Privacy statement

Roche is an international company involved in manufacturing and sales in the fields of diagnostics, diabetes care and pharma for various medical devices, medicinal products and the provision of related services.
Roche is aware that the protection of privacy and therefore also the protection of the personal data of patients, customers and business partners is very important and assigns it considerable importance. Roche has therefore taken the necessary steps to comply with global data protection requirements and therefore observes the laws of the European Union, Germany and all other applicable norms. 

Your personal data is exclusively processed to the extent permitted by law and in consideration of valid laws, especially the transparency obligation. You can see in the following data protection information how Roche processes your data in different contexts.
If there is anything you do not understand or if you have questions, you can contact the data controller or our data protection officer (see below) at any time.


Data controller

If not otherwise indicated, the following Roche company (“Roche”) is responsible for processing your data on our website www.meineaugenblicke.de:
Roche Pharma AG
Emil-Barell-Straße 1
79639 Grenzach-Wyhlen
grenzach.communications@roche.com

 

Data Protection Officer

You can contact the Data Protection Officer on the above-mentioned address with the supplement "c/o Data Protection Officer" or via email to germany.privacy@roche.com.

Your rights

You have the following rights with respect to you Personal Data:
•    Right to information about the processing of your data
This allows you to find out which data we store about you.
•    Right to correction of your data
This allows you to correct inaccurate data that we hold, for example old address data or accidentally incorrect records.
•    Right to erasure of data concerning you
This allows you to have personal data about you that we collect or process deleted.
•    Right to restriction of processing of your data 
This allows you to restrict the processing of your data that we hold, such as in cases in which it has not yet been determined whether or not data should be deleted.
    Right to data portability
If we process your data on the basis of your consent or an agreement, subject to certain requirements you may receive the data you have given to us in a structured, current and machine-readable format and have it sent to another data controller.
•    Right of withdrawal of consent
You can revoke consent for the processing of your data informally at any time with future effect. Unless anything contrary is specified, you can do so by sending an informal email to the data controller.
•    Right to object
If we process your personal data to comply with our legitimate interest under Article 6(1)(f) GDPR, you may object to this processing in full or in part at any time on grounds arising from your particular situation. We will check the interests again and will adjust the processing of your data if necessary. However, this may lead to us no longer being able to offer you services in the usual way.
•    Right to complain to the data supervisory authority
You also have the right to complain to a data protection supervisory authority such as the Baden-Württemberg State Authority for Data Protection (Lautenschlagerstraße 20, 70173 Stuttgart) or the supervisory authority at your place of residence, workplace or the place of the alleged violation.
 
Some of the aforementioned rights may be subject to restrictions or requirements. You can find details in Articles 15 to 21 of the General Data Protection Regulation or by contacting our Data Protection Officer.
 
Exercising your rights: To exercise your rights, please contact Roche via the contact details above under “data controller” or contact the Data Protection Officer.
 

Processing of your data

Roche processes your data in different contexts for different purposes. Below is a description of data processing when you visit our website, during registration or logging in, in the context of pharmacovigilance and in marketing communications.

Further information about Roche’s processing of your data in Germany, which is not directly related to data processing in the Roche portal, as well as help with individual terms can be found at www.roche.de/datenschutz.

Visit to our website

1. Webserver logs

If you visit our websites or request further information (e.g. via contact forms or newsletter signups), we automatically collect and process the following information from you in the webserver’s protocol during each access:

Personal data Purpose Legal basis

Connection-related data:

  • IP address
  • Internet service provider domain
  • Connection speed/ bit rate
  • Mobile network provider
  • URL
  • The time of accessing the URL and the previous site visited (referrer)

 

Device-realted data:

  • Software environment (operating system, browser type and browser configuration settings/tools/display size/resolution, colour depth of the display unit)
  • The hardware you use
To secure saftey when using our website and the integrity of the content we offer We collect and process your Personal Data for this purpose based on our legitimate interest to ensure the secure provision of our website (Article 6(1)(f) GDPR)

 

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. On this website, the webserver protocols are deleted automatically after 30 days, provided that longer storage is not required in certain cases (e.g. in the event of attacks on the system security). After deleting the IP address, only anonymised information (no Personal Data) is stored.


