PRIVACY POLICY

Privacy Statement

1. The data controller’s identity, data protection consultant, contact people

This website is administered by Roche Diabetes Care, belonging to Roche Diagnostics A/S, Industriholmen 59, 2650 Hvidovre, Denmark (“Roche” or “we”). If you have any questions or suggestions, please contact us at denmark.info@roche.com or (+45) 36 39 99 99.

You are also welcome to contact our data protection advisors at hvidovre.data_privacy@roche.com.

2. How we use your personal information

It is very important for us to protect your personal information and we are aware that health-related information is of a sensitive nature. Therefore, we process your personal information in accordance with the applicable law.

This privacy statement explains how we use the personal information we collect about you when you

a) Visit publicly available pages on our websites
b) Register and use an account
c) Use our e-commerce service
d) Participate in studies
e) Communicate with us by phone, email or web forms

a) Visit publicly available pages on our websites

If you visit publicly available pages on our websites – i.e. content that is available without the need to log in to an account that you have registered with us – we exclusively collect and process information about you of a non-sensitive nature. Under no circumstances will we collect any information about your health when you visit publicly available pages on our websites. However, we treat personal information to the extent that it is necessary for us to be able to deliver the publicly available content you request from us, e.g. to format it for your browser. We also process your personal information to fulfil our legitimate interests for the purpose of ensuring the protection of our website systems and for measuring the number of visitors for the different types of content we offer. For this purpose we use:

IP addresses. An IP address is the number your computer has been allocated in order to communicate. It serves the same purpose as a telephone number. Roche collects IP addresses with the legitimate purpose of maintaining system security and reporting collected information so that we can analyse our webpages and their effectiveness.

Cookies. A cookie is a small text file that is placed in your system by our web server. Normally, our cookies are only used during the time you visit our website so we can measure the number of visitors. We also use cookies to promote user-friendliness, e.g. to save your language preferences. You can browse and delete cookies in your browser settings at any time, but in doing so you will lose any settings you have made on the website.

We use technologies such as cookies on this website to provide you with a better user- and advertising experience, to make social media features available to you and to analyse traffic on the website. We also share information about your use of the website with our trusted social media, marketing and analysis partners. By clicking on a link on this page, you consent to the fact that we may leave cookies on your PC and you agree to our privacy policy and our terms and conditions.

Web beacons. Web beacons (or “action tags”) are small graphic elements that make it possible to analyse the impact of websites by e.g. counting how many people have visited a page or how many people have clicked on specific items on a website. We only analyse the statistical information we have received via our web beacons on an anonymous and collective basis.

Google Analytics. Google Analytics is a web analytics service from Google, Inc. (“Google”). Google Analytics uses cookies to help us analyse how users use the publicly available content on our website. The information about your use of the website (including your IP address) generated by this cookie is sent to and stored by Google on servers in the USA. Google Analytics cookies have a lifetime of up to two years if you do not delete them earlier

Google is certified under the EU and USA’s privacy regulations and we have entered into a data processing agreement with Google to ensure that they administrate Google Analytics on our behalf. We also use Google Analytics’s function for IP anonymisation. If you visit the website from the countries that make up the European Economic Area (EEA), your IP address will be shortened before it leaves the EEA. Only in special cases (e.g. due to errors in the EU-based systems), will the entire IP address be transferred to a Google server in the USA, where it will be shortened.

Based on our legitimate interests, Google will use this information on our behalf to evaluate your use of the website, compile reports for the website’s provider about user activities, and provide other services related to the website and the use of the internet. Google may also transfer this information to third parties if required by law, or if such third parties process the information on behalf of Google. Google will not connect your IP address to other data that is in Google’s possession.

If you download and install the Google Analytics Opt-out browser appliance in the browser you are currently using, you can unsubscribe from Google Analytics in the future. Download the add-on program here http://tools.google.com/dlpage/gaoptout?hl=en

(does not work with all mobile devices/browsers). You can also disable Google Analytics on mobile phones and other devices by clicking on the following unsubscribe link: Click here to unsubscribe from Google Analytics.

Please note: Google Analytics is only active on our website’s publicly available pages, and not on pages that you can access when you log in to your account.

Social plugins, Shariff. We use social plugins (“Plugins”) that the social networking Facebook makes available, as well as the microblogging platform Twitter. The respective services are administered by Facebook Inc. and Twitter Inc. (they are all a “Provider”).

