Merck Serono Limited (“Merck”, “we”, “us” or “our”) and it’s affiliates respect the privacy of visitors to our websites and are committed to the protection of their personal information.
Merck operates this website and is responsible for your personal data. Our full details can be found on the footer of each page of our website.
1. Which data do we process and for which purpose?
a) When do we collect which categories of personal data?
aa) Requesting a Representative Visit / Subscribing to Email Newsletter Updates:
Our website is intended for healthcare professionals residing in the United Kingdom and the Republic of Ireland. To make a request for a representative to visit you or to subscribe to our email newsletters, we will ask for your title, name, email address, workplace, address, phone number, professional registration number and your medical speciality. We will use this information to verify your identity and confirm that you are a healthcare professional.
bb) Data we collect when interacting with you (offline and online)
We collect data you communicate to us such as when you have a query, talk to our sales or medical representatives or register for one of our events and our experience from previous meetings and collaborations.
cc) Public sources and third parties
We also collect data from publicly available sources and third parties such as websites to collect data about publications, expertise and your track record.
dd) Browsing data (not connected to users)
We also collect browsing data which we do not connect to users. The data we collect include the name of the internet service provider, the web browser from which you access our website, the Merck websites which you looked at, temporarily your full IP address (which is then automatically “obfuscated” by the website systems to prevent direct tracking of your unique IP Address) and the date and duration of your visit.
b) Purposes of data use
aa) Providing you with services you requested
We use your data to provide you access to our website and to services that you requested (i.e. to contact you to arrange a representative visit), answering questions about our products or sending you email newsletters (if you subscribed). We can also individualise the content based on the information we collected about you.
bb) Providing you information that may interest you
We aim to present you only information that could be of interest to you and to communicate seamlessly over various channels without sending redundant information. Our communication with you is based on the information we collected about you and are permitted to use.
For example, if you published articles about a certain therapeutic area, we may invite you to attend to a related congress as a speaker or participate in a clinical trial. Based on the information we collected, we may internally indicate that you are interested in certain categories of information.
When doing this, we will always respect your wishes like your choice to receive our newsletter emails and if you objected or did not consent to the use of your data for such marketing-related purposes.
We only wish to provide you with information about our product and service offerings, such as products, news and services which we believe are beneficial to you. For this reason, we collect and analyse your personal data in order to learn more about you and your professional activities and interests. We do this only unless you objected or, where required, if you gave your consent. That includes data from:
- Interactions with you, e.g. via a call centre, a representative or a third party or feedback you gave us, e. g. through a survey.
- Events you attended, such as medical congresses, training events or peer-to-peer meetings.
- Online behaviour, i.e. data about your activities when you visit our website, such as pages visited, clicks, downloaded materials, open emails (if you consented).
- Possible requests from you, e.g. for advertising material, or a sales representative visit.
How to select when and how to contact you?
We provide you information via various channels such as e‑mails, letters, calls, our website or otherwise. It is our aim not to provide you with redundant information. Therefore, we combine available communication channels (according to your communicated preferences) and provide information based on your personal information.
When selecting the information we communicate to you, we use software tools to analyse the available data to create different groups of recipients who receive different types of information.
cc) Legal obligations and legal enforcement
In some cases, we are under a legal obligation to process personal data. A typical example is the processing within the scope of pharmacovigilance, i.e. the obligation to investigate and share data when potential side effects of drugs become known.
Where required, we can also use your data to enforce our third-party rights (such as copyright infringements).
dd) General statistics, website security
We use browsing data of our users for creating aggregated statistics (so that statistics do not show data about a single user but only about the collected data of a number of users), to learn what is of interest to users in order to improve our websites and offering. We also use the browsing data for maintaining or restoring the security of our offer or to detect and correct technical defects and errors.
We also collect data about the location of the devices accessing our website for statistical purposes (statistics from where visitors access our website, etc.); you can control the authorization for this using the browser settings.
