Fair Information Notice
When you do business with Merz Middle East FZ LLC, we know that you trust us to take care of your personal information. Trust is an important Merz value, and we aim to earn your trust not just by providing safe, effective pharmaceutical and medical devices, but also by responsibly managing your personal data. This Fair Information Notice (“FIN”) explains who is responsible for processing and caring for your personal data at Merz as well as details relating to when, where and how we use, protect, store, delete and sometimes transfer your personal data. To download Fair Information Notice Click Here
A. Merz is responsible for the personal data that you share with us or that we receive about you.
Merz is responsible for processing your personal data. Merz operates in Dubai Healthcare City, Building 64, Block E, Ground Floor, Dubai, UAE.
Merz is a “controller” under the terms of the GDPR and EU Member state laws. “Controller” is the legal term for the company, in this case Merz, which, alone or jointly with others, determines the purposes and the methods by which your personal data are processed. Non-EU countries may not use the term “controller,” but nonetheless may place similar legal requirements on Merz to protect personal data we collect about you.
B. Why we process your personal data
Like most companies, we process your personal data for several, legitimate reasons related to our business. In general, we process personal data for the following specific business reasons:
- To complete a sales transaction;
- To honor an agreement or contract;
- If, after we provide you with fair information, you give us express consent to do
- To comply with the law (e.g., national drug safety reporting);
- To protect your vital interest (e.g., your health);
- To protect the public interest (e.g., drug safety monitoring); and
- Because we have a legitimate interest in processing your personal (e.g., advertising, marketing materials, newsletters)
Merz manufactures and sells some of the best pharmaceutical products and medical devices in the world. We sometimes process personal data to make healthcare professionals, pharmacies, patients and consumers aware of our products with marketing and advertising materials. We do this only when you give us explicit consent to do so or (if consent is not required) when we have a legitimate reason to do so, provided that your interests or your fundamental rights and freedoms do not prevail.
If Merz processes your personal data based on our “legitimate business interests” per Article 6(1), Sentence 1(f) of the GDPR, you can object to the processing (pursuant to Article 21 GDPR). If you object, we will stop processing your personal data unless we can demonstrate a compelling legitimate ground for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.. If we use your personal data to build a profile of you and you object, we must provide you with evidence of our legitimate business need to do so and the measures we have taken to protect your fundamental rights and freedoms.
If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, which overrides your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If you are objecting to direct marketing by us, we will honour your request and cease such marketing.
Merz complies with all European Union and Member state laws regarding data privacy and protection, including Regulation (EU) 2016/679 (General Data Protection Regulation–GDPR). Where applicable, Merz also complies with local and regional privacy laws in other countries where we do business.
C. Your relationship with Merz determines the amount and type of data about you that we process
The amount and type of personal data you share with Merz, or that Merz collects about you, depends on our relationship to you. Below are types of interactions with Merz where you may share personal data with us or where we may collect personal data about you. If you interact with us in more than one way, please review each section that pertains to your relationships with Merz.
If you do not find the information you are looking for in this FIN, or if you simply have questions or need more information, please contact the Merz Privacy Officer via the email below for the area where you reside: [email protected]
How we Process and Protect Your Personal Data
In the sections below, we describe how we process and protect your personal data when you engage with Merz in specified ways. To find the information relevant to you, scroll to the section that describes your relationship with Merz.
- I visit(ed) a Merz commercial website.
There are some general practices common to most Merz websites. When you visit a Merz website, our servers automatically store data sent by your computer’s software and internet browser, including the type and version of internet browser and operating system you use, the Merz website and sub-websites you access, the date and time of such access and your internet protocol address (“IP address”). Merz uses these data to provide you with access to the website in a readable form, to identify and fix any technical problems that may arise, and to prevent and, if necessary, take action against, any abuse of our services. We generally use an anonymized form of this data to analyze site statistics so that we can improve the look, user-friendliness and content of our websites. In some cases, we partner with third parties who may host or manage our websites. When these partners have access to your data, we contract with them to require that they only process your data according to our instructions and applicable law. The legal basis for this processing is Merz’s legitimate interest providing customers, patients and consumers with information about our products and our company.
