Privacy policy with regard to the processing of your personal data by Austrian companies of the F. Hoffmann-La Roche Group
Last updated: 04/2022
Roche attaches great importance to the protection of your personal data. Of course, the use of your personal data complies with all data protection requirements, in particular the EU General Data Protection Regulation (GDPR), as well as all other applicable national and European regulations.
The following statements provide you with information on which personal data is processed by us for what purposes and on what legal basis and how you can use your rights granted by the GDPR.
This website is intended for persons 14 years of age and older. There are no plans for processing data of minors. Persons under 14 years of age require the consent of their parents or guardians to use the website.
Roche will at any time adapt this privacy policy to changes in technical developments and legal conditions. All changes will be effective from the publication of the updated privacy policy on this website.
Contact details |
||
Controller |
Contact details |
|
Roche Austria GmbH |
c/o Data Protection Officer |
|
Engelhorngasse 3 |
||
1210 Vienna |
||
Roche Diagnostics GmbH |
c/o Data Protection Officer |
|
Engelhorngasse 3 |
||
1210 Vienna |
||
Roche Diabetes Care Austria GmbH |
c/o Data Protection Officer |
|
Engelhorngasse 3 |
||
1210 Vienna |
||
|
||
Use of the websites |
The above Roche companies are subject to the same data protection laws and internal data protection guidelines. In the legal sense, these companies can be either individually or jointly responsible. This depends on the respective context and is specified in the following data protection notice.
General information
What is personal data?
Personal data is information about natural persons whose identity is determined or at least identifiable (e.g. name, email address, IP address).
How will we process your personal data?
Depending on your relationship with us, your data will be processed in different ways. Specific information on this can be found in the information on the individual affected groups of persons from the respective area of responsibility.
Rights of data subjects
We would also like to inform you that you have the right at any time
|
||
|
||
|
||
|
||
|
If we process your data based on your consent, you have the right to withdraw this consent at any time. This does not affect the legality of the data processing up to this point in time. If, despite our obligation to process your data lawfully, there is a breach of your right to the lawful processing of your data, please contact us by post or email so that we can learn about your concerns and deal with them. However, you also have the right to lodge a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, in particular at your place of residence or work.
Data security
The security of your data is of great concern to us. We therefore rely on technical and organisational safeguards to protect your data. These include:
|
||
|
||
|
||
|
||
|
||
Data processing |
||
Purpose, legal basis and duration of storage |
||
We process personal data for the purpose of presenting the content on our website on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) or to fulfil our legal obligations (Art. 6 (1) (c) GDPR). Our legitimate interests |
||
|
||
|
||
|
||
|
||
|
||
|
Your data is automatically recorded in log files for system backup. The collection of data and its storage in log files is necessary for the operation of the website, so it is not possible for you to opt out. Log information is automatically deleted as soon as it is no longer required. Data will only be stored if this is required by law or if it is absolutely necessary to protect legitimate interests.
Data categories
The following categories of data are processed ("Type 6 data"):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Recipient
We may send your personal data globally to companies of the F. Hoffmann-La Roche Group. A list of all current Group companies can be found in the current annual report.
Recipient |
Recipient's domicile |
|
Provider of Internet and telephony services |
Austria |
|
IT service provider |
Worldwide |
|
In addition, the relevant personal data will be sent to recipients in the following categories:
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision has been made by the EU Commission, or provide the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Joint control of all three companies mentioned above
Our website and our app use cookies. These are small text files which are saved to your end device using the browser.
Purpose, legal basis and duration of storage
We use cookies for different purposes. With the help of cookies we can.
Maintain electronic communications and ensure functionality (“session cookies”). These cookies are mandatory.
Make visiting our website or using our app user-friendly, identify the visitor and tailor the website or app specifically to the needs of the users (e.g. by personalisation).
Check the functionality and reach of the website or app.
Due to the different purposes of cookies, the required legal basis also differs.
Unless otherwise specified, we process cookies that are technically essential for the communication process and that are optimised or provided with specific, desired functions based on our legitimate interests in the technically error-free and optimised provision of our digital services (Art. 6 (1) (f) GDPR).
