worldwide

worldwide

SUMMARY OF OUR ONLINE PRIVACY COMMITMENT TO YOU

  • We understand and respect that your privacy is important to you, so our privacy commitment begins with our four privacy values of respect, trust, preventing harm and compliance.
  • We use and share personal information that you provide online only in ways that we tell you about either in this policy, our Our Global Online Tracking Policy, or in other privacy statements and communications we provide.
  • We use policy, technical and physical controls to limit access to personal information that you provide online to prevent it from being misused.
  • For more details, please read our Internet Privacy Policy below or contact us.

Review Date: 14 August 2023
Effective Date: 14 August 2023

At Merck & Co., Inc. Rahway, NJ, USA, which has a tradename of MSD outside of the U.S. and Canada, offers online resources that provide health, medical, and product-related information and services, as well as corporate and financial news, employment and other information related to our business. In addition, some of our online resources enable qualified professionals to place orders for our pharmaceutical, vaccine and animal health products, to apply for grants, or to contribute to research studies.

Respect for the privacy of personal information about you is very important to us. Our web sites and other online resources that display this privacy policy (“policy”) are committed to collecting, maintaining, and securing personal information about you in accordance with the law, this policy, and our Global Cross Border Privacy Rules Policy , as well as applicable laws, rules and regulations .This policy applies to personal information (as defined below) collected from our online resources and communications (such as web sites, mobile applications (apps) e-mail, and other online and downloadable tools) that display a link to this policy. This policy does not apply to personal information collected from offline resources and communications, except in cases where such personal information is consolidated with personal information that we, or others on our behalf, collect online. This policy also does not apply to third-party online resources to which our web sites may link, where we do not control the content or the privacy practices of such resources.

Our privacy program and practices comply with EU Binding Corporate rules (BCR) APEC Cross-Border Privacy Rules Certification and our self-certification to the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program for transfers of personal information from the European Economic Area and Switzerland and the UK, as well as from the Asia-Pacific Economic Cooperation member states (respectively) to, amongst other places, to the United States. This policy is consistent with our Global Cross Border Privacy Rules Policy, Please read this policy carefully. Should you have any questions about this policy or our data collection, use and disclosure practices, please contact us.


As referred to in this Privacy Policy, references to “MSD,” “us,” “we,” and “our” means Merck & Co., Inc., Rahway, NJ, USA, its successors, subsidiaries, divisions and groups worldwide, excluding joint ventures to which we are a party.

How does this Privacy Policy define “personal information”?

The term “personal information” as used throughout this policy, applies to any data relating to an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, contact or track behavior or preferences of an individual.

How do we collect personal information online?

We collect personal information online through web sites and other online resources. We also offer online resources in collaboration with other online service providers, from which we may receive personal information about users of such resources. These online collaborations are governed by agreements that require personal information to be protected appropriately. Individuals may access many parts of our web sites and online resources without disclosing any personal information. There are three methods that we use to collect personal information online:

  1. Information that you provide: We collect personal information and other data that you may enter into forms or data fields on our web sites or online resources. Such information may include, but not be limited to, contact information (such as your name, postal address, e-mail address, telephone number, user ID and password), date of birth, professional credentials, experiences, activities, skills, preferences, hobbies and interests. We may also collect, when relevant for the processing purpose, health information about you that you provide by responding to our questions and surveys or through your use of online and downloadable health-related tools we provide. Some of our web sites enable users to place orders, such as for our vaccines and animal health products. These web sites may use external accredited third parties (i.e., on-line credit card checking managed by financial or credit organizations) or directly collect credit card information to process those orders. Such information will be secured appropriately and not kept longer than necessary for providing the service.
  2. Information from public or third-party information sources: We may collect personal information about health care professionals who register on our web sites from public or third party information sources to verify their professional credentials and identity. When customers use a credit card to place an order on our web sites, we verify the validity of the credit card information with financial or credit organizations. In some cases, we may augment our existing user databases with information from third parties. Some of this information may be personal information, such as change of postal address information.

