MERZ EPHARMACY PRIVACY POLICY – MAY 2018

WHO WE ARE

HOW DO YOU USE MY DATA?

WHAT ABOUT TECHNICAL INFORMATION AND ANALYTICS?

COOKIES

WHERE IS MY DATA STORED?

HOW LONG DO WE RETAIN YOUR DATA FOR?

YOUR RIGHT TO OBJECT UNDER DATA PROTECTION LAWS

WHAT ARE MY RIGHTS UNDER DATA PROTECTION LAWS?

WHAT ABOUT WEBSITES WE LINK TO?

WHEN WILL YOU CHANGE YOUR PRIVACY POLICY?

HOW DO I CONTACT YOU WITH FEEDBACK?

This webpage sets out when and how we use your personal information that you or others provide to us.

 

WHO ARE WE

We are Merz Pharma UK Limited, a company registered in England under company number 4703428.

Our registered address is 260 Centennial Park, Elstree Hill South, Elstree, Hertfordshire, WD6 3SR.

We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our data protection officer by email at protectiondata@merz.com.

HOW DO YOU USE MY DATA?

When you register for our services

When you become a member and register for ePharmacy, we will use your personal information to process your registration and provide our services to you. The details we collect from you when you become a member include your name, address, email address, telephone number and professional registration number.

To complete your membership application, we may share your personal information with our subcontractors who are involved in the membership application process, such as payment providers, as well as credit reference agencies who we use to assess fraud, credit and/or security risks. We also verify your personal data against your professional regulatory authority.

We need to process your personal information in this way to register you as a member and provide you with the registered membership services that you have subscribed to.

When you purchase products through our website

When you purchase products through our website, we will use your personal information to complete your purchase. The details we collect from you will include your name, address, email address, phone number and payment details.

To complete your purchase, we share your personal information with our subcontractors who are involved in the purchase process, such as payment providers, as well as credit reference agencies who we use to assess fraud, credit and/or security risks and delivery companies.

We need to process your personal information in this way to enter into and perform the contract for the products you have purchased from us.

When you contact us by phone or email

When you phone us or contact us by email with general queries, we may also handle your personal information (your name, contact details and the other details you provide to us) in order to provide the customer services you have asked us to and respond to you. This could be when you ask us to provide more information about certain products or treatments, provide a quote, or to explain how our site works. We may keep a record of our correspondence with you.

We need to process your personal information in this way in order to provide our services to you in the best possible way and fulfil our obligations under the contract we have or may have with you.

To answer queries or provide you with pharmacy service notifications

We may handle your personal information to contact you via phone or email if we have a prescription or payment query, and we may keep a record of our correspondence with you. We need to process your personal information in this way in order to provide our services to you in the best possible way and fulfil our obligations under the contract we have or may have with you.

We may also use your personal information to contact you via phone, email or post if there are any changes to our pharmacy service, including if there are any changes to the products we offer on our ePharmacy website, price changes, stock issues, changes to our pharmacy opening hours, planned maintenance and upgrade work of our ePharmacy website, or if there are any issues with the ePharmacy website.

To make our site better

We may use your personal information for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

We process your data for this reason because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.

You can prevent us from using your personal information in this way by using the 'do not track' functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.

To seek feedback

From time to time we may use your personal information (such as your name, email address or postal address) to ask for feedback on our website and services.

We process your data for this reason because we have a legitimate interest to provide you with the best experience we can.

If our business is sold

We will transfer your personal information to a third party:

  • if we sell or buy any business or assets, we will provide your personal information to the seller or buyer (but only to the extent we need to, and always in accordance with data protection legislation); or
  • if Merz Pharma UK Limited or the majority of its assets are acquired by somebody else, in which case the personal information held by Merz Pharma UK Limited will be transferred to the buyer.

We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the relevant seller or buyer of our business may not be able to provide services to you.

When Merz is required to comply with a legal obligation

In some circumstances we may also need to record or share your personal information if we are under a duty to record, disclose or share it to comply with a legal obligation.

WHAT ABOUT TECHNICAL INFORMATION AND ANALYTICS?

Information we collect about you: When you visit our site we will automatically collect the following information:

  • technical information, includitechnical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

COOKIES

Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer.