Recipient: For the maintenance of our website we have deployed external service providers as Processors. Those are IT-service providers offering services for support and hosting.

2. Cookies and tracking methods (Cookie Policy)

The websites uses cookies or comparable methods which enable, through different features, a pseudonymised tracking of the visitors of the website.

Cookies: A cookie is a piece of information that is placed automatically on your computer’s hard drive when you access certain websites. Cookies allow the server to uniquely recognise your browser. Cookies may contain information to identify your computer or browser, including your device’s ID, your IP-Address, and/or an Ad-ID, as well as information about your browsing history. The information we obtain from using cookies may be combined with other Personal Data related to you.

Web beacons: Our website uses an internet technology called “web beacon” (aka “action tag” or “clear GIF” technology). Web beacons help analyze the effective­ness of websites by measuring, e.g., how many visitors access a site, how many visitors click on important parts of a site, whether the newsletter we send are being opened, or whether our messages have caused reactions.

Social media plugins and share buttons: We have implemented “Social-Media Plugins” and “Share Buttons” on our website. They enable an easy interaction with Social Network like Facebook or Instagram. Content from these Social Networks can be integrated to our website, and you may be able to easily “Like” content without having to leave our website. In these cases pseudonymised data relating to you may be transmitted to the Social Networks. Especially if you maintain an account with the networks and if you are logged in, the respective operator might be able to attribute the data to specific persons. Yet we usually use “Shariff”-buttons. This means that your data is only transmitted to the networks if you actively press one of the buttons yourself.

Web fonts: This website uses “Web Fonts” in order to display fonts uniformly, which can be downloaded from the internet. Upon accessing our website the browser downloads the necessary Web Fonts into your Browser Cache, in order to display texts and fonts correctly. For this purpose the browser you use has to establish communication with the servers. by doing so the provider can get information about your IP-address, as well as about the fact that our website has been accessed via your IP-address. In case your browser does not support Web Fonts, your computer will use a standard font. Provider: Adobe Web Fonts
Privacy statement: Privacy statement


Cookies and technology used

In order to give you control over the cookies and other technologies used on our website, we implement the “Cookie-Consent-Management-Tool”. It will appear as soon as you visit our website for the first time in a so-called Cookie Banner. It enables you to individually adjust  your settings and provides concrete information about the cookies we use, including further information on their providers and the pursued purposes.

If using cookies or other technologies is necessary, our websites will do so also without your consent. For all other cookies and comparable tracking technologies we will ask for your consent. In the Cookie-Consent-Management-Tool you can individually configure, for which purposes you consent to the use of cookies and other technologies, or withdraw your consent. Moreover in many cases you can adjust in your browser settings whether cookies are being accepted or blocked. Please note that some areas of our website may not function properly if you block cookies. The following links will lead you to instructions for the most popular browsers:

For Chrome: support.google.com/chrome/answer/95647

For Safari: support.apple.com/de-de/HT201265

For Firefox: support.mozilla.org/de/kb/Cookies-blockieren

For the Internet Explorer: support.microsoft.com/de-de/topic/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

The cookies we use can be split up into the following categories:

Essential cookies: These cookies are necessary for the website to function and cannot be turned off. In general, they are only placed as a reaction to actions that result in a request for services, such as adjusting your data protection settings, logging in or filling in forms. You can change your browser settings to that it blocks these cookies or warns you about these cookies, but blocking these cookies prevents the website from working properly. These cookies do not store any personal information.

Statistics cookies: These cookies allow us to analyse visits and their origin so that we can measure and improve our website’s performance. They help us find out which pages are the most popular and how visits navigate the website. We will possibly make these cookies available to third-party providers that help us to carry out these analyses (e.g. Google Analytics). All information collected by these cookies is aggregated and does not refer to you personally. If you block or reject these cookies, we don’t know when you have visited our website and cannot improve the site’s performance.

Functional cookies: These cookies allow us to offer better functionality and personalisation on our websites. They can be placed by us or third-party providers whose services we have integrated into our website. If you reject these cookies, some or all of these services might not work properly.

