Privacy Notice
Last updated: September 2023
1. Who we are
Roche has been a pioneer in providing innovation in diabetes technology and services for more than 40 years, helping people with diabetes to live their lives as active and unrestricted as possible.
Under the brand Accu-Chek and in collaboration with partners, Roche creates value by providing integrated diabetes management solutions to monitor glucose levels, deliver insulin and track relevant data points for successful glucose management.
By establishing a leading open digital platform, connecting devices and digital solutions, Roche will enable personalised diabetes care and improve therapy outcomes.
This website is operated by Roche Diabetes Care UK and Ireland (“Roche”, “we”, “us” “our”). The data controller is Roche Diabetes Care Limited (company number 09055599), Charles Avenue, Burgess Hill, West Sussex, RH15 9RY.
2. Contact us
If you have any questions or concerns about privacy or would like to exercise your rights in relation to your personal information, please contact our Data Protection Officer on [email protected] or write to us at the address above.
If you are not satisfied with the way Roche handles your data or responds to your requests, you may also complain to your local Data Protection Authority in the United Kingdom or Republic of Ireland.
3. Personal information we collect
We collect and process a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number, and date of birth;
- sensitive health information (including your hospital and information regarding your pump or meter),
- your IP address when you browse our websites;
- information you provide when you agree to participate in any market research
- testimonials you provide to us
Some information is compulsory for us to provide the service you have requested. We will always notify you if providing the information is compulsory or optional.
We collect this information in a variety of ways. For example, data is collected through forms on our website, from correspondence with you, or through telephone calls.
In some cases, we collect personal data about you from third parties, such as details from your health care provider.
4. Why we process your personal information
Roche collects personal information from you to
- perform our business operations,
- provide you with, and improve products and services, and
- personalise your experience when you use our products and services.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only:
- where we have your consent to do so,
- where we need the personal information to perform a contract with you, or
- where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, in some cases for direct marketing, fraud prevention, network and information systems security).
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
We may process your personal data as required to prepare or protect against legal claims; including litigation, anti-fraud measures, and technical and organisational measures to protect our networks and technology against attacks.
We may process your personal information to the extent necessary for the purposes of preventive medicine, for medical diagnosis, the provision of health care or treatment or the management of health care systems and services pursuant to contract with a health care professional subject to professional secrecy (such as your treating care giver at a hospital).
We may process your personal information for scientific research purposes or statistical purposes in accordance with applicable law, provided it is proportionate to the aim pursued, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard your fundamental rights and interests. As a rule, we will still ask for your consent when we would like you to participate e.g. in a study.
The following sections advise of the reason(s) we rely on for processing your personal information and list the ways that we may use your personal information.
Legitimate Interest | Legal Obligation | Consent | Contractual | |
Browsing public pages on our website | ✔ | |||
Notifying you of your order status and any issues relating to your order | ✔ | |||
Undertake website administration and personalisation | ✔ | |||
Managing network and data security | ✔ | |||
Logistics planning, demand forecasting, product improvement, management information and research | ✔ | |||
Providing customer services to you | ✔ | |||
Processing and responding to complaints received from you | ✔ | |||
Inform you of service and price changes | ✔ | |||
Contacting you for a Welcome Call to introduce you to the product | ✔ | |||
Providing details of your product; including warranty information and your contact details to your healthcare provider | ✔ | |||
Internal training and monitoring purposes (call recording) | ✔ | |||
Credit Management | ✔ | |||
Contacting you with product safety updates | ✔ | |||
To detect, investigate and report financial crime (e.g. fraud) | ✔ | |||
Registering your interest in products or services | ✔ | |||
Subscribing to the Accu-Chek Commitment | ✔ | |||
Marketing Communications | ✔ | |||
Contacting you to undertake customer satisfaction surveys, invite you to review a product, invite you to enter a competition or for market research | ✔ | |||
Use of the diabetes management system | ✔ | ✔ | ||
Processing your order | ✔ | |||
Creating, updating or managing your Accu-Chek online account and registering associated products. | ✔ | |||
Testimonials | ✔ |
Further information regarding the processing of personal information that we undertake can be found below, however if you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided above in section 2.
5. How we use your personal information
This Privacy Notice explains how we use any personal information we collect about you when you:
- Browse public pages on our websites
- Register for and use an account
- Participate in surveys
- Order or registering for services and products
- Communicate with us by telephone, e-mail, webforms or otherwise in respect of our products and services or during the purchasing of any such products
- Complain about our services and products
- Use our diabetes management software
- Use our Social Media Channels
- Service communications
- Consent to marketing
- Testimonials
a) Browse public pages on our websites
If you browse public pages on our websites, i.e. content that you can access without being logged in to an account you may have with us, we collect and process only non-sensitive information about you.
b) Register for and use an account
To access non-public content on our websites and to register your product, you will first need to create an account, and then log in to your account.
