Roche Privacy Notice (Health Care Professionals – Middle East)
Last Revised: May 2022
General Privacy Statement
At F. Hoffmann-La Roche Ltd and all Roche’s subsidiaries (“Roche”), we are committed to protecting your personal information in accordance with the applicable data protection laws. This Privacy Notice outlines the types of personal data Roche may collect, the means by which Roche may collect, use, or share your personal data; steps Roche takes to protect your personal data; and choices you are provided with respect to the use of your personal data.
For purposes of this Privacy Notice, “Personal Data” is any information by which you can be individually identified both directly and indirectly, including, but not limited to, your name, address, e-mail address, and telephone number.
Minors
Our platform/website is not designed or intended for use by children under the age of 18 unless explicitly advertised in the platform. We do not knowingly collect any Personal Data on this site from anyone under the age of 18 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent’s or guardian’s permission prior to using or disclosing any Personal Data on this website or online resource.
Identity and Contact Details of the Data Controller
- Company name and address: Mazoon Pharmacy LLC (Local agent for Roche in Oman) Alwadi Alkabeer, Way no. 5809 Building 413, PO Box 24 Muscat, Sultanate of Oman
- Company activity: Importers & suppliers of pharmaceutical, surgical and other healthcare products, laboratory and medical equipments
- Contact details: gulf.privacy@roche.com
Categories of personal data processed
We may collect the following personal data:
1. Contact details: includes your name, professional email address, telephone number, working location.
2. Professional Information: includes your biographical information (CV), professional society memberships, affiliations/profession, job title, therapeutic area, qualifications or experience, education and scientific/medical activity.
3. Financial/Transaction information: includes your bank account number, credit card, customer account information, order history, and to the extent that it is related to interacting with Roche.
4. Transfer of value: includes nature of transfer of value, amount/value, date of occurrence, recipient’s information.
5. Interaction Information: includes professional interactions between Roche and you, records of your collaborations, registration and participation in Roche’s event or related activity, clinical trials in which you served or are serving as an investigator.
6. Profile data: includes information about your contact and product preferences, languages, marketing preferences, qualifications or experience, collaborations, publications, demographic data, feedback and interest.
7. Technical and usage data: includes your online user ID, IP address, geographic information, viewing data, other information regarding your usage and interactions with our websites, applications, emails, and advertisements.
How and Why We Process Your Personal Data
Several places on our platforms require Personal Data if you choose to use them, including surveys, registration, and content sharing features (i.e., “E-mail to a Friend” links). Roche and its business partners collect this information about you only if you voluntarily provide it to us. Please be aware that certain features in our platform may not be available to you if you elect not to provide certain Personal Data. Any Personal Data you provide to us on our platform will be used in accordance with this Privacy Notice.
More Information on our Processing Activities
This table outlines each processing activity and provides information on the categories of information collected for each activity. Furthermore, this table defines the categories of Personal Data for each of these processing activities that you consented.
Purpose |
Categories of Personal Data |
Responding to Requests or Inquiries. We may use the information that you provide to us to take the steps necessary to respond to your request, for example, you may submit a medical information request, inquire about a product, or subscribe to one of our mailing lists. |
1)Contact Details
2)Professional Information
|
Completing Transactions and fulfilling contractual obligations. We may collect the Personal Data to fulfill services that you have requested, for example register for and use an account, to administer and manage your registration and participation at Roche’s events, to fulfil business relationships with you, including processing payments, notifying you of your order status and any associated order status issues. |
1)Contact Details
2)Professional Information
3)Financial/Transaction information
|
Managing business relationships with you. We collect and process Personal Data to facilitate Roche’s decision making when it comes to identifying suitable therapeutics area experts for its various medical/ and/or scientific engagements and collaborations (including speakers at internal or external medical educational events, advisory boards, training, etc.). We may combine Personal Data you provide with other information collected through our websites and online resources, Roche’s offline records and information provided to us by third parties. This processing activity involves the creation of a profile about you to manage business relationships with you and for selecting the most appropriate therapeutic areas experts. You can object to this processing activity at any time using the contact details described in the list of Data Controllers. No automated decisions are made that would result in legal effects or similarly significantly affect an individual. |
1)Contact Details
2)Professional Information
3)Interaction Information
4)Profile data
5)Technical and usage data
|
Transparency obligation: Roche may be obligated to disclose transfers of value made to healthcare professionals and healthcare organizations, as may be advisable or required under applicable global, regional and local rules and regulations and best industry practices and standards. Tracking and Monitoring Adverse Events and Pharmacovigilance. Some specified parts of our platform may collect Personal Data related to adverse events or other activities related to pharmacovigilance. This information is very important for public health and will be used for the detection, assessment, understanding, and prevention of adverse events or other medicine-related problems. For more information about how we use and disclose Personal Data for these purposes, please see our Privacy Notice for |
1)Contact Details
2)Professional Information
3)Financial/Transaction information
4)Transfer of value
1)Contact details
2)Professional Information
|
To Run, Maintain our Websites, Platforms and Products. We use this information to secure, maintain and improve our websites, network systems, and other assets. |
1)Technical and usage data
|
Sources
Roche uses different methods and channel to collect personal data from you and about you including:
1. Directly from you;
2. Direct interactions with you, including information obtained from you through physical or virtual meetings, collaborations, services, feedback, surveys, etc.;
3. Automated information collected through our websites and online sources;
4. Third parties or publicly available sources, including websites, social media networks, journals, and third party platforms.
Use of Data for Marketing
We do not sell or transfer the Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent.
Information Sharing / Recipients of Personal Data
Recipients of your Personal Data
Roche may share the Personal Data with Roche’s subsidiaries around the world. Our Roche subsidiaries will use the Personal Data for the same purposes as the data Controller does, for example to contact you for a potential collaboration or event. A list of Roche’s subsidiaries is available in the current “Roche finance report in the list of subsidiaries and associates section”, which can be found in the Investors section of www.roche.com.
Furthermore, we may also share the Personal Data with third parties, for the following purposes:
· To F. Hoffmann-La Roche Ltd and other Roche’s subsidiaries for support and maintenance of our platforms;
· To business partners: service providers, including market research agencies, events organizers, or other third parties who provide certain services to Roche;
· To cloud providers or services provider for storing purposes and to conduct technical maintenance of our platform and other web platforms;
· To communication providers, including marketing platforms, electronic communication providers, social media platforms in order to send you relevant information and communicate with you
· To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Roche participates, or pursuant to a financial arrangement undertaken by Roche;
· To respond to appropriate requests of legitimate government authorities, or where required by applicable laws, court orders, or government regulations; and
· Where needed for corporate audits or to investigate or respond to a complaint or security threat.
International Transfers of the Personal Data
Roche may transfer the Personal Data in a geographic region that imposes different privacy obligations than your country of origin. This means that your Personal Data may be sent to a country with less restrictive data protection laws than your own. Any such transfer will be conducted in compliance with applicable laws. We transmit your Personal Data to European Union countries. Roche guarantees that in case of transfer of Personal Data to such locations that it will take the necessary measures to protect the Personal Data.
If your Personal Data is covered by the GDPR/UK GDPR/Swiss FADP: For transfers of personal data within the Roche Group and Roche’s processors or business partners, contracts containing the EU Standard Contractual Clauses according to the EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010)593) or according to EU Commission decision of 04 June 2021 (C(2021) 3972), whichever is applicable constitute appropriate and suitable safeguards to ensure compliance with GDPR/UK GDPR/Swiss FADP, including supplementary measures where required.
Data Security
We have implemented commercially reasonable precautions to protect the Personal Data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Data security measures include data encryption and data access management and controls. Please be aware that despite these measures, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your phone and your computer by, among other things, signing off after using a shared computer, locking your phone and keeping your information private.
Retention / Storage Period of Your Personal Data
The length of time in which we will store your Personal Data will differ depending on the purpose for which we have collected and are processing your data. In most cases, we will keep the data for five (5) years following our last interaction with you. We may, however, maintain your data for a longer period of time if we are required by law to maintain your data, e.g. due to tax law or accounting requirements.
Information About Your Rights Regarding Your Personal Data
You may have certain rights regarding our use and processing of your Personal Data.
If data processing is based on consent, note that you have the right to withdraw your consent at any time, but that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal, or unless applicable laws or regulations or judicial requirements require otherwise. In order to withdraw your consent, you can either use the mechanism as individually explained when we asked for your consent or in any case send an email to the data controller as indicated in the “Identity and Contact Details of the Data Controller” section above.
Your rights in accordance with applicable laws
Further information about your privacy rights can be found in our Data Privacy Rights by applicable laws
Updates to This Privacy Notice
From time to time, we may revise this Privacy Notice with the condition of your consent. Any such changes to this Privacy Notice will be reflected on this page. The date on which this notice was last revised is located at the top of this notice.