Social media cookies: These cookies are used by social media that we have integrated into our website, so that you can share our content with your friends and networks (such as Facebook, Twitter, LinkedIn). They are able to recognise your browser on other websites and to create a profile of your interests. This can impact the content and messages you see on other websites you visit. If you do not permit these cookies, you might not be able to use or see the social media functions.

Targeting cookies: These cookies can be placed by our advertising partners. They are used by companies to create a profile of your interests and show you relevant advertising on other websites. They do not save any personal information directly, but are solely used to identify your browser and device. If you do not permit these cookies, you will receive less targeted advertising.

In connection with the use of cookies and other technologies, we collect and process various types of personal data that you provide (also simply referred to below as "data"), in particular:

Personal data Purpose Legal basis

 

 

Technically correct and secure provision of websites and their functions (technically necessary cookies)

We collect and process your Personal Data for this purpose based on our legitimate interest to enable the provision of our website (Article 6(1)(f) GDPR).

IDs in cookies

and in the information in row 1

Statistics/website analysis (performance cookies)

Consent

(Article 6(1)(a) GDPR)

IDs in cookies

and in the information in row 1

Improvement of user experience/personalisation (functional cookies)

Consent

(Article 6(1)(a) GDPR)

IDs in cookies

and in the information in row 1

Interaction with social media

(Social media cookies)

Consent

(Article 6(1)(a) GDPR)

IDs in cookies

and in the information in row 1

Marketing purposes

(Targeting cookies)

Consent

(Article 6(1)(a) GDPR)

Information about providers and their purposes can be found in the cookie consent management tool and the additional information in this privacy statement.

Withdrawal: You can withdraw your consent by changing the configuration in the cookie consent management tool you use to limit it to your desired purposes.

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. The duration of storage of cookies varies. You can find details (in particular about the duration of storage) in the cookie consent management tool used.

Recipients: Some cookies are used exclusively by Roche (first-party cookies). Others are used by third-party providers (third-party cookies). In this case, the aforementioned personal data is sent to third-party providers. You can see a list of the names of the third-party providers in the consent management tool.

Tracking with fusedeck

The fusedeck tracking solution by Capture Media AG (hereinafter referred to as "Capture Media") is integrated into this website. Capture Media is a Swiss company based in Zurich, which measures use of this website in the context of engagements and events on our behalf. Engagement refers to a website visit that lasts longer than eight seconds. Events are the measurement of actions on the website, e.g. clicks in page navigation, text and image visibility. Tracking is anonymous, meaning that no connection can be established with an identified or identifiable person. Further information about data protection and about the rights of data subjects in connection with fusedeck including “opt-out” options can be find in the Privacy Policy and Information on the Right to Object. https://privacy.fusedeck.net/de/MOC66skcsd

3. Service used

Our websites also use the following services, as can be seen in the cookie consent management tool: 

OneTrust

Our websites use the cookie consent management tool from the provider OneTrust, LLC (headquarters at 1200 Abernathy Rd NE, Building 600,

Atlanta, GA 30328, USA and Dixon House, 1 Lloyd’s Avenue, London, EC3N 3DQ, England). We use the tool on the basis of our legitimate interest (Article 6(1)(f) GDPR) to give you and us the option to adjust and manage the use of cookies and comparable technologies based on your preferences. In particular, your IP address will be processed and cookies will be used to note your chosen preference.

For more information on this topic, please see the OneTrust policy statement: https://www.onetrust.de/datenschutzerklaerung/

Adobe Analytics

Our websites use Adobe Analytics, a web analysis service of Adobe Systems Software Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland.

We use Adobe Analytics as part of the Adobe Experience Cloud based on your consent (Article 6(1)(a) GDPR) to analyse how you and other users use our websites and can create corresponding reports. In particular, your IP address will be processed and cookies will be used.

For more information on this topic, please see the Adobe privacy policy:

https://www.adobe.com/de/privacy.html.

