At Roche we are aware of the fact that the protection of the privacy of our website’s users is very important and that any information concerning your health is particularly sensitive. Therefore we have taken the steps necessary to fulfil the global data protection requirements. Upon processing your personal data we adhere to the directives of the Roche-group concerning the protection of personal data and to the provisions of the EU, Austria and all applicable local rules on the storage, processing, access and transfer of personal data.
Controller according to Article 4 Sec 7 of the EU-General Data Protection Regulation - (GDPR) is die Roche Diagnostics GmbH, Engelhorngasse 3, 1210 Wien, E-Mail: firstname.lastname@example.org
Roche-Websites, referring to this data protection directive (hereinafter: the "directive") and collecting data from you will collect, process and protect your personal data in accordance with this Directive and the applicable laws only. This Directive shall be applicable to all personal data (as defined herein) collected by Roche via online-resources and means of communications (including websites, email and other online tools), which are linked to this Directive. This Directive shall not be applicable to personal data collected via offline-resources and means of communication, except in cases where such personal data are combined with personal data which are collected online. This Directive shall also not apply to online resources of third parties linked to Roche-websites; Roche does not control the content or data protection practise of such offerings.
Basically we collect your personal data only if you provide us with them by yourself. We do not forward your personal data to third parties for marketing purposes of such third parties, unless you expressly agree. Please read this Data Protection Statement to learn more about how we collect, use, transfer and protect information.
Collection of information
Roche collects data online in two ways:
- Personal Data: You can use our websites, without disclosing any personal data about you. We will collect personal data about you (e.g. name, address, telephone-number, email-address or other information identifying you) only if you provide us with such information by yourself. We are allowed to collect health-related data about you if you provide us with them yourself in the course of your answers to our questions and surveys.
- Aggregated Data: In some cases data provided by you are made anonymous and kept in aggregated for, i.e. in collected and consolidated form. As stated we use such data in an anonymous form only and sometimes combine the data with other data to enable us to generate anonymous statistics (e.g. about the number of users or the domain-names of the internet providers from which users access), which help us to improve our products and services.
Automatically collected data
Certain kinds of data are collected automatically whenever you deal with us via one of our websites and with email. If you use our website for information purposes only and do not register of transfer information to us by other means, we only collect personal data from you which your browser transmits to our server. Whenever you visit our website we may collect the following data which are necessary for technical reasons, to show our website to you and ensure its stability and security:
- date and time of a request
- difference in time zones
- content of the request (which site)
- access status/HTTP-status code
- transferred data volume
- website, from which the request originates
- operating system and its surface
- language and version of the browser software.
Webserver-Protocols/IP-addresses. An IP-address is a number assigned to your computer for purposes of internet-access. Each computer is identified with its IP-address on the internet; this enables computers and servers to recognise each other on the net and to communicate with each other. Roche collects IP-addresses for purposes of system administration, to administrate group companies, business partners and / or suppliers, to analyse sites and to control the performance of a website.
Cookies. A Cookie is a small data file that can automatically be placed on the hard-drive of your computer whenever you use certain websites. It helps the server to identify your browser. Cookies enable us to save information on the server, which make your visit to a website more comfortable and make it possible to analyse the sites and to review the performance of a website. Most browsers are programmed to accept cookies. However you can programme your browser in a way that it rejects all cookies or informs you whenever a cookie is about to be placed. Please be aware that certain parts of our sites may not be fully functional if you reject cookies.
This website uses the following kinds of cookies, the extent and operating mode of which are explained subsequently:
- transient cookies (which are deleted automatically once you close your browser. These in particular include session-cookies, which save the session-ID, which enable different requests of your browser to be assigned to the same session. This way your computer can be recognised once you return to our website. Session-cookies are deleted once you log-out or close the browser);
- persistent cookies (which are deleted automatically after a defined period of time, which can be different depending on the cookie. You can delete the cookies in the safety settings of your browser).
Web Beacons. On certain web pages or in emails we send to you, we may utilise a technology called a “web beacon” (also known as an “action tag” or “clear GIF technology”). Web beacons also help analyse the effectiveness of websites by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.
Web-Beacons, cookies and other tracking technologies do not themselves collect any personal data about you. Only if you give information yourself which identifies you, e.g. by registering or sending emails, such personal information can be used to collect personal data concerning your use of the websites and/or interactive emails, to improve the utility for you. If you identify yourself, anonymous data collected data from you (automatically) before can be connected with your person.
If you contact us via email or by use of a contact form we will store the data provided by your (your email address, possibly your name and your telephone number) to enable us to answer your questions. All data in this context are deleted as soon as their storage is no longer necessary or restrict their use whenever there is a legal obligation to retain such data.
Services: It is possible that certain Roche-websites offer services (e.g. Google Maps or QUARTAL FLIFE), which are based on applications or content tools of third parties. Such third parties may under certain circumstances automatically use certain information content if you communicate with us via our websites and use such third party applications and tools.
When using our websites you have various choices. You can decide not to disclose any personal data at all, by not completing the respective forms or data fields and by not using any of the personalised services available. If you decide to indicate personal data you have the right to review and correct your data at any time by addressing the respective application. Some sites may ask for your permission to use your information for certain purposes and you can agree or decline. If you register for certain services or subscriptions, e.g. for an electronic newsletter, you can unsubscribe at any time by following the respective instructions contained in each consignment. When you want to unsubscribe from any service or subscription we shall endeavour to delete your data promptly. It may however be possible that we need additional information to be able to fulfil your request.