  • Facebook’s (facebook.com) provider is Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA. Their Plugins can be recognised by a Facebook logo (a white letter ‘f’ on a blue background or an icon showing a thumbs-up sign) or the message “Facebook Social Plugin”. You will find a complete list of Plugins here https://developers.facebook.com/docs/plugins/. Facebook’s privacy statement is available at https://www.facebook.com/policy.php.

We have taken the “Shariff” solution to protect your personal information when you visit our website. Shariff ensures that no data is transferred to the Provider when you load a page from our website. Only when you activate a Plugin of your choice and thus consent to the data transfer, will your browser create a direct connection to the Provider’s servers. Shariff replaces the Provider’s normal “Share” buttons and prevents your browsing behaviour from being registered by the Provider. If you require more information, you can see the pop-up information next to the activation keys or visit Shariff’s developer page (https://github.com/heiseonline/shariff).

Once you have activated a Plugin, you no longer have control over which data it collects. Click on the Provider’s Privacy Policies above, if you would like more information about the purpose and extent of the data collection and processing that the respective Providers make, as well as your rights in this regard and the settings you can change to protect your personal information.

Services. We sometimes use third party applications and content tools on some of Roche’s websites to provide additional information for your disposal, e.g. Google Maps. When you interact with these, third parties may access your personal information, including your IP address. We clearly indicate when we use such third party services, so you can decide if you wish to use them or not.

b) Register and use an account

If you want to use content on our websites that are not publicly available, you should first register an account and then log in to your account. We always use accounts when we process personal information, particularly in such cases as personal information about your health. We also always use accounts when we process your personal information with your consent. This is because using accounts make it easier for us to protect your personal information in access-secure systems and determine your identity when we need to seek and manage your consent.

When you register an account, we collect your personal contact information (e.g. name, address, phone number, email address) and other identification details that will appear in the registration form. We also process the health information you provide us with. It is optional if you want to provide us with the information, unless the form states that it is mandatory.

Roche processes your personal information inside your account:

With your consent. In cases where we process your health data, we obtain your explicit consent before we begin processing such information. Due to legal requirements and in order to obtain valid consent from you, we need to determine your correct name and identity when you create your account. You can subsequently manage, change or withdraw your submitted consents in the account settings. You can also withdraw your consent by contacting us at the above address. You may withdraw your consent at any time, but this will not affect the legality of our content-based processing of information before you withdrew your consent. We distinguish between mandatory consents, which we need to provide you with a service, and other consents that do not depend on the delivery of a particular service. If you withdraw a consent that is linked to a particular service, we may no longer be able to provide this service to you. We will bring this to your attention if this may be the case.

In the extent that it is necessary to document, exercise or defend legal requirements. We process your personal information to the extent that it may be necessary to prepare us for or defend ourselves against legal requirements, including litigation, anti-fraud and technical and organisational measures that protect our network and technology from attack.

Under the responsibility of health professionals. We may process your personal information to the extent necessary to support preventive medication, medical diagnoses, healthcare provision or treatment or healthcare and healthcare services in accordance with contracts with healthcare professionals who are bound by professional secrecy (such as e.g. hospital staff).

For research. We may process your personal information for scientific research purposes or for statistical purposes in accordance with applicable law, provided it is commensurate with the objective sought; takes into account the main content of the right to privacy and applies appropriate and specific measures to protect your fundamental rights and interests. In general, we will still ask for your consent if we wish you to participate in, i.e. a study.

c) Use our e-commerce service

When you use our e-commerce services e.g. to purchase medical supplies or equipment, you must first register and log in to an account. In addition to the above-described information for registration and use of your account, we also have to undertake the following processing of your personal information before we can enter into, comply with and invoice e-commerce contracts with you – and we require your explicit consent before we can receive your orders:

Processing of payments. We work together with external payment service providers that operate in your area and are licensed to provide payment services. They may be able to derive your state of health from the product information in the transactions to be invoiced, but they are bound by bank secrecy rules and may only use this information to process your payment. Our credit card administrators are also certified to comply with the PCI DSS security requirements and are obliged to keep your credit card information in encrypted form. You can see who the payment service providers are when you go to the payment page and choose your preferred payment method. Here, you can choose to change your preferred payment method if you do not want us to transfer your transaction data to a particular payment service provider. If you use our e-commerce services in a country that does not offer other payment methods, we are unfortunately unable to process your order. Please cancel the payment process and contact us if you are having trouble making a decision.

