MSD (Finland) AS (“MSD”) process personal data under this Privacy Notice and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679; the "GDPR") and other applicable national data protection laws in Finland("Data Protection Law").
This notice describes how we process personal data in connection with:
- Cookies used on our websites.
What are your rights and choices?
We have a legal obligation to ensure that your information is kept accurate and up to date. We invite you to assist us to comply with this obligation by ensuring that you inform us of any changes to your information by contacting us at e-mail address firstname.lastname@example.org , and/or updates to your preferences.
You may at any time exercise your rights in relation to your personal data that we process:
- Right to access and rectification: You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing. You also have the right to request that inaccurate or incomplete personal data be corrected.
- Right to object: You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of your personal data on a legitimate interest.
- Right to erasure: You may also request that your personal data be erased if e.g. the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to enable us to comply with a legal requirement.
- Right to Data Portability: If personal data about you that you yourself have provided is being processed automatically with your consent or in accordance with a contract between you and MSD, you may request that the data is provided in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
- Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
- Opt-out from marketing: We will also give you the opportunity to opt out of future marketing whenever we send you marketing material, you can also opt out at any time by contacting us.
Note that there may be situations where our confidentiality and other obligations under applicable legislation may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights. Except where prohibited by the GDPR or the Data Protection Law, we may deny your choice where a particular choice request would impede our company in its ability to: (1) comply with a law or an ethical obligation including where we are required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (2) investigate, make or defend legal claims, and (3) perform contracts, administer relationships, or engage in other permitted business activities that are consistent with transparency and purpose limitation principles and were entered into in reliance on the information about people in question. Within fifteen business days of any decision to deny a choice request in accordance with this Notice, we will document and communicate such a decision to you.
If you have any complaints about how we process your personal data, or would like further information, please contact us at any time.
If you wish to file a complaint with a national supervisory authority regarding our processing of your personal data, you may do so by contacting your local data protection authority ("local" meaning where you live or work, or where an alleged data breach has occurred. The relevant authority in Finland is Datainspektionen (www.datainspektionen.se).
What data is collected and for which purpose on this website?
We want to have the opportunity to keep in touch with you and tell you about matters that are important to you. Through the various MSD websites it is possible to sign up for newsletters, receive branded and unbranded materials, and apply for jobs.
MSD collects data through the following channels and for the following purposes:
- Univadis: is a portal for healthcare professionals through which we may send you medical information, invitations to educational events, articles and surveys. When joining or subscribing to the portal, you are requested to submit your email address. The personal data is used for the purpose of sending the type of content you have requested and for marketing our products and services. We will use the personal data that you provide in connection with Univadis for these purposes until you inform us that you no longer want to receive such information from us. This use of your personal data is based on you having consented to us to do so. You can terminate your subscription with us at any time by clicking the "unsubscribe" button in any of our send outs or by contacting us at email address email@example.com .
- Cookies: Cookies help us make your experience on our web sites more efficient and relevant for you. Cookies serve many functions. They can help remember your user name and preferences, analyze how well our web sites are performing, and enable us to recommend content that we believe may be most relevant to you. Most cookies identify your device’s web browser rather than identifying you personally, however, as described further below, certain cookies can be linked to other personal information we collect from or about you.
We use both session cookies, which are temporary cookies that are erased from your device’s memory when you close your Internet browser or turn your computer off, and persistent cookies, which are stored on your device until they expire, unless you delete them before that time.
Session cookies enable our web sites to remember your preferences on our web sites during the duration of your visit to our web site and until you close your web browser, such as whether you have identified yourself as a health care professional or a resident of a particular country.
Certain types of persistent cookies, which we refer to as analytics cookies, enable us to tell whether your device’s Internet browser has been used to visit our web sites before as well as which pages you have visited on our websites. If you register an account on one of our web sites, persistent cookies, which we refer to as registration cookies, enable our web sites to remember you personally when you visit our web sites in the future. If you are signed in to our web sites, we may combine information about you from registration cookies and analytics cookies to identify which pages you have visited on our web sites.
Any such data disclosed by you will immediately be deleted unless we have a reason and right to use the data under the GDPR and Data Protection Law. Personal data submitted by you will be used only for the purposes specified in the relevant part of this website.
What kind of other personal data does MSD collect and for what purpose?
We collect information provided to us by or on behalf of our clients or generated by us in the course of providing services to our stakeholders. This collection of data is based on our legitimate interest when providing professional legal services.
We also use personal data collected in connection with adverse event reporting to fulfill our statutory duties in relation to pharmacovigilance.
The personal data collected relates to identification, contact details and matter-related background information provided by our clients, their representatives or their counterparties.
We will store personal data related to our matters for as long as we are required under applicable legislation.
In some cases your personal data have been supplemented by information retrieved from other sources, including searches via publicly available search engines and social media.
How is the data processed?
MSD will only process personal data for the purposes for which it was collected and as set out above, and personal data will only be available to authorized employees holding a position that requires them to process personal data to perform their work. Personal data is not processed for no longer than is necessary for the particular purpose. We fully comply with our statutory retention obligations and our internal retention time policies.
MSD has taken appropriate technical and organizational measures to keep your personal data secure to ensure that only authorized persons are given access to the personal data. We also have internal policies in place for secure processing of personal data.
Is data transferred or disclosed to third parties?
We will not disclose personal data to any third parties unless required to do so under the Data Protection Law or to perform services for our stakeholders.
However, your personal data may be transferred to and processed by third-party providers which perform services for MSD (data processors) to enable these companies to perform the services requested by MSD.
Only personal data that is necessary to fulfill the purposes stated above will be provided to these companies. All third-party providers must follow our instructions and applicable written data processor agreements and any other agreements that are in place between MSD and its third-party providers, and must implement appropriate technical and organizational measures for the protection of the personal data.
Where is your data processed?
We process personal data on servers in the EU/EEA. In addition, we process personal data in the United States, and as such we need to transfer your information to a location outside of the EU/EEA. The level of information protection in countries outside the EU/EEA may be lower than that offered within the EEA. Where this is the case, we will implement appropriate measures under the GDPR to ensure that your personal information remains protected and secure.
MSD complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. MSD has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. In addition, MSD has entered into Binding Corporate Rules which have been approved in the European Union.
MSD is the controller of the personal data for the purposes described above. The contact details of our offices can be found at www.msd.fi.
If you have any questions regarding MSD's processing of personal data, please feel free to contact our data protection team at: firstname.lastname@example.org.
MSD appointed Aptus Health International, Inc. 55 Walkers Brook Drive, Suite 500, Reading MA 01867, USA ("Aptus Health") as a data processor ensuring the management of Univadis on its behalf and on its instructions. As a consequence, your personal data is handled and processed in accordance with MSD’s privacy policies, security measures and guidance.
Univadis is operated by Aptus Health. Aptus Health is a wholly-owned subsidiary of Merck & Co., Inc., Kenilworth, NJ, USA, which operates as MSD outside of the U.S. and Canada. Aptus Health has its own independent employees, editorial process, business and financial operations, and governance. More information can be found on www.aptushealth.com.