    We may also collect personal information about you from public Internet source via what is known as social media listening. Examples of social media include social networking; communities, forums, and message boards; blogging, microblogging, and vlogging; wikis; social bookmarking; and podcasts.

  3. Information collected from your computer or other electronic device: We collect information about your computer or other electronic device when you visit our web sites and use our online resources. This information may include your Internet Protocol (IP) address, Internet Service Provider (ISP), domain name, browser type, date and time of your request and information provided by tracking technologies, such as cookies, single-pixel tags, local share objects (Flash), local storage, Etags and scripts. In the United States, if you leave one of our web sites without becoming a registered user we may use cookies in conjunction with third parties to serve advertisements to your computer or other electronic device to remind you about our web site that you had previously visited. Please see Global Online Tracking Policy for more information about cookies and how you can control them. If you use a mobile device to access our web sites and online resources or to download our mobile apps or services, we also may collect information about your device, such as your device ID and device type, as well as usage information about your device and your use of our mobile web sites and other mobile resources.

    We may use other companies to deliver e-mail communications on our behalf or to place our advertisements on other web sites. Please review the privacy policies of these third parties to familiarize yourself with their practices. For more information about how you can control tracking by third parties, please see our Global Online Tracking Policy

Why do we collect, use and disclose personal information?

  1. Generally: We collect personal information online as necessary to enable individuals to register for, customize and personalize certain of our online resources and communications. We use personal information collected online to provide products, services and features and other resources that individuals have requested; for example, educational literature and related information about our business, e-mail programs, tools, quizzes, questionnaires, and surveys. We analyze personal information collected online to identify and offer additional services and promotions that we believe you might find interesting. We evaluate use of some online resources and communications with non-identifiable or aggregate information only. We also may use personal information to audit our online resources for compliance, authorized access and security.
  2. Social Media: Online social media resources are interactive tools that typically enable you to collaborate and share information with others. Some examples of social media resources include social networks, discussion boards, bulletin boards, blogs, wikis, and referral functions to share web site content and tools with a friend or colleague. We may collect personal information from you to enable you to use online social media resources we may offer from time to time. We may also enable you to use these social media resources to post or share personal information with others. You should consider carefully what information about yourself and others such as colleagues, friends, customers or patients, you choose to share with others when you use social media resources. We provide additional notice and choices about how personal information is collected, used and disclosed on our web sites and other online resources that offer or utilize social media.

    Some of our web sites use sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity and provide the option for you to share certain personal information with us such as your name and email address to pre-populate registration and other sign-up forms. Services like Facebook Connect give you the option to post information to your Facebook profile page about your activities on our sites that use this service so that you can share your activities with others in your network.

    Social media listening is the process by which we identify and assess what is being said about a company, individual, product or brand on the Internet. We will only collect relevant, adequate and not excessive publicly available personal information. Because of the nature of Social Media, it may not be possible for us to identify the individual who posted the original content that we collect. If personal information is collected and will be processed beyond the original intent when you posted the content, reasonable efforts will be made to provide notice to you as soon as is practical. Note, in some cases it may not be possible to collect and verify your contact details given the available information. Reasonable efforts might entail identifying your contact details from the social media platform, if possible, or within the posting. Moreover, we will make reasonable efforts to provide you with a mechanism by which to opt-out of our data processing or exercise your rights as required by our policy and applicable regulations.

    We also collect personal information from the public domain for adverse event reporting purposes to fulfill our pharmacovigilance compliance requirements. The basis for this type of collection of personal information is a requirement to satisfy a legal obligation. In these circumstances, no consent from you is required, but we will provide you with notice as part of our pharmacovigilance policies and procedures.

