Privacy Policy

PRIVACY POLICY

Contents & Summary

 

A table summarizing the contents of this privacy policy ("Privacy Policy") appears below, followed by the notice in full. Should there be any discrepancy between the table and the full Privacy Policy, the language of the full Privacy Policy shall govern.

Scope

This Privacy Policy explains our collection, use, disclosure, and retention of your personal information and other information as described in this Privacy Policy in the United States. Your use of the System is also governed by the Terms.

Information Collection and General Use

We collect the following information when you use the System and we use it in the following general ways, with a more complete explanation in the full policy below: (a) Registration and Account Information:When you create an account or profile, or otherwise use the System, you voluntarily give us personal information and, if you choose, health information, such as regarding your blood glucose and/or your blood insulin data. (b) Information to Respond to Your Requests:You may also give us your personal information to sign up for our newsletters and other communications. (c)Information About Healthcare Providers With Whom You Choose to Share Your Personal Information (where available):If you are a patient with diabetes and you sign in to your Roche Diabetes Care GmbH ("Roche Diabetes Care") account, the System will store information about your healthcare provider that you submit to the System if you decide to share your personal information with a healthcare provider. And you also agree that the healthcare provider you designate may collect your personal information.  (d) Mobile Information:We collect information regarding your device's operating system (e.g. an Apple iOS) and mobile application identifier. We do this to ensure that the service works on your device. (e) Technical usage information:: If you allow us to, we use tracking technologies (e.g. cookies) to collect usage information on the System. Although some privacy laws may consider this personal information, we do not directly relate this to information that readily identifies you; but we do associate it with certain of your personal information as described below.

Retention

Your personal information is retained for only as long as required for the purposes set forth in this Privacy Policy and pursuant to the Terms you have agreed to when registering. You can contact Roche Diabetes Care as set forth at the bottom of this Privacy Policy at any time to request deleting of your personal information.

Your Choices

In most circumstances you can control the purposes for which Roche Diabetes Care uses your personal information, and when you want to receive notifications. You can do so on the System or by following instructions on the System and within the notices.

Disclosure of Information

We may share your personal information and other information we collect with the following entities: (1) entities within Roche Diabetes Care and its affiliates and subsidiaries (including third-party suppliers under contract with Roche Diabetes Care), (2) other entities than Roche Diabetes Care with your consent; (3) legal and law enforcement; and (4) other entities acquiring the System if there is a change of control.

Tracking Technologies (Cookies)

We use tracking technologies (e.g. cookies) to recognize you, improve our products and services, to provide security for your information, and to customize your experience on the System for the country and language preferences you designate. We use Google Analytics. See the main text for more information and to learn how to change your relevant settings.

Portability, Access and Review Options

You can review, edit, and download your personal information by accessing your account on the System.

California Consumer Privacy Act and Privacy Rights

If you are a California resident, please visit the California Supplemental Privacy Notice for more information about personal information processing activities as they relate to California residents. As a California resident you may also request information about our practices related to responses to your browser preferences on tracking.

Security

We protect your personal information using adequate security measures, in particular encryption both in transport and at rest.

Children's Privacy

The System is only intended for use by individuals over the age of 18.

International Transfer

We store and process your personal information in ISO27001 certified data centers in Germany.

Notification Regarding Updates

We will notify you about material changes to this Privacy Policy by posting notices on this System.

How to Contact Us

Contact Information is set forth in Section 11 below.

 

1. Scope

This document explains the collection and usage of personal data in the context of ACCU-CHEK® Connect online diabetes management system and the online component of the ACCU-CHEK 360° diabetes management system, which both include the online functionality (the "Online Functionality") a web-based software service with online features and internet based data storage facility.

The ACCU-CHEK Connect online diabetes management system delivers the ACCU-CHEK Connect device link (the "Local Component"), an optionally available software for direct PC connectivity between your device (e.g., blood glucose meter or insulin pump) and the ACCU-CHEK Connect online diabetes management system.

The ACCU-CHEK 360° diabetes management system includes desktop software (the "Desktop Software").

The Desktop Software, the Online Functionality and the Local Component shall hereinafter be referred to collectively as the "System". Roche Diabetes Care may update this Privacy Policy from time to time. In case of an update, Roche Diabetes Care will issue a notification, message or pop up that you can take notice of when logging in. Please check occasionally for any updates of the System.