Eye-Able

To facilitate simpler and more accessible use of our website, we use the Eye-Able service from Web Inclusion GmbH, Gartenstraße 12c, 97276 Margetshöchheim, which acts as data processor (Art. 28 GDPR). The legal basis for this is our legitimate interest in facilitating simpler access to the website (Article 6(1)(f) GDPR) if we do not explicitly ask for your consent (in which case your consent is the legal basis in accordance with Article 6(1)(a) GDPR). The processed data includes network and device-related data (e.g. IP address, device and browser information). Web Inclusion GmbH Temedica GmbH does not record or analyse any personal usage behaviour or other personal data. Data is stored on servers operated by 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Web Inclusion GmbH also uses the Content Delivery Network of BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia).

You can find further information about data processing by Web Inclusion GmbH at https://eye-able.com/datenschutz/.

Retinora app registration

As part of our cooperation with Temedica GmbH, Landsberger Str. 300, 80687 Munich, our website offers the option to register to use the Retinora app via an integrated form. The Retinora app is an innovative application by Temedica, which helps patients with eye diseases such as AMD (age-related macular degeneration) or DMO (diabetic macular oedema) through digital solutions. The legal basis for this is your consent in accordance with Article 6(1)(a), Art. 9 (2)(a) GDPR. The data collected for preregistration include personal data, where applicable including health data (e.g. name, your email address and potentially your diagnosis), which will allow you to access the app early as soon as it is available. Temedica GmbH does not record or analyse any personal usage behaviour. Data is stored on Temedica GmbH’s servers, which are operated by Google Cloud, Gordon House, Barrow Street, Dublin 4, Ireland. 
 

You can find further information about data processing by Temedica GmbH at https://ophtha.temedica.com/datenschutz.

Patient programme

After logging into the member area (see “Login” section), you have the option to participate in our patient programme.

To be able to offer the patient programme, in addition to the data specified under "Visit to our website" and "Registration", we collect and process various types of personal data that you provide (also simply referred to as "data"), including:

Personal data Purpose Legal basis

Name (first and last name), your contact details (address, email, telephone number, availability) as well as information about your disease and treatment (e.g. medication and course of treatment)

Providing the augenblicke – Das Telefon mit Herz patient programme

If we explicitly request your permission: Your consent (Article 6(1)(a) GDPR, Article 9(2)(a) GDPR).

Otherwise, the processing is based on our legitimate interest to provide the patient programme within the member area (Article 6(1)(f) GDPR).

Your consent is voluntary and can withdraw it at any time, without having to give a reason, e.g. by sending an email to telefon@meineaugenblicke.de or a letter to augenblicke – Das Telefon mit Herz (Lise-Meitner-Str. 35, 10589 Berlin). It will then not be possible to continue participating in the patient programme.

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. If longer data storage is not required for regulatory reasons, the data will usually be deleted once you withdraw your consent.

Recipients: The data collection, evaluation and aggregation carried out as part of the patient programme is done by the augenblicke – Das Telefon mit Herz Team, the agency tasked with the patient programme dialog4health (dialog4health GmbH, Lise-Meitner-Str. 35, 10589 Berlin), on behalf of Roche Pharma AG, as data processor (Art. 28 GDPR). In principle, data forwarding to Roche Pharma AG by dialog4health GmbH takes place in anonymised and aggregated form only.

YouTube

To provide videos, our websites use YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The legal basis is our legitimate interest in the possibility of offering you videos (Article 6(1)(f) GDPR). The processed data includes network data (e.g. websites visited, access times) and network and device-related data (e.g. IP address, device and browser information).

If you are logged into your YouTube/Google account at this time, Google can link your visit to our website with your user account even if you do not click on the embedded video. If you decide to click and make use of the content on offer, Google will be informed of this. Your browser will then send further usage data to Google, which can be stored and reused by this provider.

For more information on this topic, please see the Google privacy policy: 

https://policies.google.com/privacy

 

Podigee

For selecting and listening to podcasts, our website uses the music and podcast hosting service Podigee by Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany, which acts as data processor (Art. 28 GDPR). The legal basis for this is our legitimate interest in facilitating access to podcasts (Article 6(1)(f) GDPR) if we do not explicitly ask for your consent (in which case your consent is the legal basis in accordance with Article 6(1)(a) GDPR). The processed data includes network and device-related data (e.g. IP address, device and browser information). Your IP address will be shortened immediately after collection and before storage. Data is stored on servers operated by Amazon Webservices EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (a company of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA), as well as on servers operated by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany.

