Privacy Policy and Notice

1.     Thank you for visiting a Roche Diagnostic (Pty) Ltd  (“Roche” or “we” or “us) website or interacting with us through e-mail and other social media sites. This website privacy policy (“Policy”) describes how Roche processes, further processes, stores collates and collect Personal Data (including Special Personal Data, Children’s Information, Account Numbers and Unique Identifiers) (“Personal Data”) collected or received from you.

2.     At Roche, we understand that protecting the privacy of visitors to our websites is important. That is why we have taken the necessary steps to meet local data privacy requirements. We treat your “Personal Data” as set out in this Privacy Policy and Notice (“Statement”),  and the Protection of Personal Information Act 4 of 2013 (“PoPIA”), which regulates the storage, processing, access and transfer of Personal Data.

3.     Roche websites that display this Statement and asks for any information from you, are committed to collecting, maintaining, and securing Personal Data about you in accordance with this Statement, as well as applicable laws, rules and regulations. This Statement applies to Personal Data collected by Roche’s online resources and communications (such as websites, e-mail, and other online tools) that display a link to this Statement.

4.     This Statement applies to all Personal Data collected, processed and transferred by Roche from offline resources and communications. This Statement does not apply to third-party online resources to which Roche’s websites may link, where Roche does not control the content or the privacy practices of such resources.

5.     We only collect Personal Data about you if you choose to give it to us. We do not share any of your Personal Data with third parties for their own marketing use unless you explicitly give us permission to do so.

6.     Please review this Statement to learn more about how we collect, process, transfer and protect Personal Data online.

7.     Please be aware that we may use operators or any third party working on our behalf and/or authorised by Roche. The services and ancillary products can include hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, solvency check and address check, etcetera. These third parties are granted access to such Personal Data they require in order to be able to carry out the particular service. These third parties are contractually obliged to treat such Personal Data in the strictest confidence and are contractually prohibited from using the Personal Data in any way other than as prescribed under the contract. Necessary steps are taken to ensure that the third-party companies working on Roche’s behalf, protect the confidentiality of your Personal Data.

8.     Where Personal Data is stored or processed outside of the country of collection   (whether by us or any third party as outlined above), it is subject to the laws of that foreign jurisdiction, and maybe accessible to that jurisdiction’s government, courts, or law enforcement or regulatory agencies.

 

9.     Information Collected

9.1.  There are two general methods that Roche uses to collect information from you online:

9.1.1.  Personal Data: You can visit our websites without providing any Personal Data. We may collect your Personal Data only when you choose to submit it to us. This includes information provided to us when you are in contact with us and/or provide the information to us via email.

9.1.2.  Aggregate information: In some cases, we also remove personal identifiers from data you provide to us and maintain it in aggregate form. We may combine this data with other information to produce anonymous, aggregated statistical information (e.g. number of visitors, originating domain name of the internet service provider), helpful to us in improving our products and services.

10.   Automatically Collected Information

10.1.  We can also automatically receive certain type of information whenever you interact with us on our websites. Automatic technologies and services we use may include, for example, web server logs/internet protocol (“IP”) addresses, cookies, web beacons and third-party application and content tools.

10.2.  Web server logs/IP addresses: An IP address is a number assigned to your computer whenever you access the internet. All computer identification on the internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. Roche collects IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and website performance review.

10.3.  Cookies: A cookie is a piece of information that is placed automatically on your computer’s hard drive when you access certain websites. The cookie uniquely identifies your browser to the server. Cookies allow us to store information on the server to help make the website experience better for you and to conduct site analysis and website performance review. Most web browsers are set up to accept cookies, although you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our websites may not work properly if you refuse cookies.

10.4.   Web Beacons: On certain web pages or e-mails, Roche may utilize a common internet technology called a "Web beacon" (also known as an "action tag" or "clear graphics interchange format (“GIF”) technology"). Web beacons help analyse the effectiveness of websites by measuring, for example, the number of visitors to a website or how many visitors clicked on key elements of a site.