Logistics. We use reputable international logistics providers that operate in your area to deliver your orders. Logistics providers are not supplied with details of your orders (i.e. delivery content), but they may be able to indirectly derive the status of your health if you e.g. return a defective product. Roche has entered into data processing agreements with the logistics providers to ensure that they do not use your personal information beyond what is necessary to be able to carry out the logistics service and to implement appropriate technical and organisational measures to protect your personal information.

d) Participate in studies 

If you give your consent to participate in one of our studies, we will process your submitted answers for research and marketing purposes. Unless otherwise explicitly stated in the relevant survey, you will participate anonymously and we will not be able to link your answers with you personally, but will only be able to use them on a collective basis together with the answers from other participants.

Studies that require use of personal information will state this and will be conducted from within your account. It is always up to you whether you wish to participate or not and if you do not wish to participate, it does not negatively affect the scope of our services to you unless stated in the invitation for the study.

e) Communicate with us by phone, email or web forms

If you communicate with us by phone, email, web forms or suchlike, we will process your contact information and the personal information you provide us with, even if you do not have an account with Roche. We only process this information to the extent required for us to answer your enquiry and we delete the information when it is no longer required as proof (usually three years), unless you have agreed that we can use your information for other purposes.

3. Security

Roche takes appropriate technical and organisational measures to protect your personal information against accidental or illegal destruction, loss, alteration, unauthorised disclosure or access to transferred, stored, or otherwise processed personal information.

4. Who receives your information

If you have given your consent, Roche will share your personal information as required in relation to the above-mentioned purposes as required by applicable laws, court orders or regulations. Roche uses internal and external suppliers and agents for e.g. IT system operation and maintenance, or to perform business transactions, e.g. to provide customer services or send messages. In all such cases, access to encrypted data will be limited to people requiring access. In addition, Roche has entered into data processing agreements to ensure that suppliers and agents exclusively treat personal information on behalf of Roche and that they are subject to appropriate technical and organisational measures.

Roche will not sell or otherwise transfer your personal information to third parties for their own use, unless you expressly consent to this.

5. Transfer to third countries

We transfer the personal information we collect about you via our website to countries that may not have the same data protection laws as the country where you originally provided the information. When we transfer your information to third countries, we protect the information as described in this Privacy Statement. In particular, these data transfers will be based on appropriate standards, e.g. data protection contracts approved by the European Commission or the EU and US privacy protection, whichever is deemed relevant. Contact us as described above (see section 1 above) if you would like a copy of these contracts.

6. Your rights and how you exercise them

In accordance with the applicable data protection law, you are entitled to:

– request information about the personal information we process; receive a copy of this data and have incorrect data corrected or made complete
– have your personal information deleted or restricted in their use, in any case to the extent that the applicable legal framework provides for this
– receive the personal information you have provided us with in accordance with the contract or consent in a structured, commonly used and machine-readable format, to the extent that the legal requirements are fulfilled
– object to any grounds relating to your particular situation and in accordance with applicable law against any form of processing we conduct of your personal information based on our legitimate interests
– withdraw your consent at any time without this affecting the legality of the consent-based processing before you withdrew your consent

You are entitled not to be subject to automatic individual decisions. We do not use such processes without your prior consent.

If you have an account, you can exercise your rights by signing in to your account and changing your privacy settings, managing your consent or downloading and uploading adjusted data.

If you do not have an account, if you experience any problems or if you have any other questions, please contact us or our data protection advisors using the contact details above (see section 1 above).

If you are not satisfied with the way Roche processes your data or answers your requests, you can also complain to a relevant data protection authority in your country of residence.

7. Protection of children’s personal information

Our websites are aimed at adults. We do not deliberately collect personally identifiable information from anyone we know is a child without the prior written consent of his or her guardian.

8. Updates to the Privacy Statement

This Privacy Statement will be reviewed on a regular basis, and any updates will be available on this website. This Privacy Statement was last updated on 10/10/2018. If we make any changes to the way we process data that requires consent, we will ask you for a new consent.

9. Third Party Resources

This Privacy Statement does not apply to third party websites that our websites may contain links to and for which we do not control the content or the way in which personal information is processed. We will notify you when you click on a link to such a third-party page.