First :Find a Provider / Provider Locator Services
1.If I am a healthcare provider (“HCP”)
Some of our product-related websites allow potential patients to provide their postal code and other geographic location data to find a healthcare provider or pharmacy near them that provides Merz products (“Provider Locator”). If you are a healthcare provider and you expressly consent to participate in our Provider Locator, we will process and publish your information on our websites. Visitors to the site who search for medical providers near them who use Merz products will be able to see your name, practice name, street address, telephone number and the Merz product lines you offer. Patients and consumers will also have the ability to request that your practice contact them by clicking on “request more information” on your practice listing in the Provider Locator and completing a request form. The legal basis for this processing is performing a contract (if such is in place with you) or (in all other cases) Merz’s legitimate interest in providing HCPs information about our products and services.
2.If I am a Patient or Consumer
If you are a patient or consumer who uses the Provider Locator on Merz’s websites, we will process geo-location data that you provide, such as your postal code or your IP address, in order to identify healthcare practitioners who use Merz products in your geographic area. If you click on the “request more information” button, the information you provide in the web form (e.g., name, email, phone number and postal code) will be sent to the selected medical provider, who is responsible for contacting you according to your request. Merz processes this data to help you get access to medical providers who use Merz products. Merz legal basis for processing this data is its legitimate interest helping patients find physicians that provide Merz products or (if you request more information) taking steps prior to entering into a contract with you.
For more information about how Merz uses Google Maps in its Provider Locator, see Section 1(e), below.
If you do not wish to use the Find a Provider feature, simply refrain from clicking the Find a Provider button and do not enter your postal code. If you are a healthcare provider who no longer wishes to participate in the Find a Provider feature, please email the privacy office for your country list in Section C, above.
- I am a medical professional and I have a username and password to enter restricted-access portions of a Merz website.
Certain areas of Merz’s websites are restricted to medical professionals and require registration. If you are a medical professional who is registering to use restricted areas of a website, we require you to provide information including your name, practice name, email address and physical address. You are also required to create a unique username and password. Merz uses this information to create and manage user accounts and identify authorized users. Merz also sometimes processes this data to perform a contract. In some instances, where you indicate your consent, we will use your registration data to provide you with marketing materials. We also share your registration data with other Merz affiliated companies inside and outside the EU and the EEA for sales and marketing purposes. If you would like to withdraw your consent for Merz to send you advertising materials, as described, you may email the Merz privacy officer for the country where you reside and withdraw your consent without affecting the lawfulness of processing based on consent before its withdrawal.
- How We Use Data Cookies
Merz websites used data cookies to simplify and improve your experience of our web pages. Cookies are small text files that are stored on your computer or server, that exchange settings-related information with Merz’s systems. A cookie normally contains the name of the domain from which the cookie data were sent, information about the cookie’s age, and an alphanumeric identifier.
If you visit a password-protected area of a Merz website, for example, the Merz job board website, session cookies are used for the duration of your visit. These enable Merz to make your experience simpler by using a single sign-on method as a means of authenticating you across the password-protected areas of websites. This method enables you to move around the website’s entire password-protected area without having to log in to each area separately.
- How We Use Google Analytics
Merz’s legitimate interest in using the data collected by Google Analytics is to understand the effectiveness, reach and usability of its websites.
You can prevent Google from collecting and processing cookie-generated data relating to your use a website by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can also deactivate Google Analytics cookies by clicking https://developers.google.com/analytics/devguides/collection/analyticsjs/us
Another option you can Click here to opt-out of Google Analytics
You can also deactivate or restrict the transmission of cookies by changing your internet browser settings. You can delete cookies already stored at any time, either by manually deleting each cookie or setting your browser to do so automatically. If you want to accept cookies used by Merz, but not cookies used by Merz’s service providers and partners, you can select the “Block only third party cookies” setting in your browser.
- How We Use Google Maps
Some Merz websites use the Google Maps API, which uses your location to provide additional services and features that you choose to interact with— for example, displaying the locations of Merz companies and medical specialists near you. If you access Google Maps on Merz websites, technical data pertaining to the accessing system (e.g. your postal code or IP address) may be transmitted to servers of Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland .
If you do not wish to use Google Maps you should not use the integrated Google Maps feature in our websites or enter your address into the medical specialist locator tool.
- How We Use Google Fonts
In order to reduce the loading times required by Merz websites, some use fonts (“Google Fonts”) downloaded from the servers of Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland. Generally if you access Merz’s websites, then anonymous technical data pertaining to your accessing system will be transmitted to Google where it is cached and stored for one day. In some European affiliates, we do not send data back to Google when using Google Fonts, instead we upload the fonts from a Merz server. Merz’s legitimate interest in using Google Fonts is to increase processing speed when retrieving fonts.
- How we use reCAPTCHA
In order to protect the content you provide in forms on our website, some of our websites use the “reCAPTCHA” service from the company Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland. With this service, we can differentiate between information entered into a form by a human and information entered by an automated machine (“bot”).
To the best of our knowledge, reCAPTCHA processes your URL, IP address, website activity, operating system, browse, length of visit, cookies, display instructions and scripts. reCAPTCHA also captures the mouse motion used to check the box. These data are transferred to Google to prevent bots from completing web forms. Merz’s legitimate interest in using reCAPTCHA is protecting our forms from bots.
The information obtained via the reCAPTCHA service is used in accordance with Google’s Usage Terms and Conditions: https://policies.google.com/?hl=en
- How We Use Google AdWords and Conversion-Tracking
Some of our websites use Google AdWords, a Google analytics service located at Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland,. This allows us to display ads to you that correspond to your interests. To do this, Google drops a data cookie or web beacon, that tracks which websites you visit, content you view and technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer.
Merz then receives an individual “conversion cookie” from Google that places an advertisement on the website. The information Merz obtains through the conversion cookie is used by Google to generate aggregate, anonymous conversion statistics for us for the purpose of helping us measure the effectiveness of our advertising. We do not receive any information from Google that personally identifies you.
Google processes the data it gathers from you by using a unique ID code, creating what is known as a pseudonymous profile. This means that Google does not display ads to an identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if you have explicitly consented to allow Google to process your data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the United States. Merz’s legitimate interest in using Google AdWords is optimizing our online advertising effectiveness.
For more information about Google’s data usage and advertising practices, please review Google’s Ads Help center here: https://support.google.com/ads/answer/2662922?hl=en and Google’s Ads Settings here: https://adssettings.google.com
- How We Use YouTube Videos
Some of our websites feature YouTube videos. YouTube is a service offered by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Merz uses YouTube’s advanced data protection settings to integrate videos. In this way, technical data pertaining to your accessing system, for example, information about what video you viewed, are only transmitted to Google if you click on the video. Merz’s legitimate interest in processing personal data via YouTube is so that we may provide relevant business videos to our users.
You can prevent the transmission of your data to Google by not clicking on the YouTube videos integrated into the Merz websites.
- How We Use Social Media Plug-Ins
Merz websites use plug-ins of social media platforms such as Facebook, Twitter, Google and Instagram so that you may share your experience with Merz on social media. We use this information to improve our business and to provide you with content more relevant to your life and interests as expressed online. Social media plug-ins are identifiable by the logo of the respective plug-in provider that they feature and, in the case of Facebook, also by the additional “Like” and “Share” buttons.
If you are signed into social medial when you click on a social media plug-in, your IP address and other activities may be stored by the social media providers. To prevent this, you should log off of your social media accounts before navigating to websites that use social media plug-ins. The plug-in providers explain the information obtained by plug-ins and how you can limit it on their websites, which you can access here:
You can limit or prevent transmitting your data to social media plug-in providers by using the tools and methods provided on the plug-in providers respective websites (links above).
2.I buy products from Merz as a healthcare provider, dispenser or pharmacist.
If you are a healthcare professional, in particular a doctor or pharmacist, and you contact Merz
as a prescriber, dispenser or consultant, we will process the following information about you:
- Your name, title, business name, and the name of your employees who are authorized to do business with Merz
- Your medical or pharmaceutical license number
- Your business address, telephone number and email address(es)
- Merz product(s) you have ordered
- Payment information
- Information gathered during sales calls to your business by our sales team
- Any requests you have made for medical information about a Merz product
- Any potential safety risks or technical quality issues you report
- Information about training you received from us
- Information related to Merz-sponsored events you attend
- Information required for transparency reporting, where required by law
- Any publications by trade press or other media relating to your practice or use of Merz products
We process this information to establish or maintain a business relationship with you and sometimes in order to fulfil the terms of a contract with you. If you expressly agree that we may do so, we may also publish the contact details of your practice or pharmacy on our websites so that patients can find your practice or pharmacy where Merz products may be purchased or Merz services are provided.
If you have expressly consented that we may do so, we will send you marketing and advertising materials and notices of Merz’s promotions. As always, you may withdraw your consent without adverse effect and without affecting the lawfulness of processing based on consent before its withdrawal by contacting the Merz privacy officer for your country listed in the chart in Section C, above.
Merz sometimes receives contact and address information and medical licensing data about potential Merz customers from third party service providers. We process this data to verify that you are a licensed medical professional who may lawfully prescribe or dispense our products and to identify providers who may have an interest in our products.
If you are a clinical investigator conducting a trial on a Merz-developed product, we will process data contained in your CV in addition to data you record in the course of your study work. Further information about personal data processing in the context of an investigational study will be set out in your study related contracts with Merz. If we submit the findings of a study in which you are a clinical investigator for approval by a government body, your personal data will be transferred to that governing body as specified in the study documents, which may be located outside the European Union/European Economic Area.
To find information about how Merz lawfully transfers data outside the European Union/European Economic Area see Sections E and G, below.
3.I attend(ed) a Merz sponsored event as a healthcare provider, dispenser or pharmacist.
Merz may gather personal data necessary to help you plan travel to or from the event and/or coordinate lodging. You may be asked to sign a consulting or other agreement with Merz further specifying the legitimate basis for your attendance at the event and for Merz’s processing of your personal data. This consulting agreement governs your relationships with Merz with respect to the referenced event. In some instances Merz partners with travel agencies and governmental agencies to ensure your lawful and safe passage to our event. When Merz transfers your personal data to these partners it is for the limited purpose of securing your attendance at our event and is governed by agreements between Merz and our partners requiring that our partners comply with our instructions and all applicable data protection rules and regulations. The legal basis for this processing is performing a contract.
While participating at a Merz-sponsored medical event you may be asked to sign video or photography consents. The terms of the consent you execute governs how Merz will treat your personal data for the purposes described in the consent. As always, you have the right to withdraw your consent without negative affect and without affecting the lawfulness of processing based on consent before its withdrawal by contacting the data privacy officer for your country listed in Section C, above.
4.I am a physician, dispenser, distributor or pharmacist subject to national transparency or “sunshine,” export or money laundering laws.
Merz may also process your personal data in order to comply with legal provisions on transparency and reporting obligations that apply within the pharmaceutical sector. If you or one of your patients submits a complaint or reports that one of our products has had an adverse effect, then we will process your personal data to the extent required to handle the complaint. Where we are legally obliged to do so, we also forward pseudonymous personal data relating to a complaint to the competent supervisory authorities for pharmaceuticals and medical devices. If necessary, Merz will also process your data in order to comply with statutory transparency requirements regarding the reporting of benefits provided by Merz to you (e.g. at conferences or similar events) and in accordance with export and money laundering laws.
5.I subscribe to a Merz newsletter.
If you subscribe to a Merz paper or electronic newsletter, Merz will process your contact information in order to provide the newsletter to you, e.g., your email or postal address. These data are used for purposes of sending you promotional materials about Merz. You have the right to unsubscribe from the Merz newsletter(s), via the link provided in the newsletter. Unsubscribing from a newsletter does not affect the legality of any processing of your contact information that took place prior to the date of unsubscribing.
If you register for the newsletter via a Merz website, Merz may record the IP address of the device used to access the website system, the date and time of your registration, and the date and time of the email verification. These are used to detect the possible misuse of your email address.
