Privacy policy with regard to the processing of your personal data by Austrian companies of the F. Hoffmann-La Roche Group

Last updated: 04/2022

Roche attaches great importance to the protection of your personal data. Of course, the use of your personal data complies with all data protection requirements, in particular the EU General Data Protection Regulation (GDPR), as well as all other applicable national and European regulations.

The following statements provide you with information on which personal data is processed by us for what purposes and on what legal basis and how you can use your rights granted by the GDPR.

This website is intended for persons 14 years of age and older. There are no plans for processing data of minors. Persons under 14 years of age require the consent of their parents or guardians to use the website.

 

Roche will at any time adapt this privacy policy to changes in technical developments and legal conditions. All changes will be effective from the publication of the updated privacy policy on this website.

Contact details

Controller

Contact details

Email

Roche Austria GmbH

c/o Data Protection Officer

[email protected]

Engelhorngasse 3

1210 Vienna

Roche Diagnostics GmbH

c/o Data Protection Officer

[email protected]

Engelhorngasse 3

1210 Vienna

Roche Diabetes Care Austria GmbH

c/o Data Protection Officer

 [email protected]

Engelhorngasse 3

1210 Vienna

 

 Use of the websites

The above Roche companies are subject to the same data protection laws and internal data protection guidelines. In the legal sense, these companies can be either individually or jointly responsible. This depends on the respective context and is specified in the following data protection notice.

General information

What is personal data?

Personal data is information about natural persons whose identity is determined or at least identifiable (e.g. name, email address, IP address).

How will we process your personal data?

Depending on your relationship with us, your data will be processed in different ways. Specific information on this can be found in the information on the individual affected groups of persons from the respective area of responsibility.

Rights of data subjects

We would also like to inform you that you have the right at any time

  •  To request information about which of your data we process,
  •  To have your data corrected or deleted,
  •  To restrict the processing of your data,
  •  To refuse data processing,
  •  To exercise data portability.

If we process your data based on your consent, you have the right to withdraw this consent at any time. This does not affect the legality of the data processing up to this point in time. If, despite our obligation to process your data lawfully, there is a breach of your right to the lawful processing of your data, please contact us by post or email so that we can learn about your concerns and deal with them. However, you also have the right to lodge a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, in particular at your place of residence or work.

Data security

The security of your data is of great concern to us. We therefore rely on technical and organisational safeguards to protect your data. These include:

  • Technical and organisational measures to protect the data processing systems;
  • Restriction of access to those groups of people who require the data to fulfil the purpose;
  • Obligation of the employees responsible for data processing to maintain confidentiality;
  • Contractual agreements with service providers (data processors) and customers.

 

Data processing

 Purpose, legal basis and duration of storage

We process personal data for the purpose of presenting the content on our website on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) or to fulfil our legal obligations (Art. 6 (1) (c) GDPR). Our legitimate interests

  • In the provision of the website functionality,
  • In the ongoing development and improvement of our website,
  • In maintaining website operation and security,
  • In the area of self-protection (protection of property and protection of employees),
  • Of liability protection and
  • In the prevention, containment and investigation of conduct relevant to criminal law, insofar as it concerns the duties of the controller.

Your data is automatically recorded in log files for system backup. The collection of data and its storage in log files is necessary for the operation of the website, so it is not possible for you to opt out. Log information is automatically deleted as soon as it is no longer required. Data will only be stored if this is required by law or if it is absolutely necessary to protect legitimate interests.

 

Data categories

The following categories of data are processed ("Type 6 data"):

  • IP address of the requesting computer
  • All computers and network-enabled devices connected to the Internet are assigned an IP address. IP addresses are required to move around the Internet and access websites. This gives website operators access to the IP addresses of their users. The location at which the Internet connection is established can often be determined via an IP address. The owner of the IP address can also be determined under certain circumstances.
  • Date, time and duration of access
  • The amount of data transferred
  • The name and website (URL) of the downloaded file
  • Source from which the access takes place
  • Name of the Internet access provider
  • Information on the end device used (browser, operating system)

Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

Recipient

Recipient's domicile

 

Provider of Internet and telephony services

Austria

 

IT service provider

Worldwide

 

In addition, the relevant personal data will be sent to recipients in the following categories:

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision has been made by the EU Commission, or provide the provision of suitable guarantees within the meaning of Art. 46 f GDPR.