Roche uses technical and security arrangements, directives and other measures to protect your personal data from unauthorised access, inappropriate use, disclosure, loss or destruction. To ensure the confidentiality of your personal data Roche uses conventional firewalls and means of protections based on passwords. Nevertheless it is your own responsibility to ensure that your computer is adequately protected against malware like trojans, viruses and worms. You are aware of the fact that without adequate security measures (e.g. securely configurated browser, newest anti-virus-software, personal firewall-software, non-use of software from dubious sources) there is the risk that data and passwords used by you to protect your data can become known to unauthorised third parties.
Use of data
Roche and its worldwide affiliates, divisions and groups and/or companies, which perform services on our behalf and in our name will use your personal data to fulfil your requests if you disclose such data yourself. The control of and the responsibility for the use of such information remain with us. It is possible that certain data may be stored or processed on computers located in different jurisdictions, such as the US, which o not offer the same level of data protection legislation as your own country. In such cases we will ensure adequate security measures, which obliged data processors in such countries to take data security measures comparable tot he your country of origin.
Whenever we use third party service providers for certain features of our offer, we will inform you in detail about the respective processes. In this context we will also inform you about the criteria defined and the duration of storage.
Information used for various human resources purposes (performance management, succession planning, development measures), help us to better understand your needs and how to improve our products and services. It may also help us to provide you with information about services, or special offers which may be of interest for you. We may therefore analyse the sex or age of a user of a site concerning a certain medicinal product or stage of a disease and use the result of such an analysis in an aggregated (not personalised) form for internal purposes or forward it to third parties.
Transfer of data
Roche shall transfer your personal data to various third companies entrusted with technical maintenance work or working in our name and supporting us in business transactions, e.g. through the provision of customer services, distribution of marketing information about our products, services and offers. We may also forward personal data to our affiliated companies. All of these companies and their representatives are obliged to adhere to our data protection directives and all data protection rules applicable in Austria.
We are also entitled to disclose personal data for the following purposes
a) in connection with the sale, the assignment or any other transfer of the business of the site to which the data refer;
b) for the purpose of answering of appropriate requests of legitimate authorities or, as far as justified by the applicable law, as necessary for the fulfilment of court orders or governmental regulations; or
c) as far as necessary for corporate audits or revisions or for the investigation of a complaint or a threat to security.
No use for direct marketing by third parties. We will neither sell, nor otherwise provide third parties for their own direct marketing purposes with the personal data you disclose on our websites, unless we inform you unambiguously and obtain your explicit consent to such a transfer of data.
Emails to friends and colleagues. On some Roche-sites you can sent links or messages to friends or colleagues, which refer to a Roche-website. Your friend’s or colleague’s email-address, which is disclosed in such a manner will be used to send him / her the requested information in your name and will not be collected or used by Roche or a third party for other purposes.
Roche Diagnostics GmbH also uses the web analysis tool Eloqua of Eloqua Corp. with its seat in Canada. In this context cookies may be used. In addition web-beacon-technologies can be used. Eloqua collects, like other web analysis tools, various user data (browser type / -version, clickstream, duration of use of sites, date and time of the first and last request, company DNS name, country and town of der dialup). As far as you as a user have not disclosed your personal data on or via our website (consent to the receival of an electronic newsletter), Eloqua serves the same purposes as Adobe Analytics.
Links to various websites
Our Sites contain links to various websites, which may offer useful information to our users. This Directive is not applicable for such sites and we recommend to contact these sites directly for their data protection directives.
Privacy Statement for Children
Our websites are intended for adult users. If become aware of the fact that a user is under 13 years of age, we will not collect personal data of such a person until we have obtained the consent of his/her legal representative in a verifiable form. Any such legal representative is entitled to have access to all information provided by the child and/or to demand the deletion of such data.
Additional information on websites
Whenever special provisions, which deviate from this data protection directive, are applicable for a website, they will be disclosed on the site from which the personal data are collected.
Information for users of business or professional websites
Should you be in a business or professional relationship with Roche, we may use the information you disclose on our sites, including information specifically provided for business or professional users – to fulfil your request and to maintain and develop our business relationship with the company or business represented by you. In addition we may forward such information to third parties who act on our behalf in the context of the fulfilment of agreements.
Reporting of adverse events
If you have to report adverse events to Roche Diagnostics GmbH, it is necessary to store your data, i.e. name, contact information provided by you, all additional report-data and the content of your report as long as this is necessary according to regulatory security obligations. In compliance with legal provisions the data will be pseudonymised as soon as possible. By filing a report you explicitly agree that the aforementioned data will be transferred to the competent authority( Bundesamt für Sicherheit im Gesundheitswesen) for further processing in necessary extent. Roche Diagnostics GmbH confirms that your data will only be used for these purposes and will be kept strictly confidential in accordance with applicable data protection rules and will be pseudonymised as soon as possible. You can withdraw your consent at any time.
Update of the data protection directive
Roche can update this online-data protection directive from time to time. Changes to this data protection directive will be published on this website promptly. If you receive information about a change to this data protection directive and continue using our sites, you agree that the information provided by you thereafter may be used in accordance with the altered data protection directive.
With respect to your personal data you have the following rights:
- right of access
- right to rectification of erasure
- right to restriction of processing
- right to object and
- right to data portability
You have the right to file a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, 1080 Wien, Wickenburggasse 8) about the processing of your personal data use.
If you have questions or wish that Roche changes or deletes your profile, please contact us in writing under the following address:
Roche Diagnostics GmbH