2. Information We Collect and How We Generally Use It

(a) Registration and Account Information. You cannot access the System without providing personal information about yourself necessary to a user account (e.g., name and email address). If you register for an account with us, you choose to give us your personal information, which is not anonymous to us. When you register an account, create a profile and password, or otherwise engage with our System, you may provide personal information. Personal information is associated with your account/profile when you sign in as a registered user, and only registered users may use the System. We may also collect health information that you provide to us as part of the user profile (e.g. diabetes type, therapy type, etc). The System, which Roche Diabetes Care controls, may collect additional health information (e.g. logbook or diary) such as your blood glucose and/or insulin data. However, Roche Diabetes Care collects and processes this personal information only as requested and entered by you in the signup-process for the System. Furthermore, Roche Diabetes Care collects and processes such personal information that you enter or upload directly or that is entered or uploaded on your behalf by third parties (healthcare providers, where available) whom you invite (please see 2. (c) below). Where permitted by law, we may combine personal information you provide with other information you have provided to us through our websites and online resources with Roche’s offline records and information provided to us by third parties. Under some privacy laws, Mobile Information, Mobile Data, Technical Usage Information, Tracking Technology, and Analytics data may include some information that may also be considered personal information. For those jurisdictions, when we reference “personal information” it includes any personal information included in those data categories.

(b) Information to respond to your requests.You may give us your consent (opt-in) to send you newsletters and other communication (e.g. marketing material). Details of how you can opt-out of receiving any communications from us are detailed in the section headed "Communication Preferences and Marketing (Opt-out)" below.

(c) Information About Healthcare Providers With Whom You Choose to Share Your Personal Information. Where available, you may choose to submit personal information to healthcare providers so you can share your personal information with them that you post on or through the System. If you choose to share your personal information with your healthcare provider on the System, the information about your healthcare provider that you submit will be maintained on the System and you agree that your healthcare provider and Roche Diabetes Care employees may have access to a copy of your personal information that you or your designated healthcare provider post on the System. Choosing to share your information with healthcare providers is always optional and controlled by you.

(d) Mobile Device Information.We may collect information about your mobile device if you access the System through a mobile device (e.g. device's operating system and mobile application identifier).

(e) Technical Usage Information.When you visit the System, we collect usage information based upon System accesses by your PC, mobile, or other access device that tells us how you are using the System.

(f) Tracking Technology. . We use cookies on this website. A cookie is a unique text file that a website can send to your browser software. Cookies enable a website to identify a web-browser which is for example required to provide an auto- login mechanism. We use cookies to collect user preference and session information; sometimes such collection is necessary for operations, and sometimes such collection simply enhances the consumer experience by allowing Roche and our third parties to personalize our services. We may use cookies for a variety of purposes, including: 

Strictly Necessary.We use cookies to maintain session information for the duration of an active user session and core operational requirements of the system to operate as intended. Session cookies are required to ensure secure user operation of the System and to distinguish System accesses from a single browser. These cookies allow us to complete transactions and maintain the security of our website. You can set your browser to block or alert you about these cookies but blocking these cookies will prevent the site from working. We are not required to obtain your consent to tracking technologies that are operationally necessary for the System.

Functional Cookies.We may use cookies to permit us to accommodate additional convenience site functionality enablement. These cookies may be set by us or by our third party service providers whose services we have added to our pages, to enhance functionality and personalization. If you reject these cookies some or all of these enhancing services may not function.

Performance Cookies.Performance cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. These cookies help us understand how our sites are being used, such as which sites are the most and least popular and how people navigate around the site. The information collected in these cookies are aggregated, meaning that the do not relate to you personally. Opting out of these cookies will prevent us from knowing when you have visited our site and will prevent us from monitoring site performance. In some cases, these cookies may be sent to our third party service providers to help us manage these analytics.

Social Media Cookies.Social media cookies are set by a range of social media services that we have added to the site (such as Facebook, Twitter, LinkedIn) to enable you to share our content with your friends, colleagues, and networks. These cookies are capable of tracking our browser across other sites and building up a profile of your interests. This may impact the content and messages you see on the other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

Targeting Cookies.Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. These cookies do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Web Beacons.A web beacon is a piece of software code on a web page or in an e-mail message that is used to track pages viewed or messages opened. Web beacons tell the web site server information such as the IP address and browser type related to the visitor's computer. Web beacons may be placed in online advertisements that bring people to our site and on different pages of our site. Web beacons provide us with information on how many times a page is opened and which information is consulted. Web beacons are also known as internet tags, single-pixel GIFs, clear GIFs, and invisible GIFs.