Joint control of all three companies mentioned above

Cookies

Our website and our app use cookies. These are small text files which are saved to your end device using the browser.

Purpose, legal basis and duration of storage

We use cookies for different purposes. With the help of cookies we can.

Maintain electronic communications and ensure functionality (“session cookies”). These cookies are mandatory.

Make visiting our website or using our app user-friendly, identify the visitor and tailor the website or app specifically to the needs of the users (e.g. by personalisation).

Check the functionality and reach of the website or app.

Due to the different purposes of cookies, the required legal basis also differs.

Unless otherwise specified, we process cookies that are technically essential for the communication process and that are optimised or provided with specific, desired functions based on our legitimate interests in the technically error-free and optimised provision of our digital services (Art. 6 (1) (f) GDPR).

If we have asked you to consent to the storage of cookies or to the use of technologies, the storage or processing of the cookies or technologies in question is solely based on this consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time by adjusting the cookie settings (link at the bottom of the website – “Footer”). If you do not agree to the use of cookies or technologies, the functionality of our digital services may be restricted.

Cookies are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit has ended. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.


Cookie categories

Our website may use, among other things, the following types of cookies and tracking techniques:

Session cookies are temporarily stored information files that are deleted when you close your browser window or turn off your computer. Session cookies are used, for example, to improve navigation on our websites, to prevent inappropriate visitor input (for example, the website may remember an age outside the permitted range and prevent subsequent changes) and to collect summary statistical information.

Persistent cookies are more permanent information files on your computer's hard drive. They remain stored until you delete the cookie in question. Persistent cookies store information on your computer for various purposes. For example, they can be used to retrieve certain information that was entered earlier (such as the username). They help determine which areas of the site are most interesting for visitors and allow the site to be continually customised to suit your preferences.

Web beacons are small software items on a website or in an email message that can be used to track which pages or messages have been opened. Web beacons tell the server of the site information such as the IP address and browser type of the visitor's computer. Web beacons can be placed in online advertising, through which visitors are guided to our website and different pages of the website. Web beacons tell us how often the individual pages are opened and what information is retrieved. Web beacons are also referred to as Internet tags, single-pixel GIFs, clear GIFs or invisible GIFs.

Our websites can use third-party analysis tools to collect information using cookies. Among other things, we use the following tools:

On our websites, we use Adobe Analytics, which collects information using cookies. If you do not want your data to be used in this context, you can log out of Adobe using the following tool: http://www.adobe.com/privacy/opt-out.html.

Our website may use certain advertising features of Google Analytics which collect information using cookies. This includes remarketing with Google Analytics and Demographics and Interests reporting. If you do not want your data to be used in this context, you can log out of Google using the following tool: https://tools.google.com/dlpage/gaoptout/.

 

The web analysis tool Marketo is also used exclusively in Roche Diagnostics GmbH. Cookies may be used here. Web beacon technologies may also be used. Like the other web analytics tools, Marketo collects different usage data (browser type/version, clickstream, dwell time on individual pages, date and time of first and last request, company DNS name, country and city of the Internet access). If you, as a user, have not provided any personal data on or via our website (consent to receive the regular eNewsletter), Marketo serves the same purposes as Adobe Analytics. 

Social media plugins: Our website uses so-called social media plugins (“plugins”) from the social networks Facebook, Twitter, LinkedIn, Google+ and Xing. The respective services are offered by Facebook Inc., Twitter Inc., LinkedIn Ireland Unlimited Company, Google Ireland Limited and New Work SE (each a “provider”). 

