We hereby inform you about how your personal data is processed and specify the information you have been provided with regarding data processing at Roche.
The Data Controller in the meaning of the General Data Protection Regulation (GDPR), of other data protection laws applicable in the Member States of the European Union, and of other regulations of a data-protection nature is:
Roche Diagnostics GmbH
Sandhofer Straße 116
Data Protection Officer
Our Data Protection Officer may be contacted via the above mentioned address with the addition “Data Protection Officer” or via email firstname.lastname@example.org.
Roche is a global undertaking whose Diagnostics, Diabetes Care, and Pharma business units are active in the production and distribution of a variety of medical products and drugs, as well as related services
Roche is aware of the fact that the privacy and thus, also the protection of our customers’ personal data is very important, and the company accords great importance to this. Consequently, Roche has taken the necessary precautions for doing justice to the globally applicable data protection requirements, complying with the provisions of the EU and of Germany, as well as respective other applicable standards. Processing of your personal data will exclusively be performed within the scope permitted by the law, and taking into account applicable laws, in particular, the obligation to maintain transparency.
In the context of an application and selection process and in order to get in contact with you, Roche will process your personal data, based on the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 paragraph 1 letter b DSGVO in conjunction with § 26 paragraph 1 sentence 1 BDSG).
In order to fulfil the purposes just mentioned, we process the following information from you:
It is necessary to provide the data as part of the application and selection process. If you do not provide the data, we will consequently not be able to longer consider your application.
Your data will only be processed for as long as it is necessary to achieve the purpose or as long as is required by law. After completion of the application procedure, your data will be deleted within six months (applications from individuals), unless we hire you as an employee.
The publisher forwards certain data about you to various external undertakings or agents that are charged with performing technical maintenance, or work on our behalf, helping us perform business transactions. We may also forward personal data to our subsidiaries and group companies. All of these undertakings and agents are obliged to comply with the provisions of our data protection guidelines.
Entities that are involved in processing personal data from HealthcareXplorers (www.healthcare-xplorers.com):
Since Roche is a global company, your data may also be transferred to other Roche Group companies fpr specific purposes. A list of all Roche companies can be found in the current version of the Roche Group Annual Report, which is available on the website www.roche.com. Contact details may be proviced upon request.
Data protection outside the EU or the European Economic Area, e.g. in the USA, where there may not exist a comparable level of data protection, will be ensured by an adequancy decision of the EU Commission or by EU standard contractual clauses. For further information, please contact us using the contact details above.
In the context of registering and mailing our newsletter, Roche will process your personal data (email address), provided you have given us your express consent in each case (Art. 6(1) lit. a).
The data for the purpose mentioned above is provided voluntarily. If you do not provide the data, we will consequently not be able to provide you with the registration for and mailing of the newsletter without your consent to the processing of your personal data.
Your data will be stored in our systems for as long as it is necessary for mailing the newsletter, and you have not revoked your consent to the processing of your data for this purpose.
To assert your rights, please contact the following address: Roche Diagnostics GmbH; Sandhofer Straße 116; 68305 Mannheim. The Data Protection Officer may be contacted at the above mentioned address with the addition “Data Protection Officer”.
Certain types of information are collected automatically by us whenever you communicate with us via our websites, as well as in the context of emails sent to each other. The automated processes we use may include, e.g., logging by webservers or IP addresses, cookies, and web beacons.
Webserver logs/ IP addresses
An IP address is a number assigned to your computer for accessing the Internet. On the Internet, each computer is identified by means of an IP address; this allows computers and servers to recognize each other on the network and to communicate with each other. Roche collects IP address for purposes of system administration, in order to supply group companies, business partners and/or suppliers with statistics, for analyzing websites, and for reviewing the performance of a website.
Most web browsers are set to accept cookies by default. But you can also change the settings of your browser to reject all cookies, or to show you when a cookie is to be placed. However, please note that some areas of our sites may not function properly if you reject cookies.
On certain websites and in emails, Roche can use a popular Internet technology called “web beacon” (aka “action tag” or “clear GIF” technology). Web beacons help analyze the effectiveness of websites by measuring, e.g., how many visitors access a site, or how many visitors click on important parts of a site.