Our goal is to collect and use only that information through tracking technologies that we think is required for our legitimate business interests as set forth in this Privacy Policy, including in order to better understand and improve System usage. If you do not want Roche Diabetes Care to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. Rejecting cookies may interfere with your use of the System as more specifically stated above.

(g) Google Analytics. Limited to its publicly accessible parts, i.e. areas you can access without being logged into your account, the Online Functionality of the System uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses performance cookies, generally described above, to help Roche Diabetes Care analyze how users use the Online Functionality. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google Analytics Cookies may exist up to 2 years, if you do not delete them earlier.

Roche Diabetes Care and Google have established a data processing agreement stipulating that Google operate their Google Analytics service on our behalf. Google will use this information on our behalf for the purpose of evaluating your use of the Online Functionality of the System, compiling reports on website activity for us and providing to us other services relating to website activity and internet usage.

You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing the Google Analytics Opt-out Browser Addon for your current web browser at http://tools.google.com/dlpage/gaoptout?hl=en (does not always work on mobile devices and some browsers).

3. Additional Uses of Personal Information

In addition to the uses stated above associated with specific collections of personal information, we use personal information for our legitimate business purposes and for the following general purposes:

(a) To Operate and Improve the System. We use the information and personal information collected to (i) respond to your requests and complete a transaction; (ii) provide customer service (e.g., to resolve disputes, problems with your account/profile or the System); (iii) give you information about your account activity; (iv) personalize your experience on the System; (v) maintain, perform analytics about, and improve the System and its functionality; and (vi) to track and monitor adverse events and other activities related to pharmacovigilance.

(b) Analyze and Aggregate Non-Personal Information.We use aggregate information about our users and non-personal information to analyze System and user behavior and prepare aggregated reports. For example, Roche Diabetes Care may remove personal identifiers from data that you provide and use such data to produce anonymous, aggregated statistical information helpful to Roche Diabetes Care and its affiliates in improving their products and services.

(c) Communicate With You.We use your personal information to contact you, to maintain the System and your account or to provide other services requested by your opt-in, as described at the time when we collect the information from you, or to contact you for other purposes authorized by law.

(d) Uses of Mobile Data.When you access the System on a mobile device, we may use the personal information you provide and that we otherwise collect for any purpose set forth in this Privacy Policy. We retain personal information as long as it is necessary and relevant for our operations, subject to a request of deletion of the personal information.

(e) Ownership of Personal Information.You will always remain the owner of your personal information in the context of the System and you can always exercise your rights with respect to your personal information as set forth in Clause 7 below.

(f) Other General Use. Roche Diabetes Care uses your personal information as set forth in this Privacy Policy and as agreed in the Terms of Use for ACCU-CHEK Connect online diabetes management system and license for ACCU-CHEK Connect device link or the Terms and Conditions for the Online Features of the ACCU-CHEK 360° diabetes management system license (the "Terms"). Your personal information will only be used for other purposes upon your prior consent.

4. Disclosure

Personal Information collected on the System may be shared with:

(a) Roche Diabetes Care and its Affiliates and Contracted Third-Party Suppliers.We may share your personal information within Roche Diabetes Care and our affiliates and subsidiaries, as well as with third-party suppliers acting on our behalf, to the extent required to render the services and provide the System as set forth in this Privacy Policy and the Terms, to fulfil a statutory obligation, or upon your consent.

(b) Other Entities with your Consent.Other third parties (e.g., healthcare providers) to whom you explicitly ask us to send your information (or about whom you are otherwise explicitly notified and consent to when using a specific service). If you do consent, we will provide information about you to those third parties, or parties working on their behalf, to implement your request.

(c) Legal and Law Enforcement.Law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to a criminal investigation or alleged illegal activity or any other activity that may expose us, you, or any other Roche Diabetes Care employee to legal liability. In such events, we will only disclose information relevant and necessary to the investigation or inquiry, such as name, city, state, ZIP code, and anything else deemed relevant to the investigation.

(d) Change of Control – New Owners. Other business entities, should we plan to merge with or be acquired by that business entity. Should such a combination occur, we will make reasonable efforts to request that the new combined entity follow this Privacy Policy with respect to your personal information. If your personal information would be used contrary to this Privacy Policy, you will receive prior notice and where required by law, provided an opportunity to opt-out or to consent to such use.