These plugins are generally deactivated. To use a plugin, you must actively click on the plugin and activate it by clicking on it. By clicking on a plugin offered on our website, you agree to the following data processing:

After activating a plugin by clicking on it, a direct connection is established to the provider of the activated plugin. The provider transfers the contents of the plugin directly to your browser and integrates the plugin on our website. This process informs the provider that your browser has accessed our website, regardless of whether you have a profile with the provider of this social network, and whether you are currently logged in or logging in. 

If you are logged into your social network while you are using an activated plugin, you can associate your profile on this social network with your visit to our website. If you use the activated plugin, for example by entering a comment or clicking on the “share”, “like” or “like” buttons, the corresponding information is sent directly from your browser to the provider of the plugin and processed by it. 

In the privacy policy of the respective provider, you will find information about the purpose and scope of data collection as well as the use and further processing of your personal data by the respective provider of the plugin that you have activated. 

Responsibility of Roche Austria GmbH

The processing operations of Roche Austria GmbH are as follows (sole responsibility):


Applicants


Purpose

If you apply to us, we use the personal data of applicants to the extent that this data has been provided for the purpose of 

  • Processing applications as part of personnel management;
  • Pre-selection for interviews;
  • Maintaining the evidence of applications.

Legal basis

If you apply for a specific position, we process your data on the basis of the fulfilment of a contract or the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR). 

If you apply to us on your own initiative or give us permission to maintain evidence, we process your data based on your consent (Art. 6 (1) (a) GDPR). 

If you provide us with data that represent a special category of personal data (e.g. health data) in order to take your special needs into account, we will do this to fulfil obligations under labour law (Art. (9) (2) (b) GDPR). If your desired activity requires a particular level of trust, we process data you provide about criminal convictions and criminal offences. We do this on the basis of legitimate interests or authorised third parties to check your suitability within the scope of self-protection (protection of property and protection of employees) and liability protection (Section 4 Para 3 Item 2 DSG [Data Protection Act]). 

Due to a weighing of interests in favour of the controller or authorised third party, data processing is carried out on the basis of legitimate interests (Art. 6 (1) (f) GDPR):

  • For efficient process design and optimum fulfilment of the stated purposes;
  • For self-protection (protection of the company and company premises, e.g. video surveillance) and liability protection (e.g. contractual liability toward customers);
  • For the establishment or defence of legal claims.

Duration of storage

We will store your personal data either (I) for the duration of the application process or (ii) until your consent is withdrawn (in case you have given your consent to us keeping your application on file).

Independently of this, we store your data as long as (I) statutory retention obligations exist or (ii) any legal claims that require the personal data to assert or defend them are not yet statute-barred. 

Data categories

The following general categories of personal data are processed (Art. 6 GDPR):

  • Name, contact details
  • Information about trained professions (e.g. qualifications), special skills, intended activities
  • Application documents (e.g. curriculum vitae, training certificates)
  • Other information provided by you (e.g. availability date, notice period, salary expectation)

 

The following special categories of personal data are processed (Art. 9 GDPR):

  • Information about your health that affects the professional commitment and care obligations of the person responsible as an employer (e.g. vaccinations) 

The following categories of personal data relating to criminal convictions and offences are processed (Art. 10 GDPR):

  • Criminal record excerpt

 

Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Recipient's domicile

 

IT service provider

Worldwide

 

Labour market service 

Austria

 

HR service provider

Austria

 

Administrative authorities

Austria

 

Social security providers

Austria

 

Legal representative

Austria

 

Courts

Austria

 

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.


Customers

Purpose and legal basis

If you are a customer or act on behalf of us, we process personal data as part of the business relationship for the following purposes:

  • For the performance of a contract or for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR)
  • For fulfilling legal obligations (Art. 6 (1) (c) GDPR)
  • For the administration of health and social systems and services (Art. 9 (2) (h) GDPR) and to ensure high quality and safety standards for medicinal products and medical devices (Art. 9 (2) (i) GDPR)
  • To protect our legitimate interests (Art. (6) (1) (f) GDPR). Our legitimate interests
  • In the optimum handling of enquiries and the purposes listed, 
  • Keeping records as part of customer satisfaction and complaint management as well as quality assurance 
  • In improving our services and our public presence,
  • In self-protection (protection of the company and company premises, e.g. video surveillance), 
  • In terms of liability protection (contractual liability) and 
  • In the prevention, containment and investigation of conduct relevant to criminal law, insofar as it concerns the duties of the controller.

Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you. 


Duration of storage

We store your personal data (I) until the end of the business relationship with you, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, the assertion or defence of which the personal data is required.


Data categories

The following data categories are processed (Art. 6 GDPR):

  • Contact information (e.g. name, address, telephone number, email address)
  • Company master data
  • Information on professional function (e.g. role/responsibilities and authorisations, qualification)
  • Information regarding participation in dates, events or training courses  
  • Contract data, data concerning deliveries and services, billing data
  • Data from publicly visible registers (e.g. company register)
  • Image data of data subjects in photo and video recordings of company events
  • Marketing, advertising and sales data
  • Protocols and correspondence
  • Automatically processed network traffic data
  • Visitor registration

 

The following special categories of personal data are processed:

  • Health claims (Art. 9 GDPR) in the context of support services 


Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Recipient's domicile

 

IT service provider

Worldwide

 

Provider of archives

Austria

 

Provider of Internet and telephony services

Austria

 

Suppliers/business Partners

Worldwide

 

Funding agency

Austria

 

Lodging provider

Worldwide

 

Personal transport service provider

Worldwide

 

Security and security services

Austria

 

Insurance 

Austria

 

Postal and parcel service providers

Austria

 

Banks

Austria

 

Tax advisors and certified public accountants

Austria

 

Administrative authorities

Austria

 

Legal representative

Austria

 

Courts

Austria

 

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.


Suppliers

Purpose and legal basis

If you are a supplier of us or act on its behalf, we process personal data in the course of the business relationship for the following purposes:

 

  • For the performance of a contract or for the performance of pre-contractual measures (Art. 6 (1) (b) GDPR)
  • In order to fulfil legal obligations (Art. 6 (1) (c) GDPR)
  • To protect our legitimate interests (Art. (6) (1) (f) GDPR). Our legitimate interests
  • In the optimum handling of enquiries and the purposes listed, 
  • Keeping records within the scope of customer satisfaction and complaint management as well as quality assurance,
  • Improving our services and our public presence,
  • In self-protection (protection of the company and company premises (e.g. video surveillance), 
  • In liability protection (contractual liability) and 
  • In the prevention, containment and investigation of conduct relevant to criminal law, insofar as this is affected by the duties of the party responsible.

 

Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you. 


Duration of storage

Your personal data will be stored by us (i) until the end of our business relationship with you or beyond (ii) as long as legal storage obligations exist or (iii) as long as any specific legal claims that the personal data is required to fulfil are not yet statute-barred.


Data categories

The following data categories are processed (Art. 6 GDPR):

  • Contact information (name, address, email address, telephone number and other addressing information), company master data
  • Information on professional function, role/responsibilities and authorisations
  • Information regarding participation in appointments
  • Contract data, data regarding deliveries and services, billing data
  • Information to be provided in the context of invitations to tender (e.g. professional experience, qualification)
  • Data from publicly visible registers (e.g. company register)
  • Image data of data subjects in photo and video recordings of company events
  • Marketing, advertising and sales data
  • Minutes and correspondence
  • Automatically processed network traffic data
  • Visitor Registration (name, contact person, stay period)

The following data on criminal convictions and offences are processed (Art. 10 GDPR):

  • Excerpt from the criminal records you have provided in connection with tenders;

 


Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Recipient's domicile

 

Customers in the context of tenders

Austria

 

Provider of archives

Austria

 

Provider of Internet and telephony services

Austria

 

Customers

Austria

 

IT service provider

Worldwide

 

Security and security services

Austria

 

Insurance

Austria

 

Postal and parcel service providers

Austria

 

Banks

Austria

 

Tax advisors and certified public accountants

Austria

 

Competent administrative authorities

Austria

 

Legal representative

Austria

 

Competent courts

Austria

 

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.

 

Third party 

Purpose and legal basis

If you come into contact with us or we are in contact with you without us having an active business relationship with you, we process your data. We do this for the following purposes:

  • In order to fulfil legal obligations and/or statutory duties of care (Art. 6 (1) (c) GDPR)
  • To protect our legitimate interests (Art. (6) (1) (f) GDPR). Our legitimate interests
  • To optimally handle queries, including forwarding to responsible units 
  • Keeping records as part of complaint management and quality assurance,
  • In the positive shaping of relationships in the business environment 
  • In improving our services and our public presence
  • In self-protection (protection of the company and company premises, e.g. video surveillance)
  • In the prevention, containment and investigation of conduct relevant to criminal law, insofar as this is affected by the duties of the party responsible.

Duration of storage

We will only retain your personal data for as long as it is reasonably necessary to achieve the processing purposes described above and this is permitted under applicable law. We will always store your personal data as long as there are statutory retention obligations.


Data categories

The following data categories are processed (Art. 6 GDPR):

  • Contact information (e.g. name, address), company master data
  • Function/role in the context of the respective startup case
  • Information regarding participation in appointments
  • Image data of data subjects in photo and video recordings of company events
  • Image data of data subjects as part of building monitoring
  • Details of protocols, documents and correspondence relating to the particular case
  • Automatically processed telecommunications data
  • Visitor Registration (name, contact person, stay period)

Recipient

Within Roche Austria GmbH, those offices or employees receive your data which require access to fulfil the purposes listed. We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Recipient's domicile

IT service provider

Worldwide

Provider of archives

EEA

Provider of Internet and telephony services

Austria

Provider of personnel services for activity settlement

Austria

Security and security services

Austria

Insurance

Austria

Postal and parcel service providers

Austria

Banks

Austria

Tax advisors and certified public accountants

Austria

Competent administrative authorities

Austria

Legal representative

Austria

Competent courts

Austria

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.

Pharmacovigilance

More information on the processing of Roche Austria GmbH data in connection with pharmacovigilance can be found at the following link: 

https://www.roche.at/de/service/Pharmakovigilanz.html


Subscribers to newsletters


Purpose and legal basis

If you subscribe to our newsletter, we process your data for the delivery of the newsletter based on your stated preferences. In order to provide you with information in a targeted manner, we also collect and process information voluntarily provided. 

Data processing is carried out on the basis of your consent (Art. 6 (1) (a) GDPR). 

You can cancel your subscription at any time – you can find the link in the footer of each newsletter.


Duration of storage

We will store your data (I) until your voluntarily granted consent is revoked, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, for whose enforcement or defence the personal data is required.


Data categories

If specified, the following data categories are processed (Art. 6 GDPR):

  • Contact information (name, email address, company, professional activity) and
  • Content preferences.

Without this information, it is not possible to send the newsletter.


Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A ist of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Recipient's domicile

IT service provider

Worldwide

Provider of Internet and telephony services

Austria

Suppliers of sales optimisation platforms

Worldwide

Marketing automation software provider

Worldwide

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.


Processing rights of data subjects


Purpose and legal basis

If you assert rights of data subjects against Roche Austria GmbH in accordance with Art. 15 to Art. 20 GDPR, your data will be processed for the purpose of processing your application on the basis of legal obligations (Article 6 (1) (c) GDPR).


Duration of storage

We store your data (I) for the duration of the necessary internal processing of your request, (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become time-barred, the assertion or defence of which the personal data is required.

Data categories

The following data categories are processed:

  • Name, contact information
  • All data of the data subject relating to the application
  • Data for identifying the data subject(s)

Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Recipient's domicile

IT service provider

Worldwide

Provider of Internet and telephony services

Austria

Administrative authorities

Austria

Legal representative

Austria

Courts

Austria

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.


