Privacy Policy

Home / Privacy Policy


Data protection

Merz attaches great importance to the protection of personal data.

Merz processes your data in accordance with the data protection provisions set forth in the German Federal Data Protection Act (Bundesdatenschutzgesetz–BDSG), specifically in the version applicable as of 25 May 2018, and in Regulation (EU) 2016/679 (General Data Protection Regulation–GDPR).

A. Responsibility for the processing of your personal data

The data controller that is responsible for the processing of your personal data within the meaning of Art. 4 (7) GDPR is Merz Pharmaceuticals GmbH (hereinafter “Merz”).

B. Data that is processed as part of various data processing situations

  1. What types of data are processed when a person visits a Merz website?
    When a person visits a Merz website, Merz’s servers automatically store various data conveyed via that person’s accessing system. These data include the type of browser, the browser version and the operating system used, the website from which the Merz website is accessed, the Merz website sub-pages that are accessed, the date and time of such access, the internet protocol address (IP address), the internet service provider and any data comparable with the aforementioned data. Merz uses these data to render its website accessible, to identify and remedy any technical problems that may arise, and to prevent and, if necessary, take action against any abuse of Merz’s services. Merz moreover uses this data in anonymised form–that is, without being able to infer the user’s identity from the data provided–for statistical purposes and for purposes of improving its websites. The legal basis for processing personal usage data is Art. 6 (1) Sentence 1 (f) GDPR.
  2. Which data are processed in areas with restricted access?
    Certain areas of Merz’s websites can only be accessed by medical professionals and are subject to advance registration. The registration process requires users to provide certain information, such as their user name, e-mail address, etc. Merz uses this information exclusively for purposes of creating and managing user accounts, identifying authorized users, and offering users the functions they require. The legal basis for processing the personal data described above is provided in Art. 6 (1) Sentence 1 (b)
  3. How are cookies used?
    The Merz websites use cookies. Cookies are small text files that are stored on the user’s data carrier and that, via the browser, exchange certain data as well as settings-related information with Merz’s system. A cookie normally contains the name of the domain from which the cookie data were sent, information about the cookie’s age, and an alphanumeric identifier.
    If a user visits the password-protected area of a Merz website, session cookies are used for the duration of that user’s visit. These enable Merz to avail of the user-friendly single sign-on method as a means of authenticating users and controlling access to the various password-protected areas of its websites. This method enables users to move around the website’s entire password-protected area without having to log in to each area separately. Cookies are also used to collect information on how users use and navigate Merz’s websites, and what specific areas and products they are interested in. This information in turn enables Merz to improve its websites and the online experiences of website users. The information stored in the cookies is neither used to identify the user nor is it combined with other stored personal data concerning the user. The legal basis for processing personal data in connection with the use of cookies is Art. 6 (1) Sentence 1 (f) GDPR. 

    Users can deactivate or restrict the transmission of cookies by changing the settings of their internet browsers accordingly. Any cookies already stored can be erased at any time. Such erasure can be automated. If a user deactivates cookies for the Merz websites, he/she may not be able to make full use of all the websites’ functions.

  4. How is Google Analytics used?
    The Merz websites also use functions provided by the web analysis service Google Analytics. The provider of this service is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google is certified under the EU-U.S. Privacy Shield framework. Google Analytics also uses cookies. The cookie-generated information about the use of this website is generally transmitted to a Google server in the US and stored there. The Merz websites use Google Analytics with the added code “anonymize IP”. This means that all user IP addresses collected by the Google analytics cookie are truncated within Member States of the European Union and states party to the Agreement on the European Economic Area before they are transmitted to the US. Only under exceptional circumstances is the full IP address transmitted to a Google server in the US and then truncated there.
    The information about the Merz websites that is generated by the Google Analytics cookie is then used by Google on behalf of Merz to evaluate the use of the website, to compile reports on website activity and to provide Merz with other services relating to website activity and internet usage. The IP address that, as a result of Google Analytics activity, is transmitted by the accessing system’s browser is not combined with other data held by Google. Further information on the conditions of use and data protection is available at or at The legal basis for processing personal data in connection with the use of cookies is Art. 6 (1) Sentence 1 (f) GDPR. 

    The user can prevent Google from collecting and processing the cookie-generated data relating to his/her use of the website by downloading and installing the browser plug-in available at the following link: Another means of preventing Google Analytics from processing data is by clicking on the following link: this link sets an opt-out cookie, which then prevents Google Analytics from collecting the user’s data during any future visits to Merz websites. Users can deactivate or restrict the transmission of cookies by changing the internet browser settings accordingly. Any cookies already stored can be erased at any time. Such erasure can be automated. If a user is willing to accept cookies used by Merz, but not cookies used by Merz’s service providers and partners, then he/she can select the “Block only third party cookies” setting in his/her browser.

  5. Use of Google Maps
    This website uses the Google Maps API, which for example displays the locations of Merz companies and of nearby medical specialists to the user. If the user accesses the Google Maps maps on the Merz websites, certain technical data pertaining to the user’s accessing system (e.g. your postal code or IP address) will be transmitted to servers of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google is certified under the EU-U.S. Privacy Shield framework. For further information on Google’s data privacy policies, go to The legal basis for processing personal data using Google Maps is provided in Art. 6 (1) Sentence 1 (f) GDPR. 

    The user can also take measures to prevent the transmission of his/her data to Google, namely by refraining from using the maps integrated into the Merz websites.

  6. Social media plug-ins
    The Merz websites use social media plug-ins of Facebook ( Social media plug-ins can be recognised by the logo of the respective plug-in provider that they feature and, in the case of Facebook, also by the additional “Like” and “Share” buttons.
    The providers of social media plug-ins usually use such plug-ins to record the IP address and other activities of the users as soon as they access the corresponding web pages. To prevent this, the Merz websites use the so-called Shariff solution. This solution only allows the user’s data to be forwarded once that user clicks on the plug-in. If the user is simultaneously logged into his/her account with the social network that operates the plug-in featured on the Merz websites, then the data in question may be linked to that user’s account. Further information on the protection of personal data by the providers of plug-ins is available at The legal basis for processing personal data in connection with social media plug-ins is provided in Art. 6 (1) Sentence 1 (f) GDPR. 

    The user can also take measures to prevent the transmission of his/her data to the providers of social media plug-ins, namely by refraining from clicking on plug-ins integrated into the Merz websites.

  7. For how long will my personal data be stored?
    The personal data concerning visitors to our website will be erased as soon as knowledge thereof is no longer required for the purposes described above, unless statutory provisions stipulate that the data be stored for a longer period. Usage data is generally stored for a period of 4 days.

C. Processing where direct contact with Merz IS made (e.g. via contact form or email)

If you contact Merz directly, e.g. via a contact form on a website or via email, then the personal data you transmit to Merz as a result, e.g. your email address, your name, the content of your enquiry, etc., will be used solely for processing the respective enquiry. Your data may be passed on to other Merz companies if this is necessary to respond to your inquiry. Only the data required for such response is passed on. An overview of the Merz companies is provided here Depending on the manner in which contact was made, the legal basis for processing the aforementioned data is Art. 6 (1) Sentence 1 (b) or (f) GDPR. If data is transmitted to Merz companies outside the European Union or European Economic Area in order to respond to your inquiry, then Merz undertakes that it has adopted the European Commission’s standard contractual clauses for these countries and has thus provided the requisite additional safeguards for the protection of personal data. These can be accessed and perused here:

D. Passing on personal data to (other) third parties

Merz relies on the support of specialized technical service providers for the technical processing of personal data. These service providers are carefully selected and are legally and contractually committed to ensuring a high level of data protection. The legal basis for our partnerships with these service providers is Art. 28 GDPR.
In individual cases, Merz works with companies and other entities that have special expertise in specific areas or subject knowledge (such as tax auditors, lawyers, and consulting firms, for example). These entities are either subject to a professional duty of confidentiality or have been obliged by Merz to maintain confidentiality. If it is necessary to pass personal data on to these agencies, then the legal basis for this is Art. 6 (1) Sentence 1 (f) GDPR.
Merz will only pass on personal data to third parties for purposes other than those specified in this Privacy Policy if there is a legal obligation to do so or if you have provided your express consent to such disclosure.

E. Duration of the retention of your data

Unless otherwise stated in this Privacy Policy, personal data will be erased by Merz if it is no longer needed for the purposes for which it was processed and if the retention periods prescribed by law have expired. Contractually relevant data are usually erased ten years after the termination of the respective contract with Merz.

F. Rights in relation to data processing

If you would like detailed information on the personal data that has been stored by Merz about you, you can contact Merz. You may also request to receive information about any data that you have provided to Merz in accordance with applicable law in a structured, commonly used, and machine-readable format, or you may also request Merz to submit such information to a third party. If you discover that personal information that has been stored about you is incorrect or incomplete, you may request that such data be immediately corrected or completed at any time. If the requirements stipulated in Art. 17 and 18 GDPR are met, you may also request the erasure of your personal data or that processing of it be restricted. You also have the right to lodge a complaint with the relevant supervisory authority for data protection issues.

In so far as the processing of your personal data is based on legitimate interests as per Art. 6 (1) Sentence 1 (f) GDPR, you are invariably entitled to object to such processing based on reasons arising from your particular situation. This entitlement also applies to any profiling that is conducted on the basis of the above provision. Merz will then no longer process the personal data unless Merz can prove compelling legitimate grounds for data processing that override your interests, rights and freedoms, or the data processing is for the purpose of establishing, exercising or defending legal claims. If personal data is processed for the purposes of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to any profiling insofar as it is associated with such direct advertising.

G. Contact data

If you have any questions about how Merz processes personal data or about exercising your rights against data processing, you can contact Merz at any time. Please send all inquiries to: The data privacy officer at Merz can be contacted at: