Thank you for visiting a Roche website or interacting with us via e-mail.
At Roche, we understand that protecting the privacy of visitors to our website is very important and that information about you and/or your health is particularly sensitive. That’s why we have taken the necessary steps to meet worldwide data privacy requirements. We treat your "personal data" according to the “Roche Directive on the Protection of Personal Data”, and to the laws of England and Wales and other applicable EU and Swiss laws which regulate the storage, process, access and transfer of personal data including the General Data Protection Regulation (“GDPR”).
We only collect personally identifiable information about you if you choose to give it to us. We do not share any of your personally identifiable information with third parties for their own marketing use unless you explicitly give us permission to do so. Please review this policy to learn more about how we collect, use, share and protect information online.
Roche has appointed data protection officers (DPOs) who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Roche Products Limited (company number 00100674) of 6 Falcon Way, Shire Park, Welwyn Garden City, Hertfordshire, AL7 1TW.
Telephone: 01707 366000
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal information: You can visit our website without providing any personal information. We may collect your personally identifiable information (such as name, address, telephone number, e-mail address or other identifying information) only when you choose to submit it to us, for example if you are required to register to use any part of our website.
Browse public pages on our websites
If you browse public pages on our websites, i.e. content that you can access without being logged in to an account you may have with us, we collect and process only non-sensitive information about you. In particular, we will not collect any health related information about you when you browse public pages on our websites. We will however process your personal information to the extent required to deliver the public content you request from us, for example, to format it for your browser. We will also process your personal information to meet our legitimate interests to protect the security of our website systems, and to measure the audiences for the various types of content provided.
To do this, we use:
- Automatically Collected Information: We automatically receive certain types of information whenever you interact with us on our website and in some e-mails we may send each other. Automatic technologies we use may include, for example, web server logs/IP addresses, cookies, web beacons and third party application and content tools. These technologies may be updated from time to time to reflect new functionalities that are available.
- Web Server Logs/IP Addresses: An IP address is a number assigned to your computer whenever you access the internet. All computer identification on the internet is conducted with IP addresses, which allow computers and servers to recognise and communicate with each other. Roche collects IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and website performance review.
We may also collect information about your computer operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
For more general information about cookies visit: http://www.allaboutcookies.org
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. These cookies do not collect information that identifies a visitor. All information that these cookies collect is aggregated and therefore anonymous.
Adobe Ireland is certified under the US-EU Privacy Shield, Swiss-U.S. Privacy Shield, and operates under European Commission approved Standard Contractual Clauses. We have agreed with Adobe Ireland’s data processing agreement to ensure they operate Adobe Analytics on our behalf.
We also use the IP-anonymisation feature of Adobe Analytics. If you visit the website from within the states that form part of the European Economic Area, your IP address will be truncated before it leaves the European Economic Area. Only in exceptional cases (for example. a failure of the EU based system) will the whole IP address be first transferred to an Adobe server in the USA and truncated there.
Adobe Ireland will use this information on our behalf for the legitimate interest based purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Adobe Ireland may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Adobe Ireland’s behalf. Adobe Ireland will not associate your IP address with any other data held by Adobe.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to remember choices you make (such as language choices) and personalise our content for you.
- Targeting or advertising cookies. These cookies record your visit(s) to our website, the pages you have visited and the links you have followed. They also collect information about your browsing habits, including the websites you visit, in order to make the information displayed on our website more relevant to you and your interests. We may also share this information with third parties working on our behalf for this purpose.
Some of our cookies are known as ‘session’ cookies and expire after you leave our website. Others are ‘persistent’ cookies that are stored on your device in between browser sessions and allow your preferences or actions to be remembered. They remain on your device for varying lengths of time, but in any event no longer than five years. Cookies can be removed manually before they expire via your browser settings.
As described above, if you wish to prevent cookies from tracking you anonymously as you navigate our website, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.
All browsers allow you to fine-tune cookie settings and determine which ones to accept and which to disable or delete. Your browser can also notify you when you receive new cookies. Please consult your browser’s ‘help’ section for more information on adjusting your cookie settings.
Cookies allow you to take advantage of some of our website’s essential features, so we recommend you leave them turned on. If you block or otherwise reject cookies the website may not function correctly and you may not be able to access restricted parts of the website that require you to log in.
On certain web pages or e-mails, Roche and/or our suppliers may utilise a common internet technology called a "web beacon" (also known as an "action tag" or "clear GIF technology"). Web beacons help analyse the effectiveness of websites by measuring, for example, the number of visitors to a website or how many visitors clicked on key elements of a website.
Web beacons, cookies and other tracking technologies do not automatically obtain personally identifiable information about you. Only if you voluntarily submit personally identifiable information, such as by filling in an online form e.g. when registering or sending e-mails, or opening or clicking on emails that you have received from us, can these automatic tracking technologies be used to provide further information about your use of the website and/or interactive e-mails to improve their usefulness to you.
We may provide services (based on third party applications and content tools) on certain pages of the website such as Google Maps or QUARTAL FLIFE. These third parties may automatically receive certain types of information whenever you interact with us on our website using such third party applications and tools.