You can find further information about data processing by Podigee at https://www.podigee.com/de/ueber-uns/datenschutz.

 

4. Minors

Our website is intended for an adult audience. If we discover that a user is not yet 16 years old, we will not collect any personal data from them before receiving verifiable consent from their legal guardian. A legal guardian of this type may, on request, inspect the information made by the child and/or request the deletion of this data.

5. Data security

Roche and its service providers and collaboration partners taken suitable steps to protect personal data that we access or receive via this website from loss, abuse and unauthorised access, disclosure, modification or destruction. Nevertheless, Roche assumes no guarantee for the security of your personal data and rejects, to the extent legally possible, all liability for damage that arises through loss, abuse and unauthorised access, disclosure, modification or destruction. We recommend that you take all available precautions to protect your personal data that you enter on this website.

6. Links to third-party websites

Our website may also include links to third-party websites. We are not responsible for the content of websites or resources of third parties and are not responsible for their content. Our data protection notice does not apply to websites not affiliated with Roche, even if you access them via a link on our website. You should check the data protection notice of third-party websites before you provide information.

B. Other data processing by Roche.

1. Contact with Roche

You can contact us in various ways, such as via email, chat or completing a contact form.

We collect and process various types of personal data that you provide in this context (also simply referred to below as "data"). This includes:

Personal data Purpose Legal basis
The data you provide in your email (e.g. first and surname, company, email address, message content) Handling the query

Depending on the content of the query: Carrying out precontractual measures/contract fulfilment (Article 6(1)(b) GDPR) or safeguarding our legitimate interest in handling your query (Article 6(1)(f) GDPR).

If your query concerns a notifiable incident, we process your data on the basis of the fulfilment of legal obligations 
(Article 6(1)(c) and Article 9(2)(i) GDPR)

 

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. The duration of storage of the data primarily depends on the content of your query. If longer storage of data is not required for regulatory reasons (e.g. reportable incidents), the data will usually be deleted three years after collection.

Services used:

You have the option to contact Roche via chat in some contexts. In addition, on some pages you have the option to book an appointment with an employee. To do this, we use various services and service providers:

Login:

You have the option to log in to our website to obtain access to the member area.

We collect and process various types of personal data that you provide in this context (also simply referred to below as "data"). This includes:

Personenbezogene Daten Zweck Rechtsgrundlage
The data you enter in the login process as well as metadata (network and device information, e.g. IP address, device used, access to content)
 
Permits secure access to the member area and provision of the content accessible there. If we explicitly request your permission (e.g. during registration): Your consent (Art. 6(1)(a) GDPR), in addition to safeguarding our legitimate interest in providing a secure, protected area (Article 6(1)(a), Article 9(2)(a) GDPR).

 

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. Your data is deleted automatically after 30 days, provided that longer storage is not required in certain cases (e.g. in the event of attacks on the system security). After deleting the IP address, only anonymised information (i.e. with no possible connection to a person) is stored.

MI Live Chat in the protected area

To facilitate live chats with you, our website uses MIatlas, software by Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich. Salesforce.com Germany GmbH acts as our data processor in accordance with Art. 28 GDPR.

You can use the chat function once you are logged in to the member area. As a patient, you can log in with the password provided by your doctor. At the start of the chat, you will be asked to enter your email address in case of any queries.  As a medical professional, you can log in with the login details provided to you. 

In connection with the provision of the live chat, your network and device information (e.g. IP address, device used, access to content) and further technical data (in particular your IP address) will be processed and cookies will be used to be able to offer the chat service.

In addition, the personal data you provide (e.g. your email address or, if you provide this information voluntarily, your name and your telephone number) will be processed to handle your query and to contact you. The legal basis for associated data processing is your consent (Article 6(1)(a) GDPR; if this is health data provided by a patient also Article 9(2)(a) GDPR).