Our electronic newsletters sometimes contain “web beacons.” A web beacon is a miniature graphic image that is embedded in an email in HTML format. Based on the embedded web beacon, Merz can recognize whether and when the recipient opened the newsletter, and which links contained in the newsletter he/she clicked on. Data collected through web beacons are stored and processed anonymously for statistical purposes. The corresponding statistics are used to optimize the newsletter dispatch process and to better align the content of future newsletters with interests of recipients.
We may share your data with an agency partner providing us with technical assistance when sending you our newsletter. If we do so, the partner will be obligated to process your data only as we instruct and consistent with applicable law. If this processor is outside the EU or EEA then we comply with cross border transfer rules as described in Sections E and G, below.
6.I am an HCP and I use the “My Merz Portal”.
If you are in a geographical area where it is available, and you sign up to use the online My Merz Portal, Merz will collect your name, username, password and contact details about your practice in order to provide you access to this restricted website. The My Merz Portal uses a single sign on technology to allow you to navigate between features on the portal without having to re-authenticate you each time you leave one area, e.g., digital marketing assets, to navigate to another area, e.g., self-service. In order for this single sign on function to work, you will have to accept cookies by clicking that you approve their use via the “Accept” button on the Cookie Notice banner. As with other Merz websites, cookies are used to simplify and improve your experience of our web pages. These cookies are necessary for the site to function, which allows you to do business with Merz. You may deactivate your account by logging into your My Merz Portal Account Settings and deactivating it there.
For additional information on cookies and other technical tools and plug-ins we use on our websites, please see Section D (1), above.
7.I am an HCP and I use the Merz Institute of Advanced Aesthetics (“MIAA”) training website.
You will also have an opportunity to opt-in to certain Merz services at the time you set up your account. For example, you may ask us to keep you informed about Merz news and our products, services and market research. If you have opted-in to share information with Merz you may at any time revoke your consent without future effect; such revocation will not put you at any disadvantage whatsoever.
To find information about how Merz lawfully transfers data outside the European Union/European Economic Area see Sections E and G, below. And for additional information on cookies and other technical tools and plug-ins we use on our websites, please see Section D (1), above.
8.I am an HCP and I use a Merz-related software application (“Merz App”) as a part of my practice.
Whether the personal data is encrypted depends on the device settings used by the healthcare provider. Likewise, whether the personal data entered into the Merz App is transferred from the device depends on a number of factors such as whether the Merz App is backed up to local or cloud storage by a healthcare provider or whether the healthcare provider transfers the personal data on the Merz App to consumers or patients via an electronic medical record or email function. Compliance with data protection and privacy laws with respect to transferring identified patient data from a Merz App to a consumer or patient is entirely the responsibility of the healthcare provider and the healthcare provider is the best source of fair information about his or her own personal data practices using a Merz App.
In some instances, anonymous, aggregate patient data may be shared with Merz for the purpose of improving functionality, the user experience and for anonymous market research, but Merz does not collect identified or pseudonymous patient data from Merz Apps.
9.I am a study participant and I participate(d) in a Merz-sponsored clinical trial or study.
If you participate in a Merz-sponsored clinical trial, then the law requires that you consent to personal data processing. The personal data collected and processed includes your name, address, and information about your health, race, national origin, and, sometimes, genetic information, among other things. For your own protection and privacy, such data is processed in pseudonymous form, wherever possible, which means using a number and/or letter code instead of your name to identify you. Your data will be processed for the purpose of conducting the trial, applying for the approval of a new pharmaceutical product, and, if applicable, for other purposes as specified in the pertinent declaration of consent. Though your personal data will be pseudonymous wherever possible, there are occasions where Merz and its partners conducting the study, may need to view your identified personal data in order to ensure the study is scientifically valid, or to protect your health and safety. Anyone who views your identified personal data during a clinical trial is obligated to hold this information in strict confidence.