If we have asked you to consent to the storage of cookies or to the use of technologies, the storage or processing of the cookies or technologies in question is solely based on this consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time by adjusting the cookie settings (link at the bottom of the website – “Footer”). If you do not agree to the use of cookies or technologies, the functionality of our digital services may be restricted.
Cookies are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit has ended. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookie categories
Our website may use, among other things, the following types of cookies and tracking techniques:
Session cookies are temporarily stored information files that are deleted when you close your browser window or turn off your computer. Session cookies are used, for example, to improve navigation on our websites, to prevent inappropriate visitor input (for example, the website may remember an age outside the permitted range and prevent subsequent changes) and to collect summary statistical information.
Persistent cookies are more permanent information files on your computer's hard drive. They remain stored until you delete the cookie in question. Persistent cookies store information on your computer for various purposes. For example, they can be used to retrieve certain information that was entered earlier (such as the username). They help determine which areas of the site are most interesting for visitors and allow the site to be continually customised to suit your preferences.
Web beacons are small software items on a website or in an email message that can be used to track which pages or messages have been opened. Web beacons tell the server of the site information such as the IP address and browser type of the visitor's computer. Web beacons can be placed in online advertising, through which visitors are guided to our website and different pages of the website. Web beacons tell us how often the individual pages are opened and what information is retrieved. Web beacons are also referred to as Internet tags, single-pixel GIFs, clear GIFs or invisible GIFs.
Our websites can use third-party analysis tools to collect information using cookies. Among other things, we use the following tools:
The web analysis tool Marketo is also used exclusively in Roche Diagnostics GmbH. Cookies may be used here. Web beacon technologies may also be used. Like the other web analytics tools, Marketo collects different usage data (browser type/version, clickstream, dwell time on individual pages, date and time of first and last request, company DNS name, country and city of the Internet access). If you, as a user, have not provided any personal data on or via our website (consent to receive the regular eNewsletter), Marketo serves the same purposes as Adobe Analytics.
Social media plugins: Our website uses so-called social media plugins (“plugins”) from the social networks Facebook, Twitter, LinkedIn, Google+ and Xing. The respective services are offered by Facebook Inc., Twitter Inc., LinkedIn Ireland Unlimited Company, Google Ireland Limited and New Work SE (each a “provider”).
These plugins are generally deactivated. To use a plugin, you must actively click on the plugin and activate it by clicking on it. By clicking on a plugin offered on our website, you agree to the following data processing:
After activating a plugin by clicking on it, a direct connection is established to the provider of the activated plugin. The provider transfers the contents of the plugin directly to your browser and integrates the plugin on our website. This process informs the provider that your browser has accessed our website, regardless of whether you have a profile with the provider of this social network, and whether you are currently logged in or logging in.
If you are logged into your social network while you are using an activated plugin, you can associate your profile on this social network with your visit to our website. If you use the activated plugin, for example by entering a comment or clicking on the “share”, “like” or “like” buttons, the corresponding information is sent directly from your browser to the provider of the plugin and processed by it.
In the privacy policy of the respective provider, you will find information about the purpose and scope of data collection as well as the use and further processing of your personal data by the respective provider of the plugin that you have activated.
Responsibility of Roche Austria GmbH
The processing operations of Roche Austria GmbH are as follows (sole responsibility):
Applicants
Purpose
If you apply to us, we use the personal data of applicants to the extent that this data has been provided for the purpose of
|
||
|
||
|
Legal basis
If you apply for a specific position, we process your data on the basis of the fulfilment of a contract or the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR).
If you apply to us on your own initiative or give us permission to maintain evidence, we process your data based on your consent (Art. 6 (1) (a) GDPR).
If you provide us with data that represent a special category of personal data (e.g. health data) in order to take your special needs into account, we will do this to fulfil obligations under labour law (Art. (9) (2) (b) GDPR). If your desired activity requires a particular level of trust, we process data you provide about criminal convictions and criminal offences. We do this on the basis of legitimate interests or authorised third parties to check your suitability within the scope of self-protection (protection of property and protection of employees) and liability protection (Section 4 Para 3 Item 2 DSG [Data Protection Act]).
Due to a weighing of interests in favour of the controller or authorised third party, data processing is carried out on the basis of legitimate interests (Art. 6 (1) (f) GDPR):
|
||
|
||
|
Duration of storage
We will store your personal data either (I) for the duration of the application process or (ii) until your consent is withdrawn (in case you have given your consent to us keeping your application on file).
