Merck & Co., Inc. LogoHealthcare Services & Solutions Logo

Privacy Policy


At HSS, a wholly-owned subsidiary of Merck & Co., Inc., Kenilworth, N.J. USA (“MSD”), privacy begins with trust.

Established in 2001, MSD’s Privacy Office is driven by a global mission that is based on four privacy values:  respect for individual privacy expectations, building and preserving trust, preventing privacy harms, and compliance with the letter and spirit of privacy laws. Its privacy program is built on a foundation of organizational accountability for privacy and global privacy practices and standards that carry on our tradition of upholding high ethical standards across our business practices, and ongoing oversight to ensure that we continue to respond to changes in privacy expectations.  For more information about the program of HSS and its parent company, please see the global privacy program excerpt of MSD’s corporate responsibility report.

Privacy Trust at MSD

We believe that trust is a core privacy value and essential to our mission, so we have developed our privacy program around the following key elements we use to define privacy trust:

  • T - "transparency" - being open and clear about how we collect, use and disclose personal information
  • R - "respecting choices" - such as whether or not people want to participate in our programs
  • U - "understanding perspectives" - including that people have different levels of concern about their privacy based on cultural perspectives and personal experiences
  • S - "security" - protecting personal information from loss, misuse and unauthorized access, disclosure, alteration or destruction
  • T - treating our stakeholders with respect and in a manner consistent with the Company's values

Read MSD’s Internet Privacy Policy Statement

APEC Privacy Certification

On October 31, 2013, the MSD privacy program was certified as compliant with the requirements of the Asia Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. MSD is the first healthcare company in the world, and the second multinational company, to achieve this certification. Achievement of APEC certification demonstrates to our customers, patients, and other stakeholders our strong commitment to accountable, values-based, privacy and data protection practices in every region of the world in which we operate.

Our certification by the U.S. APEC Accountability Agent, TRUSTe, applies to MSD business processes across our operations that transfer personal information from MSD affiliates in the U.S. to our affiliates in other APEC member economies. Since all MSD operations globally participate in our global privacy program and adhere to a common set of privacy practice and standards, we anticipate that our affiliates in other APEC member economies will obtain certification for transfers of personal information that originate in those economies after those economies are approved as participants in the APEC CBPR system.

Safe Harbor Certification

On November 5, 2001, MSD certified its adherence to the Safe Harbor Agreement between the European Commission and the U.S. Department of Commerce for transfers of personal information from the European Economic Area to the U.S. MSD has reaffirmed its adherence to the Safe Harbor annually.

On October 31, 2007, the standards of the MSD Safe Harbor Privacy Policy Statement were extended to personal information transferred from Switzerland to the U.S. In 2009, MSD certified adherence to the Safe Harbor Framework agreed upon by the Federal Data Protection and Information Commissioner of Switzerland and the U.S Department of Commerce for transfers of personal information from Switzerland to the U.S.

For more information, please read the MSD Safe Harbor Privacy Policy Statement.

Mobile App Privacy

As described in MSD’s Internet Privacy Policy Statement, one type of online resource that MSD provides is mobile computing applications ("Apps") for mobile devices, such as smartphones and tablets. Many of these can be purchased or downloaded from App Stores that are offered by the provider of the device operating system, such as Apple and Google. Some of these Apps allow you to record information within the App and store it on your device, to create reports, and to email content from the App. In some cases, that information may be "personal information" that identifies or is used to identify you, such as your name. Where the personal information you record is collected by HSS, or others working for HSS, it will be used in accordance with MSD’s Internet Privacy Policy Statement. We evaluate how some of our Apps are used by enabling data about your use of the App on your device, such as which features you used the most, to be transmitted to Flurry, an analytics service provider. If you do not want Flurry to track your use of the App on your device, you can opt-out. If you have questions, please contact HSS.

Protection of Social Security Numbers

We protect Social Security Numbers (SSNs) in accordance with our Global Privacy and Data Protection Policy, which requires in relevant part that SSNs be appropriately secured, in accordance with their sensitivity, from loss, misuse, and unauthorized access, disclosure, alteration or destruction.

To the extent applicable, MSD also protects SSNs in accordance with its Internet Privacy Policy Statement and its Safe Harbor Privacy Policy Statement.