It includes everything related to the data necessary to analyze and develop the feasibility, contracting, adaptation, and execution of the service, in aspects such as: customer service, service improvement, customer satisfaction, information, security; and in general, all the essential information to comply with the scope of the contract, the regulations, and the current standards.

It includes all activities aimed at presenting offers, services, advertising, opportunities, customer loyalty, and retention; and in general, information about goods, products, and services that may be of interest to customers and users.

Eventually, the company may establish other purposes for the processing of personal data, and for this, it must have the prior, express, consented, and informed authorization of the data subject for the corresponding processing.

The company will inform the Data Subject about the processing of their personal data and its purpose, obtaining prior authorization from the clients for this purpose, which mainly corresponds to the purposes described in the previous paragraph. The processing of the data will be based on the user's authorization and taking into account their necessity, both in relation to the purpose and the duration. The database will have a duration equal to what is stipulated under the contractual relationship, without prejudice to a review every two (2) years to assess the necessity, proportionality, and/or existence of a legal or contractual obligation for the retention of the database.

These are manual or automated databases that contain data of individuals who are employed by GRUPO MERCK S.A.S, whose processing aims to comply with legal and regulatory provisions. This database includes both private and public information, as well as sensitive data and data of minors. The processing of data for purposes other than those arising from the employment relationship will require prior authorization from the data subject or their legal representative, as applicable. Under no circumstances will GRUPO MERCK S.A.S process sensitive data or data of minors without prior authorization.

The company, in its capacity as Employer and by mandate of labor legislation and collective agreements, must have personal information about its employees.

To fulfill labor obligations, it has information and data related to the identification of the worker, onboarding exams, academic training, work experience, home address, beneficiaries, salaries, Pension Funds, Severance, Occupational Risks, Compensation Fund, Life and accident insurance, a bank account for payments arising from the employment relationship, affiliations with external entities that the employee has voluntarily, consciously, and freely requested to include in order to authorize deductions or direct payments through payroll, to facilitate their relationships and prior existence of agreements with those third parties and the company.

The database will have a duration equal to what is stipulated under the contractual relationship, without prejudice to a review every two (2) years to assess the necessity, proportionality, and/or existence of a legal or contractual obligation for the permanence of the database.

The personal data and information of individuals who become shareholders of GRUPO MERCK S.A.S will be considered confidential information, as it is recorded in the commercial books and has the nature of confidentiality by legal provision. Consequently, access to such personal information will be carried out in accordance with the rules contained in the Commercial Code that regulates the matter. GRUPO MERCK S.A.S will only use the personal data of the shareholders for the purposes derived from the existing statutory relationship. The database will have a duration equal to what is provided for under the contractual relationship, without prejudice to a review every two (2) years to assess the necessity, proportionality, and/or existence of a legal or contractual obligation for the continued existence of the database. 

In the case of sensitive personal data, GRUPO MERCK S.A.S may use and process it when:

a. The holder has given authorization, except in cases where the granting of such authorization is not required by law.

b. The treatment is necessary to safeguard the vital interest of the holder and they are physically or legally incapacitated. In these events, the legal representatives must grant their authorization.

c. The processing shall be carried out in the course of legitimate activities and with the necessary guarantees by a foundation, NGO, association, or any other non-profit organization, whose purpose is political, philosophical, religious, or trade union, as long as it refers exclusively to its members or to individuals who maintain regular contacts due to its purpose. In these cases, the data may not be provided to third parties without the authorization of the data subject.

d. The Treatment refers to data that is necessary for the recognition, exercise, or defense of a right in a judicial process.

e. The processing has a historical, statistical, or scientific purpose. In this event, measures must be taken to ensure the suppression of the identity of the holders.

Without prejudice to the exceptions provided by law, the processing of sensitive data requires the prior, express, and informed consent of the data subject, which must be obtained by any means that can be subject to consultation and subsequent verification.