Web beacons, cookies and other tracking technologies do not automatically obtain Personal Data about you. Only if you voluntarily submit Personal Data, such as by registering or sending e-mails, can these automatic tracking technologies be used to provide further information about your use of the websites and/or interactive e-mails to improve their usefulness to you.

10.5.   Services: We may provide services based on third party applications and content tools on certain Roche websites such as Google Maps or QUARTAL FLIFE. These third parties may automatically receive certain types of information whenever you interact with us on Roche sites using such third-party applications and tools.

11.    Your Choices

11.1.       You have several choices regarding your use of Roche websites. You could decide not to submit any Personal Data at all by not entering it into any forms or data fields on our websites and not using any available personalized services.

11.2.       If you choose to submit Personal Data, you have the right to see and correct your Personal Data at any time by accessing the application and to withdraw your consent to Roche’s continued storage and processing of such Personal Data, by sending an email to [email protected] notifying Roche of any such withdrawal. On receipt of such withdrawal, Roche shall cease all further processing of your Personal Data and shall take steps to dispose of your Personal Data.

11.3.       Certain websites may ask for your permission for certain uses of your Personal Data and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will work to remove your information promptly, although we may require additional information before we can process your request.

11.4.       As described above, if you wish to prevent cookies from tracking you anonymously as you navigate our websites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.

11.5.       Why we process your Personal Data:

11.5.1.      Roche collects Personal Data from you to:

●       perform our business operations.

●       communicate with you and provide necessary support.

●       provide you with news, special offers and general information about other goods, services, and events which we offer that are similar to previous enquiries and or purchased goods or services.

●       provide you with, and improve products and services, and

●       personalise your experience when you use our products and services.

11.6.      Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only:

11.6.1.     where we have your consent to do so.

11.6.2.     where we need the Personal Data to perform a contract with you.

11.6.3.     where it is a legislative requirement, or

11.6.4.     where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, in some cases for direct marketing, fraud prevention, network and information systems security).

11.7.       In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

11.8.       If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

11.9.       Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. We may process your Personal Data as required to prepare or protect against legal claims; including litigation, anti-fraud measures, and technical and organizational measures to protect our networks and technology against attacks.

11.10.   We may process your Personal Data for scientific research purposes or statistical purposes in accordance with applicable law, provided it is proportionate to the aim pursued, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard your fundamental rights and interests. As a rule, we will still ask for your consent when we would like you to participate e.g. in a study.

11.11.   The following sections advise of the reason(s) we rely on for processing your Personal Data and list the ways that we may use your Personal Data.

 

 

Legitimate Interest

Legal Obligation

 

Consent

 

Contractual

Browsing public pages on our website

 

 

 

Undertake website administration and personalization

 

 

 

Managing network and data security

 

 

 

Logistics planning, demand forecasting, product improvement, management information and research

 

 

 

Providing customer services to you

 

 

 

Processing and responding to complaints received from you

 

 

 

Internal training and monitoring purposes (call recording)

 

 

 

To detect, investigate and report financial crime (e.g. fraud)

 

 

 

Registering your interest in products or services

 

 

 

Marketing communications

 

 

 

Contacting you to undertake customer satisfaction surveys, invite you to review a product, invite you to enter a competition or for market research

 

 

 

Informing you on our website of product safety notices when required

 

 

 

 

11.12.   Further information regarding the processing of Personal Data that we undertake can be found below, however if you have questions about, or need further information concerning, the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under section 25 below.

12.  Your Rights relating to your Personal Data

You may have certain rights relating to your Personal Data provided for under applicable law such as the Protection of Personal Data Act 4 of 2013 (“PoPIA”). These are the right to:

12.1.       Request access to your Personal Data and request details of the processing activities conducted by Roche.

12.2.       Request that your Personal Data is rectified if it is inaccurate or incomplete.

12.3.       Request deletion of your Personal Data in certain circumstances. 

12.4.       Request restriction of the processing of your Personal Data in certain circumstances.

12.5.       Object to the processing of your Personal Data in certain circumstances.

12.6.       Receive your Personal Data provided to us in a reasonable manner and format and in a form that is generally understandable.