  3. Mobile Computing: Some of our web sites and online resources are designed specifically for use on mobile computing devices. Some mobile versions of our web sites may require that you log in with your user account for that web site. Information about your use of the mobile version of the web site will be associated with your user account. Some of our web sites and online resources enable you to download an application (app), widget or other tool that you can use on your mobile or other computing device. Some of these apps may store information on your mobile or other device. These apps may transmit personal information to us, or others working for us, to enable you to access your user account or to enable us to track how these tools are used, such as how often they are used and which features are preferred. Some of these apps may enable you to e-mail reports and other information from the app. We may use personal or non-identifiable information transmitted to us to enhance these apps, to develop new tools, for quality improvement and as otherwise described in this Policy or in other notices we provide. These applications usually do not transmit personal information other than as described above nor sensitive personal information. In case such transfers are required to deliver the services requested by you in the application, we will provide notice and choice to allow such processing in addition to all relevant rights for access, correction and deletion as required by this policy and applicable laws.

Do we consolidate personal information?

Consistent with the purposes identified and standards set within this policy and other applicable privacy notices that have been provided, in some cases we consolidate and use personal information that individuals share with us through various services and channels, such as the telephone, surveys, web sites and other online resources and communications, in order to enhance the quality of services that we offer. Potential data consolidation activities extend across the different data subject categories for which this policy applies. This includes employees, contractors, Healthcare Professional, patients, or vendors.

What choices do you have about how we collect, use and disclose personal information about you?

You have four categories of choices. These include:

  1. No personal information collection: You may choose not to provide any personal information to us online by electing not to enter any personal information into a form or data field on our web sites, and by not using any personalized services provided by our online resources. However, some of our online resources require users to identify themselves in order to use personalized services or advanced features which will not be available without such data.
  2. Limitations and options regarding uses and disclosures for other purposes: Some of our online resources may request your permission to use and disclose personal information about you in order to add you to our contact lists, to enable you to list yourself in a directory or a social media resource, and to identify and offer additional services and promotions that we believe you might find interesting. You can limit the use of personal information about you by checking or un-checking options provided at the time that you enter that information or that we may offer to you in the future. Additionally, you may change your communications preferences (such as to opt-out of communications you requested previously) by using the opt out link provided in our electronic communications or by contacting us at the address most relevant to you.
  3. Limitations and options on tracking: Please see our Global Online Tracking Policy for information on how we use online tracking technologies and the choices you have.
  4. Email marketing communications: You may choose to receive optional marketing email and other communications from us by signing up for or subscribing to these communications on our web sites and other online resources. If you do not wish to receive optional email communications, you may opt-out by visiting the web site or other online resources where you subscribed, where available, and update your email communication selections, or you may follow the unsubscribe or opt-out instructions in the email communications you receive from us. You also may opt-out by contacting us at the address that is most relevant to you. If you do not wish for us to confirm whether you have read certain email communications we have sent to you, you may opt out of email communications tracking by opting out of receiving those email communications altogether using one of the approaches described above.

Where allowed by law, if you choose to tell a friend about one of our web sites or online resources by using our email referral features, we will provide information about how those features use personal information. In general, our email referral features do not store the names or email addresses of individuals to whom you send links to our web sites or online resources.

Who will have access to personal information about you?

Personal information about you will be accessible to Merck & Co., Inc. Rahway, NJ, USA, including its subsidiaries, divisions and groups worldwide, and to individuals and organizations that use personal information solely for and at the direction of us (for example vendors or service providers). Uses and disclosures of personal information by external individuals and organizations acting on our behalf are governed by agreements that require personal information to be protected appropriately. Personal information about you only will only be used and disclosed by us and individuals and organizations working on our behalf, in a manner consistent with this policy, other applicable privacy notices, data, with accessed controlled as needed and as explicitly permitted or required by applicable laws, rules and regulations.

Do we share personal information with third parties?

In general, we do not sell or share personal information about you except as described in this policy and other applicable privacy notices, however, circumstances may arise where we may, for business reasons, decide to reorganize or divest our business through sale, merger or acquisition. In these circumstances, personal information may be shared with actual or prospective purchasers. We will obtain written assurances that personal information will be protected appropriately in these circumstances. Consistent with our Global Cross Border Privacy Rules Policy, we reserve the right to disclose personal information about you, including your e-mail address, for reporting to government authorities, to parties in relevant legal proceedings as authorized by the presiding court or tribunal and otherwise to the extent required or explicitly authorized by applicable law. Except as provided in this policy or our Global Cross Border Privacy Rules Policy, personal information about you will not otherwise be shared without your permission.

