Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

This Privacy Policy forms an integral part of the Terms of Use for the akademiaroche.pl portal (hereinafter referred to as the „Portal”). Acceptance of the Terms of Use also implies acceptance of the Privacy Policy, which sets out the principles for the processing and protection of personal data of individuals using the Portal.

Administrator

In relation to personal data provided through the Portal, especially data provided in the registration form (hereinafter referred to as „Personal Data”), the Administrator is Roche Diagnostics Poland Sp. z o.o. with its registered office in Warsaw, ul. Bobrowiecka 8, 00-728 Warsaw (hereinafter referred to as the „Administrator”)

Processed Data

The Personal Data processed by the Administrator includes IP addresses and cookies. In the case of users using the registration form or other forms on the Portal, it also includes the following information provided by the user: name, surname, country, and email address.

Purpose and Legal Basis for Data Processing

The processing of Personal Data serves the following purposes:

To enter into and fulfill the contract for participation in a meeting/webinar organized by the Administrator, including sending information and reminders related to participation, issuing certificates – based on Article 6(1)(b) of the EU Regulation 2016/679 of April 27, 2016 (hereinafter referred to as „GDPR”).

To fulfill the contract (services provided electronically) enabling the use of content made available on the Portal in accordance with the Terms of Use – based on Article 6(1)(b) GDPR.

To ensure the proper functioning of the Portal, customize the Portal to individual user settings, remember data entered by the user in connection with the use of the Portal, and perform statistical traffic measurements on the Portal – based on Article 6(1)(f) GDPR. The Administrator’s legitimate interest is to ensure the correct and secure operation of the service and to develop the services provided by the Administrator.

For marketing products or services, conducting market research and profiling, as well as sending informational and marketing materials about products and services (in the case of expressing consent to receive commercial information by electronic means, to the email address provided in the registration form) – as a legitimate interest of the Administrator, based on Article 6(1)(f) GDPR. Commercial information will be sent to the email address provided in the registration form if you voluntarily consent to this.

To respond to questions asked (in the case of using the contact form or other means of contact with the Administrator) – based on Article 6(1)(f) GDPR. The legitimate interest of the Administrator is to provide reliable customer service in response to inquiries submitted by individuals.

In the case of additional activities on the Portal, they will always be described in detail in additional regulations or in information about data processing placed with the data collection form.

Data Recipients

Data will be processed by employees of the Administrator authorized to process data, as well as entities processing personal data on behalf of the Administrator, including those providing IT systems used for the execution of the contract or marketing activities, and providing mailing services and services related to the organization of meetings organized by the Administrator, as well as law firms.

Data Retention Period

Personal Data, the processing of which is based solely on consent, will be stored until consent is withdrawn. Other Personal Data will be processed for the duration of the contract, and in the case of cookies, for the duration corresponding to the life cycle of the cookies or until they are deleted by the User. In the case of Personal Data provided on the contact form, the data will be processed for the time necessary to provide an answer to the questions asked. If an incident is reported using the contact form, the data will be processed for a period determined by the provisions of the law. Data may also be stored for a period resulting from the limitation of claims.

Data Collection Principles

Providing Personal Data by the person to whom the data relates is voluntary. To the extent that data is collected for the purpose of entering into and performing a contract, the lack of data may prevent the correct performance of the contract or its conclusion. As part of the above-mentioned processing purposes, the Administrator may combine the provided Personal Data with information collected from publicly available sources, such as websites of medical facilities, from which data such as phone numbers, email addresses, and workplace addresses may be obtained.

Rights Related to Personal Data Processing

A person whose data is being processed may exercise the following rights with respect to the Administrator:

The right to request access to their Personal Data and to have it corrected.

The right to limit the processing of their data in the situations and on the terms set out in Article 18 of the GDPR or to have their data deleted in accordance with Article 17 of the GDPR („the right to be forgotten”). However, the Administrator may refuse to delete Personal Data if there are grounds under the law for doing so.

The right to have their Personal Data transferred in accordance with Article 20 of the GDPR.

The right to withdraw their previously given consent to the processing of their Personal Data at any time. However, this will not affect the lawfulness of processing based on this consent before it was withdrawn.

The right to object at any time to the processing of their Personal Data based on Article 6(1)(f) of the GDPR, particularly in the case of marketing, including profiling.

The right to lodge a complaint with the President of the Personal Data Protection Office at any time.

Contact with the Data Protection Officer

If you have questions or concerns related to the processing of your Personal Data, or if you wish to exercise your rights under the GDPR, including the right to access, rectify, restrict processing, or delete your Personal Data, you can contact our Data Protection Officer (DPO) at the following email address:

Email: dia.daneosobowe@roche.com

Please include „Data Protection Inquiry” in the subject line of your email to ensure a prompt and efficient response.

Changes to the Privacy Policy

This Privacy Policy may be subject to occasional updates and changes to reflect legal and regulatory developments, as well as changes in our data processing practices. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your Personal Data.

Effective Date

This Privacy Policy is effective as of 04.10.2023. Any changes or updates to the policy will be reflected with a revised effective date.

We value your trust and are committed to protecting your privacy. If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at the provided email address.