Independently of this, we store your data as long as (I) statutory retention obligations exist or (ii) any legal claims that require the personal data to assert or defend them are not yet statute-barred.
Data categories
The following general categories of personal data are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
The following special categories of personal data are processed (Art. 9 GDPR): |
||
|
The following categories of personal data relating to criminal convictions and offences are processed (Art. 10 GDPR):
|
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Recipient's domicile |
|
IT service provider |
Worldwide |
|
Labour market service |
Austria |
|
HR service provider |
Austria |
|
Administrative authorities |
Austria |
|
Social security providers |
Austria |
|
Legal representative |
Austria |
|
Courts |
Austria |
|
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Customers
Purpose and legal basis
If you are a customer or act on behalf of us, we process personal data as part of the business relationship for the following purposes:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you.
Duration of storage
We store your personal data (I) until the end of the business relationship with you, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, the assertion or defence of which the personal data is required.
Data categories
The following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
The following special categories of personal data are processed: |
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Recipient's domicile |
|
IT service provider |
Worldwide |
|
Provider of archives |
Austria |
|
Provider of Internet and telephony services |
Austria |
|
Suppliers/business Partners |
Worldwide |
|
Funding agency |
Austria |
|
Lodging provider |
Worldwide |
|
Personal transport service provider |
Worldwide |
|
Security and security services |
Austria |
|
Insurance |
Austria |
|
Postal and parcel service providers |
Austria |
|
Banks |
Austria |
|
Tax advisors and certified public accountants |
Austria |
|
Administrative authorities |
Austria |
|
Legal representative |
Austria |
|
Courts |
Austria |
|
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Suppliers
Purpose and legal basis
If you are a supplier of us or act on its behalf, we process personal data in the course of the business relationship for the following purposes:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you.
Duration of storage
Your personal data will be stored by us (i) until the end of our business relationship with you or beyond (ii) as long as legal storage obligations exist or (iii) as long as any specific legal claims that the personal data is required to fulfil are not yet statute-barred.
Data categories
The following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
The following data on criminal convictions and offences are processed (Art. 10 GDPR):
|
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Recipient's domicile |
|
Customers in the context of tenders |
Austria |
|
Provider of archives |
Austria |
|
Provider of Internet and telephony services |
Austria |
|
Customers |
Austria |
|
IT service provider |
Worldwide |
|
Security and security services |
Austria |
|
Insurance |
Austria |
|
Postal and parcel service providers |
Austria |
|
Banks |
Austria |
|
Tax advisors and certified public accountants |
Austria |
|
Competent administrative authorities |
Austria |
|
Legal representative |
Austria |
|
Competent courts |
Austria |
|
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Third party
Purpose and legal basis
If you come into contact with us or we are in contact with you without us having an active business relationship with you, we process your data. We do this for the following purposes:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Duration of storage
We will only retain your personal data for as long as it is reasonably necessary to achieve the processing purposes described above and this is permitted under applicable law. We will always store your personal data as long as there are statutory retention obligations.
Data categories
The following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Recipient's domicile |
IT service provider |
Worldwide |
Provider of archives |
EEA |
Provider of Internet and telephony services |
Austria |
Provider of personnel services for activity settlement |
Austria |
Security and security services |
Austria |
Insurance |
Austria |
Postal and parcel service providers |
Austria |
Banks |
Austria |
Tax advisors and certified public accountants |
Austria |
Competent administrative authorities |
Austria |
Legal representative |
Austria |
Competent courts |
Austria |
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Pharmacovigilance
More information on the processing of Roche Austria GmbH data in connection with pharmacovigilance can be found at the following link:
https://www.roche.at/de/service/Pharmakovigilanz.html
Subscribers to newsletters
Purpose and legal basis
If you subscribe to our newsletter, we process your data for the delivery of the newsletter based on your stated preferences. In order to provide you with information in a targeted manner, we also collect and process information voluntarily provided.
Data processing is carried out on the basis of your consent (Art. 6 (1) (a) GDPR).
You can cancel your subscription at any time – you can find the link in the footer of each newsletter.
Duration of storage
We will store your data (I) until your voluntarily granted consent is revoked, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, for whose enforcement or defence the personal data is required.