We use accounts wherever we process sensitive data such as in particular your health related personal information. We also use accounts wherever we process your personal information with your consent. This is because accounts allow us to better protect your personal information in access controlled systems and to establish your identity in order to obtain and manage your consents.
c) Participate in surveys
If you consent to participate in one of our surveys, we will process your submitted input for research and marketing purposes. Unless otherwise stated in the respective survey, you may participate on an anonymous basis and we will not be able to relate your input to you personally but will only assess it on an aggregate basis together with the input of others.
d) Order consumables or registering your products
Access to online services and product registration is limited to account holders only because the provision of these services involves health data that we consider to be sensitive that we want to protect.
e) Communicate with us by telephone, e-mail, webforms or otherwise in respect of our products and services or during the purchasing of any such products
If you communicate with us by telephone, e-mail, webforms or similar, we will process your contact details and the personal information you give to us even if you do not have an account with Roche. We will process such information only to the extent required to answer your enquiry, and will delete the information when no longer required as evidence (normally three years), unless you have consented for us to use your data for other purposes, of which its purpose will be specified at time of you giving us consent.
We record calls to our customer services team, when you have consented, for quality and training purposes. We do not record details of any financial transactions and delete the recording after a maximum of 6 months. We only retain records of where you have provided consent for as long as it is valid.
f) Complain about our services and products
When we receive a complaint about a product or service from a person we create a file containing the details of the complaint, including the identity of the complainant. It may contain health related information. We will only use the personal information we collect to process the complaint.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
g) Use our diabetes management software or app
Roche Diabetes Care offers services to help you better understand your diabetes. These include diabetes management services such as e.g. mySugr. You will be notified of the service’s privacy notice, terms of conditions of use at the point of setting up an account.
h) Use our Social Media Channels
If you interact with content published on our Social Media Channels, we may collect and process non-sensitive information about you.
i) Service communications
We may use the data to communicate with you, for example, informing you about your account, providing information about the product(s) and/or service(s) you have registered with us e.g software updates, product modifications and enhancements, and associated services)
j) Consent to marketing
We will only send you marketing communications when you have provided your consent and we will only share your data with a third party if we have your consent. We will make this clear at the time you provide your consent.
k) Testimonials
With your consent we will use testimonials that you have provided to us for marketing purposes. Testimonials will only be used for the purposes identified and agreed with you at the time of collection. You may withdraw your permission at any time by contacting us.
6. Retention periods
We retain personal information we collect from you where we have a genuine business need to do so, for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements.
When we have no ongoing business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
7. Security
Roche takes appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. To ensure the confidentiality of your data, Roche uses industry standard firewalls and password protection. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential and we ask you not to share this password with anyone.
8. Who receives your information
Roche shares your personal information with your consent and further as necessary in relation to the above purposes, as required by applicable laws, court orders, or government regulations. Roche uses group internal and external providers and agents e.g. for IT systems operation and maintenance or to fulfil business transactions, such as providing customer services, or sending communications. In all these cases, access to unencrypted data is restricted to those who have a need to know. Also, Roche has entered into data processing agreements in order to ensure that providers and agents process the personal information only on Roche’s behalf and subject to appropriate technical and organisational measures.
Roche will not sell or otherwise transfer your personal information to any third parties for their own use unless with your explicit consent.
We also share data with our company's subsidiaries and affiliates globally, or store that data with them when required to by law or to respond to a legal process, to respond to a complaint or security request.
9. Transfers to other countries
We may transfer the personal information we collect about you through the website to countries that may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Notice. In particular, we will base such data transfers on adequate standards such as data protection clauses approved by the European Commission. You may receive a copy of the clauses by contacting us as described above (see section 2).
10. Your Rights and how to exercise them
You may, in accordance with applicable data protection law, request the following from Roche Diabetes Care:
- Right of access: request access to your personal information we process, obtain a copy of such data, and have inaccurate data rectified or completed;
- Right to rectification: to have your personal information corrected if it is inaccurate/have incomplete personal information completed
- Right to erasure: to have your personal information erased or its processing restricted (each to the extent that one of the grounds provided for by statutory law applies)
- Right to restriction of processing: to restrict processing of your personal data
- Right to data portability: to electronically move, copy or transfer your personal information in a standard form
- Right to object: to object to processing of your personal information
- Right to withdraw consent
- Rights relating to automated individual decision making, including profiling. We do not use such processes without your prior consent.
You can exercise your rights by visiting your online account or contacting us at the address above (see section 2). You can adjust your privacy preferences, manage your consents, and amend your data. These choices do not apply to mandatory service communications that are part of certain Roche Diabetes Care services.
If you do not have an account or have difficulties or other enquiries, please approach us or our data protection officer using the above contact details (see section 2).
11. Privacy of Children
Our website is directed at an adult audience. We do not knowingly collect any personally identifiable information from anyone we know to be a child without the prior, verifiable consent of his or her legal representative.
12. Updates to Privacy Notice
We keep this Privacy Notice under regular review and we will place any updates on this website in response to changing legal, technical or business developments. When we update this notice, we will take appropriate measures to inform you. When we change any processing that is based on consent, we will ask you for a new consent. We encourage you to periodically review this page for the latest information on our privacy practices.
13. Third Party Resources
This Privacy Notice does not apply to third party sites to which our website may link, where we do not control the content or the privacy practices of such third parties. We will tell you when you follow a link to such a third party site.