This webpage sets out when and how we use your personal information that you or others provide to us.
For information about how Merz handles personal information, please see our Global General Data Protection Information Notice at https://merz.com/app/uploads/2019/06/Fair-Information-Notice_Merz.pdf
WHO WE ARE
We are Merz Pharma UK Limited, a company registered in England under company number 4703428.
Our registered address is 260 Centennial Park, Elstree Hill South, Elstree, Hertfordshire, WD6 3SR.
We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our data protection officer by email at dataprotectionUK@merz.com
HOW DO YOU USE MY DATA?
When you register to use the Belotero Resource Portal as a registered healthcare practitioner
When you become a member and register for the Belotero resource portal, we will use your personal information to process your registration and provide our services to you. The details we collect from you when you become a member include your name, address, email address, telephone number and professional registration number.
To complete your application, we may share your personal information with our subcontractors who are involved in the application process. We also verify your personal data against your professional regulatory authority.
We need to process your personal information in this way to register you as a member and provide you with the registered membership services that you have subscribed to.
Where you have provided a username and password for the application process, you are under an obligation to keep that password and username secure and to not allow any unauthorised access to the resources through your account.
When you contact us by phone or email.
When you phone us or contact us by email with general queries, we may also handle your personal information (your name, contact details and the other details you provide to us) in order to provide the services you have asked us to and respond to you. This could be when you ask us to provide more information about certain products, or treatments, or to direct you to a clinic.
We need to process your personal information in this way in order to provide our services to you and fulfil our obligations under the contract we have or may have with you.
When you have expressed an interest in Merz Aesthetics products
This section applies if you have opted in to receive marketing communications from us, or have previously expressed an interest in our products and services and not opted out.
We will handle your personal information (such as your name, email address, postal address, telephone number and product preferences) to provide you with marketing communications in line with any preferences you have told us about.
When we send you marketing emails because you have opted-in to receive them, we rely on your consent to contact you for marketing purposes.
Every email we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them.
You are not under any obligation to provide us with your personal data for marketing purposes.
You can tell us that you do not want your personal information to be processed in this way at any time by contacting us at dataprotectionUK@merz.com or, where relevant, by following the unsubscribe link shown in every marketing communication you receive from us.
To make our site better
We will also use your personal information to provide you with a more effective user experience (such as by displaying products, treatments or services we think you will be interested in).
Our use of your information in this way means that your experience of our site will be more tailored to you, and that the products, treatments and services you see on our site may differ from someone accessing the same site with a different history or browsing habits.
We also share your aggregated, anonymous data with third party analytics and search engine providers that assist us in the improvement and optimisation of our site.
We will also use your personal information for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
We process your data for this reason because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.
You can prevent us from using your personal information in this way by using the “do not track” functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.
If our business is sold
We will transfer your personal information to a third party:
• if we sell or buy any business or assets, we will provide your personal information to the seller or buyer (but only to the extent we need to, and always in accordance with data protection legislation); or
• if Merz Pharma UK Limited or the majority of its assets are acquired by somebody else, in which case the personal information held by Merz Pharma UK Limited will be transferred to the buyer.
We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the relevant seller or buyer of our business may not be able to provide services to you.
When Merz is required to comply with a legal obligation
In some circumstances we may also need to record or share your personal information if we are under a duty to record disclose or share it to comply with a legal obligation.
WHAT ABOUT TECHNICAL INFORMATION AND ANALYTICS?
Information we collect about you: When you visit our site we will automatically collect the following information:
• technical information, including the Internet protocol (IP) address used to connect your computer to the internet, any login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
• information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
Information we receive from other sources
We are also working closely with third party advertising networks, analytics providers, hosting providers and search information providers from whom we may also receive general aggregated anonymous information about you (please see further details in the “Cookies” section below).
We will combine the information you provide to us with information we collect about you.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We only use (and store) non-essential cookies on your computer’s browser or hard drive if you provide your consent.
|Catacccookies||This stores the visitors acceptance of the cookie disclaimer which appears at the bottom of the page so it isn’t repeatedly presented to them|
|_ga, _gat, _gid||These are Google analytics tracking cookies|
|fr||Facebook tracking cookie|
|simple_wordpress_membership_sec, swpm_in_use, swpm_session, wordpress_logged_in, wordpress_sec||These are internal cookies used to log practitioners into the resource portal and allow them access to the restricted pages during their session. These cookies don’t communicate with any third parties|
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies will expire after 2 years.
Web beacons are tiny graphic files invisibly integrated into our website or into communications sent to you. When you access part of our website or communications that contain such web beacons, the respective graphics files are downloaded from our server. We may use web beacons to collect information about the sections of our website users visit, the services and courses users are interested in and the navigation users choose. The information is collected on an anonymous basis and our web beacons do not collect information that identifies the user personally. However, if you are a registered user you registration details may be associated with your registration data.
