Data Privacy Declaration

General information

Thank you for your interest in the LANEXO^® System App (“App”) and our related website www.lanexo.com (“Website”) of Merck KGaA, Frankfurter Straße 250, 64293 Darmstadt, Deutschland, hereinafter referred to as “Company” or “we”. We take data protection and privacy issues very seriously and comply with the applicable national and European data protection regulations. Therefore, we would like to inform you with this declaration about data protection measures and which data we may store and how we use this data.

LANEXO^® System App and Website

The App is an application and the Website is a website that is operated by Company. The App is installed by the technical providers Google Play Store according to their conditions. The Website can be accessed through browsers available on your computer or other digital devices.

Is my contact or telephone connection data accessed?

No data of your contacts or telephone connections are collected.

Will my photos/videos or other device data be accessed?

There is no access to your photos/videos or other device data.

Is my location data accessed?

No data of your location will be collected.

Which connection data is collected automatically?

Each time a user accesses the App or the Website, the following data is automatically transferred to our web server for technical reasons:

• address of the requesting device
• date and time of access
• name and URL of the retrieved file
• transferred data volume
• access status (file transferred, file not found etc.)
• identification data of the browser and operating system used
• name of the provider of user’s internet access
• website from which access is made, if applicable

This data is collected, processed and used for the purpose of enabling the use of the App or the Website (connection setup), system security and technical administration of the network infrastructure. A comparison with other databases or a transfer to third parties, also in excerpts, does not take place. The legal basis for processing is Art. 6 para. 1 b GDPR.  The data we store and analyze are used exclusively for statistical purposes, so that we can continuously improve our services, for example.

Is other personal data collected and processed?

We collect and process your personal data only if you request certain services and we need your data for this purpose or if you have voluntarily given us your express consent. The legal basis for processing is Art. 6 Para. 1 b GDPR and Art. 6 Para. 1 a GDPR.

You can do this, for example, by completing a registration form or sending us an email, ordering products or services, submitting inquiries to us, requesting materials or registering. Unless otherwise required by law, we will only use your personal data for the purposes for which you have given your consent.

For special services such as newsletters, sweepstakes, etc. the respective special data protection provisions apply.

Which web analysis tools are used?

No tools are used for analysis.

Which cookies are used?

We use cookies on our App. If you do not want to take advantage of our cookies, you can find out in the help function of your browser how to set your browser to prevent it from accepting new cookies or deleting existing cookies. There you will also learn how to block your browser for all new cookies or which settings you have to make in order to receive a notification of new cookies.

The cookies that we currently use on the App are:

Cookie name: incap_ses_{Proxy-ID}_{Internal-Site-ID}
Cookie type: Session Cookie
Purpose: The cookie on which relate HTTP requests to a certain session (AKA visit – re-opening the browser and accessing same site is supposed to be considered different visits). Removed after browser closes Visitor-Cookie (AKA “Persistent Cookie”)

Cookie name: incap_visid_{Internal-Site-ID}
Cookie type: Visitor Cookie (AKA “Persistent Cookie”)
Purpose: The cookie on which we relate sessions to a specific visitor (visitor representing a specific computer). The only cookie that is persistent, for the duration of 12 months.

Cookie name: nlbi_{Site-ID}
Cookie type: Non-persistent Cookie
Purpose: To ensure requests by a client are sent to the same origin server. Non-persistent, expire when browser closes.

Cookie name: ___utmv*, added with proxy-id and site-id obfuscated
Cookie type: Testing Cookie
Purpose: Used for testing client behavior. Lives up to 900 seconds

If you want to learn more about cookies please visit: AboutCookies.org.

The legal basis for processing is Art. 6 para. 1 f GDPR, whereby Merck’s authorization arises from the fact that, on the one hand, Merck has an interest in evaluating the app data for purposes of app optimization and, on the other hand, a concerned person can reasonably foresee at the time when the personal data is collected and in view of the circumstances under which it is carried out (in particular the above-mentioned measures) that it will possibly be processed for this purpose.