Cookie

Purpose

sessionid

This cookie enables us to track your session in the website. It is critical to the site performance.

csrftoken

This cookie enables us to ensure we have a secure and encrypted connection whenever you send data to the server.

__utma

This cookie provides site analytics.

__utmb

This cookie provides site analytics.

__utmc

This cookie provides site analytics.

__utmt

This cookie provides site analytics.

__utmz

This cookie provides site analytics.

 

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, which we do not have any control over. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

Except for essential cookies, all cookies will expire after 2 years.

 

WHERE IS MY DATA STORED?

 Some entities within the Merz Group (and many of our external third parties) may be based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside of the EEA.

Whenever we transfer your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards is in place:

  • by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;
  • by using specific contracts approved by the European Commission which give your personal information the same protection it has in the EEA;
  • where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

To keep this privacy policy as short and easy to understand as possible, we have not set out the specific circumstances when each of these protection measures are used. You can contact us at protectiondata@merz.com for the details as to how we protect specific transfer of your data.

All information you provide to us is stored on our secure servers or those of our third party data storage providers.

 

HOW LONG DO WE RETAIN YOUR DATA FOR?

Where you are a registered user of ePharmacy, we will retain your data for as long as you are registered, to ensure that we are able to assist you should you have any questions, feedback or issues in connection with your account or if any legal issues arise.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or accounting requirements.

To determine the appropriate retention period for the personal information we hold, we consider the amount, nature and sensitivity of the personal information, the risk of harm from unauthorised use or disclosure of your personal information, the reasons why we handle your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances (such as for product analysis purposes) we may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

YOUR RIGHT TO OBJECT UNDER DATA PROTECTION LAWS

You have the right to object to us handling your personal information when we are handling your personal information based on our legitimate interests (as described in the “How do you use my data” section above). If you ask us to stop handling your personal information in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your personal information should continue.

 

WHAT ARE MY RIGHTS UNDER DATA PROTECTION LAWS?

You have various rights under the data protection laws, which you can exercise by contacting us. The easiest way to do this is by email at protectiondata@merz.com.

Right of access

You are entitled to receive confirmation as to whether your personal information is being processed by us, as well as various other information relating to our use of your personal information.

You also have the right to access your personal information which we are handling.

Right to rectification

You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.

Right to restriction

You can restrict our processing of your personal information where:

  • you think we hold inaccurate personal information about you;
  • our handling of your personal information breaks the law, but you do not want us to delete it;
  • we no longer need to process your personal information, but you want us to keep it for legal reasons; or
  • where we are handling your personal information because we have a legitimate interest (as described in the “How We Use Your Data” section above), and are in the process of objecting to this use of your personal information.

Where you exercise your right to restrict us from using your personal information, we will then only process your personal information when you agree, except for storage purposes and to handle legal claims.

Right to data portability

You have the right to receive your personal information in a structured, standard machine readable format and to send this to another organisation controlling your personal information.

This right only applies to your personal information we are handling because you consented to us using it or because there is a contract in place between us.

Right to erasure

You have the right to require us to erase your personal information which we are handling in the following circumstances:

  • where we no longer need to use your personal information for the reasons we told you we collected it for;
  • where we needed your consent to use your personal information, you have withdrawn your consent and there is no other lawful way we can continue to use your personal information;
  • when you object to our use of your personal information and we have no compelling reason to carry on handling it;
  • if our handling of your personal information has broken the law; and
  • when we must erase your personal information to comply with a law we are subject to.

Right to complain

You have the right to lodge a complaint with the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.

 

WHAT ABOUT WEBSITESWE LINK TO?

Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates.

Our site may connect you to different websites. If you follow a link to any of these websites or use our services, please note that you have left our site and these websites have their own privacy policies.

We do not accept any responsibility or liability for these policies or websites. Please check their policies before you submit any personal information to these websites.

 

WHEN WILL YOU CHANGE YOUR PRIVACY POLICY?

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or post.

Please check back frequently to see any updates or changes to our privacy policy.

 

HOW DO I CONTACT YOU WITH FEEDBACK?

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to protectiondata@merz.com.

This privacy policy was last updated in May 2018.