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Merz uses Google Analytics to understand how visitors use the Belotero website. Cookie data about your use of this website (including your IP address) will be transferred to and stored on a Google server in the USA. We use an anonymized Google Analytics application that truncates your IP address. In other words, Google shortens your IP address prior to transferring it to the USA. Google uses this information to evaluate your use of this website, compile reports on website activity and provide other services. Google may also transfer this information to third parties where required to do so by law, or where such third parties process this information on Google’s behalf. The IP address transmitted from your browser through Google Analytics will not be associated with other data held by Google.
You can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, please note that if you do this you may not be able to make full use of all the functions of this website.
You may opt out of the collection and storage of data by Google at any time with future effect by downloading and installing a deactivation add-on for your browser. This will prevent Google Analytics from collecting and processing data about your website visits. For more information and instructions on download and installation, go to https://tools.google.com/dlpage/gaoptout , where you can also download the deactivation add-on.
You can also prevent the collection of data by Google Analytics by clicking on the link below. An opt-out cookie will be set that prevents the future collection of your data when visiting this website: https://tools.google.com/dlpage/gaoptout
SOCIAL MEDIA PLUG-INS
Generally, when you access internet sites that have social media plug-ins, data about your online behaviour is transferred to those social networks’ servers automatically. Furthermore, if you are logged into a social media account, that social media provider, e.g., Facebook, will recognize that you have visited our website because the social media plug-in connects your browser directly with the social media network’s servers. If you do not want social media providers to link your social media interactions on our website with your profile, you must log out of all social media accounts before visiting a Merz website. For other information regarding how social media networks use your personal data, please see the privacy policies for each social media provider.
WHERE IS MY DATA STORED?
Some entities within the Merz Group (and many of our external third parties) may be based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside of the EEA.
Whenever we transfer your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards is in place:
• by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;
• by using specific contracts approved by the European Commission which give your personal information the same protection it has in the EEA;
• where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
All information you provide to us is stored on our secure servers or those of our third party data storage providers.
HOW LONG DO WE RETAIN YOUR DATA FOR?
Where you register for the Belotero Resource Portal we will retain your data for a period of as long as you are a registered user, to ensure that we are able to assist you should you have any questions, feedback or issues in connection with your account, training or if any legal issues arise. Once you are no longer a registered member, we will retain your data for up to two years.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or accounting requirements.
To determine the appropriate retention period for the personal information we hold, we consider the amount, nature and sensitivity of the personal information, the risk of harm from unauthorised use or disclosure of your personal information, the reasons why we handle your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances (such as for product analysis purposes) we may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR RIGHT TO OBJECT UNDER DATA PROTECTION LAWS
You have the right to object to us handling your personal information when:
• we are handling your personal information based on our legitimate interests (as described in the “How do you use my data” section above). If you ask us to stop handling your personal information in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your personal information should continue; or
• for marketing purposes. If you ask us to stop handling your personal information on this basis, we will stop.
WHAT ARE MY RIGHTS UNDER DATA PROTECTION LAWS?
You have various rights under the data protection laws, which you can exercise by contacting us. The easiest way to do this is by email at dataprotectionUK@merz.com.
Right of access
You are entitled to receive confirmation as to whether your personal information is being processed by us, as well as various other information relating to our use of your personal information.
You also have the right to access your personal information which we are handling.
Right to rectification
You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
Right to restriction
You can restrict our processing of your personal information where:
• you think we hold inaccurate personal information about you;
• our handling of your personal information breaks the law, but you do not want us to delete it;
• we no longer need to process your personal information, but you want us to keep it for legal reasons; or
• where we are handling your personal information because we have a legitimate interest (as described in the “How We Use Your Data” section above), and are in the process of objecting to this use of your personal information.
Where you exercise your right to restrict us from using your personal information, we will then only process your personal information when you agree, except for storage purposes and to handle legal claims.
Right to data portability
You have the right to receive your personal information in a structured, standard machine readable format and to send this to another organisation controlling your personal information.
This right only applies to your personal information we are handling because you consented to us using it or because there is a contract in place between us.
Right to erasure
You have the right to require us to erase your personal information which we are handling in the following circumstances:
• where we no longer need to use your personal information for the reasons we told you we collected it for;
• where we needed your consent to use your personal information, you have withdrawn your consent and there is no other lawful way we can continue to use your personal information;
• when you object to our use of your personal information and we have no compelling reason to carry on handling it;
• if our handling of your personal information has broken the law; and
• when we must erase your personal information to comply with a law we are subject to.
Right to complain
You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.
WHAT ABOUT WEBSITES WE LINK TO?
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates.
Our site connects you to different websites. If you follow a link to any of these websites or use our services, please note that you have left our site and these websites have their own privacy policies.
We do not accept any responsibility or liability for these policies or websites. Please check their policies before you submit any personal information to these websites.
HOW DO I CONTACT YOU WITH FEEDBACK?