Last updated May 2018
At Roche Diagnostics Limited (“Roche”, “we”, “us”) we understand that protecting the privacy of your data is very important and that information about your health is particularly sensitive.
This policy explains what personal data we collect from you, how we use and share your personal information in order to conduct our business and how you can exercise your privacy rights.
This website is operated by Roche. The data controller is Roche Diagnostics Limited (company number 00571546), Charles Avenue, Burgess Hill, West Sussex, RH15 9RY.
If you have any questions or concerns about privacy or would like to exercise your rights in relation to your personal information, please send an email to our Data Protection Officer (firstname.lastname@example.org) or write to the Data Protection Officer at the address above.
Personal information we collect
Personal information you provide to us
Personal information we collect automatically
In some countries, including countries in the European Economic Area, information from your electronic device may be considered personal information under applicable data protection laws. Automatic technologies we use may include, for example, web server logs/IP addresses, cookies, web beacons and third party application and content tools. These technologies may be updated from time to time to reflect new functionalities that are available.
An IP address is a number assigned to your device whenever you access the internet. All computer identification on the internet is conducted with IP addresses, which allow devices and servers to recognise and communicate with each other. Roche collects IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and website performance review.
We may also collect information about your operating system and browser type, how your device has interacted with our website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading ”Cookies and similar tracking technology” below.
How and why we use your personal data
Roche collects personal information to perform our business operations, provide you with and improve products and services, and personalise your experience.
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you for information.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where:
- we have your consent to do so
- where we need the personal information to perform a contract with you, or
- where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, in some cases for direct marketing, fraud prevention, network and information systems security).
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details above.
The following is a list of the ways that we may use your personal information, and the reason we rely on for doing so:
|What we use your personal information for||Our reasons (legal basis)|
|Browsing public pages on our website||Legitimate interest|
|Undertaking website administration for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;||Legitimate interest|
|Managing network and data security||Legitimate interest|
|Processing and responding to requests or complaints received by you||Legitimate interest|
|To detect, investigate and report financial crime (e.g. fraud)||Legitimate interest/legal obligation|
|To allow you to participate in interactive features of our service||Legitimate interest|
In some cases we also remove personal identifiers from data you provide to us and maintain it in aggregate form. We may combine this data with other information to produce anonymous, aggregated statistical information (e.g. number of visitors, originating domain name of the Internet Service Provider), helpful to us in improving our products and services.
Further information regarding the processing of personal information that we undertake can be found below, however if you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided above.
a) Browse public pages on our websites
If you browse public pages on our websites, i.e. content that you can access without being logged in to an account you may have with us, we collect and process only non-sensitive information about you. In particular, we will not collect any health related information about you when you browse public pages on our websites. We will however process your personal information to the extent required to deliver the public content you request from us e.g. to format it for your browser. We will also process your personal information to meet our legitimate interests to protect the security of our website systems and to measure the audiences for the various types of content provided. To do this, we use:
IP Addresses. An IP address is a number assigned to your computer to enable communication – similar to a telephone number. Roche collects IP addresses for the legitimate purposes of ensuring system security and reporting aggregate information to conduct website analysis and performance review. System log files will be analysed within 7 days and non-suspicious data will be deleted thereafter. Other data will be retained for as long as it is required to prove a security incident.
Web Beacons. Web beacons (or “action tags”) are small graphic elements to help analyse the effectiveness of websites by measuring, for example, the number of visitors or how many visitors clicked on content elements of a website. We analyse the statistics provided through web beacons on an anonymous and aggregated basis only.
Google is certified under the US-EU Privacy Shield and we have agreed with Google a data processing agreement to ensure they operate Google Analytics on our behalf. We also use the IP-anonymisation feature of Google Analytics. If you visit the website from within states that form part of the European Economic Area, your IP address will be truncated before it leaves the European Economic Area. Only in exceptional cases (e.g. a failure of the EU based systems) will the whole IP address be first transferred to a Google server in the USA and truncated there.
Google will use this information on our behalf for the legitimate interest based purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
You may opt-out from Google Analytics with effect for the future by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at http://tools.google.com/dlpage/gaoptout?hl=en (does not work with all mobile devices / browsers). Or you can deactivate Google Analytics on mobiles and other devices by clicking the following opt-out link: Click here to opt-out of Google Analytics. Note: Google Analytics is only active on the public pages of our websites, i.e. not on pages of our websites that you access when logged into your account.
Services. We may use third party applications and content tools on certain Roche Websites to provide additional information to you, e.g. Google Maps. When you interact with them, these third parties may receive your personal information including your IP address. We will clearly indicate where we use such third party services so that you can decide whether or not to use them.
We retain personal information we collect from you where we have a genuine business need to do so, for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements.
When we have no ongoing business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Roche takes appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. To ensure the confidentiality of your data, Roche uses industry standard firewalls and password protection. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential and we ask you not to share this password anyone.
Who receives your information
Roche shares your personal information with your consent and further as necessary in relation to the above purposes, as required by applicable laws, court orders, or government regulations. Roche uses group internal and external providers and agents e.g. for IT systems operation and maintenance or to fulfil business transactions, such as providing customer services, or sending communications. In all these cases, access to unencrypted data is restricted to those who have a need to know. Also, Roche has entered into data processing agreements in order to ensure that providers and agents process the personal information only on Roche’s behalf and subject to appropriate technical and organisational measures.
Roche will not sell or otherwise transfer your personal information to any third parties for their own use unless with your explicit consent.
We also share data with our company’s subsidiaries and affiliates globally, or store that data with them when required to by law or to respond to a legal process, to respond to a complaint or security request.
Your Rights and how to exercise them
You may, in accordance with applicable data protection law, request the following from Roche:
- Right of access: request access to your personal information we process, obtain a copy of such data, and have inaccurate data rectified or completed;
- Right to rectification: to have your personal information corrected if it is inaccurate/have incomplete personal information completed
- Right to erasure: to have your personal information erased or its processing restricted (each to the extent that one of the grounds provided for by statutory law applies)
- Right to restriction of processing: to restrict processing of your personal data
- Right to data portability: to electronically move, copy or transfer your personal information in a standard form
- Right to object: to object to processing of your personal information
- Right to withdraw consent
- Rights relating to automated individual decision making, including profiling. We do not use such processes without your prior consent.
You can exercise your rights by contacting us at the address above. These choices do not apply to mandatory service communications that are part of certain Roche services.
If you have difficulties or other enquiries, please approach us or our Data Protection Officer using the above contact details.
We may use specific pieces of your information to profile depending on the interaction.
Privacy of Children
Our website is directed at an adult audience. We do not knowingly collect any personally identifiable information from anyone we know to be a child without the prior, verifiable consent of his or her legal representative.
Additional information on Roche websites
If a Roche website has particular provisions relating to privacy that differ from those stated here, those provisions will be disclosed to you on the page on which personal information is collected.
Links to third-party sites
This policy does not apply to third-party online resources to which Roche’s websites may link. Roche does not control the content or the privacy practices of such resources.