Privacy notice

Last revised: December 2019

General Privacy Statement

At F. Hoffmann-La Roche Ltd (“Roche”), we are committed to protecting your personal information. This Privacy Notice outlines the types of personal information Roche may collect; the means by which Roche may collect, use, or share your personal information; steps Roche takes to protect your personal information; and choices you are provided with respect to the use of your personal information.

This Notice only applies to Roche websites that link to this Notice. Our websites also may contain links to third-party websites. We do not endorse and are not responsible for the content of third-party websites or resources, and our privacy notice does not apply to any sites that are not affiliated with Roche, even if you access them via a link on our site. You should review the privacy policies of any third-party site before providing any information.

For purposes of this Privacy Notice, “Personal Data” is any information by which you can be individually identified both directly and indirectly, including, but not limited to, your name, address, e-mail address, and telephone number.

Please refer to the California Supplemental Privacy Notice for more information about how this term is defined for the purposes of California law and for more information about how Roche uses such information.

Minors

This website is not designed or intended for use by children under the age of 16. We do not knowingly collect any Personal Data on this website from anyone under the age of 16 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent’s or guardian’s permission prior to using or disclosing any Personal Data on this website or online resource.

Identity and Contact Details of the Data Controller

The data controller is F. Hoffmann-La Roche Ltd, Grenzacherstrasse 124, CH-4070 Basel, Switzerland.

In the event that your Personal Data is covered by the EU General Data Protection Regulation (“EU”) 2016/679 (“GDPR”), the EU representative of F. Hoffmann-La Roche Ltd is Roche Privacy GmbH, Emil-Barell-Str. 1, D-79639 Grenzach-Wyhlen.

You may contact the data controller by mail at Grenzacherstrasse 124, CH-4070 Basel, Switzerland or email at global.privacy@roche.com.

The California Supplemental Privacy Notice provides the appropriate channels for contacting Roche with questions, requests, and inquiries in scope of California law.

How and Why We Process Your Personal Data

On this website, we may request Personal Data about you. Examples of Personal Data that we may collect that directly identifies you includes your name, contact information, email address, and other information in combination with these identifiers. We may also may collect certain Personal Data that does not directly identify you by name, but could be used to identify that a specific computer or device has accessed our website.

We process your Personal Data on our websites for many reasons, including:

  • To respond to your requests or inquiries;
  • To complete a transaction;
  • To personalize your experience;
  • To perform website analytics and measure website performance;
  • To track and monitor adverse events and other activities related to pharmacovigilance; and
  • To maintain the website, including for security purposes.

Several places on our website require Personal Data if you choose to use them, including surveys, registration, and content sharing features (i.e., “E-mail to a Friend” links). Roche and its business partners (such as service providers or other third parties who provide certain services to Roche) collect this information about you only if you voluntarily provide it to us. Please be aware that certain features of this site may not be available to you if you elect not to provide certain Personal Data. Any Personal Data you provide to us on our websites will be used in accordance with this Privacy Notice.

More Information on our Processing Activities

This table outlines each website-related processing activity in greater detail and provides information on the categories of information collected for each activity as well as the legal basis of processing for each of these activities, if and to the extent the data processing is subject to GDPR.

Purpose and categories of data

Legal Basis

Citation

Responding to Requests or Inquiries.
We may use the information that you provide to us to take the steps necessary to respond to your request, for example, you may submit a medical information request, inquire about a product, or subscribe to one of our mailing lists. Depending on your request, we may collect your contact information (such as your name, mailing address, telephone number, job title), your interests and preferences (such as products or areas of interest), and any other information you provide to us. For more information about how collect Personal Data for Medical Information Requests, please refer to our Privacy Notice for Pharmacovigilance, Medical Information, and Product Complaints.

