Last revised: 31, October 2018
General Privacy Statement
At F. Hoffmann-La Roche Ltd (“Roche”) we are committed to protecting your personal information. This Privacy Notice outlines the types of personal information Roche may collect; the means by which Roche may collect, use, or share your personal information; steps Roche takes to protect your personal information; and choices you are provided with respect to the use of your personal information.
This Notice only applies to Roche websites that link to this Notice. Our websites also may contain links to third-party websites. We do not endorse and are not responsible for the content of third-party websites or resources, and our privacy notice does not apply to any sites that are not affiliated with Roche, even if you access them via a link on our site. You should review the privacy policies of any third-party site before providing any information.
For purposes of this Privacy Notice, “Personal Data” is any information by which you can be individually identified both directly and indirectly, including, but not limited to, your name, address, e-mail address, and telephone number.
This website is not designed or intended for use by children under the age of 16. We do not knowingly collect any Personal Data from anyone under the age of 16 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent’s or guardian’s permission prior to using or disclosing any Personal Data on this website or online resource.
Identity and Contact Details of the Data Controller
The data controller is F. Hoffmann-La Roche Ltd, Grenzacherstrasse 124, CH-4070 Basel, Switzerland.
In the event that your Personal Data is covered by the EU General Data Protection Regulation (“EU”) 2016/679 (“GDPR”), the EU representative of F. Hoffmann-La Roche Ltd is Roche Privacy GmbH, Emil-Barell-Str. 1, D-79639 Grenzach-Wyhlen.
You may contact the data controller by mail at Grenzacherstrasse 124, CH-4070 Basel, Switzerland or email at email@example.com.
How and Why We Process Your Personal Data
On this website, we may request Personal Data about you. Examples of Personal Data that we may collect that directly identifies you includes your name, contact information, email address, and other information in combination with these identifiers. We may also may collect certain Personal Data information that does not directly identify you by name, but could be used to identify that a specific computer or device has accessed our website.
We process your Personal Data on our websites for many reasons, including:
- To respond to your requests or inquiries;
- To complete a transaction;
- To personalize your experience;
- To perform website analytics and measure website performance;
- To track and monitor adverse events and other activities related to pharmacovigilance); and
- To maintain the website, including for security purposes.
Several places on our website require Personal Data if you choose to use them, including surveys, registration, and content sharing features (i.e., “E-mail to a Friend” links). Roche and its business partners collect this information about you only if you voluntarily provide it to us. Please be aware that certain features of this site may not be available to you if you elect not to provide certain Personal Data. Any Personal Data you provide to us will be used in accordance with this Privacy Notice.
More Information on our Processing Activities
This sections outlines each processing activity in greater detail and provides information on the categories of information collected for each activity as well as the legal basis of processing for each of these activities.
Responding to Requests or Inquiries. Certain parts of our websites and online resources allow you to submit your Personal Data to us to for various purposes. For example, you may submit a Medical Information request, inquire about a product, or subscribe to one of our mailing lists. In these instances, we may use the information that you provide to us to take the steps necessary to respond to your request. Depending on your request, we may collect your contact information (such as your name, mailing address, telephone number, job title), your interests and preferences (such as products or areas of interest), and any other information you provide to us. We collect and process your Personal Data for these purposes based on your consent. If reporting is required, we may process your data to comply with our legal obligations.
Completing Transactions. Some parts of our website may collect your Personal Data to fulfill services that you have requested and to understand your interests and preferences. In these instances, we may collect your contact information as well as a history of your previous transactions with us (such as order history, customer account information). If you are purchasing or ordering a product or service from us, we use this information to perform our agreement with you.
Personalizing Your Experience. We may collect certain information about you, your preferences, and how you have interacted with us in the past in order to understand your interest in our products and services so that we can best serve you. This may include information about your contact and product preferences, languages, marketing preferences, and demographic data. In cases where we collect this information automatically, we collect and process this information for our legitimate business interests. In other cases, we will collect and process this information pursuant to your consent.
Tracking and Monitoring Adverse Events and Pharmacovigilance. Some specified parts of our websites may collect Personal Data related to adverse events or other activities related to pharmacovigilance. This information is very important for public health and will be used for the detection, assessment, understanding, and prevention of adverse events or other medicine-related problems. We collect and process your information for these purposes to comply with our legal obligations and may be required to report the data to regulatory authorities. For more information about how we use and disclose Personal Data for these purposes, please see our Privacy Notice for Pharmacovigilance.
To Run and Maintain our Website. We use this information to secure our websites, network systems, and other assets. This may include information concerning your IP Address, geographic location, resources you have accessed, and similar information. We collect this information automatically, for our legitimate business interests.
Cookies and Other Web Trackers
Cookies. Our websites may use a tracking technology called a “cookie.” A cookie is a small data file that a website can place on your computer’s hard drive, where your internet browser files are kept. Cookies enable us to recognize when a computer being used to browse our websites has previously visited a Roche website or online resource. Cookies can also be used to enable a site to “remember” the information a visitor has previously inputted. Cookies may be placed on your computer both by us and by third parties with whom we have a relationship, such as web analytic services and advertising network services.
