicine, endocrinology, fertility, neurology, immunology, and oncology.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, date and place of birth, country of birth, nationality, etc.);
- Health information (e.g., diagnosis, existence of an illness or disability, details about accidents, treatment history, relevant health parameters, etc.).
In these cases, the legal basis of the data processing depends on the specific context. The processing can be necessary to safeguard our legitimate interests for the purposes of maintaining and improving health-related matters and there is no reason to assume that your legitimate interest as an individual in excluding the processing or use outweighs our interest in the data processing. We are also required to process your personal data if there is a respective legal obligation. Furthermore, we process your data if you have expressly consented to the processing in question, e.g., regarding the processing of your special categories of personal data (in particular your health data).
We may process your personal data within the framework of scientific research with a strong interdisciplinary orientation, which is mainly related to the application of scientific findings in modern biology, chemistry and medicine and related fields. This includes for example data processing in the fields of drug research, biopharmaceutical production, biotechnology, industrial microbiology, clinic and diagnostics, food analysis, quality control for pharmaceuticals, governmental and academic research, and environmental analyses.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, date and place of birth, country of birth, nationality, etc.);
- Health information (e.g., diagnosis, existence of an illness or disability, details about accidents, treatment history, relevant health parameters, etc.).
This processing can be necessary to safeguard our legitimate interests for the purposes of maintaining and improving health-related matters as well as scientific research and there is no reason to assume that your legitimate interest as an individual in excluding the processing or use outweighs our interest in the data processing. We are also required to process your personal data if there is a respective legal obligation. Furthermore, we process your data if you have consented to the processing in question, e.g., regarding the processing of your special categories of personal data (in particular your health data).
We process your personal data in the context of developing products related to architecture, such as energy-efficient windows, smart glass and façades, innovations in mobility, display applications, plastics and specialty coatings, innovative semiconductor materials, cosmetics and high-tech chemicals for advanced industries such as photonics, solar, and lighting.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, education).
The data processing is based on the necessity for the performance of a contract with you as an individual. Without the data provided by you, we cannot conclude the development process for Electronics. This processing may also be necessary on the basis of a legitimate interest. We have a legitimate economic interest to process personal data for the purpose of developing innovative and appealing products to increase sales, monitor technological developments and develop commercial business models.
We process your personal data within the scope of our public relations and marketing processes. This includes in particular the issuance of newsletters, press kits, and registrations for press distribution lists, press contacts and press representatives.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department).
This data processing is based for our legitimate business interests. We have a legitimate economic interest in informing our clients of news, events, etc. to gain new leads and establish and maintain a long-term business relationship. Furthermore, we process your data if you have consented to such processing.
If Merck has received your contact details from business events, for example as part of a business appointment (e.g., by exchanging business cards) or as part of an assignment, we use your contact and business details to maintain our business contacts. For this purpose, we usually transfer your contact details to our CRM (Customer Relationship Management).

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, qualifications).
This data processing is based for our legitimate business interests. Merck has a legitimate economic interest in maintaining contacts beyond the initial contact and in using them to establish and develop a business relationship and to remain in contact with the parties concerned.
We process your personal data, if you enter and submit your data via one of our contact forms or contact us otherwise, e.g., in the context of a service request. Your data will also be processed to handle your specific request, e.g., by answering or forwarding your request to a competent department.

This processing activity may include the following data categories:
- Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, qualifications);
- Any further information you provide to us, e.g., in the process of your request or which is otherwise required to answer your request.
The processing and use of your data are based on our legitimate interest to communicate with our contacts and customers and in particular provide customer service. The processing of your personal data is necessary to process your inquiry and establish or maintain contact.

5. Data Deletion, Data Transfers, etc.

Unless otherwise stated in this Data Protection Information, your personal data are regularly deleted as soon as we do not need them any more to meet our business interests, no statutory data retention obligations apply, or you withdrew your consent. If we make use of automated decision-making or profiling, you will be informed through a separate privacy notice.

In general, you are neither contractually nor statutorily obliged to provide your personal data for the above purposes, however your decision to not provide your data may lead to negative consequences, such as reduced features and functionalities, the impossibility to use our information and services offered in this context, the denial of access to our services and/or exclusion from our business activities to the extent the processing of your personal data is key in these contexts.

We might share your personal data with third parties, such as financial institutions to process payments, lawyers and auditors, other Merck-entities, etc. to the extent required to meet our business goals. Please note that we in ensure to enter into adequate data protection agreements with these parties to the extent legally required and in this context safeguard that these recipients agree on technical and organizational measures to protect your data adequately.

Should such data transfer involve the transmission of your personal data to countries outside the EU/EEA, and this country does not have an adequate level of data protection compared to the EU, we usually safeguard such level of data protection by entering into standard contractual clauses with any such recipients. This ensures that your data protection rights are protected. You may download a copy of these standard contractual clauses under the following URL: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

6. Your Data Protection Rights

Regarding the data processing in the European Union, you have the following data protection rights:

Right of access: You have the right to obtain information on the processing of your personal data and to receive a copy these data.
Right to rectification: You have the right to ask us to correct or complete your personal data to the extent they prove to be wrong and/or incomplete.
Right to erasure: Under certain circumstances, you have the right to ask us to delete your personal data.
Right to restriction of processing: You may also have the right to ask us to limit the processing of your personal data.
Right to data portability: You have the right to receive your personal data in a structured, common and machine-readable format and request that these data are transferred to another data controller.
Right to object: You have the right to object to the processing of your personal data by us, in particular if the processing of your personal data is based on (i) the necessity of the performance of a task in the public interest, or (ii) legitimate interests. We will then stop the processing of your personal data unless we remain legally authorized to do so.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.

In case you granted us your consent to process your personal data, you may withdraw this consent with effect for the future. We will then stop the processing of your personal data, unless we have a legal permission to do so. Please note that your withdrawal has effect for future processing operations only and does not make data processing operations, which we executed before such withdrawal, unlawful.

To withdraw your consent, you may e.g., send an email to privacy@merckgroup.com. If you withdraw your consent, you may no longer be able to use the services affected by the withdrawal. Apart from that, you will not suffer any further disadvantages.

If you do not specify your withdrawal to a specific processing operation, we will assume that you withdraw your consent regarding all processing of your personal data that is based on your consent.

This data privacy declaration is up-to-date and dates from May 2021. We reserve the right to amend the data privacy declaration at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies.

Group Data Protection Officer

at Merck KGaA, Darmstadt, Germany

+49 6151 72-0