12.7.       Lodge a complaint with a supervisory authority e.g. the Information Regulator.

12.8.       Object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.

12.9.       Withdraw your consent provided at any time by contacting us.

12.10.      To exercise the rights outlined above in respect of your Personal Data please contact our Information Officer, details available in the contact section below or complete, Annexure 1 (“Form D”) attached to the PAIA Manual.

13.   How we use your Personal Data

This Statement explains how we use any Personal Data we collect about you when you:

13.1.       Browse public pages on our websites.

13.2.       Communicate with us by telephone, e-mail, web forms or otherwise in respect of our products and services or during the purchasing of any such products.

13.3.       Complain about our services and products.

13.4.       Consent to marketing.

13.5.       Browse public pages on our websites.

13.5.1.     If you browse public pages on our websites, we collect and process only Personal Data (information that is already a matter of public record or knowledge) about you.

13.6.      Communicate with us by telephone, e-mail, web-forms or otherwise in respect of our products and services

13.6.1.     If you communicate with us by telephone, e-mail, web-forms or similar, we will process your contact details and the Personal Data you give to us. We will process such Personal Data only to the extent required to answer your enquiry and will delete the Personal Data when no longer required as evidence, unless you have consented to us using your data for other purposes, of which its purpose will be specified at time of you giving us consent.

13.6.2.     We record calls made to our customer services team, when you have consented, for quality and training purposes. We only retain records of where you have provided consent for as long as it is valid.

13.7.      Complain about our services and products

13.7.1.     When we receive a complaint about a product or service from a person, we create a file containing the details of the complaint, including the identity of the complainant. It may contain health related information. We will only use the Personal Data we collect to process the complaint.

13.7.2.      We will keep Personal Data contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

13.8.       Consent to marketing

13.8.1.      We will only send you marketing communications when you have provided your consent and we will only share your data with a third party if we have your consent. We will make this clear at the time you provide your consent.

14.  Security

14.1.       Roche uses technology and security precautions, rules, and other procedures to protect your Personal Data from unauthorized access, improper use, disclosure, loss, or destruction. To ensure the confidentiality of your Personal Data, Roche also uses industry standard firewalls and password protection.

14.2.       It is, however, your personal responsibility to ensure that the computer you are using is adequately secured and protected against malicious software, such as trojans, computer viruses and worm programs. You are aware of the fact that without adequate security measures (e.g. secure web browser configuration, up-to-date antivirus software, personal firewall software, no usage of software from dubious sources) there is a risk that the data and passwords you use to protect access to your Personal Data, could be disclosed to unauthorized third parties.

15.  Use of Data

15.1.       Roche, including its subsidiaries, divisions, Roche group affiliates and/or the companies appointed to distribute our products and/or to perform services on our behalf and/or authorized by Roche will use any Personal Data you choose to give us to comply with your requests. We will retain control of and responsibility for the use of this Personal Data. Some of this data may be stored or processed on computers located in other jurisdictions, whose data protection laws may differ from the jurisdiction in which you live.

15.2.       The information, which is also used for different purposes (performance management, succession decisions or development actions), will be helpful for us to better understand your needs and how we can improve our products and services. It helps us also to personalize certain communications with you about services and promotions that you might find interesting.

16.  Data Sharing and Transfer

16.1.       Roche shares Personal Data about you with various third-party companies or agents performing technological maintenance or working with Roche to help fulfil business transactions, such as providing customer services, sending marketing communications about our products, services and offers. All companies and agents are required to comply with the terms of our privacy notice.

16.2.      We may also share Personal Data with Roche’s subsidiaries, Roche Group affiliates.

16.3.       We may also disclose Personal Data for the following (but not limited) purposes:

16.3.1.      In connection with the sale, assignment, or other transfer of the business of the website to which the data relates.