As a rule, we store your messages and the data they contain for a period of one month. If required based on the content of the chat message (e.g. suspected side effects or product complaints), Roche may be obliged by legal or regulatory reasons to store chat messages along with further information for a longer period and to forward them to third parties and authorities (see also the information in the “Notification and tracking of suspected side effects (pharmacovigilance), medical queries and product complaints” chapter).

You can also find further information in Salesforce’s privacy policy: www.salesforce.com/de/company/privacy/

2. Notification and tracking of suspected side effects (pharmacovigilance), medical queries and product complaints

Below, we describe how your data are processed if you contact Roche in order to report a possible side effect to a Roche medication, if you have a medical or pharmaceutical question or if have a question or complaint in relation to a Roche product.

We collect and process various types of personal data that you provide (also simply referred to below as "data"). This includes:

Personal data Purpose Legal basis

Pharmacovigilance:

Name, contact details and affiliations/profession of the reporting person and information about the suspicious case. If necessary, any additional health information and medical history of the person affected by a side effect.

Notification and tracking of suspected side effects (pharmacovigilance) in line with legal and further regulations (GVP).

If we ask for your consent (as an affected patient), the legal basis is your consent (Art. 9(2)(a) GDPR).

Otherwise, the legal basis is the fulfilment of legal obligations

(Article 6(1)(c) and Article 9(2)(i) GDPR), Section 63b and 63c Medicinal Products Act (AMG). If we ask for your consent (as an affected patient), the legal basis is your consent (Art. 9(2)(a) GDPR).

Medical and pharmaceutical queries:

Name, contact details and affiliations/profession of the reporting person, and any further information as part of the query.

Answering your query and storage in our information database.

If your query includes information about a side effect or product complaint, your data will be processed for the purpose of pharmacovigilance or processing product complaints, and where applicable notifications to authorities.

Otherwise, the legal basis is safeguarding our legitimate interest in responding to your query and storing the data in an information database for reference purposes (Article 6(1)(f) GDPR).

Product complaints:

Name, contact details and affiliations/profession of the reporting person. If necessary, any additional health information and medical history, provided that this is necessary for the assessment, classification and evaluation of the product complaint.

Handling the product complaint and fulfilling the related legal obligations.

If your query includes information about a possible side effect or product complaint, the legal basis is the fulfilment of legal obligations

(Article 6(1)(c) and Article 9(2)(i) GDPR, Section 63b and 63c AMG). If we ask for your consent (as an affected patient), the legal basis is your consent (Art. 9(2)(a) GDPR). 


Otherwise, the legal basis is safeguarding our legitimate interest in the complaint (Article 6(1)(f) GDPR) and the fulfilment of legal obligations (Article 6(1)(c) and Article 9(2)(i) GDPR).

Service feedback:

Your feedback on service quality

Improvement in service quality for queries The legal basis is safeguarding our legitimate interest in improving our service quality (Article 6(1)(f) GDPR).

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. The duration of storage of the data primarily depends on the content of your query. If longer data storage is not required for regulatory reasons (e.g. notifiable incidents or reports of suspected side effects, which are stored for at least ten years after the removal of the products from the market in the country in which they were on sale), the data will usually be deleted after 15 years at the latest. Your feedback on service quality is stored for 18 months in relation to your query, along with your name and contact details (if available), and then deleted.

Recipients: In connection with pharmacovigilance, medical and pharmaceutical queries and product complaints, your data is stored in central systems of the Roche group and forwarded to business partners or service providers, insofar as this is required to maintain Roche’s central databases and comply with legal requirements. Roche is also obliged to share information regarding pharmacovigilance and product complaints with health authorities worldwide. In this context, data may also be forwarded to countries outside the EU, in which a lower level of data protection than EU data protection regulations may apply. Transfers to countries outside of the EU are generally made on the basis of EU standard contractual clauses.

The relevant notifications to the authorities include details about the respective incident, but in principle only limited personal data. For patients, information such as age or date/year of birth (if disclosure is permitted) and gender are forwarded, but not the patient’s name. For people making a report, the reported information including (where provided) data such as name, profession, initials, address, email, telephone number are shared in order to allow the authority to get in contact.

