Privacy Notice for Roche Virtual Meetings
This information is meant to explain to you what kind of data we collect, from what sources that data is collected, and the purposes for which the data is used.
Identity and contact details of the data controller
Roche Pharmaceuticals Middle East FZCO – Dubai Branch. The Galleries, Building 4, Floor 5, Jebel Ali Downtown, P.O. Box 27309, Dubai, UAE, Email: [email protected] (“Roche”) is data controller.
In the event that your personal data is covered by the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”): EU representative of Roche Pharmaceuticals Middle East FZCO – Dubai Branch is Roche Privacy GmbH, Emil-Barell-Str. 1, D-79639 Grenzach-Wyhlen.
Please direct any questions and requests related to this information to “Roche Pharmaceuticals Middle East FZCO – Dubai Branch. The Galleries, Building 4, Floor 5, Jebel Ali Downtown, P.O. Box 27309, Dubai, UAE”, email: [email protected]
Purposes and legal basis for processing
Roche will collect and process your personal data when you register, attend and participate in the event in order to ensure an adequate organization and communication (the “Event”).
The purposes of the processing of your personal data are handling registration and attendance, as well as post-event activities, such as sharing presentations among participants and feedback collection.
For the purpose of event registration, management and follow-up actions, we will collect and process your data to meet our legitimate interests. We may also process your personal data to comply with all applicable legal and regulatory obligations.
Categories of personal data processed
Contact information, such as first name, last name, job title, organization, email address, and phone number.
Recipients of personal data
Recipients of your data may include Roche’s affiliates around the world, including but not limited to affiliates in countries with privacy standards different from those in your country. Our Roche affiliates will use the data for the same purposes as we do. A list of Roche’s affiliates is available in the current Annual Report, which can be found in the Investors section of www.roche.com.
Additional information in the event your data is covered by GDPR: Regarding the exchange of data within the Roche Group, contracts containing the EU Standard Contractual Clauses according to EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010) 593) constitute appropriate and suitable safeguards to ensure compliance with GDPR.
The Event is supported by a videoconferencing tool operated by [insert name of provider] acting as a data processor, which is certified under the EU-U.S. Privacy Shield, [we will need to establish this is correct for all service providers which Roche intends to utilize] which establishes appropriate and suitable safeguards to ensure compliance with GDPR according to the EU Commission decision of 12 July 2016 (C(2016) 4176).
The length of time in which we will store your personal data will differ depending upon the purpose for which we have collected and are processing your data. In most cases, we will keep the data for ten (10) years following our last interaction with you. We may, however, maintain your data for a longer period of time if we are required to do so by applicable law.
Information about your rights if your data is covered by GDPR
Provided your personal data is covered by GDPR, please note that you have the right to request from Roche access to and rectification of your personal data as well as the right to data portability, if applicable, or erasure or restriction of processing of your personal data. Erasure or restriction of processing is only possible if and to the extent the processing of personal data is based on consent or legitimate interest. If the data processing is based on consent, kindly note that you have the right to withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal. For sending us a note to exercise your right to withdraw consent, please see contact details in the section “Identity and contact details of the data controller” above.
To avoid that your data is entered in the systems again after your request for erasure, in your interest, and for us to comply with GDPR we may keep your name and e-mail address with a flag “Don’t contact anymore” in our systems.
In the event you believe that our data processing is non-compliant with GDPR: You are entitled to lodge a complaint with the responsible supervisory authority.