Roche Diabetes Care Australia Pty Limited ACN 602 140 278 (“Roche”) is committed to protecting your privacy and will handle your personal information such as your name, address and telephone number in accordance with the Privacy Act 1988 (Cth) (“the Act”).
Table of Contents
- Information collected
- Your choices
- Use and disclosure of personal information
- Disclosure of personal information overseas
- Links to other sites
- Data breach
- Access, corrections and further information
1. How will Roche collect your personal information
Roche is concerned with protecting your privacy. Wherever possible, Roche will collect your personal information directly from you. However, Roche may also collect personal information from other sources including:
- agents and service providers such as customer relationship management service providers and third party service providers;
- publicly available sources including directories, listings and the internet.
The personal information collected may vary depending on your interaction with Roche. However, Roche will only collect information that is necessary for Roche to track and manage its interaction with you or purposes set out in this Policy. The information may include:
- your contact details and other information collected when you register with Roche;
- any messages or comments you submit to us through email;
- sensitive health information (including your information regarding your pump or meter); or
- any other information you provide to Roche during your interaction with Roche.
2. Automatically Collected Information
Roche may automatically receive certain types of information whenever you interact with us on our sites and through e-mails we may send each other. Automatic technologies we use may include, for example, web server logs/IP addresses, cookies and web beacons.
- Web Server Logs/lP Addresses. An IP address is a number assigned to your computer whenever you access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. Roche collects IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and website performance review.
- Web Beacons. On certain web pages or e-mails, Roche may utilize a common internet technology called a “Web beacon” (also known as an “action tag” or “clear GIF technology”). Web beacons help analyse the effectiveness of websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a site.
Web beacons, cookies and other tracking technologies do not automatically obtain personally identifiable information about you. Only if you voluntarily submit personally identifiable information, such as by registering or sending e-mails, can these automatic tracking technologies be used to provide further personal information about your use of the websites and/or interactive e-mails to improve their usefulness to you.
If an adult person with diabetes is under care, the primary carer must ensure that they provide their details and receive consent to the collection of information from the person with diabetes.
If a person with diabetes is under the age of 18, the parent or guardian must provide consent to the collection of information about the person with diabetes.
You have several choices when providing your personal information to Roche. You may decide not to provide your personal information at all by electing not to enter it into any forms or data fields on our websites or other forms (such as consent or meeting registration forms) which may be provided to you from time to time. If you choose not to provide your personal information, or provide incomplete or misleading information, Roche may not be able to provide you with information and/or access to services that may be of use or interest to you.
Certain websites may ask for your permission for certain uses of your personal information and you can elect to accept or decline those uses. If you subscribe to particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication.
If you decide to unsubscribe from a service or communication or to update or remove your personal information, we will address your request and amend our records accordingly. We may require some additional information from you before we can process your request.
Roche uses technology and security precautions, rules and other procedures to protect your personal information from unauthorised access, improper use, disclosure, loss, modification, interference or destruction. To ensure the confidentiality of your personal information is maintained, Roche also uses industry standard firewalls and password protection. It is, however, your personal responsibility to ensure that the computer you are using is adequately secured and protected against malicious software, such as trojans, computer viruses and worm programs. Without adequate security measures (e.g. secure web browser configuration, up-to-date antivirus software, personal firewall software, no usage of software from dubious sources) there is a risk that the data and passwords you use to protect access to your data, could be disclosed to unauthorised third parties.
Use and Disclosure of Personal Information
The purposes for which your personal information may be collected, held, used and disclosed include:
i. to contact you (or provide information and/or materials to you):
- with respect to Roche products and/or services;
- to administer and conduct consulting and service arrangements with Roche;
- to administer or conduct educational and/or commercial meetings or programs;
- to update you on medical congress, events and news; and
- to conduct relevant market research;
ii. to fulfil obligations under relevant industry codes of conduct, meet regulatory requirements and, legal obligations;
iii. to maintain your contact details in our records;
iv. to monitor the safety and efficacy of our products;
v. to fulfil your requests;
or as otherwise disclosed to you in this Policy from time to time.