Usually, Merz partners with a clinical research organization (“CRO”), which organizes and conducts the clinical trial on Merz’s behalf. The trial is carried out under the supervision of a clinical investigator. The investigator and the CRO will both have access to your personal data for study purposes. Merz and the CRO agree by contract to the terms of how personal data will be lawfully processed and both Merz and the CRO comply fully with applicable data protection laws. Merz, the investigator and the CRO enter agreements specifying individual roles and responsibilities of data processing.
Where an application for approval of a pharmaceutical product is concerned, your pseudonymous data may be forwarded to a governmental authority responsible for the approval process. Where adverse effects occur, your data may be forwarded to the competent ethics commission and to the authority responsible for receiving the corresponding reports. If you expressly consent to it, your personal data collected during the trial may be transferred to your private physician to ensure continuity of care.
If the trial comes to an end or is terminated prematurely, then, according to the legal provisions pertaining to clinical trials, the data must be kept for a period of at least ten years, and sometimes longer, as prescribed by law. If the study in which you participate relates to a product approved for sale, the data will be saved for the life of the product on the market plus twenty years. The data will be erased at the end of the applicable retention period.
As part of the respective clinical trial, you will receive more detailed information on the scope of personal data processing in your informed consent document. The information you are given for your specific trial controls your situation. The information provided here is general and will be supplemented or altered by the informed consent you execute prior to becoming a study participant.
10.I use a Merz product and I participate(d) in a Merz-sponsored contest or campaign.
From time to time, we hold competitions, lotteries and other such promotional events. Unless otherwise specified in data protection regulations pertaining to the respective competition or promotion, any personal information that you provide us as part of your participation in the competition or promotion will be used to administer the competition or promotion (e.g. determining the winner, notifying the winner, sending the prize). In some cases, with your consent, we will use personal information you provided as a part of your participation in the contest to contact you with other Merz contests or promotions and information about Merz products.
If you have consented to share information with Merz you may at any time revoke your consent with future effect; such revocation will not put you at any disadvantage whatsoever. To revoke consent, you may simply send a corresponding written notification to the body specified on the declaration of consent, or to [email protected]
Once the competition or promotion is over, your data will be deleted, unless you have consented to allow Merz to process your data for promotional purposes beyond the time period of the contest. Where the prizes are objects, the data of any winners will be kept for as long as the respective statutory warranty claims apply so that we may arrange rectification or exchange should the prize be defective.
11. I report(ed) that a Merz product may have caused a side effect or injury.
If you or your patient experience any unwanted side effects when using our products, we encourage you to contact us immediately. Reporting such situations is very important from a public health perspective and is in the legitimate interest of both Merz and the public at large. If you believe that you may have experienced adverse effects while using our products, we ask you to report this to us at [email protected]
If you contact us to report a potential side effect, we will collect and process various types of health-specific data relating to you. These data may include the treatment you received and side effects themselves as well as all relevant medical information about your age, gender, other medications you take and medical history. Such data are used for the exclusive purpose of investigating your report and understanding how our drug or device may have caused it. If you are a European Economic Area or Swiss resident your data will be forwarded to Merz Pharmaceuticals GmbH in Frankfurt am Main, Germany, which, within the Merz companies (outside the United States), is responsible for managing reports of side effects or injury. Merz Pharmaceuticals submits all reports of adverse reactions received from within Europe to the European Medicines Agency. Safety reports within the United States and Latin America are reported to Merz North America, Inc., and, if legally required, to the United States Food and Drug Administration and relevant Canadian, South American and Mexican authorities. The Merz Group provides regulatory authorities the minimum necessary personal data to comply with public safety and drug regulation laws.
For public health reasons, reports of adverse events are kept until the legally required retention period has expired and are then deleted.
12. I report(ed) a technical (non-injury) problem with a Merz product.
Your complaints help us improve the quality of our products. Accordingly, we process personal data you have made available to us (e.g. your personal data, contact details, and your correspondence with us) solely for the purpose of examining the quality issues you have reported and/or to clarify the details with you. Merz forwards only unidentified technical data included in your complaint to other Merz companies and contracting parties to improve any quality issues with our products. Your identified personal data is not transmitted, but rather remains solely at the Merz affiliate to which you made the report and will be erased after the legally required retention period elapses.