Web beacons, cookies and other technologies for tracking per se do not collect personal information about you. It is not until you voluntarily provide such information that identifies you personally, e.g., by registering or sending emails, that these automated processes can be used to collect personal information about your use of the websites and/or interactive emails in order to design these to be more useful to you.
Our website is intended for an adult audience. If we learn that someone is not yet 16 years old, we will not collect personal data from this person until the consent of their legal guardian in a verifiable format has been received. Upon request, such a legal guardian may inspect the information provided by the child and/or request that this data be erased.
Right of access
You can request a confirmation from the data controller whether we process personal data about you.
If such processing exists, you can request information about the following information from the data controller:
You do not have the right to request information about whether the personal data about you are transmitted to a third country or to an international organization. In this context, you may request to be notified of the suitable guarantees according to Art. 46 GDPR in the context of the transmission.
You have a right to correction and/or completion vis-a-vis the data controller, to the extent the processed personal data affecting you are incorrect or incomplete. The data controller must perform the correction promptly.
Under the following conditions, you may request that the processing of the personal data about you be limited:
If the processing of the personal data about you has been limited, these data may only be processed, apart from being stored, with your consent, or for asserting, exercising or defending legal claims, or for protecting the rights of another natural or legal person, or for reasons of a significant public interest of the EU or of a Member State.
If the limitation of processing has been restricted according to the above conditions, you will be notified by the data controller before the restriction is removed.
You may request that the data controller promptly erase the personal data about you, and the data controller is obliged to delete these data promptly if one of the following reasons applies:
If the data controller has publicly disclosed the personal data about you, and if the former is obliged to the erasure of these data according to Art. 17(1) GDPR; the data controller shall take appropriate measures, including those of a technological nature, taking into account the technology available and the cost of implementation, in order to notify the data processors processing the personal data that you, as the person affected, have requested the erasure of all links to these personal data, or of copies or replicas of these personal data.
The right to erasure does not exist to the extent that the processing is necessary
If you have asserted the right to correction, erasure, or limitation of processing vis-a-vis the data controller, the latter is obliged to inform all of the recipients to whom the personal data about you have been disclosed of this correction or erasure of the data or limitation of the processing unless this proves to be impossible or requires unreasonable effort and expense.
You have the right vis-a-vis the data controller to be informed of these recipients.
You have the right to receive the personal data about you that you have provided to the data controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit these data to another data controller without being hindered by the data controller to whom the data were provided when doing so, if
While exercising this right, you also have the right to effect that the personal data about you are directly transmitted from one data controller to another data controller to the extent this is technologically feasible. Freedoms and rights of other persons must not be impacted negatively by this.
The right to data portability does not apply for processing of personal data required for performing a task that is in the public interest or performed in exercising public authority conferred to the data controller.
For reasons arising from your special situation, you have the right at any time to object to the processing of personal data about you, which is performed based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data about you unless the data controller can document compelling reasons worth protecting for processing that supersede your interests, rights and freedoms, or if the processing is used for asserting, exercising, or defending legal claims.
If the personal data about you are processed for direct mail purposes, you have the right to object at any time against the processing of the personal data about you for purposes of such advertising; this also applies to profiling to the extent it is related to such direct mail.
If you object to processing for the purposes of direct mail, the personal data about you will no longer be processed for these purposes.
In the context of using information society services – notwithstanding Directive 2002/58/EC – you have the option to exercise your right to objection by means of automated processes in which technical specifications are used.
You have the right to revoke your declaration of consent under data protection law at any time. Revoking the consent does not affect the lawfulness of the processing performed based on the consent up until the time of revocation
Notwithstanding another remedy under administrative law or through the courts, you have the right to complain to a regulatory authority, in particular to the State Commissioner for Data Protection and Freedom of Information in the Member State of your residence, your workplace, or the location of the presumed infringement, if you believe that the processing of the personal data about you violates the GDPR.
The regulatory authority where the complaint was filed shall notify the complainant about the status and the results of the complaint, including the option of judicial redress according to Art. 78 GDPR.