Will my data be transferred to third parties, e. g. authorities?

At Company, those bodies within Company receive your data that are required to fulfill our contractual and legal obligations. Some data must be disclosed under strict contractual and legal requirements:

• Due to legal obligation:
  In certain cases, we are required by law to transfer data to a requesting public authority.
  Upon submission of a court order, we are obliged pursuant to § 101 of the German Copyright Act to provide owners of copyright and ancillary copyrights with information about customers who are alleged to have offered copyright-protected works on internet file-sharing sites. In these cases, our information contains the user ID of an IP address allocated at the time requested and, if known, the name and address of the customer.
  In other respects, personal data will only be transferred to state institutions and public authorities within the framework of mandatory national legal provisions or if disclosure is necessary in the event of attacks on the network infrastructure for legal or criminal prosecution. The legal basis for processing is Art. 6 Para. 1 c GDPR or § 24 Para. 2 No. 1 German Federal Data Protection Act.
• To external service providers for data processing:
  When service providers get access to our customers’ personal data, this usually takes place in the course of so-called order processing of personal data. This is expressly provided for by law. In this case, we remain responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which we ensure by means of strict contractual regulations, technical and organizational measures and supplementary controls.
  We work with service suppliers as processors. These are Company’s affiliates and service providers for IT services (e. g. for technical-administrative tasks and for usage analysis), telecommunications, consulting and advisory services as well as sales and marketing.
  The data protection regulations for instruction-bound order processing of personal data are complied with.
• To Company’s affiliates:
  We may transfer your personal data to Company’s affiliates in order to carry out a business relationship with you or for the purposes of legitimate interests.
  If data are transferred abroad, they are based within the EU or the EEA or in a country which, according to the decision of the EU Commission, has an appropriate level of data protection. In the case of data transfers to Company’s affiliates domiciled in other countries, we ensure by way of guarantees that the data-importing Company’s affiliates have been obligated to an appropriate level of data protection.

Beyond this, we do not transfer data to third parties unless you have given your express consent, the transfer is obviously necessary for the provision of an offer or service requested by you or this is provided for by law. We also do not intend to transfer your data beyond this to a third country or international organization.

How long will my data be stored?

We store data for as long as it is legally necessary or necessary for the provision of the service requested by you, or as long as it has been agreed upon in a declaration of consent.

Does the App send push notifications?

Push notifications are messages that are sent from the App to your device, where they are prioritized and displayed. The App uses push notifications only for notifications that, for example, a payment service has been successfully added or deleted. You will also receive push notifications of the latest offers from your favorite retailers in the Coupon Service. You can disable receiving push notifications at any time in your device’s settings.

Do I have a right to information and rectification of my stored data? What other rights do I have with regard to my stored data?

You may at any time and free of charge request information about the scope, origin and recipients of the stored data as well as the purpose of the storage; in addition, you have the right to rectification, erasure or restriction of the processing of your data in accordance with data protection regulations, a right to object to the processing as well as a right to data portability. Please note that there is a right of appeal to a supervisory authority.

Can I withdraw my consent to the use of my data?

You have the right to withdraw your consent to the use of your data at any time. Just send an email to LANEXO@merckgroup.com or send a letter to the following address:

Merck KGaA, Frankfurter Straße 250, 64293 Darmstadt, Deutschland

The data processing performed on the basis of your consent is legal until the time of withdrawal.

Who is my contact person if I have questions about data protection?

If you have any questions or comments, please feel free to contact our Group Data Protection Officer at any time:

Merck KGaA
Group Data Protection Officer
Frankfurter Strasse 250
64293 Darmstadt privacy@merckgroup.com

Please find the contact details of the Merck entities here.

How long is this data privacy declaration valid?

This data privacy declaration is up-to-date and dates from 01.03.2020. We reserve the right to amend the data privacy declaration at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies.