Last updated: May 2018
We understand that protecting the privacy of visitors to our website and our customers is very important and that information about you and/or your health is particularly sensitive. That's why we treat your personal data according to the laws of England and Wales and other applicable local laws which regulate the storage, process, access and transfer of personal data including the EU General Data Protection Regulation ("GDPR").
1. Who we are
Roche has been a pioneer in providing innovation in diabetes technology and services for more than 40 years, helping people with diabetes to live their lives as active and unrestricted as possible.
Under the brand Accu-Chek and in collaboration with partners, Roche creates value by providing integrated diabetes management solutions to monitor glucose levels, deliver insulin and track relevant data points for successful glucose management.
By establishing a leading open digital platform, connecting devices and digital solutions, Roche will enable personalised diabetes care and improve therapy outcomes.
This website is operated by Roche Diabetes Care UK and Ireland ("Roche", "we", "us" "our"). The data controller is Roche Diabetes Care Limited (company number 09055599), Charles Avenue, Burgess Hill, West Sussex, RH15 9RY.
2. Contact us
If you have any questions or concerns about privacy or would like to exercise your rights in relation to your personal information, please send an email to our Data Protection Officer or write to us at the address above.
3. Personal information we collect
We will ask you to provide some personal information such as:
- Full name;
- Email address;
- Date of birth;
- Telephone numbers; and
- Health information (including your hospital and information regarding your pump or meter).
Some information is compulsory for us to provide the service you have requested. We will always notify you if providing the information is compulsory or optional.
4. How and why we use your personal information
Roche collects personal information from you to perform our business operations, provide you with and improve products and services, and personalise your experience.
We also may use the data to communicate with you, for example, informing you about your account and providing product information. We will only send you marketing communications when you have provided your consent and we will only share your data where we have a proper reason to do so.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only:
- where we have your consent to do so,
- where we need the personal information to perform a contract with you, or
- where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, in some cases for direct marketing, fraud prevention, network and information systems security).
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
The following sections advise of the reason(s) we rely on for processing your personal information and list the ways that we may use your personal information:
- Browsing public pages on our website
- Notifying you of your order status and any issues relating to your order
- Undertake website administration and personalisation
- Managing network and data security
- Logistics planning, demand forecasting, product improvement, management information and research
- Provide customer services to you
- Processing and responding to complaints received from you
- Inform you of service and price changes
- Contacting you for a Welcome Call to introduce you to the product
- Activating the product warranty including passing the date that you started using the pump to your healthcare provider
- Internal training and monitoring purposes (call recording where notified)
- Credit Management
Legal obligation/legitimate interest
- Contacting you with product safety updates
- To detect, investigate and report financial crime (e.g. fraud)
- Registering your interest in products or services
- Subscribing to the Accu-Chek Commitment
- Marketing Communications
- Contacting you to undertake customer satisfaction surveys, invite you to review a product, invite you to enter a competition or for market research
Consent and Legitimate Interest
- Use of the diabetes management system
Fulfilment of a contract
- Processing your order
- Creating, updating or managing your Accu-Chek online account and registering associated products
Further information regarding the processing of personal information that we undertake can be found below, however if you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided above in section 2.
a) Browse public pages on our websites
If you browse public pages on our websites, i.e. content that you can access without being logged in to an account you may have with us, we collect and process only non-sensitive information about you.
b) Register for and use an account
To use non-public content on our websites and to register your product, you will first need to create an account, and then log in to your account.
We use accounts wherever we process sensitive data such as in particular your health related personal information. We also use accounts wherever we process your personal information with your consent. This is because accounts allow us to better protect your personal information in access controlled systems and to establish your identity in order to obtain and manage your consents.
c) Order or registering for services and products e.g. ordering consumables, subscribing to the Accu-Chek commitment
Access to online services and products is limited to account holders only because the provision of these services involves health data that we consider to be sensitive that we want to protect.
d) Participate in surveys
If you consent to participate in one of our surveys, we will process your submitted input for research and marketing purposes. Unless otherwise stated in the respective survey, you may participate on an anonymous basis and we will not be able to relate your input to you personally but will only assess it on an aggregate basis together with the input of others.
e) Communicate with us by telephone, e-mail, webforms or otherwise in respect of our products and services or during the purchasing of any such products
If you communicate with us by telephone, e-mail, webforms or similar, we will process your contact details and the personal information you give to us even if you do not have an account with Roche. We will process such information only to the extent required to answer your enquiry, and will delete the information when no longer required as evidence (normally three years), unless you have consented for us to use your data for other purposes, of which its purpose will be specified at time of you giving us consent.
