Sources
- Roche uses different methods and channel to collect personal data from you and about you including:
- Directly from you;
- Direct interactions with you, including information obtained from you through physical or virtual meetings, collaborations, services, feedback, requests, inquiries, surveys, etc.;
- Automated information collected through our websites and online sources;
- Third parties or publicly available sources, including websites, social media networks, journals, and third party platforms.
Adverse events reporting
For adverse events within the rest of the GCC and Levant, please reach out to your local representatives from the list here. For adverse events within the Kingdom of Saudi Arabia, use this link.
Use of Data for Marketing
We do not sell or transfer the Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent.
Information Sharing / Recipients of Personal Data
Recipients of your Personal Data
Roche may share the Personal Data with Roche’s subsidiaries around the world. Our Roche subsidiaries will use the Personal Data for the same purposes as the data Controller does, for example to contact you for a potential collaboration or event. A list of Roche’s subsidiaries is available in the current “Roche finance report in the list of subsidiaries and associates section”, which can be found in the Investors section of www.roche.com.
Furthermore, we may also share the Personal Data with third parties, for the following purposes:
- To F. Hoffmann-La Roche Ltd and other Roche’s subsidiaries for support and maintenance of our platforms and processing activities;
- To IQVIA Ltd, 210 Pentonville Road, London N1 9JY, England, UK for IT support, maintenance and business continuity purposes.
- To business partners: service providers, including market research agencies, events organizers, or other third parties who provide certain services to Roche;
- To cloud providers or services provider for storing purposes and to conduct technical maintenance of our platform and other web platforms;
- To communication providers, including marketing platforms, electronic communication providers, social media platforms in order to send you relevant information and communicate with you
- To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Roche participates, or pursuant to a financial arrangement undertaken by Roche;
- To respond to appropriate requests of legitimate government authorities, or where required by applicable laws, court orders, or government regulations; and
- Where needed for corporate audits or to investigate or respond to a complaint or security threat.
International Transfers of the Personal Data
Roche may transfer the Personal Data in the following countries and regions that imposes privacy obligations similar with your country of origin: European Union including Germany, France and Ireland.
If your Personal Data is covered by the GDPR/UK GDPR/Swiss FADP: For transfers of personal data within the Roche Group and Roche’s processors or business partners, contracts containing the EU Standard Contractual Clauses according to the EU Commission decision of 04 June 2021 (C(2021) 3972), constitutes appropriate and suitable safeguards to ensure compliance with GDPR/UK GDPR/Swiss FADP, including supplementary measures where required.
Data Security
We have implemented commercially reasonable precautions to protect the Personal Data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Data security measures include data encryption and data access management and controls. Please be aware that despite these measures, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your phone and your computer by, among other things, signing off after using a shared computer, locking your phone and keeping your information private.
Retention / Storage Period of Your Personal Data
The length of time in which we will store your Personal Data will differ depending on the purpose for which we have collected and are processing your data. In most cases, we will keep the data for five (5) years following our last interaction with you. We may, however, maintain your data for a longer period of time if we are required by law to maintain your data, e.g. due to tax law or accounting requirements.
Information About Your Rights Regarding Your Personal Data
You may have certain rights regarding our use and processing of your Personal Data.
If data processing is based on consent, note that you have the right to withdraw your consent at any time unless applicable laws or regulations or judicial requirements require otherwise. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal, or unless applicable laws or regulations or judicial requirements require otherwise. In order to withdraw your consent you can either use the mechanism as individually explained when we asked for your consent or in any case send an email to the data controller as indicated in “Identity and Contact Details of the Data Controller” section above.
Your rights in accordance with applicable laws.
Further information about your privacy rights can be found in our Data Privacy Rights by applicable laws.
Updates to This Privacy Notice
From time to time, we may revise this Privacy Notice. Any such changes to this Privacy Notice will be reflected on this page. The date on which this notice was last revised is located at the top of this notice.