How do we secure personal information?

We will take reasonable steps to protect personal information, according to its sensitivity, as it is collected and transmitted between your computer or device and our online resources and servers, as well as to protect personal information in our possession from unauthorized access, disclosure, alteration or destruction. It is your personal responsibility to secure your own copies of your passwords and related access codes for our online resources.

How do we protect the privacy of children?

In general, our web sites and online resources are not directed at children and most of the online services that we offer are designed for individuals who are 18 years of age or older. Where requests for information about a medication are permitted by law, individuals requesting information about a medication that is indicated for use in children must be 18 years of age or older.

We do not knowingly collect personal information from children under 13 years of age, or according to local law, without obtaining verifiable parental consent prior to collection. If you are a parent or guardian that has knowledge that we have collected information from your child, please contact the Global Privacy Office to request removal.

From time to time, some of our web sites and other online resources may provide optional features for children. When we do offer those features, we will take appropriate steps to ensure that verifiable parental consent is obtained prior to any collection, use or disclosure of personal information from children.

How may I access, correct or delete personal information about me?

To gain access to personal information about you collected online, and to keep it accurate, complete and current, or to request deletion, you may contact us at the address most relevant to you. You may also contact us at the Global Privacy Office. In some cases, where we are required to retain information by law or regulation, or to continue to manage a service you have requested, or to ensure that we honor your preferences, or for other necessary business purposes, we may not be able to delete certain personal information about you. Where offered, you also may update personal information about you online by modifying information that you previously have entered into forms or data fields on our web sites. Where permitted by law or our Cross Border Privacy Rules Policy, your ability to access and correct personal information will be limited where access and correction would: inhibit our ability to comply with a legal or ethical obligation, inhibit our ability to investigate, make or defend legal claims, result in disclosure of personal information about a third party, result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to us or a third party.

Note that in some cases, like social media listening, we are not the initial publisher of the personal information we may collect. We will do our best effort to honor your rights regarding what we collect, but it is your responsibility to contact the social media or web site to request data modification at the source level as required by the “right to be forgotten” concept available in some jurisdictions.

How long do we retain personal information?

We generally retain personal information for as long as reasonably needed for the specific business purpose or purposes for which it was collected and the duration of your use of our web sites, apps and other relevant online tools. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business, such as applicable rules on statute of limitations or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period.

What is our contact address for privacy questions?

Should you have questions about this policy or our information collection, use and disclosure practices, you may contact us via email to the Global Privacy Office or at the address most relevant to you. You may access this list of addresses online at http://www.msd.com/contact/contacts.html. When you contact us, please note the name of the web site or other online resource you used or to which you provided personal information, as well as the nature of any information that you provided. We will use reasonable efforts to respond promptly within 30 business days or less to requests, questions or concerns you may have regarding access to personal information about you collected online or our use of personal information about you.

We may contact you for follow up information and may share your inquiry with other individuals within our company or working for us that are responsible for functions related to the subject of your inquiry. Except where required by law or our Cross Border Privacy Rules Policy we cannot ensure a response to questions or comments regarding topics unrelated to this policy or our privacy practices.

In compliance with the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact us via email to our Global Privacy Office.

We have further committed to refer unresolved privacy complaints under the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF and the Swiss-U.S. Data Privacy Framework program complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

How will you know whether we have updated this policy?

We may update this policy periodically. We reserve the right to modify, add or remove portions of this privacy statement at its discretion. If we decide to change this policy, we will post those changes at this site so you always will know what information we gather, how we might use that information, and whether we will disclose it to anyone. If the changes we make to the policy are material, we also may post a notice on the web page Global Privacy Office prior to the effective date of the change, or, in some cases, may provide notice of the changes by e-mail.

If you have questions about this policy or wish to contact the Company with any other privacy related questions, please reach out using the contact information contained on your country/location’s Privacy home page at msdprivacy.com.