Web Beacons. On certain web pages or in emails we send to you, we may utilize a technology called a “web beacon” (also known as an “action tag” or “clear GIF technology”). We may use web beacons to help determine which email messages sent by us were opened and whether a message was acted upon. Web beacons also help analyze the effectiveness of websites by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.
Social Plugins. This site may use social plugins (e.g., the Facebook “Like” button) to enable you to easily share information with others. When you visit our site, the operator of the social plugin may be able to place a cookie on your computer, enabling that operator to recognize individuals who have previously visited our site. If you have previously logged into the associated social media website (e.g., Facebook) before browsing on our website, the social plugin allows that social media website to receive information about your visit to particular pages on our website. The social plugin may collect this information for any such visitors who have logged into social networks, whether or not they specifically interact with the plugin on our websites (e.g., by clicking “Like” or “Share”). The social plugin may also allow the social media website to share information about your activities on our websites with other users of their social media website. For further details about the information shared via a particular social media plugin, you should refer to that social media site’s privacy statement.
Certain web browsers and other programs may be used to signal your preferences to Roche about how or whether Roche or third parties may collect information about your online activities. Currently, Roche does not respond to such signals.
Use of Data for Marketing
We will not sell or transfer your Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent. We use third party advertising companies to place ads on other websites. These companies may use data about your visits to this and other websites in order to measure advertising effectiveness and to provide advertisements about our goods and services that may be of interest to you. If you would like more information about this practice and your choices to opt out of having this information used by these companies, see our Cookies Policy.
Information Sharing / Recipients of Personal Data
Recipients of your Personal Data
We may share your Personal Data with Roche’s affiliates around the world. Our Roche affiliates will use your Personal Data for the same purposes as we do. A list of Roche’s affiliates is available in the current annual report, which can be found in the Investors section of www.roche.com.
We may also share your Personal Data with outside third parties, including our data processors, for the following purposes:
- To help fulfill Roche business transactions;
- To conduct technical maintenance of our websites and other web platforms;
- To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Roche participates, or pursuant to a financial arrangement undertaken by Roche;
- To respond to appropriate requests of legitimate government authorities, or where required by applicable laws, court orders, or government regulations; and
- Where needed for corporate audits or to investigate or respond to a complaint or security threat
International Transfers of Your Personal Data
Any Personal Data you provide to us through your use of this website may be transferred to or stored in a geographic region which imposes different privacy obligations than your country of origin. This may mean that your Personal Data may be sent to a country with less restrictive data protection laws than your own. Any such transfer will be conducted in compliance with applicable law.
If your Personal Data is covered by the GDPR: For transfers of data within the Roche Group, contracts containing the EU Standard Contractual Clauses according to the EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010)593) constitute appropriate and suitable safeguards to ensure compliance with GDPR. In addition to Standard Contractual Clauses, Roche may also use data processors that are certified under the EU-U.S. Privacy Shield, which establishes appropriate and suitable safeguards to ensure compliance with the GDPR according to the EU Commission decision of 12 July 2016 (C(2016) 4176).
Retention / Storage Period of Your Personal Data
The length of time in which we will store your Personal Data will differ depending on the purpose for which we have collected and are processing your data. In most cases, we will keep the data for three (3) years following our last interaction with you. We may, however, maintain your data for a longer period of time if we are required by law to maintain your data. For example, reports related to pharmacovigilance are kept for a minimum of 10 years after the withdrawal of the product in the last country where the product is marketed.
Information About Your Rights Regarding Your Personal Data
Your Rights If Your Data is Covered by the GDPR
If your Personal Data are covered by the GDPR (that is, if you are an individual within the European Economic Area), you may have certain additional rights with regards to our use and processing of your Personal Data.
You have the following rights with respect to your Personal Data:
- The right to request access to the Personal Data that Roche has about you;
- The right to rectify or correct any Personal Data that is inaccurate or incomplete;
- The right to request a copy of your Personal Data in electronic format so that you can transmit the data to third parties, or to request that Roche directly transfer your Personal Data to one more third parties;
- The right to object to the processing of your Personal Data for marketing and other purposes;
- The right to erasure of your Personal Data when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your Personal Data to certain limited purposes where erasure is not possible.
To exercise any of these rights, please contact us using the information provided above.
Please note that erasure or restriction of processing is only possible if and to the extent that the processing of Personal Data is based on consent or legitimate interest. If data processing is based on consent, note that you have the right to withdraw your consent at any time, but that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. In the event of an erasure request, we may retain a copy of your Personal Data for our record-keeping purposes and to avoid entering your personal data in our systems after your request.
In the event that you believe or have the impression that our data processing does not comply with the GDPR, you are entitled to lodge a complaint with the responsible supervisory authority.
Your Rights If Your Data is Covered by California Law
California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please use the contact information provided above.
Be sure to include your name and address; you can include your email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by law.
Roche and its business partners take reasonable steps to protect Personal Data we access or receive through this website from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Nevertheless, Roche makes no guarantee as to the security of your Personal Data and disclaims, to the fullest extent permitted by law, all liability and damages caused by loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We recommend that you take any available precautions to protect Personal Data you submit on this website.
Updates to This Privacy Notice
From time to time, we may revise this Privacy Notice. Any such changes to this Privacy Notice will be reflected on this page. Roche recommends that you review this Privacy Notice regularly for any changes. The date on which this notice was last revised is located at the top of this notice.