16.3.2      to respond to appropriate requests of legitimate government agencies or where required by applicable laws, court orders, or government regulations; or

16.3.3.     Where needed for corporate audits or to investigate or respond to a complaint or security threat.

17.  No Third-Party Direct Marketing Use.

17.1.       We will not sell or otherwise transfer the Personal Data you provide to us on our websites to any third parties for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent for your Personal Data to be shared in this manner.

17.2.       E-mail a friend or colleague: On some Roche websites, you can choose to send a link or a message to a friend or colleague referring them to Roche a website. E-mail addresses you may provide for a friend will be used to send your friend information on your behalf and will not be collected or used by Roche or other third parties for additional purposes.

17.3.       Google analytics: Roche websites may use Google analytics, a web analytics service provided by Google Inc. ("Google"). Google analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, as mentioned above please note that if you do this you may not be able to use the full functionality of a Roche website. By using a Roche website, you consent to the processing of Personal Data about you by Google in the manner and for the purposes set out above.

18.  Links to Other Sites

18.1.       Our websites contain links to a number of other websites that may offer useful information to our visitors. This Statement does not apply to those websites, and we recommend communicating to them directly for information on their privacy policies before providing your Personal Data. Roche is therefore not responsible for the privacy practices of other parties.

19.  Transfer to other countries

19.1.       We may transfer and store the Personal Data we collect about you through the website in servers located outside of your country of residence in countries that may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Statement. In particular, we will base such data transfers on adequate standards such as data protection clauses that provide equal or better data protection laws as South Africa. Roche will take reasonable steps to ensure the safety and security of your Personal Data.

20.  Privacy Statement for Children

20.1.       Our websites are addressed to an adult audience. We do not intentionally collect any Personal Data from anyone known to be under the age of 18 (eighteen) years without the prior, verifiable consent of his or her legal representative. Such legal representative has the right, upon request, to review the Personal Data provided by the child and/or to require that it be deleted and refusing the further processing of the information.

21.  Additional Information on Websites

21.1.       If a website has particular provisions relating to privacy that differ from those stated here, those provisions will be disclosed to you on the page on which Personal Data is collected.

22.  Note to Users of Business or Professional Websites

22.1.       If you have a business or professional relationship with Roche, we may use Personal Data you submit on our websites, including websites intended specifically for business and professional users, to fulfil your requests and develop our business relationship with you and the entities you represent. We may also share such Personal Data with third parties acting on our behalf and/or providing us services.

23.  Updates to Privacy Policy and Notices

23.1.       From time to time, Roche may revise this Statement. Any such changes to this Statement will be promptly communicated on this page. Continued use of our websites after receiving notice of a change in our Statement indicates your consent to the use of newly submitted information in accordance with the amended Statement.

24.  Access to your Personal Data

24.1.       You may request confirmation of the Personal Data Roche holds, access to your Personal Data, the category or identity of third parties to whom your Personal Data has been disposed to or the correction and updating of any incorrect, incomplete or excessive Personal Data.

25.  How to Contact Roche

25.1.       If you have any questions or concerns about privacy or would like to exercise your rights in relation to your Personal Data, please contact our Information Officer or contact us at the address below:

Information Officer: Deodra Reddy

Telephone Number: +27-11-504-4600 / +27 67 421 4724

Postal Address: PO Box 43 Halfway House 1685, Gauteng South Africa

Physical Address: Building E, Hertford Office Park, 90 Bekker Road, Vorna Valley, Midrand

Email Address: [email protected]

26.1.    If you are not satisfied with the way Roche handles your data or responds to your requests, you may also lodge a complaint with the Office of the Information Regulator at the following email address: [email protected]

26.2.   Unless explicitly stated otherwise, this Statement applies to Roche Diagnostics (Pty) Ltd.

26.3.    This website contains information on products, which are targeted to a wide range of audiences and could contain product details or information otherwise not accessible or valid in your country. Please be aware that we do not take any responsibility for accessing such information, which may not comply with any valid legal process, regulation, registration, or usage in the country of your origin. For any further information, please contact the authorized local representative in your country.