5. Information You Share on the System

You may elect to share your personal information with healthcare providers through the System. Once you authorize disclosure to such healthcare providers, Roche Diabetes Care has no control or responsibility over how they use the data. Any copies of the data downloaded by such third parties shall be subject to the third parties' applicable policies and any applicable laws rather than this Privacy Policy.

6. Communication Preferences and Marketing (Including Opt-out)

We do not sell or rent your personal information to third parties for their marketing purposes without your consent. If you opted-in and do not wish to receive marketing communications anymore from us, you can indicate your communications preference by opting-out at any time through your account/profile settings. You may not opt-out of certain communications that may be required in order to operate the System as described, such as emails deemed essential for System operation, user security, or data privacy.

7. Your Rights of Portability, Access, Correction, Erasure and Blocking

When you use the Online Functionality of the System, you will see all your personal information that you have voluntarily provided through the System and that Roche Diabetes Care has stored and the healthcare providers you invited and to whom Roche Diabetes Care transmits such data. You may also download a copy of your personal information from within your account.

Unless otherwise agreed with Roche Diabetes Care the purpose of Roche Diabetes Care's storage and processing of personal information is as set forth in this Privacy Policy as well as to enable the provision of the Online Functionality of the System pursuant to the Terms you have agreed to when registering.

When logged in, you should be able to correct your personal information and you may exclude previously invited healthcare providers from access to your personal information. You can contact Roche Diabetes Care (see Section 11 below) at any time to request deleting of your personal information that you have provided through the System. If you have difficulty accessing your personal information in the System, or determining the purposes of Roche Diabetes Care's processing of your personal information that you have provided, or the third parties with access to your personal information through your use of the System, or exercising your right to have your personal information deleted that you have provided through the System, you may contact Roche Diabetes Care as described below.

Should your personal information be incorrect in the System and if you cannot correct it yourself when logged in, Roche Diabetes Care will correct it upon your request. Roche Diabetes Care will do such corrections also, if it learns otherwise about your data in the System being incorrect. In order to do so, please contact Roche Diabetes Care as described below. Roche Diabetes Care will erase your personal information from the System should its storage no longer be necessary for the aforementioned purposes. Should there be a need to store your personal information for fiscal or legal reasons, it will be blocked and used only for such excepted purposes and hence be made unavailable for further productive use.

8. CalOPPA and California Consumer Privacy Act and Notice to California Residents

Effective January 1, 2014, pursuant to amendments to California’s Online Privacy Protection Act codified in California Business & Professions Code Section 22575 (“CalOPPA”), California residents may learn how Roche Diabetes Care responds to Do Not Track signals. As the technology is evolving for recognizing and interpreting Do Not Track signals, and no uniform standard has yet been set, we are not currently responding to Do Not Track signals but remain open to following the technological standards once those are issued.

Under the California Consumer Privacy Act of 2018 (CCPA), California residents have certain additional rights with respect to Roche Diabetes Care’s use and disclosure of their personal information. For more information please refer to the California Supplemental Privacy Notice.

9. Security

Roche Diabetes Care processes your personal information in ISO27001 certified data centers in Germany and uses certified encrypted storage mechanisms to separate your personal information from that of other users as well as to protect your personal information from unauthorized access. Your data may be accessed, with your permission as set forth in this Privacy Policy, by Roche Diabetes Care employees and healthcare providers. We maintain reasonable technical, physical, and administrative security measures for the security of your personal information including regarding loss, misuse, unauthorized access, disclosure, or alteration. It is your responsibility to make sure that your personal information is accurate and that your password is kept in a private and secure manner and not shared with others.

10. Children's Privacy

This System is not designed or intended for use by children under the age of 18. We do not knowingly collect any personal information on this website from anyone under the age of 18 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent’s or guardian’s permission prior to using or disclosing any personal information on this System.

11. Contact Information

Roche Diabetes Care, Inc.
9115 Hague Road
Indianapolis, Indiana 46250
Attn: Privacy Officer
accu-chek.care@roche.com

12. Inquiries and Complaints

If you have questions or complaints regarding the handling of your data, you may contact the Roche Diabetes Care privacy officer as follows:

Roche Diabetes Care, Inc.
9115 Hague Road
Indianapolis, Indiana 46250
Attn: Privacy Officer
accu-chek.care@roche.com







09289011001