Responsibility of Roche Diagnostics GmbH

The processing operations of Roche Diagnostics GmbH are as follows (sole responsibility):

Applicants

Purpose

If you apply to us, we use the personal data of applicants to the extent that this data has been provided for the purpose of 

  • Processing applications as part of personnel management
  • Pre-selecting interviews 
  • Maintaining application evidence

Legal basis

If you apply for a specific position, the person responsible processes your data on the basis of the fulfilment of a contract or the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR). 

If you apply to us on your own initiative or give us permission to maintain evidence, we process your data based on your consent (Art. 6 (1) (a) GDPR). 

If you provide us with data that represent a special category of personal data (e.g. health data) in order to take your special needs into account, we will do this to fulfil obligations under labour law (Art. (9) (2) (b) GDPR). If your desired activity requires a particular level of trust, we process data you provide about criminal convictions and criminal offences. We do this on the basis of legitimate interests or authorised third parties to check your suitability within the scope of self-protection (protection of property and protection of employees) and liability protection (Section 4 Para 3 Item 2 DSG [Data Protection Act]). 

Due to a weighing of interests in favour of the controller or authorised third party, data processing is carried out on the basis of legitimate interests (Art. 6 (1) (f) GDPR):

  • For efficient process design and optimum fulfilment of the stated purposes;
  • For self-protection (protection of the company and company premises, e.g. video surveillance) and liability protection (e.g. contractual liability toward customers)
  • For the establishment or defence of legal claims

Duration of storage

We will store your personal data either (I) for the duration of the application process or (ii) until your consent is withdrawn (in case you have given your consent to us keeping your application on file).

Independently of this, we store your data as long as (I) statutory retention obligations exist or (ii) any legal claims that require the personal data to assert or defend them are not yet statute-barred.


Data categories

The following general categories of personal data are processed (Art. 6 GDPR):

  • Name, contact details
  • Information about trained professions (e.g. qualifications), special skills, intended activities
  • Application documents (e.g. curriculum vitae, training certificates)
  • Other information you provide (e.g. availability date, notice period, salary expectation)

 

The following special categories of personal data are processed (Art. 9 GDPR):

  • Information about your health, which affects the professional commitment and care obligations of the controller as an employer (e.g. vaccinations) 

 

The following categories of personal data relating to criminal convictions and offences are processed (Art. 10 GDPR):

  • Criminal record excerpt

Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Domicile

IT service provider

Worldwide

Labour market service 

Austria

HR service provider

Austria

Administrative authorities

Austria

Legal representative

Austria

Courts

Austria

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.


Customers

Purpose and legal basis

If you are a customer or act on behalf of us, we process personal data as part of the business relationship for the following purposes:

  • For the performance of a contract or for the performance of pre-contractual measures (Art. 6 (1) (b) GDPR)
  • In order to fulfil legal obligations (Art. 6 (1) (c) GDPR) and to ensure high quality and safety standards for medical devices (Art. 9 (2) (i) GDPR; Post-market surveillance)
  • For the administration of health and social systems and services (Art. 9 (2) (h) GDPR) and to ensure high quality and safety standards for medical devices (Art. 9 (2) (i) GDPR)
  • To protect our legitimate interests (Art. (6) (1) (f) GDPR). Our legitimate interests
  • In the optimum handling of enquiries and the purposes listed, 
  • Keeping records within the scope of customer satisfaction and complaint management, as well as quality assurance, 
  • Improving our services and our public presence,
  • In self-protection (protection of the company and company premises, e.g. video surveillance), 
  • In liability protection (contractual liability) and 
  • In the prevention, containment and investigation of conduct relevant to criminal law, insofar as this is affected by the duties of the party responsible.

Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you. 

Duration of storage

We store your personal data (I) until the end of the business relationship with you, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, the assertion or defence of which the personal data is required.

