Roche Privacy Notice for Roche.co.uk website

Thank you for visiting a Roche website or interacting with us via e-mail.

At Roche, we understand that protecting the privacy of visitors to our website is very important and that information about you and/or your health is particularly sensitive. That’s why we have taken the necessary steps to meet worldwide data privacy requirements. We treat your "personal data" according to the “Roche Directive on the Protection of Personal Data”, and to the laws of England and Wales and other applicable EU and Swiss laws which regulate the storage, process, access and transfer of personal data including the General Data Protection Regulation (“GDPR”).

Roche websites that display this Privacy Notice and that ask for any information from you are committed to collecting, maintaining, and securing personal information about you in accordance with this notice, as well as applicable laws, rules and regulations. This notice applies to personal information (as defined below) collected from Roche online resources and communications (such as websites, e-mail, and other online tools) that display a link to this notice. This notice does not apply to personal information collected from offline resources and communications, except in cases where such personal information is consolidated with personal information collected by Roche online. This notice also does not apply to third-party online resources to which Roche’s websites may link, where Roche does not control the content or the privacy practices of such resources.

We only collect personally identifiable information about you if you choose to give it to us. We do not share any of your personally identifiable information with third parties for their own marketing use unless you explicitly give us permission to do so. Please review this notice to learn more about how we collect, use, share and protect information online.

Roche has appointed data protection officers (DPOs) who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Roche Diagnostics Limited (company number 00571546) of Charles Avenue, Burgess Hill, West Sussex, RH15 9RY;

Email:or write to the DPO at the address above.

Roche Diabetes Care Limited (company number 09055599) of Charles Avenue, Burgess Hill, West Sussex, RH15 9RY;

Email:or write to DPO at the address above.

Roche Products Limited (company number 00100674) of 6 Falcon Way, Shire Park, Welwyn Garden City, Hertfordshire, AL7 1TW.

Email:

On occasion, Roche Products Limited collates certain information on behalf of Roche Diagnostics Limited and Roche Diabetes Care Limited and distributes that information to the relevant respective Roche entity as appropriate.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issuesWe would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links, or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

 You can visit our website without providing any personal information. We may collect your personally identifiable information (such as name, address, telephone number, e-mail address or other identifying information) only when you choose to submit it to us, for example if you are required to register to use any part of our website.

 such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

If you browse public pages on our websites, i.e. content that you can access without being logged in to an account you may have with us, we collect and process only non-sensitive information about you. In particular, we will not collect any health related information about you when you browse public pages on our websites. We will however process your personal information to the extent required to deliver the public content you request from us, for example, to format it for your browser. We will also process your personal information to meet our legitimate interests to protect the security of our website systems, and to measure the audiences for the various types of content provided.

To do this, we use:

  • Automatically Collected Information: We automatically receive certain types of information whenever you interact with us on our website and in some e-mails we may send each other. Automatic technologies we use may include, for example, web server logs/IP addresses, cookies, web beacons and third party application and content tools. These technologies may be updated from time to time to reflect new functionalities that are available.

  • Web Server Logs/IP Addresses:An IP address is a number assigned to your computer whenever you access the internet. All computer identification on the internet is conducted with IP addresses, which allow computers and servers to recognise and communicate with each other. Roche collects IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and website performance review.

    We may also collect information about your computer operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

  • Cookies: Please see our cookie policy to find out about how we use cookies.

Protecting your privacy is very important to us and we understand that information about your health is sensitive. We are committed to processing your personal information in compliance with applicable laws.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example network and information systems security). In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not) as well as the possible consequences if you do not provide your personal information).

The following is a list of the ways that we may use your personal information in relation to this website, and the reason we rely on for doing so:

Further information regarding the processing of personal information that we undertake can be found below, however, if you have questions about, or need further information, concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided above.

When we receive a regulatory complaint from a person we create a file containing the details of the complaint, including the identity of the complainant.  It may contain health related information. We will only use the personal information we collect to process the complaint.