13. I visit a Merz social media platform including but not limited to Facebook, Instagram, Pinterest, Twitter, LinkedIn or Vimeo.
Only to the extent required by law, Merz processes your personal data as described in the following section in its capacity as controller within the meaning of the GDPR. However, in all other respects, the operator of the respective social media platform is deemed the controller under data protection law for all types of processing performed on the platform itself.
Data entered on our social media pages, for example comments, videos, images, likes, public messages, etc., are published by the operator of the respective social media network and we reserve the right to delete such content should this be necessary (e.g. due to inappropriateness or regulatory guidelines). We may also use the social media platform to communicate with you.
We also target advertising based on certain demographics, interests, behaviors and location. These data are provided to us by the operator of the respective social media platform, if required, in anonymous form. We can only influence statistics provided to us by the operator of the pertinent social media platform to a limited extent; we cannot deactivate such statistics.
To prevent the operators of social media platforms from collecting information from you and then using it to target you with behavior-related advertising, we recommend that you review the privacy settings of each social media channel and adjust the account settings accordingly. You can also deactivate or restrict the transmission of cookies by changing your internet browser settings accordingly.
14.I applied for a job with Merz.
Thank you for your interest in working for Merz. We safeguard your personal data throughout our application process. Merz processes all personal data that you provide in your application, including any attachments sent, for the purpose of considering your candidacy for employment. This data includes your name and contact information, the information in your CV, your job preferences and your profile. If you have a LinkedIn profile, Merz will process the data you choose to share on LinkedIn, as well. Merz processes these data to the extent required to carry out the application process, i.e. enter into a contract with you. If you use(d) our online job board to apply for a job with us, see “processing of personal data via our job board,” below for more information.
- I used a credit card to purchase a Merz product.
If you use a credit card to purchase a Merz product, we will process your contact, financial and transactional data in order to perform a contract with you and because doing so is in our legitimate interest of receiving payments owed to us for the sale of our products. We use reasonable organizational and technical measures to secure your credit card data and limit the disclosure of such data to only those who have a need to see the data in order to process your transaction.
- Processing of personal data via our job board
If you apply for a vacancy via the job board here, then the application process will be coordinated by Merz Pharma GmbH & Co. KGaA, Eckenheimer Landstraße 100, 60318 Frankfurt am Main, Germany (“Merz Pharma”), which is directly responsible for processing your personal data.
- Usage data
If you use our online job board, various data will be stored about the device and system used to access the job board. These data include the type of browser, the browser version, the operating system used, the website from which the Merz website is accessed, the Merz website sub-pages that are accessed, the date and time of such access, the internet protocol address (IP address), the internet service provider and any data comparable with this data. Merz uses these data to render our website accessible, to identify and remedy any technical problems that may arise, and to prevent and, if necessary, take action against any abuse of our services. Merz also analyses anonymous data for statistical purposes and to improve our job board. The legal basis for this processing is Merz’s legitimate interest.
Before submitting your first application, you will be asked to set up a profile and provide us with information (email address, contact details, information on your professional and educational career, specific information on your preferred field of work, etc.). In this profile, you will be able to upload your CV and related documents. The legal basis for this processing is taking necessary steps to enter into a contract with you.
3.Retention of applicant personal data
If you are a European resident, personal data collected as part of the application process will be stored for a maximum of six months from the date the position was filled. For non-European residents, the retention period varies under local law. If you consent to allow Merz to retain your data for longer than the applicable retention period, we will retain it according to the terms of your consent. As always, you have the right to withdraw your consent without negative affect and without affecting the lawfulness of processing based on consent before its withdrawal by contacting the data privacy officer for your country listed in Section C, above.
For additional information on cookies and other technical tools and plug-ins we use on our websites, please see Section D (1), above.
- I am a Merz supplier, vendor or business partner.
If you have any other type of business relationship with Merz, for example if you are employed by one of our suppliers or distributors, then Merz will process identifying personal data about you, for example, first and last name, title if applicable, job title, industry and company affiliation and contact information. Merz processes this information in order to establish or maintain business relations with your company. The legal basis for this processing is Merz’s legitimate interest in partnering with suppliers and vendors to provide its products and services.