Data categories

The following data categories are processed (Art. 6 GDPR):

  • Contact information (e.g. name, address, email address)
  • Company master data
  • Information on professional function (e.g. role/responsibilities and authorisations, qualification)
  • Information regarding participation in appointments, events or training courses  
  • Contract data, data regarding deliveries and services, billing data
  • Data from publicly visible registers (e.g. company register)
  • Image data of data subjects in photo and video recordings of company events
  • Marketing, advertising and sales data
  • Minutes and correspondence
  • Automatically processed network traffic data
  • Visitor registration
  • Contact information (e.g. name, address, email address)
  • Company master data
  • Information on professional function (e.g. role/responsibilities and authorisations, qualification)
  • Information regarding participation in appointments, events or training courses  
  • Contract data, data regarding deliveries and services, billing data
  • Data from publicly visible registers (e.g. company register)
  • Image data of data subjects in photo and video recordings of company events
  • Marketing, advertising and sales data
  • Minutes and correspondence
  • Automatically processed network traffic data
  • Visitor registration

The following special categories of personal data (Art. 9 GDPR) are processed:

  • If applicable, health-related information in the context of support services 
  • Health claims in the context of post-market surveillance or product complaints

Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Domicile

IT service provider

Worldwide

Provider of archives

Austria

Provider of Internet and telephony services

Austria

Suppliers/usiness partners

Worldwide

Funding agency

Austria

Lodging provider

Worldwide

Personal transport service provider

Worldwide

Security and security services

Austria

Insurance 

Austria

Postal and parcel service providers

Austria

Banks

Austria

Tax advisors and certified public accountants

Austria

Administrative authorities

Austria

Legal representative

Austria

Competent courts and authorities

Austria

If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.


Suppliers/Other business partners


Purpose and legal basis

If you are a supplier or business partner of us or act on its behalf, we process personal data in the course of the business relationship for the following purposes:

  •   For the performance of a contract or for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR)
  •   In order to fulfil legal obligations (Art. 6 (1) (c) GDPR) and to ensure high quality and safety standards for medical devices (Art. 9 (2) (i) GDPR; Post-market surveillance)
  •  To protect our legitimate interests (Art. (6) (1) (f) GDPR). Our legitimate interests
  •   In the optimum handling of enquiries and the purposes listed, 
  •   Keeping records as part of customer satisfaction and complaint management, as well as quality assurance
  •   In improving our services and our public presence,
  •  In self-protection (protection of the company and company premises (e.g. video surveillance), 
  •   In terms of liability protection (contractual liability) and 
  •   In the prevention, containment and investigation of conduct relevant to criminal law, insofar as it concerns the duties of the controller.

Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you. 


Duration of storage

Your personal data will be stored by us (i) until the end of our business relationship with you or beyond (ii) as long as legal storage obligations exist or (iii) as long as any specific legal claims that the personal data is required to fulfil are not yet statute-barred.


Data categories

The following data categories are processed (Art. 6 GDPR):

  • Contact information (name, address, email address, telephone number and other addressing information), company master data
  • Information on professional function, role/responsibilities and authorisations
  • Information regarding participation in appointments
  • Contract data, data concerning deliveries and services, billing data
  • Information to be provided in the context of tenders (e.g. professional experience, qualification)
  • Data from publicly visible registers (e.g. company register)
  • Image data of data subjects in photo and video recordings of company events
  • Marketing, advertising and sales data
  • Protocols and correspondence
  • Automatically processed network traffic data
  • Visitor registration (name, contact person, stay period)

The following data on criminal convictions and offences are processed (Art. 10 GDPR):

  • Excerpt from the criminal records you have provided in connection with tenders;

 

If necessary, additional special categories of personal data (in particular health data) can be collected if this is necessary for processing, particularly in the context of post-market surveillance or product complaints. 


Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Domicile

Customers in the context of tenders

Austria

Provider of archives

Austria

Provider of Internet and telephony services

Austria

Customers

Austria

IT service provider

Worldwide

Security and security services

Austria

Insurance

Austria

Postal and parcel service providers

Austria

Banks

Austria

Tax advisors and certified public accountants

Austria

Competent administrative authorities

Austria

Legal representative

Austria

Competent courts

Austria

If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR. 