2. Cookies and Analytics
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website. You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|_ga||Used by Google Analytics to identify a unique visitor. See more about Google Analytics below||Click here for an overview of privacy at Google https://policies.google.com/privacy?hl=en&gl=uk|
|hcp_UID||Unique ID number of visitor|
|hcp_profession||Stores the profession of the user based on the HCP confirmation popup|
|hcp_on_load_counter||Counts number of page visits by the user. Used for dynamic content|
|hcp_UserEmail||Stores the email of the visitor when they are directed from an eNewsletter|
|hcp_OneKeyID||Stores the ID number of the user when they are directed from an eNewsletter|
|hcp_FromEDM||Stores a confirmation of whether the user clicked through from an eNewsletter|
|hcp_knownUser||Stores a value to denote if the user is known when visiting from an eNewsletter|
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. To find out more about cookies, including to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
b) Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”) to store “analytical cookies” on your device. This means that information about users and the use of our website is transmitted to Google and processed on our behalf for the purpose of compiling reports on website activity, measuring website visits and visitors and providing similar services for us. This includes the transmission of your IP address, but it will not be merged with other Google data. In addition, your IP address is shortened (usually within the European Union) and saved by Google only in an abridged form. For data storage in the United States, Google’s self-certification according to the Privacy Shield provides an appropriate level of data protection.
You can object to the processing of your data for these purposes by installing a browser plugin (https://tools.google.com/dlpage/gaoptout?hl=en-GB).
3. Recipients of personal data; data transfer to third countries
a) Adverse events or enforcement of rights
If we become aware of potential cases of adverse reactions to one of our products, we are required by law to document and share the relevant information, including personal information with authorities worldwide and, where necessary for further assessment, to contact the reporting parties.
In order to enforce our rights or to protect our rights or the rights of third parties with the holders of such rights, consultants and authorities.
b) External service providers for data processing
Merck will take all steps reasonably necessary to ensure that the data you provide is adequately protected at all times (including in the event data is transferred outside the EU/EEA) according to the requirements of the data protection laws of the UK, Ireland and the European Union.
c) Data transfer to the Merck group companies
As part of a global group of companies, we involve other Merck companies that support us in hosting and administering our email newsletters. If you explicitly consented to our email newsletters, these group companies process the data solely for the purposes set out in this Privacy Notice.
4. Data Retention
We store data for as long as necessary for the provision of the service requested by you. For example, when you subscribe to a newsletter we will store the associated data at least until you unsubscribe. Based on the information we collected, we may internally indicate that you are interested in certain categories of information. This information will be kept and updated as long as we consider engaging with you.
Data which is collected while browsing our website and which can legally be considered personal data (such as the obfuscated IP address) is stored for a period of time of no longer than 25 months, unless a reasonably justified incident indicates a longer storage period (e.g. due to a hacking attack).
Data without any personal identifiable information may be stored permanently.
5. Data protection rights and contact
a) General rights
You have the right to request a copy of the data that we hold about you. You also have the right to ask us (i) to correct the data we hold about you if you believe it incomplete or inaccurate; or (ii) to delete or remove personal data we hold about you; or (iii) to limit our processing where you believe there is no good reason for us continuing processing it.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
b) Right to object
You can also object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. This applies in particular to the collection of your data for statistical measurement of the web audience by Google Analytics.
c) Revocation of your consent
You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
In the UK contact:
Merck Serono Limited
5 New Square
Bedfont Lakes Business Park
Feltham TW14 8HA
Tel: 020 8818 7373
In Ireland contact:
Merck Serono (Ireland) Limited
4050 Kingswood Road,
Citywest Business Campus
Dublin 24, Ireland
Tel: 1800 719881
In addition you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) or to the Office of the Data Protection Commissioner, the Irish supervisory authority for data protection issues (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the relevant competent authority, so please contact us in the first instance.
Data protection declaration as of: August 2019