We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the “need to know” principle.

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for.

You have several choices regarding your use of our website. You could decide not to submit any personally identifiable information at all by not entering it into any forms or data fields on our website and not using any available personalised services. If you choose to submit personal data, you have the right to see and correct your data at any time by accessing the application. Certain parts of our website may ask for your permission for certain uses of your information and you can agree to or decline those uses.

If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will work to process this request promptly, although we may require additional information in order to do so.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Roche uses technology and security precautions, rules and other procedures to protect your personal data from unauthorized access, improper use, disclosure, loss or destruction. To ensure the confidentiality of your data, Roche uses also industry standard firewalls and password protection. It is, however, your personal responsibility to ensure that the computer you are using is adequately secured and protected against malicious software, such as trojans, computer viruses and worm programs. You are aware of the fact that without adequate security measures (e.g. secure web browser configuration, up-to-date antivirus software, personal firewall software, no usage of software from dubious sources) there is a risk that the data and passwords you use to protect access to your data, could be disclosed to unauthorised third parties.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Roche, including the subsidiaries, divisions and groups worldwide and/or the companies we hire to perform services on our behalf will use any personally identifiable information you choose to give us to comply with your requests. We will retain control of and responsibility for the use of this information. Some of this data may be stored or processed at computers located in other jurisdictions, such as the United States, whose data protection laws may differ from the jurisdiction in which you live. In such cases, we will ensure that appropriate protections are in place to require the data processor in that country to maintain protections on the data that are equivalent to those that apply in the country in which you live.

The information that you provide to us, will be helpful for us to better understand your needs and how we can improve our products and services. It helps us also to personalise certain communications with you about products and/or services that you might find interesting. We may use this data in order to provide information to an individual who has agreed to receive information from us. We may also use the data in aggregate form with no personally identifiable information in order to provide analysis internally and to share with others when appropriate.

Roche shares personally identifiable data about you with various outside companies or agents working on our behalf to help fulfill business transactions (such as providing customer services) and to help fulfill business operations such as sending marketing and/or customer communications about our products, services and offers including market research and telemarketing; maintaining our customer database and website; conducting analytics, marketing and website optimisation including search engines and online marketing and for the performance of any contract we enter into with you.

In addition, we may share personally identifiable data that we collect from you with our company's subsidiaries and affiliates globally or store that data with them. All these companies and agents are required to comply with applicable data protection laws.

We may also disclose personally identifiable information for these purposes:

(a) in connection with the sale, assignment or other transfer of the business of the website to which the data relates;

(b) to respond to appropriate requests of legitimate government agencies or where required by applicable laws, court orders, or government regulations; or

(c) where needed for corporate audits or to investigate or respond to a complaint or security threat.

No Third-Party Direct Marketing Use: We will not sell or otherwise transfer the personally identifiable information you provide to us at our website to any third parties for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent for your data to be shared in this manner.

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You may have the right to:

  • Request access to your personal data.

  • Request correction of your personal data.

  • Request erasure of your personal data.

  • Object to processing of your personal data.

  • Request restriction of processing your personal data.

  • Request transfer of your personal data.

  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us using the contact details above.

We keep this Privacy Notice under regular review and we will place any updates on this website in response to changing legal, technical or business developments. When we update this notice, we will take appropriate measures to inform you. When we change any processing that is based on consent, we will ask you for a new consent. We encourage you to periodically review this page for the latest information on our privacy practices. This privacy notice was last updated March 2023.

This website contains information on products which is targeted to a wide range of audiences and could contain product details or information otherwise not accessible or valid in your country. Please be aware that we do not take any responsibility for accessing such information which may not comply with any legal process, regulation, registration or usage in the country of your origin.

ContactLocationsOur medicinesOur role in pharmaOur role in testing & diagnosticsRoche careersStoriesPrivacy policyTerms & ConditionsModern Slavery Act