Roche Privacy Notice (Health Care Professionals, Customers, Business Partners)

Last Revised: October 12th,  2022

 

General Privacy Statement

At F. Hoffmann-La Roche Ltd and all Roche’s subsidiaries (“Roche”), we are committed to protecting your personal information in accordance with the applicable data protection laws. This Privacy Notice outlines the types of personal data Roche may collect, the means by which Roche may collect, use, or share your personal data; steps Roche takes to protect your personal data; and choices you are provided with respect to the use of your personal data. This Privacy Notice applies to Personal Data collected from Healthcare Professionals and Business Partners by Roche through different channels, including physical meetings, digital platforms or websites that link to this Privacy Notice or other sources as described below.

For the purposes of this Privacy Notice, “Personal Data” is any information by which you can be individually identified both directly and indirectly, including, but not limited to, your name, address, e-mail address, and telephone number. 

 

Minors

Our processing activities described in this Privacy Notice are not designed or intended to collect Personal Data from children under the age of 18 unless explicitly advertised in the platform. We do not knowingly collect any Personal Data on this site from anyone under the age of 18 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent’s or guardian’s permission prior to using or disclosing any Personal Data on this website or online resource. 

 

Identity and Contact Details of the Data Controller

 

The Data Controller is the Roche subsidiary or Roche’s appointed business partner based in the country in which you are resident. Please visit the list of Data Controllers for the identity and contact details of your Data Controller.

 

Categories of personal data processed

We may collect the following personal data: 

  1. Contact details: includes your  name, professional email address, telephone number, employing health care organization.
  2. Professional Information: includes your biographical information (CV), professional society memberships, affiliations/profession, job title, therapeutic area, qualifications or experience, education and scientific/medical activity.
  3. Financial/Transaction information: includes your bank account number, credit card, customer account information, order history.
  4. Transfer of value: includes the nature, value, date of any financial/non-financial transfers to you by Roche.
  5. Interaction Information: includes professional interactions between Roche and you, records of your collaborations, registration and participation in Roche’s event or related activity, clinical trials in which you served or are serving as an investigator.
  6. Profile data: includes information about your contact and product preferences, languages, marketing preferences, qualifications or experience, collaborations, publications, posts, demographic data, feedback and interest. 
  7. Technical and usage data: includes your online user ID, IP address, geographic information, viewing data, other information regarding your usage and interactions with our websites, applications, emails, and advertisements.

 

How and Why We Process Your Personal Data

Several places on our platforms require Personal Data if you choose to use them, including surveys, registration, and content sharing features (i.e., “E-mail to a Friend” links). Roche and its business partners collect this information about you only if you voluntarily provide it to us. Please be aware that certain features in our platform may not be available to you if you elect not to provide certain Personal Data. Any Personal Data you provide to us on our platform will be used in accordance with this Privacy Notice. 

 

More Information on our Processing Activities

This table outlines each processing activity and provides information on the categories of information collected for each activity. Furthermore, this table defines the legal basis of processing for each of these processing activities. 

 

Purpose

Categories of Personal Data

Legal Basis

Responding to Requests or Inquiries.  

We may use the information that you provide to us to take the steps necessary to respond to your request, for example, you may submit a medical information request, inquire about a product, subscribe to one of our mailing lists, or to create an account and/or profile in Roche’s portals or websites. 

1) Contact Details

2) Professional Information


We collect and process the Personal Data based on Roche’s legitimate business purposes to respond to your request.


For jurisdictions outside EU/EEA where legitimate interest does not apply, consent is relied upon for collecting and processing such Personal Data.


If reporting is required, we may process the Personal Data to comply with our legal obligations. 


Completing Transactions and fulfilling contractual obligations.

We may collect the Personal Data to fulfill services that you have requested, for example register for and use an account, to administer and manage your registration and participation at Roche’s events, to fulfill business relationships with you, including processing payments, notifying you of your order status and any associated order status issues.

1) Contact Details

2) Professional Information

3)Financial/Transaction information

This processing is necessary for the performance of a contract with you. If you fail to provide that data when requested, we may not be able to enter into a contract with you or we may need to cancel the order/contract requested by you. 

Managing business relationships with you.