We collect and process your Personal Data for these purposes based on our legitimate interest to respond to your request. If you submitted sensitive Personal Data as part of your inquiry, we will also base such processing on your explicit consent. If reporting is required, we may process your data to comply with our legal obligations. Article 6(1)(f) GDPR
Articles 6(1)(a) and 9(2)(a) of the GDPR
Article 6(1)(c) and Article 9(2)(i) GDPR
Completing Transactions.
Some parts of our website may collect your Personal Data to fulfill services that you have requested and to understand your interests and preferences. In these instances, we may collect your contact information as well as a history of your previous transactions with us (such as order history, customer account information).
We use this information to perform our agreement with you. Article 6(1)(b)
Personalizing Your Experience.
We may collect certain information about you, your preferences, and how you have interacted with us in the past in order to understand your interest in our products and services so that we can best serve you. This may include information about your contact and product preferences, languages, marketing preferences, and demographic data.
In cases where we collect this information automatically, we collect and process this information for our legitimate business interests. In other cases, we will collect and process this information pursuant to your consent. Article 6(1)(f) GDPR
Article 6(1)(a) of the GDPR
Website Analytics and Tracking.
Where permitted by law, we may combine Personal Data you provide with other information you’ve provided to Roche through our websites. Where permitted by law, we may also combine Personal Data collected through our websites and online resources with Roche’s offline records and information provided to us by third parties. More information about this can be found in the section below and in our Cookie Notice.
In cases where we collect this information automatically, we collect and process this information for our legitimate business interests. In other cases, we will collect and process this information pursuant to your consent. Article 6(1)(f) GDPR
Article 6(1)(a) of the GDPR
Tracking and Monitoring Adverse Events and Pharmacovigilance.
Some specified parts of our websites may collect Personal Data related to adverse events or other activities related to pharmacovigilance. This information is very important for public health and will be used for the detection, assessment, understanding, and prevention of adverse events or other medicine-related problems. For more information about how we use and disclose Personal Data for these purposes, please see our Privacy Notice for Pharmacovigilance, Medical Information, and Product Complaints.
We collect and process your information for these purposes to comply with our legal obligations and may be required to report the data to regulatory authorities. Article 6(1)(c) and Article 9(2)(i) GDPR
To Run and Maintain our Website.
We use this information to secure our websites, network systems, and other assets. This may include information concerning your IP Address, geographic location, resources you have accessed, and similar information.
We collect this information automatically, for our legitimate business interests to run, maintain, and secure our websites. Article 6(1)(f)

Please visit the California Supplemental Privacy Notice for more information about Personal Data processing activities as they relate to California residents.

Cookies and Other Web Trackers

Our websites and online resources also collect other basic information about you which may not directly identify you, but which may correspond with you or a particular device. We use some of this information to allow our websites to run, as well as to learn more about how our websites and online resources are used and to otherwise improve and administer the site. We also use this information to enable us to deliver information tailored to your interests and preferences, based on your use of the site. For example, we may collect the IP Address assigned to your computer by your internet service provider. This address may change each time you connect to the internet (a “dynamic” IP address), or it may remain the same (a “static” IP address). In most cases, this information is collected automatically, for our legitimate business interests. In some jurisdictions, we ask for your consent before collecting this information, in which case you will be presented with a choice as to whether you wish to allow the collection and use of this type of information. Please see our Cookie Notice for more information.

Certain web browsers and other programs may be used to signal your preferences to Roche about how or whether Roche or third parties may collect information about your online activities. Currently, Roche does not respond to such signals.

Use of Data for Marketing

We do not sell or transfer your Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent. We use third party advertising companies to place ads on other websites. These companies may use data about your visits to this and other websites in order to measure advertising effectiveness and to provide advertisements about our goods and services that may be of interest to you. If you would like more information about this practice and your choices to opt out of having this information used by these companies, see our Cookies Policy.

Information Sharing / Recipients of Personal Data

Recipients of your Personal Data

We may share your Personal Data with Roche’s affiliates around the world. Our Roche affiliates will use your Personal Data for the same purposes as we do. A list of Roche’s affiliates is available in the current annual report, which can be found in the Investors section of www.roche.com.

