SUMMARY OF OUR ONLINE PRIVACY COMMITMENT TO YOU
- We understand and respect that your privacy is important to you, so our privacy commitment begins with our four privacy values of respect, trust, preventing harm and compliance.
- We use and share personal information that you provide online only in ways that we tell you about either in this policy, our Our Global Online Tracking Policy, or in other privacy statements and communications we provide.
- We use policy, technical and physical controls to limit access to personal information that you provide online to prevent it from being misused.
Review Date: 14 August 2023
Effective Date: 14 August 2023
At Merck & Co., Inc. Rahway, NJ, USA, which has a tradename of MSD outside of the U.S. and Canada, offers online resources that provide health, medical, and product-related information and services, as well as corporate and financial news, employment and other information related to our business. In addition, some of our online resources enable qualified professionals to place orders for our pharmaceutical, vaccine and animal health products, to apply for grants, or to contribute to research studies.
Our privacy program and practices comply with EU Binding Corporate rules (BCR) APEC Cross-Border Privacy Rules Certification and our self-certification to the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program for transfers of personal information from the European Economic Area and Switzerland and the UK, as well as from the Asia-Pacific Economic Cooperation member states (respectively) to, amongst other places, to the United States. This policy is consistent with our Global Cross Border Privacy Rules Policy, Please read this policy carefully. Should you have any questions about this policy or our data collection, use and disclosure practices, please contact us.
The term “personal information” as used throughout this policy, applies to any data relating to an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, contact or track behavior or preferences of an individual.
How do we collect personal information online?
We collect personal information online through web sites and other online resources. We also offer online resources in collaboration with other online service providers, from which we may receive personal information about users of such resources. These online collaborations are governed by agreements that require personal information to be protected appropriately. Individuals may access many parts of our web sites and online resources without disclosing any personal information. There are three methods that we use to collect personal information online:
- Information that you provide: We collect personal information and other data that you may enter into forms or data fields on our web sites or online resources. Such information may include, but not be limited to, contact information (such as your name, postal address, e-mail address, telephone number, user ID and password), date of birth, professional credentials, experiences, activities, skills, preferences, hobbies and interests. We may also collect, when relevant for the processing purpose, health information about you that you provide by responding to our questions and surveys or through your use of online and downloadable health-related tools we provide. Some of our web sites enable users to place orders, such as for our vaccines and animal health products. These web sites may use external accredited third parties (i.e., on-line credit card checking managed by financial or credit organizations) or directly collect credit card information to process those orders. Such information will be secured appropriately and not kept longer than necessary for providing the service.
- Information from public or third-party information sources: We may collect personal information about health care professionals who register on our web sites from public or third party information sources to verify their professional credentials and identity. When customers use a credit card to place an order on our web sites, we verify the validity of the credit card information with financial or credit organizations. In some cases, we may augment our existing user databases with information from third parties. Some of this information may be personal information, such as change of postal address information.
We may also collect personal information about you from public Internet source via what is known as social media listening. Examples of social media include social networking; communities, forums, and message boards; blogging, microblogging, and vlogging; wikis; social bookmarking; and podcasts.
We may use other companies to deliver e-mail communications on our behalf or to place our advertisements on other web sites. Please review the privacy policies of these third parties to familiarize yourself with their practices. For more information about how you can control tracking by third parties, please see our Global Online Tracking Policy
Why do we collect, use and disclose personal information?
- Generally: We collect personal information online as necessary to enable individuals to register for, customize and personalize certain of our online resources and communications. We use personal information collected online to provide products, services and features and other resources that individuals have requested; for example, educational literature and related information about our business, e-mail programs, tools, quizzes, questionnaires, and surveys. We analyze personal information collected online to identify and offer additional services and promotions that we believe you might find interesting. We evaluate use of some online resources and communications with non-identifiable or aggregate information only. We also may use personal information to audit our online resources for compliance, authorized access and security.
- Social Media: Online social media resources are interactive tools that typically enable you to collaborate and share information with others. Some examples of social media resources include social networks, discussion boards, bulletin boards, blogs, wikis, and referral functions to share web site content and tools with a friend or colleague. We may collect personal information from you to enable you to use online social media resources we may offer from time to time. We may also enable you to use these social media resources to post or share personal information with others. You should consider carefully what information about yourself and others such as colleagues, friends, customers or patients, you choose to share with others when you use social media resources. We provide additional notice and choices about how personal information is collected, used and disclosed on our web sites and other online resources that offer or utilize social media.
Some of our web sites use sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity and provide the option for you to share certain personal information with us such as your name and email address to pre-populate registration and other sign-up forms. Services like Facebook Connect give you the option to post information to your Facebook profile page about your activities on our sites that use this service so that you can share your activities with others in your network.
Social media listening is the process by which we identify and assess what is being said about a company, individual, product or brand on the Internet. We will only collect relevant, adequate and not excessive publicly available personal information. Because of the nature of Social Media, it may not be possible for us to identify the individual who posted the original content that we collect. If personal information is collected and will be processed beyond the original intent when you posted the content, reasonable efforts will be made to provide notice to you as soon as is practical. Note, in some cases it may not be possible to collect and verify your contact details given the available information. Reasonable efforts might entail identifying your contact details from the social media platform, if possible, or within the posting. Moreover, we will make reasonable efforts to provide you with a mechanism by which to opt-out of our data processing or exercise your rights as required by our policy and applicable regulations.
We also collect personal information from the public domain for adverse event reporting purposes to fulfill our pharmacovigilance compliance requirements. The basis for this type of collection of personal information is a requirement to satisfy a legal obligation. In these circumstances, no consent from you is required, but we will provide you with notice as part of our pharmacovigilance policies and procedures.
- Mobile Computing: Some of our web sites and online resources are designed specifically for use on mobile computing devices. Some mobile versions of our web sites may require that you log in with your user account for that web site. Information about your use of the mobile version of the web site will be associated with your user account. Some of our web sites and online resources enable you to download an application (app), widget or other tool that you can use on your mobile or other computing device. Some of these apps may store information on your mobile or other device. These apps may transmit personal information to us, or others working for us, to enable you to access your user account or to enable us to track how these tools are used, such as how often they are used and which features are preferred. Some of these apps may enable you to e-mail reports and other information from the app. We may use personal or non-identifiable information transmitted to us to enhance these apps, to develop new tools, for quality improvement and as otherwise described in this Policy or in other notices we provide. These applications usually do not transmit personal information other than as described above nor sensitive personal information. In case such transfers are required to deliver the services requested by you in the application, we will provide notice and choice to allow such processing in addition to all relevant rights for access, correction and deletion as required by this policy and applicable laws.
Do we consolidate personal information?
What choices do you have about how we collect, use and disclose personal information about you?
You have four categories of choices. These include:
- No personal information collection: You may choose not to provide any personal information to us online by electing not to enter any personal information into a form or data field on our web sites, and by not using any personalized services provided by our online resources. However, some of our online resources require users to identify themselves in order to use personalized services or advanced features which will not be available without such data.
- Limitations and options regarding uses and disclosures for other purposes: Some of our online resources may request your permission to use and disclose personal information about you in order to add you to our contact lists, to enable you to list yourself in a directory or a social media resource, and to identify and offer additional services and promotions that we believe you might find interesting. You can limit the use of personal information about you by checking or un-checking options provided at the time that you enter that information or that we may offer to you in the future. Additionally, you may change your communications preferences (such as to opt-out of communications you requested previously) by using the opt out link provided in our electronic communications or by contacting us at the address most relevant to you.
- Limitations and options on tracking: Please see our Global Online Tracking Policy for information on how we use online tracking technologies and the choices you have.
- Email marketing communications: You may choose to receive optional marketing email and other communications from us by signing up for or subscribing to these communications on our web sites and other online resources. If you do not wish to receive optional email communications, you may opt-out by visiting the web site or other online resources where you subscribed, where available, and update your email communication selections, or you may follow the unsubscribe or opt-out instructions in the email communications you receive from us. You also may opt-out by contacting us at the address that is most relevant to you. If you do not wish for us to confirm whether you have read certain email communications we have sent to you, you may opt out of email communications tracking by opting out of receiving those email communications altogether using one of the approaches described above.
Where allowed by law, if you choose to tell a friend about one of our web sites or online resources by using our email referral features, we will provide information about how those features use personal information. In general, our email referral features do not store the names or email addresses of individuals to whom you send links to our web sites or online resources.
Who will have access to personal information about you?
Do we share personal information with third parties?
How do we secure personal information?
How do we protect the privacy of children?
In general, our web sites and online resources are not directed at children and most of the online services that we offer are designed for individuals who are 18 years of age or older. Where requests for information about a medication are permitted by law, individuals requesting information about a medication that is indicated for use in children must be 18 years of age or older.
We do not knowingly collect personal information from children under 13 years of age, or according to local law, without obtaining verifiable parental consent prior to collection. If you are a parent or guardian that has knowledge that we have collected information from your child, please contact the Global Privacy Office to request removal.
From time to time, some of our web sites and other online resources may provide optional features for children. When we do offer those features, we will take appropriate steps to ensure that verifiable parental consent is obtained prior to any collection, use or disclosure of personal information from children.
How may I access, correct or delete personal information about me?
Note that in some cases, like social media listening, we are not the initial publisher of the personal information we may collect. We will do our best effort to honor your rights regarding what we collect, but it is your responsibility to contact the social media or web site to request data modification at the source level as required by the “right to be forgotten” concept available in some jurisdictions.
How long do we retain personal information?
What is our contact address for privacy questions?
Should you have questions about this policy or our information collection, use and disclosure practices, you may contact us via email to the Global Privacy Office or at the address most relevant to you. You may access this list of addresses online at http://www.msd.com/contact/contacts.html. When you contact us, please note the name of the web site or other online resource you used or to which you provided personal information, as well as the nature of any information that you provided. We will use reasonable efforts to respond promptly within 30 business days or less to requests, questions or concerns you may have regarding access to personal information about you collected online or our use of personal information about you.
We may contact you for follow up information and may share your inquiry with other individuals within our company or working for us that are responsible for functions related to the subject of your inquiry. Except where required by law or our Cross Border Privacy Rules Policy we cannot ensure a response to questions or comments regarding topics unrelated to this policy or our privacy practices.
In compliance with the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact us via email to our Global Privacy Office.
We have further committed to refer unresolved privacy complaints under the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
How will you know whether we have updated this policy?
If you have questions about this policy or wish to contact the Company with any other privacy related questions, please reach out using the contact information contained on your country/location’s Privacy home page at msdprivacy.com.