In this respect, please observe the privacy statement of F. Hoffmann-La Roche AG: https://www.roche.com/privacy-policy

 

 

3. Marketing communication (information letters, newsletters etc.)

We collect and process various types of personal data that you provide in this context (also simply referred to below as "data"). This includes:

Personal data Purpose Legal basis
First and last name, email address, post code, information about membership in professional organisations (e.g. profession, practice/clinic names and addresses) Sending marketing communication

Review of your information to check your professional group affiliation, in particular by checking against our database and publicly accessible information
Consent (Article 6(1)(a) GDPR)

Fulfilment of our obligation arising from Section 10 German Law on Advertising in the Healthcare System (HWS) (Article 6(1)(c) GDPR in conjunction with Section 10 HWG)
Tracking information (information about your IP address, your browser, your system and the time that the newsletter was opened and which links were clicked on) To measure the success of our marketing communication on aggregated level, so that we can provide all recipients with content that is as relevant as possible. Consent (Article 6(1)(a) GDPR)
Information about when you have registered for the newsletter, including your email address and the IP address used (log file) Evidence that you have consented to receive the newsletter Safeguarding legitimate interest in evidence of your consent (Article 6(1)(f) GDPR)

Duration of storage: We process and store your personal data only for as long as is required to meet the specific purpose and to satisfy our contractual, legal or official obligations. As a rule, we will store your data for as long as you are subscribed to our newsletter and have not cancelled your registration.

Recipients: We have commissioned a service providers to send our marketing communications:

Rapidmail (rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany)

C. Data recipients

Your Personal Data may be, for the same specific purpose as the ones we process it for, transferred to third parties if this is necessary to perform or fulfil the above mentioned purposes. This applies especially to the transfer to other Roche affiliates, for example if the consultation of specialised experts in necessary who are employed by other Roche affiliates, as well as in cases where you are being forwarded to websites of other Roche affiliates on the Roche DiaLog Portal or if you access content of other Roche affiliates via the support feature. All those organisations are obliged to comply with the requirements of our privacy standards. Moreover in some cases, e.g. in connection with legal disputes, your data may be transferred to specialised service providers (such as consulting agencies and lawyers), and if there is a legal obligation or an obligation by an authority to such authorities or other third parties.

A list of Roche’s affiliates is available in the current annual report, which can be found in the Investors section of our website www.roche.com.

We have several service providers processing your Personal Data as Processors (Article 28 GDPR), who act on our behalf and according to our instructions. Those are mostly providers of technical services who carry out IT maintenance and support tasks on our behalf, as well as Cloud-providers or business representatives who help us to conduct business transactions, e.g. the provision of customer support, the shipping of marketing information concerning our products, services or offers. For example, technical support for the website is provided by mindshape GmbH, Bonner Str. 172-176, 50968 Köln und die art tempi communications GmbH, Maria-Hilf-Str. 15, 50677 Cologne.  Please also note that some of the recipients are named specifically in this privacy statement.

Please also note that some other recipients are specified at the relevant sections above of this Privacy Policy.

In case you register directly with one of our service providers or create a user account with them they might collect and process additional data. Roche can not influence that since the processing is performed by the service providers themselves. You can obtain more detailed information regarding data protection in those contexts with the respective service providers.

D. Transmission to third countries

In order to pursue the above mentioned purposes your Personal Data may be transferred to countries within and outside of the European Union (EU) or the European Economic Area (EEA), in particular to Switzerland, to the USA, and to India. For some of these countries the EU-Commission has issued an adequacy decision (currently, for example, Switzerland). For transfers that are not based on an adequacy decision, an adequate level of data protection is ensured by appropriate safeguards, in particular EU Standard Contractual Clauses, and additional measures, if necessary. For more information about these safeguards, you may contact the Data Protection Officer.

Update to the privacy statement

We may revise this privacy statement from time to time. All such changes to this privacy statement are reflected on this page. We recommend that you check this privacy policy regularly for changes.

For additional information about data protection with Roche, especially how Roche processes your Data if you communicate with Roche employees, as well as support with legal terms in respect to data protection please visit the Datenschutz-Informationsportal available at www.roche.de/datenschutz.

Date last revised: 08.07.2024