Roche will not disclose personal information about you to any person except in accordance with the Act, and only where necessary. The circumstances in which we may disclose that information include:
- where Roche notified you at the time of supply of the information to Roche or it is expressly permitted under any agreement with you;
- where it is necessary to provide you with a service or goods which you have requested;
- where required for the ordinary operation of our business (for example, to send you information about our goods and services);
- where it is necessary for support services to be provided in relation to our business activities (please note that such disclosures will only be to people and entities required to meet the same standards of data protection and which are prevented from using the information for their own marketing purposes);
- where we consider the law requires it, or in response to any demand by law enforcement authorities;
- regulatory authorities (such as the Therapeutic Goods Administration and State and Territory drug and health authorities) where Roche is required to provide your personal information to the particular authority;
- third parties that we use in the ordinary operation of our business, such as for conference organising, marketing, data processing and associated printing and mailing. For example, it may also be provided to Clinical Research Organisations for the purposes of medical research. We will only provide your personal information to reputable third parties and then only on a confidential basis where we are satisfied that those third parties will similarly comply with the Australian Privacy Principals and the Act. These activities may involve the export of your personal information overseas as described above;
- companies related to Roche for the same kinds of purposes as listed above. Subsequent use and disclosure by the related company will be in compliance with the Australian Privacy Principles and the Act;
- another company for the purpose of ensuring continuity of product supply and/or service if the supply of the product or service has been transferred to that company; and
- such third parties otherwise permitted or required by law.
Disclosure of Personal Information Overseas
Information collected from or about you may be transferred to, stored and processed in Australia or any other country in which Roche or its affiliates worldwide, or its or their subcontractors or agents maintain facilities, including in the United States and countries within the European Union such as Germany and France.
Your personal information may be aggregated with data from other Roche sources and stored or processed on computers or web-based database systems located outside Australia where privacy laws may differ from ours, in jurisdictions including Germany, France and the United States.
Your personal information may be stored, maintained and processed on computers or web-based database systems at Roche which may be accessed by and shared with any affiliate within the global Roche Group (Roche Affiliates), third-parties working with Roche affiliates and/or regulatory authorities or as required by law.
Roche will ensure that if information is transferred outside of Australia, we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected in these jurisdictions.
At any time you may opt out of receiving any communications from Roche (other than as required for the operation of our business, e.g. regarding account payment if you have one with us), although Roche may then be unable to provide you with all of the information regarding our programs, events, services or products which may be of benefit to you. If you decline to provide us with your personal information (or subsequently opt-out) it will likely preclude the provision of relevant services to you by Roche.
Links to Other Sites
If Roche becomes aware that a third party has accessed or used your personal information without permission and such breach is likely to place you at risk of serious harm, Roche will endeavour to contact you promptly and also notify the Office of the Australian Information Commissioner.
Access, Corrections and Further Information
You may request access to personal information Roche holds about you by sending an email to firstname.lastname@example.org if you would like to:
- request access to your personal information held by Roche;
- request an amendment or correction of your personal information held by Roche;
- ask us to remove your personal information from our system; or
Your request should provide as much detail as possible to assist us to identify information relevant to you, such as your name and contact details, any former names and the information you believe Roche may hold about you. You do not have to provide a reason for requesting access. Where Roche holds information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how you may access it (e.g. emailing or mailing it to you). In any event Roche will acknowledge receipt of your request within a reasonable period and in any event within 10 working days and endeavour to respond to your request within 30 days.
If you believe that personal information Roche holds about you is incorrect, incomplete or inaccurate, then you may request we amend it. We will consider if the information requires amendment. If Roche does not agree that there are grounds for amendment, then we will add a note to the personal information we hold stating that you disagree with it.
Complaints against Roche, including with respect to a breach of the APP’s, may be directed to our privacy contact at the end of this policy. We will investigate your complaint and endeavour to resolve it within a reasonable period, not usually exceeding 30 days.
If you consider that Roche has not dealt with your complaint adequately, you may complain to the Office of the Australian Information Commissioner. Contact details can be found at www.oaic.gov.au
Any questions about this policy, or any complaint regarding treatment of your privacy by Roche, should be made through the contact details below.
We are committed to constantly improving our procedures so that your personal information is treated appropriately. If you have any questions or would like to know more about our privacy practices, please contact Roche by one of the following means:
Attn: Privacy Officer
Roche Diabetes Care Australia Pty Ltd
PO Box 6266
North Ryde NSW 2113