HCP Privacy Notice
This HCP Data Privacy Notice describes how EMD Serono processes the personal data of healthcare professionals, which personal data we collect and informs you of your rights under data protection laws.
1. Preamble
This HCP Data Privacy Notice describes how EMD Serono ("EMD Serono", "us", "we") processes the personal data of healthcare professionals ("HCP", "you"), which personal data we collect and informs you of your rights under data protection laws.
Should you have questions or queries regarding the processing of your personal data, please contact our Group Data Protection Officer via privacy@emdgroup.com or the other contact details provided below.
2. General Information
This section is about the controller of your personal data, how you may contact the controller and which rights you have as a data subject in this context.
2.1. Controller
The data controller means the person who determines the purposes and means of the processing of your personal data. For the processing activities described in this notice, Merck KGaA, Darmstadt, Germany is data controller. EMD Serono is the healthcare business of Merck KGaA, Darmstadt, Germany.
Merck KGaA, Darmstadt, Germany
Frankfurter Strasse250
64293 Darmstadt, Germany
Phone: +49 6151 72-0
Telefax: +49 6151 72-2000
2.2. Data Protection Officer
We have appointed a Group Data Privacy Officer, whom may be contacted at:
GROUP DATA PRIVACY OFFICER
Merck KGaA, Darmstadt, Germany
Frankfurter Strasse 250
64293 Darmstadt, Germany
Phone: +49 6151 72-0
privacy@emdgroup.com
You may exercise your data protection rights by submitting a request directly in our Data Privacy Portal.
3. The Processing Activities in Detail
We process your personal data for different purposes which we will explain in detail in this section.
3.1. How do we collect personal data about you?
We collect personal data about HCPs when we engage with you, e.g., when you send us a request, when we conclude a contract, collaborate in a scientific project or when you meet with our representatives who inform you about our products or scientific studies.
We also collect personal data from public sources or specialized third parties to learn more about professional qualifications, fields of expertise, publications or professional activities of HCPs. The information is important for us to identify potential collaboration partners (e.g., for speaker engagements or studies) and to communicate and advise you according to your interests and preferences.
This includes the following data categories:
- Your contact information (e.g., name, title, address, gender, telephone numbers, email address);
- Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, qualifications);
- Publications, speaker engagements, professional activities.
We provide more details about the data we collect about you and about the purposes in the following sections.
3.2. Processing purposes and related data categories
3.2.1. Collaborations with HCPs
EMD Serono processes the personal data of HCPs for the initiation and performance of contracts, in particular to identify, select and collaborate with HCPs for our research and development, medical and scientific activities (such as clinical trials or other scientific studies), consultancy services and speaker engagements.
This processing activity may include the following data categories:
- Your contact information (e.g., name, title, address, gender, telephone numbers, email address, place of work, etc.) and payment data (e.g., bank account, payments);
- Data about publications, expertise, track record and estimated level of recognition (which we also collect from publicly available sources and through third parties);
- Data about the performance of the contract (such as presentations, notes from meetings, study results) and our experience from previous meetings and collaborations.
The processing of this personal data is necessary for the performance of a contract with you as an individual or is necessary to safeguard our legitimate interests of conducting business with your employer. Without your provision of your data, we cannot establish and maintain contact with you in the context of the specific contract.
3.2.2. Questions about our products, services and EMD Serono
When you contact us with questions about our products or about EMD Serono, we analyze such questions to answer them and provide you with the required information.
This includes the following data categories:
- Your contact information (e.g., name, title, address, gender, telephone numbers, email address). details on your profession (e.g., job title, position, place of work);
- Any further information you provide to us, e.g., in the process of your request or which is otherwise required to answer your request.
The processing of this personal data is necessary for the performance of a contract or to serve our legitimate interest in providing the requested information to you.
3.2.3. Pharmacovigilance – information about adverse events
If you share information with us about potential adverse events relating to our products, we process such data according to our privacy notice on pharmacovigilance.
We are required by law to process any information we receive about adverse events, quality complaints and/or other issues related to the safety or quality of EMD Serono products. If you provide us with relevant information about EMD Serono products (e.g., through our website), we will evaluate and verify your information. For this purpose, we may also contact you if we have any questions.
We are also required by law to report significant adverse events to health authorities worldwide. If we inform health authorities, we adhere to our obligations which typically include pseudonymizing or deidentifying patient data. We may also share this information with other EMD Serono companies or affiliates when they are, in turn, required to make reports to the health authorities.
3.2.4. Providing scientific information to HCPs
We may engage with you by meeting you or sending materials to you with scientific content that may be of interest for your area of expertise. We select the information and how we engage with you based on the following categories of personal data:
- Your contact information (e.g., name, title, address, gender, telephone numbers, email address, place of work, etc.);
- Data about publications, expertise, track record and perceived level of recognition (which we also collect from publicly available sources and through third parties).
The processing of this personal data is necessary to serve our legitimate interest in selecting and providing relevant information to HCPs according to their expertise and resume.
3.2.5. Access to EMD Serono content and services on restricted websites
Access to certain content about products, seminars, events or other information from EMD Serono may be restricted to HCPs under applicable laws. To provide you access to such content and our services on such websites, you may need to register or verify that you are eligible to access the restricted content.
We collect data about the services you use online (seminars, etc.).
This includes the following data categories:
- Your contact information (e.g., name, title, address, gender, telephone numbers, email address, place of work, etc.);
- Data about services you select and services you attend online (such as webinars or Q&A sessions) and when/how often you log in;
- Based on your choice, data about your browsing behavior.
The processing of these personal data is necessary for the performance of a contract or to serve our legitimate interest in selecting and providing relevant information to HCPs according to their interests, behavior as well as to improve our services.
3.2.6. Engaging with you and making information available to you; analyzing information and profiling
We contact and engage with you to inform you about our products and services, in particular when our sales representatives visit you or meet you at events (online or offline). If you consent, we may also contact you via email newsletter.
We strive to present you with only information that may be of interest to you and want to communicate with you seamlessly through multiple channels without providing redundant information. We use profiling procedures to optimize and personalize our relationship and our information that we make available to HCPs. To optimize and personalize the information, we create profiles and assign HCPs to specific segments on the basis of such profiles which may include combining data from our affiliate companies. On the basis of this segmentation, we can manage the type, content and frequency of specific communication measures for specific target groups. For profiling purposes, we use data that we receive from you as part of our relationship. This includes personal data like your purchasing behavior and browsing behavior. Profiling may be based in particular on usage data that we create with the customer's consent by measuring and evaluating the customer's interaction with electronic advertising, in particular by measuring and evaluating the open and click rate in email newsletters.
For these purposes, we use the data described in this section 3.
The processing of these personal data is necessary to serve our legitimate interest in selecting and providing relevant information to HCPs according to their interests and behavior as well as to improve our services.
4. Data Retention
We may retain your Personal Information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements. We strive to retain your Personal Information no longer than is reasonably necessary to carry out the purposes listed in this Policy or as required by law. Under certain circumstances, your data may also be kept longer, e.g., if a Legal or Litigation Hold (i.e., a ban on deleting data for the duration of the procedure) is ordered in connection with official or legal proceedings. We retain your Personal Information following the end of your services or other business relationship in accordance with applicable law and our record retention and destruction policies. Data without any personal identifiable information may be stored permanently.
Should you have questions or queries regarding the retention and deletion of your personal data, please contact our Group Data Protection Officer via privacy@emdgroup.com.
5. Recipients of Personal Data
We may transfer your personal data to third parties, such as our service providers, financial institutions to process payments, lawyers and auditors, etc. to the extent required to meet our business objectives and fulfill our Services. For this purpose, we enter into adequate data protection agreements with these parties to the extent legally required and in this context require that such recipients agree on technical and organizational measures to protect your personal data adequately.
We might also transfer personal data to and receive data from our affiliate companies for the purposes described in this data protection notice.
6. Your Data Protection Rights
You have or might have the following data protection rights:
- Right of access: You have the right to obtain information on the processing of your personal data and to receive a copy of these data.
- Right to rectification: You have the right that we correct or complete your inadequate, incomplete or inaccurate personal data.
- Right to erasure: Under certain circumstances, you have the right that we delete your personal data.
- Right to restriction of processing: Under certain requirements, we restrict the processing of your personal data upon your request.
- Right to data portability: You might have the right to receive your personal data in a structured, common and machine-readable format and request that these data are transferred to another data controller.
- Right to object: If we base processing on our legitimate interest, you may have the right to object on grounds relating to your particular situation at any time to the processing of personal data concerning you.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.
6.1. Exercise your data protection rights
You may exercise your data protection rights by submitting a request in our Data Privacy Portal. We take our responsibility for the protection of your rights very seriously. Our privacy team will review your request and provide a response.
6.2. Withdrawal of consent
If you consented to the processing of your personal data, you may withdraw this consent at any time in the future. We will stop the processing of your personal data, unless we have a legal permission to do so. Please note that your withdrawal has effect for future processing operations only and does not make data processing operations, which we executed before such withdrawal, unlawful.
To withdraw your consent, you may send an email to privacy@emdgroup.com. If you withdraw your consent, you may no longer be able to use the services affected by the withdrawal. Apart from that, you will not suffer any further disadvantages.
If you do not specify your withdrawal to a specific processing operation, we will assume that you withdraw your consent regarding all processing of your personal data that is based on your consent.
This HCP Data Privacy Notice is up-to-date and dates from May 2022. We reserve the right to amend this notice at any time, in particular to adapt it to a further development of the website or the implementation of new technologies.