As a rule, we collect this data directly from you if and to the extent that you convey it to us (e.g. in email signatures, letterheads of business correspondence or business cards). Merz may occasionally also receive personal data concerning you from your employer or from third parties, for example through recommendations from customers, suppliers or other business contacts.
Your data is also passed on to other Merz companies within the scope of our vendor and supply chain management systems. This is done for purposes of easily locating you or the company to which you belong, and of determining the status that you or the company to which you belong has within our systems.
If your data is transferred outside the EU/EEA, then Merz will ensure the lawfulness of the transfer via the mechanisms described in Sections E and G, below.
18. I contacted Merz via e-mail or contact form on a website.
If you contact Merz directly, e.g. via a contact form on a website or via e-mail, then the personal data you transmit to Merz as a result, e.g. your e-mail address, your name, the content of your inquiry, etc., will be used to for processing the your respective inquiry. Your data may be passed on to other Merz companies if this is necessary to respond to your inquiry. An overview of the Merz companies is provided in paragraph A, above at the beginning of this Policy. In this case we are processing your data either to fulfill a contract or to respond to a business inquiry.
If your data is transferred outside the EU/EEA in order to process your request, then Merz will ensure the lawfulness of the transfer via the mechanisms described in Section F, below.
D.Passing on personal data to (other) third parties
Merz relies on the support of specialized technical service providers for the technical processing of personal data. These service providers are carefully selected and are legally and contractually committed to ensuring a high level of data protection.
In individual cases, Merz works with companies and other entities that have special expertise in specific areas or subject knowledge (such as tax auditors, lawyers, and consulting firms, for example). These entities are either subject to a professional duty of confidentiality and/or have been obliged by Merz to maintain confidentiality.
Merz will only pass on personal data to third parties for purposes other than those specified in this FIN if there is a legal obligation to do so or if you have provided your express consent to such disclosure.
E.How long we hold your data
Unless otherwise stated in this FIN, we erase your personal data when it is no longer needed for the purposes for which it was processed and if the retention periods prescribed by law have expired. Contractually relevant data are usually erased ten years after the termination of the respective contract with Merz.
F.International transfer of data outside the EU/EEA
If data is transmitted to Merz companies in countries that are outside the European Union or European Economic Area and that, according to the European Commission, do not offer an “adequate level of data protection,” then Merz safeguards your data pursuant to the European Commission’s standard contractual clauses for these countries and has thus provided the requisite additional safeguards for the protection of personal data. These can be accessed here: https://eur-lex.europa.eu/eli/dec/2004/915/oj. An overview of all Merz companies is provided in paragraph A, above. Merz also complies with the cross border data transfer and export control laws of non-European countries within which it operates.
G.Your data protection rights
If you would like detailed information on your personal data stored by Merz, you can contact us using the email [email protected] or by contacting our global privacy office at [email protected] You may also request to receive information about any data that you have provided to Merz in accordance with applicable law in a structured, commonly used, and machine-readable format, or you may also request that we submit such information to a third party. If you discover that personal information that has been stored about you is incorrect or incomplete, you may request that such data be immediately corrected or completed at any time. If the requirements stipulated in Art. 17 and 18 of the GDPR are met, you may also request the erasure of your personal data or that processing of it be restricted. You also have the right to lodge a complaint with the relevant supervisory authority for data protection issues in the area where you live.
If Merz processes your personal data based on our “legitimate business interests” per Article 6(1), Sentence 1(f) of the GDPR, you can object to the processing by telling us how our processing violates your rights in your unique situation. If we use your personal data to build a profile of you and you object, we must provide you with evidence of our legitimate business need to do so and the measures we have taken to protect your fundamental rights and freedoms. If you object, we will stop processing your personal data unless we can demonstrate a compelling legitimate ground for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If you are objecting to direct marketing by us, we will honor your request and cease such marketing.
You can contact us as specified in Section H, of this FIN.
If you have any questions about how Merz processes personal data or about exercising your rights as a data subject, you can contact Merz at any time. Please send all inquiries to the data privacy officer at Merz: [email protected]