We may also share your Personal Data with third parties, such as our service providers, for the following purposes:

  • To help fulfill Roche business transactions;
  • To conduct technical maintenance of our websites and other web platforms;
  • To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Roche participates, or pursuant to a financial arrangement undertaken by Roche;
  • To respond to appropriate requests of legitimate government authorities, or where required by applicable laws, court orders, or government regulations; and
  • Where needed for corporate audits or to investigate or respond to a complaint or security threat

International Transfers of Your Personal Data

Any Personal Data you provide to us through your use of this website may be transferred to or stored in a geographic region that imposes different privacy obligations than your country of origin. This means that your Personal Data may be sent to a country with less restrictive data protection laws than your own. Any such transfer will be conducted in compliance with applicable law.

If your Personal Data is covered by the GDPR: For transfers of data within the Roche Group, contracts containing the EU Standard Contractual Clauses according to the EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010)593) constitute appropriate and suitable safeguards to ensure compliance with GDPR. In addition to Standard Contractual Clauses, Roche may also use data processors that are certified under the EU-U.S. Privacy Shield, which establishes appropriate and suitable safeguards to ensure compliance with the GDPR according to the EU Commission decision of 12 July 2016 (C(2016) 4176).

Retention / Storage Period of Your Personal Data

The length of time in which we will store your Personal Data will differ depending on the purpose for which we have collected and are processing your data. In most cases, we will keep the data for three (3) years following our last interaction with you. We may, however, maintain your data for a longer period of time if we are required by law to maintain your data. For example, reports related to pharmacovigilance are kept for a minimum of 10 years after the withdrawal of the product in the last country where the product is marketed.

Information About Your Rights Regarding Your Personal Data

You may have certain rights regarding our use and processing of your Personal Data.

Your Rights If Your Data is Covered by the GDPR

If your Personal Data are covered by the GDPR (that is, if you are an individual within the European Economic Area), you have the following rights with respect to your Personal Data:

  • The right to request access to the Personal Data that Roche has about you;
  • The right to rectify or correct any Personal Data that is inaccurate or incomplete;
  • The right to request a copy of your Personal Data in electronic format so that you can transmit the data to third parties, or to request that Roche directly transfer your Personal Data to one more third parties;
  • The right to object to the processing of your Personal Data for marketing and other purposes;
  • The right to erasure of your Personal Data when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your Personal Data to certain limited purposes where erasure is not possible.

To exercise any of these rights, please contact us using the information provided above.

Please note that erasure or restriction of processing is only possible if and to the extent that the processing of Personal Data is based on your consent or our legitimate interests. If data processing is based on consent, note that you have the right to withdraw your consent at any time, but that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. In the event of an erasure request, we may retain a copy of your Personal Data for our record-keeping purposes and to avoid entering your personal data in our systems after your request.

In the event that you believe or have the impression that our data processing does not comply with the GDPR, you are entitled to lodge a complaint with the responsible supervisory authority.

Your Rights If Your Data is Covered by California Law

If you are a California resident as defined by the California Consumer Privacy Act (CCPA), you can find a description of these rights covered in the California Supplemental Privacy Notice. That privacy notice contains information on how to contact Roche to exercise any of your rights under that law.

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please use the contact information provided in the California Supplemental Privacy Notice.

Data Security

Roche and its service providers and collaboration partners take reasonable steps to protect Personal Data we access or receive through this website from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Nevertheless, Roche makes no guarantee as to the security of your Personal Data and disclaims, to the fullest extent permitted by law, all liability and damages caused by loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We recommend that you take any available precautions to protect Personal Data you submit on this website.

Updates to This Privacy Notice

From time to time, we may revise this Privacy Notice. Any such changes to this Privacy Notice will be reflected on this page. Roche recommends that you review this Privacy Notice regularly for any changes. The date on which this notice was last revised is located at the top of this notice.