We record calls to our customer services team, when you have consented, for quality and training purposes. We do not record details of any financial transactions and delete the recording after a maximum of 6 months.
f) Use our diabetes management softwareRoche Diabetes Care offers services of affiliated Roche companies to help you better understand your diabetes. These include diabetes management services such as e.g. Accu-Chek Connect. You will be notified of the service's privacy statement at the point of setting up an account. Each service will ask for your consent to use the service. The data controller for Accu-Chek Connect is Roche Diabetes Care GmbH in Germany.
g) Complain about our services and products
When we receive a complaint about a product or service from a person we create a file containing the details of the complaint, including the identity of the complainant. It may contain health related information. We will only use the personal information we collect to process the complaint.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for eighteen years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.
5. Retention periods
We retain personal information we collect from you where we have a genuine business need to do so, for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements.
When we have no ongoing business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Roche takes appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. To ensure the confidentiality of your data, Roche uses industry standard firewalls and password protection. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential and we ask you not to share this password anyone.
7. Who receives your information
Roche shares your personal information with your consent and further as necessary in relation to the above purposes, as required by applicable laws, court orders, or government regulations. Roche uses group internal and external providers and agents e.g. for IT systems operation and maintenance or to fulfil business transactions, such as providing customer services, or sending communications. In all these cases, access to unencrypted data is restricted to those who have a need to know. Also, Roche has entered into data processing agreements in order to ensure that providers and agents process the personal information only on Roche's behalf and subject to appropriate technical and organisational measures.
Roche will not sell or otherwise transfer your personal information to any third parties for their own use unless with your explicit consent.
We also share data with our company's subsidiaries and affiliates globally, or store that data with them when required to by law or to respond to a legal process, to respond to a complaint or security request.
8. Transfers to other countries
We may transfer the personal information we collect about you through the website to countries that may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Statement. In particular, we will base such data transfers on adequate standards such as data protection clauses approved by the European Commission or the US-EU Privacy Shield, as applicable. You may receive a copy of the clauses by contacting us as described above (see section 2 above).
9. Your Rights and how to exercise them
You may, in accordance with applicable data protection law, request the following from Roche Diabetes Care:
- Right of access: request access to your personal information we process, obtain a copy of such data, and have inaccurate data rectified or completed;
- Right to rectification: to have your personal information corrected if it is inaccurate/have incomplete personal information completed
- Right to erasure: to have your personal information erased or its processing restricted (each to the extent that one of the grounds provided for by statutory law applies)
- Right to restriction of processing: to restrict processing of your personal data
- Right to data portability: to electronically move, copy or transfer your personal information in a standard form
- Right to object: to object to processing of your personal information
- Right to withdraw consent
- Rights relating to automated individual decision making, including profiling. We do not use such processes without your prior consent.
You can exercise your rights by visiting your online account or contacting us at the address above (see section 2). You can adjust your privacy preferences, manage your consents, and amend your data. These choices do not apply to mandatory service communications that are part of certain Roche Diabetes Care services.
If you do not have an account or have difficulties or other enquiries, please approach us or our data protection officer using the above contact details (see section 2 above).
10. Privacy of Children
Our website is directed at an adult audience. We do not knowingly collect any personally identifiable information from anyone we know to be a child without the prior, verifiable consent of his or her legal representative.
11. Updates to Privacy Statement
We keep this Privacy Statement under regular review and we will place any updates on this website in response to changing legal, technical or business developments. When we update this statement, we will take appropriate measures to inform you. When we change any processing that is based on consent, we will ask you for a new consent. We encourage you to periodically review this page for the latest information on our privacy practices.
12. Third Party Resources
This Privacy Statement does not apply to third party sites to which our website may link, where we do not control the content or the privacy practices of such third parties. We will tell you when you follow a link to such a third party site.