Privacy Policy

Our online privacy commitment to you

Merck Sharp & Dohme (Sweden) AB (“MSD”) process personal data under this Privacy Notice and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679; the “GDPR”) and other applicable national data protection laws in Sweden (“Data Protection Law”).

This notice describes how we process personal data in connection with:

What are your rights and choices?

We have a legal obligation to ensure that your information is kept accurate and up to date. We invite you to assist us to comply with this obligation by ensuring that you inform us of any changes to your information by contacting us at e-mail address, and/or updates to your preferences.

You may at any time exercise your rights in relation to your personal data that we process:

Note that there may be situations where our confidentiality and other obligations under applicable legislation may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights. Except where prohibited by the GDPR or the Data Protection Law, we may deny your choice where a particular choice request would impede our company in its ability to: (1) comply with a law or an ethical obligation including where we are required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (2) investigate, make or defend legal claims, and (3) perform contracts, administer relationships, or engage in other permitted business activities that are consistent with transparency and purpose limitation principles and were entered into in reliance on the information about people in question. Within fifteen business days of any decision to deny a choice request in accordance with this Notice, we will document and communicate such a decision to you.

If you have any complaints about how we process your personal data, or would like further information, please contact us at any time.

If you wish to file a complaint with a national supervisory authority regarding our processing of your personal data, you may do so by contacting your local data protection authority (“local” meaning where you live or work, or where an alleged data breach has occurred. The relevant authority in Sweden is Datainspektionen (

What data is collected and for which purpose on this website?

We want to have the opportunity to keep in touch with you and tell you about matters that are important to you. Through the various MSD websites it is possible to sign up for newsletters, receive branded and unbranded materials, and apply for jobs.

MSD collects data through the following channels and for the following purposes:

What kind of other personal data does MSD collect and for what purpose?

We collect information provided to us by or on behalf of our clients or generated by us in the course of providing services to our stakeholders. This collection of data is based on our legitimate interest when providing professional legal services.

We also use personal data collected in connection with adverse event reporting to fulfill our statutory duties in relation to pharmacovigilance.

The personal data collected relates to identification, contact details and matter-related background information provided by our clients, their representatives or their counterparties.

We will store personal data related to our matters for as long as we are required under applicable legislation.

In some cases your personal data have been supplemented by information retrieved from other sources, including searches via publicly available search engines and social media.

How is the data processed?

MSD will only process personal data for the purposes for which it was collected and as set out above, and personal data will only be available to authorized employees holding a position that requires them to process personal data to perform their work. Personal data is not processed for no longer than is necessary for the particular purpose. We fully comply with our statutory retention obligations and our internal retention time policies.

MSD has taken appropriate technical and organizational measures to keep your personal data secure to ensure that only authorized persons are given access to the personal data. We also have internal policies in place for secure processing of personal data.

Is data transferred or disclosed to third parties?

We will not disclose personal data to any third parties unless required to do so under the Data Protection Law or to perform services for our stakeholders.

However, your personal data may be transferred to and processed by third-party providers which perform services for MSD (data processors) to enable these companies to perform the services requested by MSD.

Only personal data that is necessary to fulfill the purposes stated above will be provided to these companies. All third-party providers must follow our instructions and applicable written data processor agreements and any other agreements that are in place between MSD and its third-party providers, and must implement appropriate technical and organizational measures for the protection of the personal data.

Where is your data processed?

We process personal data on servers in the EU/EEA. In addition, we process personal data in the United States, and as such we need to transfer your information to a location outside of the EU/EEA. The level of information protection in countries outside the EU/EEA may be lower than that offered within the EEA. Where this is the case, we will implement appropriate measures under the GDPR to ensure that your personal information remains protected and secure.

MSD complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. MSD has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. In addition, MSD has entered into Binding Corporate Rules which have been approved in the European Union.

Contact us

MSD is the controller of the personal data for the purposes described above. The contact details of our offices can be found at

If you have any questions regarding MSD’s processing of personal data, please feel free to contact our data protection team at: