At Roche, we are committed to protecting your personal information. This Privacy Notice outlines the types of personal information Roche may collect; the means by which Roche may collect, use, or share your personal information; steps Roche takes to protect your personal information; and choices you are provided with respect to the use of your personal information.
For purposes of this Privacy Notice, “Personal Data” is any information by which you can be individually identified both directly and indirectly, including, but not limited to, your name, address, e-mail address, and telephone number.
Please refer to the California Supplemental Privacy Notice for more information about how this term is defined for the purposes of California law and for more information about how Roche uses such information. The California Supplemental Privacy Notice is available at: https://www.roche.com/ccpa-privacy-notice.htm
The Data Controller in the meaning of the General Data Protection Regulation (GDPR), of other data protection laws applicable in the Member States of the European Union, and of other regulations of a data-protection nature is:
Roche Diagnostics GmbH
Sandhofer Straße 116
Data Protection Officer
Our Data Protection Officer may be contacted via the above mentioned address with the addition “Data Protection Officer” or via email firstname.lastname@example.org.
The California Supplemental Privacy Notice provides the appropriate channels for contacting Roche with questions, requests, and inquiries in scope of California law. The California Supplemental Privacy Notice is available at: https://www.roche.com/ccpa-privacy-notice.htm
Roche is a global undertaking whose Diagnostics, Diabetes Care, and Pharma business units are active in the production and distribution of a variety of medical products and drugs, as well as related services
Roche is aware of the fact that the privacy and thus, also the protection of our customers’ personal data is very important, and the company accords great importance to this. Consequently, Roche has taken the necessary precautions for doing justice to the globally applicable data protection requirements, complying with the provisions of the EU and of Germany, as well as respective other applicable standards. Processing of your personal data will exclusively be performed within the scope permitted by the law, and taking into account applicable laws, in particular, the obligation to maintain transparency.
In the context of an application and selection process and in order to get in contact with you, Roche will process your personal data, based on the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1) lit. b GDPR in conjunction with § 26(1) sentence 1 BDSG).
In order to fulfil the purposes just mentioned, we process the following information from you:
It is necessary to provide the data as part of the application and selection process. If you do not provide the data, we will consequently not be able to longer consider your application.
Depending on your consent (Art. 6(1) lit. a GDPR), we also process your IP-address/location, cookies, browsing history, as well as Information regarding interaction with the website, for analytic purposes to ensure the constant improvement and evolution of our service for you.
Please visit the California Supplemental Privacy Notice for more information about Personal Data processing activities as they relate to California residents. The California Supplemental Privacy Notice is available at: https://www.roche.com/ccpa-privacy-notice.htm
Your data will only be processed for as long as it is necessary to achieve the purpose or as long as is required by law. After completion of the application procedure, your data will be deleted within six months (applications from individuals), unless we hire you as an employee.
The publisher forwards certain data about you to various external undertakings or agents that are charged with performing technical maintenance, or work on our behalf, helping us perform business transactions. We may also forward personal data to our subsidiaries and group companies. All of these undertakings and agents are obliged to comply with the provisions of our data protection guidelines.
Entities that are involved in processing personal data from HealthcareXplorers (www.healthcare-xplorers.com):
Since Roche is a global company, your data may also be transferred to other Roche Group companies for specific purposes. A list of all Roche companies can be found in the current version of the Roche Group Annual Report, which is available on the website www.roche.com. Contact details may be provided upon request.
Data protection outside the EU or the European Economic Area, e.g. in the USA, where there may not exist a comparable level of data protection, will be ensured by an adequacy decision of the EU Commission or by EU standard contractual clauses. For further information, please contact us using the contact details above.
In the context of registering and mailing our newsletter, Roche will process your personal data (email address), provided you have given us your express consent in each case (Art. 6(1) lit. a).
The data for the purpose mentioned above is provided voluntarily. If you do not provide the data, we will consequently not be able to provide you with the registration for and mailing of the newsletter without your consent to the processing of your personal data.
Your data will be stored in our systems for as long as it is necessary for mailing the newsletter, and you have not revoked your consent to the processing of your data for this purpose.
To assert your rights, please contact the following address: Roche Diagnostics GmbH; Sandhofer Straße 116; 68305 Mannheim. The Data Protection Officer may be contacted at the above mentioned address with the addition “Data Protection Officer”.
Certain types of information are collected automatically by us whenever you communicate with us via our websites, as well as in the context of emails sent to each other. The automated processes we use may include, e.g., logging by web servers or IP addresses, cookies, and web beacons.
Webserver logs/ IP addresses
An IP address is a number assigned to your computer for accessing the Internet. On the Internet, each computer is identified by means of an IP address; this allows computers and servers to recognize each other on the network and to communicate with each other. Roche collects the IP-address for purposes of system administration, in order to supply group companies, business partners and/or suppliers with statistics, for analyzing websites, and for reviewing the performance of a website.
We use the following types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include cookies that enable you to log into secure areas of our website (if applicable).
Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. These cookies do not collect information that identifies a visitor. All information that these cookies collect is aggregated and therefore anonymous.
You can prevent the use of Google Analytics by not consenting to its application. Moreover you can prevent the collection of the data created by the respective cookie with regard to your use of the website (e.g. your IP-address), as well as the processing of this data by Google, by installing the browser-plugin available at http://tools.google.com/dlpage/gaoptout?hl=de.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to remember choices you make (such as language choices) and personalise our content for you.
Targeting or advertising cookies. These cookies record your visit(s) to our website, the pages you have visited and the links you have followed. They also collect information about your browsing habits, including the websites you visit, in order to make the information displayed on our website more relevant to you and your interests. We may also share this information with third parties working on our behalf for this purpose.
Some of our cookies are known as ‘session’ cookies and expire after you leave our website. Others are ‘persistent’ cookies that are stored on your device in between browser sessions and allow your preferences or actions to be remembered. They remain on your device for varying lengths of time, but in any event no longer than two years. Cookies can be removed manually before they expire via your browser settings.
Managing the Cookies: As described above, if you wish to prevent cookies from tracking you anonymously as you navigate our website, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.
All browsers allow you to fine-tune cookie settings and determine which ones to accept and which to disable or delete. Your browser can also notify you when you receive new cookies. Please consult your browser’s ‘help’ section for more information on adjusting your cookie settings.
Cookies allow you to take advantage of some of our website’s essential features, so we recommend you leave them turned on. If you block or otherwise reject cookies the website may not function correctly and you may not be able to access restricted parts of the website that require you to log in.
More information about the exact cookies used can be found in the following Cookie List.
On certain websites and in emails, Roche can use a popular Internet technology called “web beacon” (aka “action tag” or “clear GIF” technology). Web beacons help analyze the effectiveness of websites by measuring, e.g., how many visitors access a site, or how many visitors click on important parts of a site.
Web beacons, cookies and other technologies for tracking per se do not collect personal information about you. It is not until you voluntarily provide such information that identifies you personally, e.g., by registering or sending emails, that these automated processes can be used to collect personal information about your use of the websites and/or interactive emails in order to design these to be more useful to you.
Our website is intended for an adult audience. If we learn that someone is not yet 16 years old, we will not collect personal data from this person until the consent of their legal guardian in a verifiable format has been received. Upon request, such a legal guardian may inspect the information provided by the child and/or request that this data be erased.
Right of access
You can request a confirmation from the data controller whether we process personal data about you.
If such processing exists, you can request information about the following information from the data controller:
You do not have the right to request information about whether the personal data about you are transmitted to a third country or to an international organization. In this context, you may request to be notified of the suitable guarantees according to Art. 46 GDPR in the context of the transmission.
Right to correction
You have a right to correction and/or completion vis-a-vis the data controller, to the extent the processed personal data affecting you are incorrect or incomplete. The data controller must perform the correction promptly.
Right to limiting the processing
Under the following conditions, you may request that the processing of the personal data about you be limited:
If the processing of the personal data about you has been limited, these data may only be processed, apart from being stored, with your consent, or for asserting, exercising or defending legal claims, or for protecting the rights of another natural or legal person, or for reasons of a significant public interest of the EU or of a Member State.
If the limitation of processing has been restricted according to the above conditions, you will be notified by the data controller before the restriction is removed.
Right to erasure
You may request that the data controller promptly erase the personal data about you, and the data controller is obliged to delete these data promptly if one of the following reasons applies:
If the data controller has publicly disclosed the personal data about you, and if the former is obliged to the erasure of these data according to Art. 17(1) GDPR; the data controller shall take appropriate measures, including those of a technological nature, taking into account the technology available and the cost of implementation, in order to notify the data processors processing the personal data that you, as the person affected, have requested the erasure of all links to these personal data, or of copies or replicas of these personal data.
The right to erasure does not exist to the extent that the processing is necessary
Right to information
If you have asserted the right to correction, erasure, or limitation of processing vis-a-vis the data controller, the latter is obliged to inform all of the recipients to whom the personal data about you have been disclosed of this correction or erasure of the data or limitation of the processing unless this proves to be impossible or requires unreasonable effort and expense.
You have the right vis-a-vis the data controller to be informed of these recipients.
Right to data portability
You have the right to receive the personal data about you that you have provided to the data controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit these data to another data controller without being hindered by the data controller to whom the data were provided when doing so, if
While exercising this right, you also have the right to effect that the personal data about you are directly transmitted from one data controller to another data controller to the extent this is technologically feasible. Freedoms and rights of other persons must not be impacted negatively by this.
The right to data portability does not apply for processing of personal data required for performing a task that is in the public interest or performed in exercising public authority conferred to the data controller.
Right to object
For reasons arising from your special situation, you have the right at any time to object to the processing of personal data about you, which is performed based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data about you unless the data controller can document compelling reasons worth protecting for processing that supersede your interests, rights and freedoms, or if the processing is used for asserting, exercising, or defending legal claims.
If the personal data about you are processed for direct mail purposes, you have the right to object at any time against the processing of the personal data about you for purposes of such advertising; this also applies to profiling to the extent it is related to such direct mail.
If you object to processing for the purposes of direct mail, the personal data about you will no longer be processed for these purposes.
In the context of using information society services – notwithstanding Directive 2002/58/EC – you have the option to exercise your right to objection by means of automated processes in which technical specifications are used.
Right to revocation of consent according to data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revoking the consent does not affect the lawfulness of the processing performed based on the consent up until the time of revocation
Right to complain to a regulatory authority
Notwithstanding another remedy under administrative law or through the courts, you have the right to complain to a regulatory authority, in particular to the State Commissioner for Data Protection and Freedom of Information in the Member State of your residence, your workplace, or the location of the presumed infringement, if you believe that the processing of the personal data about you violates the GDPR.
The regulatory authority where the complaint was filed shall notify the complainant about the status and the results of the complaint, including the option of judicial redress according to Art. 78 GDPR.
If you are a California resident as defined by the California Consumer Privacy Act (CCPA), you can find a description of these rights covered in the California Supplemental Privacy Notice, available at: https://www.roche.com/ccpa-privacy-notice.htm
That privacy notice contains information on how to contact Roche to exercise any of your rights under that law.
California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please use the contact information provided in the California Supplementary Privacy Notice.