Privacy Policy


Last modified December 1, 2021


This privacy statement pertains to the collection of personal data by Merck KGaA, Darmstadt, Germany and its affiliates ("Company", "us" or "we") of all customers, vendors, suppliers, etc. (“Data Subjects”, “you”). We collect personal data through various means, digital or otherwise. Our collection via digital means includes our websites, mobile applications, digital products and services (“Online Services”).

The Controllers of your personal data in the meaning of the General Data Protection Regulation ("GDPR") are Merck KGaA, Darmstadt, Germany or its respective affiliates with which you have a business relationship or whose products/services you are using.

With this privacy statement we explain to you which personal data is processed for which purposes, and how you are able to exercise your data protection rights. "Personal data" is any information that relates to, or can be linked to, an identified or identifiable natural person.


1. WHICH DATA DO WE PROCESS AND FOR WHICH PURPOSE?
We process personal data that we receive from you as part of our business relationship, i.e., during the initiation, implementation and execution of the contract for the product or service you purchased or personal data that we collect about you in connection with the use of the product or service. We also process data that you voluntarily provide to us, including while attending tradeshows or through our web forms or surveys.

Additionally, we process personal data we received from third party websites in case you fill out a form from one of our advertisements for example to receive a download or sign up for a newsletter.

1.1 Browsing our websites
By browsing our websites, you provide us with automatic information. The term "Automatic Information" is information automatically collected by our web server that your web browser makes available whenever you visit one of our websites. The browsing data we collect includes the website you are accessing, the time and duration of your visit, the pages you have visited, your searches and temporarily, your IP address1 as well as the items you have added to your cart, if applicable2. Your IP address is used to identify the city of from which you are accessing the site as well as the company to which the IP address has been registered. We use browsing data of our users for creating aggregated statistics, to learn what is of interest to users in order to improve various aspects of our websites and to provide services like troubleshooting, and to recognize users who have already visited our websites in order to customize their website experiences for their future visits. We also use the browsing data to study traffic patterns and maintaining or restoring the security of our websites or to detect and correct technical defects and errors.

1.2 Providing you with services you requested
In order to provide you with access to certain services, we ask for information from you like your name or an email address, for example, when you register for an account on one of our websites. We use your data to provide you with information or services that you have requested such as providing information about relevant products, services and/or promotions, answering questions about our products or services or sending you newsletters or other marketing/promotional materials based on your selections or providing access to one of our Online Services.3 In order to provide you with the information that you have requested or that you may be interested in, we may individualize the content you requested based on the information we collect about you.4 We use your information like your name, address, email address, financial information, job profession, area of expertise and your purchasing history to complete the sales transaction if you purchased one of our products via a website or to offer you any of our services you requested.5

Please note that the provision of some information will be necessary in order for us to take action regarding an order for products or services that you have purchased. For example, we need your address to be able to send you the product you ordered. Our online forms clearly identify which fields are required in order for us to complete the transaction. If you don’t provide this information to us, we will not be able to complete the transaction.

1.3 Customer Management
We process your personal data like your contact information in order to provide you with a satisfactory customer management experience, e.g., sales transaction follow-up or process your inquiries.6 For this purpose we also process your personal data as part of our management and development of our client relationships in order to provide you with individualized content and to assess your needs as a customer.7 We process your personal data to analyze your preferences and habits to improve our services and to ensure that we can deliver the highest quality services and support to our customers.

1.4 Legal obligation and legal enforcement
In some cases, we are under a legal obligation to process personal data.8 A typical example is providing data to a government agency which has identified the potential misuse of a drug or the processing within the scope of the so-called pharmacovigilance, i.e., the obligation to investigate and share data when potential side effects of drugs become known.

Where required, we can also use your data to enforce our or third-party rights (such as copyright infringements).

1.5 Providing you with information that may interest you
We aim to present you information that could be of interest to you and to communicate seamlessly over various channels (phone, email, SMS, mail, social media messages) without sending redundant information.9 Our communication with you is based on the information we collect about you and are permitted to use. For example, we use the combination of your email address and your browsing data so we can provide you with information about a product you look up on one of our websites. Based on the information we collect, we may internally indicate that you are interested in certain categories of information.

Generally, we will use collected information to inform you about our new products, innovations, promotions, seminars, webinars and events like trade and vendor shows.

We only provide you with such information where we are permitted to, for example when you have chosen to receive our promotional emails and where you did not object to our use of your data for marketing-related purposes.

1.6 Profiling
“Profiling” means any automated processing of personal data consisting in the use of such personal data to analyze, evaluate or predict certain personal aspects relating to a natural person. We use profiling procedures to optimize and personalize our customer relationship management and our advertising measures.10 To optimize and personalize our advertising measures, we create customer profiles and assign customers to specific customer segments on the basis of these customer profiles. On the basis of this segmentation, we can manage the type, content and frequency of specific advertising measures for specific target groups. For profiling purposes, we use data that we receive from you as part of our business relationship. This includes personal data like your purchasing behavior and browsing behavior. Profiling may be based in particular on usage data that we create with the customer's consent by measuring and evaluating the customer's interaction with electronic advertising, in particular by measuring and evaluating the opening and click rate in email newsletters.


2. COOKIES, ANALYTICS TOOLS, SOCIAL PLUGINS AND ADVERTISING

2.1 Cookies:
We use cookies, web beacons, pixels, tags, scripts and other similar technologies in order to enable and facilitate the use of our Online Services (e.g., to optimize the presentation or display of country-specific content). "Cookies" are small text files that enable our Online Services to store information on your computer and retrieve it later (e.g., when you visit our website again later). The term "computer" in this privacy statement refers to computers, smartphones and all other devices with internet access.

We use cookies and similar technologies on our Online Services for several reasons, for example:

  • Online Services load faster;
  • Online Services may be browsed faster;
  • Your settings, such as language and time zone, may be saved;
  • Security on Online Services is improved since your identity may be verified; and
  • Your log-in to secured Online Services is facilitated.

We include the following three categories of cookies on our Online Services:

2.1.1 Necessary Cookies:
These cookies are necessary to safeguard the functionalities of our Online Services and for the Online Services to operate. Cookies are set, in particular, in response to your actions and depend on your specific service requests (e.g., setting your privacy preferences, filling out forms, or logging in).

The processing is based on our legitimate business interest to be able to provide our basic Online Services in a secure and useful manner. Our Online Services cannot function without these cookies and they can only be disabled by changing your browser preferences.

2.1.2 Functional Cookies:
These cookies enable the provision of advanced functionalities and are used for personalization. The cookies are set in particular in response to your actions and depend on your specific service requests (e.g., setting the language).

The processing is based on your consent you provided to us in the course of the registration/subscription process. You either grant your consent by accepting all cookies in our cookie banner or by activating the cookie type(s) you have selected. Your consent is voluntary, and you may revoke it at any time with effect for the future. You can revoke your consent by reopening our cookie banner and deactivating the cookie type. If you do not grant your consent or revoke it, this will not result in any disadvantages for you. However, without your consent, the functions explained above will not be available to you.

2.1.3 Targeting Cookies:
These cookies may be set to learn more about your interests and show you relevant ads on other websites. These cookies work by uniquely identifying your browser and device. By integrating these cookies, we aim to learn more about your interests and your surfing behavior and to be able to place our advertising in a targeted manner.

The processing is based on your consent you provided to us in the course of the registration/subscription process. You either grant your consent by accepting all cookies in our cookie banner or by activating the cookie type(s) you have selected. Your consent is voluntary, and you may revoke it at any time with effect for the future. You can revoke your consent by reopening our cookie banner and deactivating the cookie type. If you do not grant your consent or revoke it, this will not result in any disadvantages for you. However, without your consent, the functions explained above will not be available to you.

2.1.4 Management and Deletion of Cookies:
Some computer browsers automatically accept all cookies. In this case, you may not see the cookie banner which allows you to manage your cookies individually. However, you can change your browser settings to block all cookies. You may also be able to configure your browser settings so that only certain types of cookies are blocked or so that you are notified as soon as a new cookie is to be stored on your computer. In this case, you can accept or reject cookies individually. If this function is available to you, you will find more detailed explanations in the help function of your browser. There you will also find information on how to delete all or certain cookies for which you have given us your consent. For more information on managing and deleting cookies for popular browsers, please see the following links: Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Microsoft Edge, Apple Safari.

2.2 Advertising
We work with third party online marketing services (e.g., Google Adwords, ResearchGate, Sprinklr, Facebook custom audience, LinkedIn Contact Targeting and Doubleclick), which provide our advertising to internet users who have previously visited our websites on their network or websites. The purpose of these services is to create advertising based on the needs and interests of the relevant internet users.

2.6 Links to other websites
Our websites contain links to third party websites. If you follow a link to any of these websites, please note that they have their own privacy policies which should be reviewed. We have no liability or responsibility for the content or practices of these websites.


3. RECIPIENTS OF PERSONAL DATA

3.1 Data transfer to our affiliates
As part of a global group of companies, we involve our affiliates to support us in hosting and administration. These group companies process the data solely for the purposes set out in this privacy statement.

3.2 Data transfer to third parties
We pass on your personal data as set forth below:

  • Service Providers: We share your personal data with third party service providers who use this data to perform services for us, such as payment processors, hosting providers, marketing technology providers, auditors, advisors, consultants, customer service and support providers.
  • Legally required: We may disclose your personal data if we are required to do so by law or where it is necessary to respond to claims asserted against us or comply with legal processes.
  • Business transfers: We may disclose or transfer personal data as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event.

Please note that we in ensure to enter into adequate data protection agreements with these parties to the extent legally required and in this context safeguard that these recipients agree on technical and organizational measures to protect your data adequately.


4. DATA TRANSFER TO THIRD COUNTRIES
If you are a resident of EU/EEA/UK, please note that we may transfer your personal data outside the EU/EEA/UK. We will take all steps reasonably necessary to ensure that appropriate safeguards are in place to guarantee that your personal data are adequately protected according to the requirements of the applicable data protection laws. For example, with respect to transfer of EU personal data, we use Standard Contractual Clauses approved by the EU Commission.

You have the right to contact privacy@emdgroup.com for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when it is transferred as mentioned above.


5. DATA RETENTION
Unless otherwise stated, your personal data are regularly deleted as soon as we do not need them any more to meet our business interests, no statutory data retention obligations apply, or you withdrew your consent.

We store data for as long as necessary for the provision of the service requested by you. For example, when you subscribe to a newsletter, we will store the associated data at least until you unsubscribe. Based on the information we collected, we may internally indicate that you are interested in certain categories of information. This information will be kept and updated as long as we consider engaging with you.

Under certain circumstances, your data must also be kept longer, e.g., if a so-called Legal Hold or Litigation Hold (i.e., a ban on deleting data for the duration of the procedure) is ordered in connection with official or legal proceedings. Data without any personal identifiable information may be stored permanently.


6. CHILDREN'S PERSONAL DATA
We do not knowingly process personal data of children under the age of 16, unless where we process personal data of children intentionally for our campaigns or events. If this is the case, we will inform you separately. Parents and legal guardians shall ensure that their children do not transmit any personal data through our services or websites without permission. If personal data has been transmitted by children, please inform us so that we can delete the personal data and any associated account.


7. YOUR RIGHTS
As a data subject you have the following rights:

  • You can request access to your personal data, including the provision of a copy of the personal data undergoing processing
  • You can ask us to update or correct any inadequate, incomplete or inaccurate data
  • You can request the erasure of your personal data, if the legal requirements are satisfied. This is the case, in particular, if:
    • your personal data is no longer needed for the purposes of which it was collected;
    • the sole legal basis for processing such data was your consent, and you have withdrawn such consent;
    • you have objected to processing on the legal grounds relating to your particular situation, and we cannot prove that there are overriding legitimate grounds for processing;
    • your personal data were processed unlawfully; or
    • your personal data must be erased in order to comply with legal requirements
  • You can restrict the processing of personal data under certain conditions. The requirements are:
    • the accuracy of your personal data is contested by you and we must verify the accuracy of the personal data;
    • the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
    • We no longer need the personal data for the purposes of processing, but you require the data to establish, exercise or defend your legal claims;
    • you have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds.
  • You have the right to data portability, e.g., you can ask us to provide your personal data in a structured, commonly used and machine-readable format for your use or transfer to another controller
  • You can lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations
  • Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
  • You have the right to object - to the extent that we are relying on our legitimate interests to use your personal data, or the necessity of the performance of a task in the public interest, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms; or where we need to process the data for the establishment, exercise or defense of legal claims; or are otherwise legally authorized to carry out such processing. In addition, you can object to the processing of your personal data for direct marketing purposes at any time, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.
  • These rights may vary based on the jurisdiction where you are located. If you want to exercise any of these rights or have any questions or concerns about how we treat your personal data, please contact privacy@emdgroup.com.


    8. CALIFORNIA CONSUMER PRIVACY ACT
    https://www.sigmaaldrich.com/life-science/legal/california-consumer-privacy-act


    9. NOTIFICATION OF CHANGES
    We reserve the right to modify this privacy statement at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies, so please review it frequently.


    10. CONTACT DETAILS
    If you have any requests or questions, please feel free to contact our Group Data Protection Officer:

    Address:
    Group Data Protection Officer
    Merck KGaA
    Frankfurter Straße 250
    64293 Darmstadt, Germany

    Phone: +49 6151 72-0
    E-Mail: privacy@emdgroup.com

    REFERENCES

    1. Legal basis: Our legitimate interests according to Art. 6 (1) (f) GDPR
    2. Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
    3. Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
    4. Legal basis: Our legitimate interests according to Art. 6 (1) (f) GDPR
    5. Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
    6. Legal basis: Performance of a contract according to Art. 6 (1) (b) GDPR
    7. Legal basis: Our legitimate interests according to Art. 6 (1) (f) GDPR
    8. Legal basis: Legal obligation according to Art. 6 (1) (c) GDPR
    9. Legal basis: Our legitimate Interests according to Art. 6 (1) (f) GDPR; Your Consent according to Art. 6 (1) (a) GDPR
    10. Legal basis: Your consent according to Art. 6 (1) (a) GDPRv