We collect and process Personal Data to facilitate Roche’s decision making when it comes to identifying suitable therapeutics area experts for its various medical/ and/or scientific engagements and collaborations (including speakers at internal or external medical educational events, advisory boards, training, etc.) or to prepare our meetings and interactions with you. 

We may combine Personal Data you provide with other information collected through our websites and online resources, Roche’s offline records and information provided to us by third parties. This processing activity involves the creation of a profile about you to manage business relationships with you,  for selecting the most appropriate therapeutic areas experts and to prepare the meetings and interactions with you. You can object to this processing activity at any time by using the contact details described in the list of Data Controllers. If you opt out for this processing activity, Roche won’t be able to have a consolidated view of your professional and scientific engagements and personalized our interactions with you. No automated decisions are made that would result in legal effects or similarly significantly affect. 

1) Contact Details

2) Professional Information

3) Interaction Information

4) Profile data

5) Technical and usage data

We collect and process the Personal Data on the basis of legitimate interest of Roche for selecting the most appropriate therapeutic areas experts for participating at Roche’s events, collaborations, meetings and related activities. 


For jurisdictions outside EU/EEA where legitimate interest does not apply, consent is relied upon for collecting and processing such Personal Data.


Managing and personalizing communication with you  

We collect and process your Personal Data to verify your username and password, to send you a welcoming email, website updates, information about Roche’s programs, products and services, notices regarding relevant medical conditions and treatment, or other information responsive to the data that you provide to us. We may communicate with you via post, phone, email, social media platforms or other channels. 


We may combine Personal Data you provide with other information collected through our websites and online resources, Roche’s offline records and information provided to us by third parties. This processing activity involves the creation of a profile about you, your preferences, expertise, collaborations, and how you have interacted with us in the past in order to understand your interest, needs and preferences in our products and services so that we can best serve and communicate with you. 


You can object to this processing activity at any time using the contact details described in the list of Data Controllers. If you opt out for this processing activity, Roche won’t be able to send you tailored information in line with your interests and preferences. No automated decisions are made that would result in legal effects or similarly significantly affect.

1) Contact Details

2) Professional Information

3) Interaction Information

4) Profile data

5) Technical and usage data


For managing,personalizing and sending certain communication (e.g. direct marketing communication), Roche processes your Personal Data based on your consent or where permitted by applicable data protection laws based on Roche’s legitimate interest. 


For personalizing communication with you, Roche processes the Personal Data based on Roche’s legitimate interest. 



We may also collect and process your data to fulfill a contractual obligation.


Transparency obligation: 

Roche may be obligated to disclose transfers of value made to healthcare professionals and healthcare organizations, as may be advisable or required under applicable global, regional and local rules and regulations and best industry practices and standards.  

1)Contact Details

2)Professional Information

3)Financial/Transaction information

4)Transfer of value

We collect and disclose your information for our legitimate interest to enhance transparency on interactions between the industry and healthcare professionals and healthcare organizations, or to comply with our transparency legal obligations. 


In other cases, we will collect and process this information pursuant to your consent.

Tracking and Monitoring Adverse Events and Pharmacovigilance. 

Some specified parts of our platform may collect Personal Data related to adverse events or other activities related to pharmacovigilance. This information is very important for public health and will be used for the detection, assessment, understanding, and prevention of adverse events or other medicine-related problems.  For more information about how we use and disclose Personal Data for these purposes, please see Roche’s Privacy Notice for Pharmacovigilance, Medical Information, and Product Complaints published on Roche’s website.

1)Contact details

2)Professional Information

We collect and process the Personal Data for these purposes to comply with our legal obligations and may be required to report the data to regulatory authorities

To Run,Maintain and improve our Websites, Platforms and Products. 

We use this information to secure, maintain and improve our websites, network systems, and other assets. 

1)Technical and usage data

We process this information based on your consent  to run, maintain, secure and improve our websites, platforms, products and services.


For troubleshooting, product and technology development purposes we process your personal data if we deem it necessary to do so for our legitimate interests. 

 

Sources 

Roche uses different methods and channel to collect personal data from you and about you including: 

  1. Directly from you;
  2. Direct interactions with you, including information obtained from you through physical or virtual meetings, collaborations, services, feedback, requests, inquiries, surveys, etc.; 
  3. Automated information collected through our websites and online sources; 
  4. Third parties or publicly available sources, including websites, social media networks, journals, and third party platforms.