26.4.     The information provided on this website are product related information for general information purpose only and shall not be construed as giving any advice or making any recommendation. The products information contained herein does not constitute an offer of or solicitation for the purchase or disposal of, trading or any transaction in any Roche products and/or services. You must not rely on this information for purchasing decisions.

26.5.     The product and/or service information contained herein shall not be construed as a promotion or solicitation for any related products and/or services.

27.  DEFINITIONS

Term

Definition

Affiliates

 “Affiliate” means in relation to Roche:

a person which directly or indirectly controls Roche;

a person which is directly or indirectly controlled by Roche;

a person which is controlled directly or indirectly by the ultimate parent company of Roche (“control” means ownership of 50% (fifty per cent) or more of the voting stock of a company or otherwise having the power to govern the financial and the operating policies or to appoint the management of a person and the case of an Affiliate of  Roche, such  the Affiliate will not include Chugai Pharmaceutical Co., Ltd., 1-1 Nihonbashi - Muromachi 2-chome, Chuoku, Tokyo, 104-8301).

Child(ren)

A natural person under the age of 18 (eighteen) years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him or herself.

Consent

The voluntary, specific and informed expression of will in terms of which permission is given for the processing of Personal Data.

Contractors

Person or company that provides goods or services on a contractual basis, or in relation to specific jobs or projects for Roche.

Customer

Refers to any natural or juristic entity that receives goods or services from Roche.

Data Subject

The person to whom Personal Data relates.

Employee

Refers to any person who works for or provides services to or on behalf of Roche and receives or is entitled to receive remuneration. This includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff, as well as contract workers.

Healthcare Professionals

any member of the medical, dental, pharmacy or nursing professions or any other person who in the course of his or her professional activities may prescribe, recommend, purchase, supply, or administer a pharmaceutical product.

Information Officer

Means a person or persons acting on behalf of Roche, who is responsible for discharging the duties and responsibilities assigned to the as prescribed in terms of Protection of PoPIA and includes Deputy Information Officers.

Operator

A person who processes Personal Data for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.

Patient

Person receiving or registered to receive medical treatment.

Personal Information

Is information in relation to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.

Examples include the following information:

●     Race;

●     Gender;

●     Sex;

●     Pregnancy;

●     marital status;

●     Nationality;

●     Ethnicity;

●      Registration number and address of a juristic entity; and

●      Education, medical, financial, criminal or employment history; or

●      any identifying number, symbol, e-mail address, physical address, telephone number, etc.).

Personal Data

Personal data includes Personal Information, Special Personal Information, Unique Identifiers and Account Numbers.

Processing

Any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Data, including:

●     the collection, receipt, recording, Organisation  , collation, storage, updating or modification, retrieval, alteration, consultation or use;

●     dissemination by means of transmission, distribution or making available in any other form; and

●     merging, linking, as well as restriction, degradation, erasure or destruction of information.

Record (s)

Means any recorded information, regardless of form or medium. Examples include the following:

●      writing on any material;

●      information produced;

●      recorded or stored by means book, map, plan, graph or drawing; and

●      photograph, film, negative, tape or other device in which one or more visual images;

which are in the possession or under the control of a responsible party; whether or not it was created by a responsible party; and regardless of when it came into existence.

 

Responsible Party

A public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Data.

Service Providers or Third-Party Providers

Individual or entity that provides goods or services to or on behalf of Roche.

Special Personal Information

Special Personal Data as referred to in Section 26 of PoPIA which includes the following;

●     religious or philosophical beliefs:

●      race or ethnic origin;

●      Trade union membership;

●      political persuasion;

●      health or sex life;

●      biometric information of a data subject; and

●      criminal behaviour of a data subject.

Unique Identifier and Account Numbers

Any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.