Privacy Policy
Table of Contents
3.1. How do we collect personal data about you?
3.2. Processing purposes and related data categories
3.3. General statistics, website security
- Data Retention.
- Recipients of Personal Data.
- Data Transfer to Third Countries
- Your Data Protection Rights
1. Preamble
This privacy policy pertains to the processing of personal information by Merck (Pty) Ltd and affiliated entities, (“Company”, “us” or “we”). The Responsible Parties of your personal information in the meaning of the Protection of Personal Information Act 05 of 2013 (“POPI”) is Merck (Pty) Ltd, and entities it is affiliated with which you have a business relationship or whose products/services you are using. The different entities and their contact details as well as the contact details of our group data protection officer are listed below.
With this data protection declaration, we explain to you which Personal Information is processed for which purposes. “Personal data” is any information relating to an identified or identifiable natural person and where it is applicable, an identifiable existing juristic person.
Should you have questions or queries regarding the processing of your personal data, please contact our Group Data Protection Officer via privacy@merckgroup.com or the other contact details provided below.
2. General Information
This section is about the controller of your personal data, how you may contact the controller and which rights you have as a data subject in this context.
2.1. Controller
The data controller means the person who determines the purposes and means of the processing of your personal data. For the processing activities described in this notice, Merck KGaA is data controller.
Merck KGaA
Frankfurter Strasse 250
64293 Darmstadt, Germany
Phone: +49 6151 72-0
Telefax: +49 6151 72-2000
2.2. Data Protection Officer
We have appointed a Group Data Privacy Officer, whom may be contacted at:
GROUP DATA PRIVACY OFFICER
Merck KGaA
Frankfurter Strasse 250
64293 Darmstadt, Germany
Phone: +49 6151 72-0
If you have any requests or questions, please feel free to contact our Deputy Information Officer:
Deputy Information Officer
1 Friesland Drive
Longmeadow Business Estate
Modderfontein
1645
South Africa
E-Mail: elsa.moroney@merckgroup.com or popiacompliancesa@merckgroup.com .
3. The Processing Activities in Detail
We process your personal data for different purposes which we will explain in detail in this section.
3.1. How do we collect personal data about you?
Generally, we do not identify users who only browse our website. The browsing data we collect includes the name of your internet service provider, the website from which you access our website, the Merck website which you looked at, temporarily your full IP address and the date and duration of your visit.
3.2. Legal Obligations and Legal Enforcement
In some cases, we are under a legal obligation to process personal data. A typical example is the processing within the scope of the so-called pharmacovigilance, i.e., the obligation to investigate and share data when potential side effects of drugs become known.
3.3. General statistics, website security
We use browsing data of our users for creating aggregated statistics (so that statistics do not show data about a single user but only about the collected data of a number of users), to learn what is of interest to users in order to improve our websites and offering. We also use the browsing data for maintaining or restoring the security of our offer or to detect and correct technical defects and errors.
We also collect data about the location of the devices accessing our website for statistical purposes (statistics from where visitors access our website, etc.); you can control the authorization for this using the browser settings.
3.4. Social plugins
Our website uses social plugins (“plugins”) from social networks (e.g., Facebook). Plugins are used to share content from our website with other users of social networks or to point out such content. When you visit our website, the plugins are not fully integrated into the site (so-called “shariff solution”). This ensures that, when you access a page on our website, a connection is only established to the social network provider once you click on the plugin button. Once the connection has been established, we have no influence on the type and scope of data that the provider collects and processes; for information on this, please see the provider’s data protection information.
3.5. Cookies and tracking
We use cookies in order to enable and facilitate the use of the website, for example to optimize the presentation or display of country-specific content (such as in your national language). You can disable or block cookies in your browser software; however, this may result in restrictions regarding the usability of this website. In addition to cookies, we also use other web technologies such as pixel tags, web beacons or clear GIFs (hereinafter also referred to as “cookies”) for these purposes.