 

Cookies and Other Web Trackers

Our websites and online resources also collect other basic information about you which may not directly identify you, but which may correspond with you or a particular device. We use some of this information to allow our websites to run, as well as to learn more about how our websites and online resources are used and to otherwise improve and administer the site. We also use this information to enable us to deliver information tailored to your interests and preferences, based on your use of the site. For example, we may collect the IP Address assigned to your computer by your internet service provider. This address may change each time you connect to the internet (a “dynamic” IP address), or it may remain the same (a “static” IP address). In most cases, we ask for your consent before collecting this information, in which case you will be presented with a choice as to whether you wish to allow the collection and use of this type of information. Please see Roche’s Cookie Notice published on Roche's website.

 

Use of Data for Marketing

We do not sell or transfer the Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent. We use third party advertising companies to place ads on other websites. These companies may use data about your visits to this and other websites in order to measure advertising effectiveness and to provide advertisements about our goods and services that may be of interest to you. If you would like more information about this practice and your choices to opt out of having this information used by these companies, see our Roche’s Cookie Policy.

 

Information Sharing / Recipients of Personal Data 

 

Recipients of your Personal Data

Roche may share the Personal Data with Roche’s subsidiaries around the world. Our Roche subsidiaries will use the Personal Data for the same purposes as the data Controller does, for example to contact you for a potential collaboration or event. A list of Roche’s subsidiaries is available in the current “Roche finance report in the list of subsidiaries and associates section”, which can be found in the Investors section of www.roche.com

Furthermore, we may also share the Personal Data with third parties, for the following purposes: 

  • To F. Hoffmann-La Roche Ltd and other Roche’s subsidiaries for support and maintenance of our platforms and processing activities;

  • To IQVIA Ltd, 210 Pentonville Road, London N1 9JY, England, UK for IT support, maintenance and business continuity purposes.

  • To business partners: service providers, including market research agencies, events organizers, or other third parties who provide certain services to Roche;

  • To cloud providers or services provider for storing purposes and to conduct technical maintenance of our platform and other web platforms; 

  • To communication providers, including marketing platforms, electronic communication providers, social media platforms in order to send you relevant information and communicate with you

  • To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Roche participates, or pursuant to a financial arrangement undertaken by Roche; 

  • To respond to appropriate requests of legitimate government authorities, or where required by applicable laws, court orders, or government regulations; and

  • Where needed for corporate audits or to investigate or respond to a complaint or security threat. 

 

International Transfers of the Personal Data 

Roche may transfer the Personal Data in a geographic region that imposes different privacy obligations than your country of origin (e.g. United States and India). This means that your Personal Data may be sent to a country with less restrictive data protection laws than your own. Any such transfer will be conducted in compliance with applicable laws.

If your Personal Data is covered by the GDPR/UK GDPR/Swiss FADP: For transfers of personal data within the Roche Group and Roche’s processors or business partners, contracts containing the EU Standard Contractual Clauses according to the EU Commission decision of 04 June 2021 (C(2021) 3972), constitutes appropriate and suitable safeguards to ensure compliance with GDPR/UK GDPR/Swiss FADP, including supplementary measures where required. 

 

Retention / Storage Period of Your Personal Data

The length of time in which we will store your Personal Data will differ depending on the purpose for which we have collected and are processing your data. In most cases, we will keep the data for three (3) years following our last interaction with you. We may, however, maintain your data for a longer period of time if we are required by law to maintain your data, e.g. due to tax law or accounting requirements. 

Information About Your Rights Regarding Your Personal Data

You may have certain rights regarding our use and processing of your Personal Data. 

If data processing is based on consent, note that you have the right to withdraw your consent at any time unless applicable laws or regulations or judicial requirements require otherwise. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. In order to withdraw your consent you can either use the mechanism as individually explained when we asked for your consent or in any case send an email to the data controller as indicated in the list of Data Controllers (link).

 

Your rights in accordance with applicable laws

Further information about your privacy rights can be found in our Data Privacy Rights by applicable laws.

Updates to This Privacy Notice

From time to time, we may revise this Privacy Notice. Any such changes to this Privacy Notice will be reflected on this page. Roche recommends that you review this Privacy Notice regularly for any changes. The date on which this notice was last revised is located at the top of this notice.