Data categories
If specified, the following data categories are processed (Art. 6 GDPR):
|
||
|
Without this information, it is not possible to send the newsletter.
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Recipient's domicile |
IT service provider |
Worldwide |
Provider of Internet and telephony services |
Austria |
Suppliers of sales optimisation platforms |
Worldwide |
Marketing automation software provider |
Worldwide |
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Processing rights of data subjects
Purpose and legal basis
If you assert rights of data subjects against Roche Austria GmbH in accordance with Art. 15 to Art. 20 GDPR, your data will be processed for the purpose of processing your application on the basis of legal obligations (Article 6 (1) (c) GDPR).
Duration of storage
We store your data (I) for the duration of the necessary internal processing of your request, (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become time-barred, the assertion or defence of which the personal data is required.
Data categories
The following data categories are processed:
|
||
|
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Recipient's domicile |
IT service provider |
Worldwide |
Provider of Internet and telephony services |
Austria |
Administrative authorities |
Austria |
Legal representative |
Austria |
Courts |
Austria |
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available by the European Commission or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Responsibility of Roche Diagnostics GmbH
The processing operations of Roche Diagnostics GmbH are as follows (sole responsibility):
Applicants
Purpose
If you apply to us, we use the personal data of applicants to the extent that this data has been provided for the purpose of
|
||
|
||
|
Legal basis
If you apply for a specific position, the person responsible processes your data on the basis of the fulfilment of a contract or the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR).
If you apply to us on your own initiative or give us permission to maintain evidence, we process your data based on your consent (Art. 6 (1) (a) GDPR).
If you provide us with data that represent a special category of personal data (e.g. health data) in order to take your special needs into account, we will do this to fulfil obligations under labour law (Art. (9) (2) (b) GDPR). If your desired activity requires a particular level of trust, we process data you provide about criminal convictions and criminal offences. We do this on the basis of legitimate interests or authorised third parties to check your suitability within the scope of self-protection (protection of property and protection of employees) and liability protection (Section 4 Para 3 Item 2 DSG [Data Protection Act]).
Due to a weighing of interests in favour of the controller or authorised third party, data processing is carried out on the basis of legitimate interests (Art. 6 (1) (f) GDPR):
|
||
|
||
|
Duration of storage
We will store your personal data either (I) for the duration of the application process or (ii) until your consent is withdrawn (in case you have given your consent to us keeping your application on file).
Independently of this, we store your data as long as (I) statutory retention obligations exist or (ii) any legal claims that require the personal data to assert or defend them are not yet statute-barred.
Data categories
The following general categories of personal data are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
The following special categories of personal data are processed (Art. 9 GDPR): |
||
|
||
|
||
The following categories of personal data relating to criminal convictions and offences are processed (Art. 10 GDPR): |
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Domicile |
IT service provider |
Worldwide |
Labour market service |
Austria |
HR service provider |
Austria |
Administrative authorities |
Austria |
Legal representative |
Austria |
Courts |
Austria |
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Customers
Purpose and legal basis
If you are a customer or act on behalf of us, we process personal data as part of the business relationship for the following purposes:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you.
Duration of storage
We store your personal data (I) until the end of the business relationship with you, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, the assertion or defence of which the personal data is required.
Data categories
The following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
The following special categories of personal data (Art. 9 GDPR) are processed:
|
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Domicile |
IT service provider |
Worldwide |
Provider of archives |
Austria |
Provider of Internet and telephony services |
Austria |
Suppliers/usiness partners |
Worldwide |
Funding agency |
Austria |
Lodging provider |
Worldwide |
Personal transport service provider |
Worldwide |
Security and security services |
Austria |
Insurance |
Austria |
Postal and parcel service providers |
Austria |
Banks |
Austria |
Tax advisors and certified public accountants |
Austria |
Administrative authorities |
Austria |
Legal representative |
Austria |
Competent courts and authorities |
Austria |
If data is transferred to recipients outside the EEA, we will ensure a sufficient level of data protection in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Suppliers/Other business partners
Purpose and legal basis
If you are a supplier or business partner of us or act on its behalf, we process personal data in the course of the business relationship for the following purposes:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Your data is primarily used to initiate, carry out and process the contractually agreed services. Without this data, we cannot enter into a contractual relationship with you.