This website uses Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited (“Adobe”) to store “analytical cookies” on your device. This means that information about users and the use of our website is transmitted to Google and processed on our behalf for the purpose of compiling reports on website activity, measuring website visits and visitors and providing similar services for us. This includes the transmission of your IP address, but it will not be merged with other Google data. In addition, it is shortened (usually within the European Union) and saved by Google only in an abridged form. For storage in the United States, Google’s self-certification according to the Privacy Shield provides an appropriate level of data protection.
You can object to the processing of your data for statistical purposes by using the following link (“Use of Adobe Marketing Cloud by our business customers” section): http://www.adobe.com/de/privacy/opt-out.html.
4. Data Retention
Unless otherwise stated in this Privacy Notice, your personal data are regularly deleted (depending on the data type and the applicable jurisdiction) as soon as they are no longer necessary to fulfill the purpose of the processing. This is usually the case if the data is no longer necessary to meet our business interests or for the provision of the services requested by you, no statutory data retention obligations apply, or you withdrew your consent. As a rule, you can assume that we keep your personal data as long as we actively stay in contact with you.
Under certain circumstances, your data must also be kept longer, e.g., if a so-called Legal Hold or Litigation Hold (i.e., a ban on deleting data for the duration of the procedure) is ordered in connection with official or legal proceedings. Data related to adverse events will be stored as long as we market the corresponding product plus ten years. Data without any personal identifiable information may be stored permanently.
Should you have questions or queries regarding the retention and deletion of your personal data, please contact our Group Data Protection Officer via privacy@merckgroup.com.
5. Recipients of Personal Data
We might transfer your personal data to third parties, such as our service providers, financial institutions to process payments, lawyers and auditors, etc. to the extent required to meet our business objectives and fulfill our Services. For this purpose, we enter into adequate data protection agreements with these parties to the extent legally required and in this context safeguard that these recipients agree on technical and organizational measures to protect your personal data adequately.
We might also transfer personal data to and receive data from our Merck Group companies for the purposes described in this data protection notice.
6. Data Transfer to Third Countries
We are transferring your Personal Information outside South Africa. We will take all steps reasonably necessary to ensure that appropriate safeguards are in place to guarantee that your Personal Information are adequately protected according to the requirements of the POPI by means of a law in the recipient country binding the recipient, binding corporate rules or binding agreement which provide an adequate level of protection that effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person; contained in POPI and includes provisions, that are substantially similar to this section 72 of POPI, relating to the further transfer of personal information from the recipient to third parties who are in a foreign country.
You have the right to contact privacy@merckgroup.com more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your Personal Information when it is transferred as mentioned above.
7. Your Data Protection Rights
As a data subject you have the following rights:
- Right of access: You can request access to your personal data, including the provision of a copy of the Personal Information undergoing processing, upon completion of the requisite form and following the legally prescribed process therefore as contained in our PAIA Manual.
- Right to rectification: You have the right that we correct or complete your inadequate, incomplete or inaccurate personal data.
- Right to erasure: Under certain circumstances, you have the right that we delete your personal data.
- Right to restriction of processing: Under certain requirements, we restrict the processing of your personal data upon your request.
- Right to data portability: You might have the right to receive your personal data in a structured, common and machine-readable format and request that these data are transferred to another data controller.
- Right to object: If we base processing on our legitimate interest, you may have the right to object on grounds relating to your particular situation at any time to the processing of personal data concerning you.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.
In case you granted us your consent to process your personal data, you may withdraw this consent with effect for the future. We will then stop the processing of your personal data, unless we have a legal permission to do so. Please note that your withdrawal has effect for future processing operations only and does not make data processing operations, which we executed before such withdrawal, unlawful.
To withdraw your consent, you may send an email to service@merckgroup.com. If you withdraw your consent, you may no longer be able to use the services affected by the withdrawal. Apart from that, you will not suffer any further disadvantages.
If you do not specify your withdrawal to a specific processing operation, we will assume that you withdraw your consent regarding all processing of your personal data that is based on your consent.
This Data Privacy Statement is up-to-date and dates from November 2022. We reserve the right to amend the data privacy declaration at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies.
ZA-NONF-00168 October 2022.