How and why we use your personal information
Protecting your privacy is very important to us and we understand that information about your health is sensitive. We are committed to processing your personal information in compliance with applicable laws.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example network and information systems security). In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not) as well as the possible consequences if you do not provide your personal information).
The following is a list of the ways that we may use your personal information, and the reason we rely on for doing so:
|What we use your personal information for||Our reasons (legal basis)|
|Browse public pages on our website||Legitimate interest|
|Undertake website administration and personalisation||Legitimate interest|
|Managing network and data security||Legitimate interest|
|Processing and responding to complaints received from you||Legitimate interest|
|Contacting you by telephone, email or post||Consent / legitimate interest|
|To ensure that content from our website is presented in the most effective manner for you and for your computer||Legitimate interest|
|To allow you to participate in interactive features of our service, when you choose to do so||Legitimate interest|
|To notify you about changes to our service||Legitimate interest|
|To enable you to take part in any market research we include on or link to or from our website, or in which we invite you to take part||Consent|
|To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes||Legitimate interest|
|As part of our efforts to keep our website safe and secure||Legal obligation / legitimate interest|
|To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you||Legitimate interest|
|To make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them||Legitimate interest|
Further information regarding the processing of personal information that we undertake can be found below, however, if you have questions about, or need further information, concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided above.
Complaint about our services and products
When we receive a regulatory complaint from a person we create a file containing the details of the complaint, including the identity of the complainant. It may contain health related information. We will only use the personal information we collect to process the complaint.
We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the “need to know” principle.
We retain personal information we collect from you where we have a genuine business need to do so, for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements.
Your Rights and Choices
You have several choices regarding your use of our website. You could decide not to submit any personally identifiable information at all by not entering it into any forms or data fields on our website and not using any available personalised services. If you choose to submit personal data, you have the right to see and correct your data at any time by accessing the application. Certain parts of our website may ask for your permission for certain uses of your information and you can agree to or decline those uses.
If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will work to process this request promptly, although we may require additional information in order to do so.
No Fee is Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Roche uses technology and security precautions, rules and other procedures to protect your personal data from unauthorized access, improper use, disclosure, loss or destruction. To ensure the confidentiality of your data, Roche uses also industry standard firewalls and password protection. It is, however, your personal responsibility to ensure that the computer you are using is adequately secured and protected against malicious software, such as trojans, computer viruses and worm programs. You are aware of the fact that without adequate security measures (e.g. secure web browser configuration, up-to-date antivirus software, personal firewall software, no usage of software from dubious sources) there is a risk that the data and passwords you use to protect access to your data, could be disclosed to unauthorised third parties.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Use of Data
Roche, including the subsidiaries, divisions and groups worldwide and/or the companies we hire to perform services on our behalf will use any personally identifiable information you choose to give us to comply with your requests. We will retain control of and responsibility for the use of this information. Some of this data may be stored or processed at computers located in other jurisdictions, such as the United States, whose data protection laws may differ from the jurisdiction in which you live. In such cases, we will ensure that appropriate protections are in place to require the data processor in that country to maintain protections on the data that are equivalent to those that apply in the country in which you live.
The information that you provide to us, will be helpful for us to better understand your needs and how we can improve our products and services. It helps us also to personalise certain communications with you about products and/or services that you might find interesting. We may use this data in order to provide information to an individual who has agreed to receive information from us. We may also use the data in aggregate form with no personally identifiable information in order to provide analysis internally and to share with others when appropriate.
Data Sharing and Transfer
Roche shares personally identifiable data about you with various outside companies or agents working on our behalf to help fulfil business transactions (such as providing customer services) and to help fulfil business operations such as sending marketing and/or customer communications about our products, services and offers including market research and telemarketing; maintaining our customer database and website; conducting analytics, marketing and website optimisation including search engines and online marketing and for the performance of any contract we enter into with you.
In addition, we may share personally identifiable data that we collect from you with our company's subsidiaries and affiliates globally or store that data with them. All these companies and agents are required to comply with applicable data protection laws.
We may also disclose personally identifiable information for these purposes:
(a) in connection with the sale, assignment or other transfer of the business of the website to which the data relates;
(b) to respond to appropriate requests of legitimate government agencies or where required by applicable laws, court orders, or government regulations; or
(c) where needed for corporate audits or to investigate or respond to a complaint or security threat.
No Third-Party Direct Marketing Use: We will not sell or otherwise transfer the personally identifiable information you provide to us at our website to any third parties for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent for your data to be shared in this manner.
Your Legal Rights
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Links to Other Sites
Our website may, from time to time, contain links to and from the websites of our affiliates or to any number of websites that may offer useful information to our visitors. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or those linked websites. Please check these policies before you submit any personal data to these websites.
Additional Information on Websites
If a website has particular provisions relating to privacy that differ from those stated here, those provisions will be disclosed to you on the page on which personally identifiable information is collected.
Note to Users of Business or Professional Websites
If you have a business or professional relationship with Roche, we may use information you submit on our website to fulfil your requests and develop our business relationship with you and the entities you represent. We may also share such information with third parties acting on our behalf.
Date of preparation: September 2018