Duration of storage
Your personal data will be stored by us (i) until the end of our business relationship with you or beyond (ii) as long as legal storage obligations exist or (iii) as long as any specific legal claims that the personal data is required to fulfil are not yet statute-barred.
Data categories
The following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
The following data on criminal convictions and offences are processed (Art. 10 GDPR):
|
||
|
If necessary, additional special categories of personal data (in particular health data) can be collected if this is necessary for processing, particularly in the context of post-market surveillance or product complaints.
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Domicile |
Customers in the context of tenders |
Austria |
Provider of archives |
Austria |
Provider of Internet and telephony services |
Austria |
Customers |
Austria |
IT service provider |
Worldwide |
Security and security services |
Austria |
Insurance |
Austria |
Postal and parcel service providers |
Austria |
Banks |
Austria |
Tax advisors and certified public accountants |
Austria |
Competent administrative authorities |
Austria |
Legal representative |
Austria |
Competent courts |
Austria |
If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Third parties
Purpose and legal basis
If you come into contact with us or we are in contact with you without us having an active business relationship with you, we process your data. We do this for the following purposes:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Duration of storage
We will only retain your personal data for as long as it is reasonably necessary to achieve the processing purposes described above and this is permitted under applicable law. We will always store your personal data as long as there are statutory retention obligations.
Data categories
The following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
If necessary, additional special categories of personal data (in particular health data) can be collected if this is necessary for processing, particularly in the context of post-market surveillance or product complaints.
Recipient
Recipient |
Domicile |
IT service provider |
Worldwide |
Provider of archives |
EEA |
Provider of Internet and telephony services |
Austria |
Provider of personnel services for activity settlement |
Austria |
Security and security services |
Austria |
Insurance |
Austria |
Postal and parcel service providers |
Austria |
Banks |
Austria |
Tax advisors and certified public accountants |
Austria |
Competent administrative authorities |
Austria |
Legal representative |
Austria |
Competent courts and authorities |
Austria |
If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Subscribers to newsletters
Purpose and legal basis
If you subscribe to our newsletter, we process your data for the delivery of the newsletter based on your stated preferences. In order to provide you with information in a targeted manner, we also collect and process information voluntarily provided.
Data processing is carried out on the basis of your consent (Art. 6 (1) (a) GDPR).
You can cancel your subscription at any time – you can find the link in the footer of each newsletter.
Duration of storage
We will store your data (I) until your voluntarily granted consent is revoked, but in any case (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, for whose enforcement or defence the personal data is required.
Data categories
If specified, the following data categories are processed (Art. 6 GDPR):
|
||
|
||
|
||
|
Without this information, it is not possible to send the newsletter
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Domicile |
IT service provider |
Worldwide |
Provider of Internet and telephony services |
Austria |
Suppliers of sales optimisation platforms |
Worldwide |
Marketing automation software provider |
Worldwide |
If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Processing rights of data subjects
Purpose and legal basis
If you assert rights of data subjects against Roche Diagnostics GmbH in accordance with Art. 15 to Art. 20 GDPR, your data will be processed for the purpose of processing your application on the basis of legal obligations (Article 6 (1) (c) GDPR).
Duration of storage
We store your data (I) for the duration of the necessary internal processing of your request, (ii) as long as statutory retention obligations exist or (iii) any specific legal claims have not yet become statute-barred, the assertion or defence of which the personal data is required.
Data categories
The following data categories are processed:
|
||
|
||
|
Recipient
In addition, the relevant personal data will be sent to recipients in the following categories:
Recipient |
Domicile |
IT service provider |
Worldwide |
Provider of Internet and telephony services |
Austria |
Administrative authorities |
Austria |
Legal representative |
Austria |
Courts |
Austria |
If data is transferred to recipients outside the EEA, we will ensure that a sufficient level of data protection exists in accordance with Art. 45 GDPR, e.g. by selecting service providers in countries for which an adequacy decision is available or by ensuring the provision of suitable guarantees within the meaning of Art. 46 f GDPR.
Responsibility of Roche Diabetes Care Austria GmbH
If you are interested in data processing at Roche Diabetes Care Austria GmbH, please visit:
https://www.accu-chek.at/roche-datenschutzrichtlinien