Third parties

Purpose and legal basis

If you come into contact with us or we are in contact with you without us having an active business relationship with you, we process your data. We do this for the following purposes:

  • To fulfil legal obligations and legal due diligence obligations (Art. 6 (1) (c) GDPR) and to ensure high quality and safety standards for medical devices (Art. 9 (2) (i) GDPR; Post-market surveillance)
  • To protect our legitimate interests (Art. (6) (1) (f) GDPR). Our legitimate interests
  • To optimally handle queries, including forwarding to responsible units 
  • Keeping records as part of complaint management and quality assurance,
  • In the positive shaping of relationships in the business environment 
  • In improving our services and our public presence
  • In self-protection (protection of the company and company premises, e.g. video surveillance)
  • In the prevention, containment and investigation of conduct relevant to criminal law, insofar as it concerns the duties of the controller.

Duration of storage

We will only retain your personal data for as long as it is reasonably necessary to achieve the processing purposes described above and this is permitted under applicable law. We will always store your personal data as long as there are statutory retention obligations.


Data categories

The following data categories are processed (Art. 6 GDPR):

  • Contact information (e.g. name, address), company master data
  • Function/role in the context of the respective startup case
  • Information regarding participation in appointments
  • Image data of data subjects in photo and video recordings of company events
  • Image data of data subjects in the context of building surveillance
  • Details of protocols, documents and correspondence relating to the case
  • Automatically processed telecommunications data
  • Visitor registration (name, contact person, stay period)

If necessary, additional special categories of personal data (in particular health data) can be collected if this is necessary for processing, particularly in the context of post-market surveillance or product complaints. 

 

Recipient

Recipient

Domicile

IT service provider

Worldwide

Provider of archives

EEA

Provider of Internet and telephony services

Austria

Provider of personnel services for activity settlement

Austria

Security and security services

Austria

Insurance

Austria

Postal and parcel service providers

Austria

Banks

Austria

Tax advisors and certified public accountants

Austria

Competent administrative authorities

Austria

Legal representative

Austria

Competent courts and authorities

Austria

If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR. 


Subscribers to newsletters

Purpose and legal basis

If you subscribe to our newsletter, we process your data for the delivery of the newsletter based on your stated preferences. In order to provide you with information in a targeted manner, we also collect and process information voluntarily provided. 

Data processing is carried out on the basis of your consent (Art. 6 (1) (a) GDPR). 

You can cancel your subscription at any time – you can find the link in the footer of each newsletter. 


Duration of storage

We will store your data (I) until your voluntarily granted consent is revoked, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, for whose enforcement or defence the personal data is required. 

Data categories

If specified, the following data categories are processed (Art. 6 GDPR):

  • Contact information (name, email address, company, professional activity)
  • Content preferences
  • Individual opening and clicking rates
  • Technical information on your system (e.g.: browser, operating system)

Without this information, it is not possible to send the newsletter


Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Domicile

IT service provider

Worldwide

Provider of Internet and telephony services

Austria

Suppliers of sales optimisation platforms

Worldwide

Marketing automation software provider

Worldwide

If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.

 

Processing rights of data subjects

Purpose and legal basis

If you assert rights of data subjects against Roche Diagnostics GmbH in accordance with Art. 15 to Art. 20 GDPR, your data will be processed for the purpose of processing your application on the basis of legal obligations (Article 6 (1) (c) GDPR).


Duration of storage

We store your data (I) for the duration of the necessary internal processing of your request, (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, the assertion or defence of which the personal data is required. 

Data categories

The following data categories are processed:

  • Name, contact information
  • All data of the data subject relating to the application
  • Data for identifying the data subject(s)

Recipient

We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report. 

In addition, the relevant personal data will be sent to recipients in the following categories:

Recipient

Domicile

IT service provider

Worldwide

Provider of Internet and telephony services

Austria

Administrative authorities

Austria

Legal representative

Austria

Courts

Austria

 

If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.

Responsibility of Roche Diabetes Care Austria GmbH

If you are interested in data processing at Roche Diabetes Care Austria GmbH, please visit:

https://www.accu-chek.at/roche-datenschutzrichtlinien