This information is meant to explain to you what kind of data we collect from what sources and are used for which purposes.
Identity and contact details of the data controller
In the event that your personal data is covered by the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”): EU representative of F. Hoffmann-La Roche Ltd is Roche Privacy GmbH, Emil-Barell-Str. 1, D-79639 Grenzach-Wyhlen.
Please direct any questions and requests related to this information to F. Hoffmann-La Roche Ltd, Global Privacy Office, Grenzacherstrasse 124, CH-4070 Basel, Switzerland, email: firstname.lastname@example.org.
Purposes and legal basis for processing
Your personal data is collected and used in order to/for purposes of running the Partnering and Innovation Summit and facilitating connection with attendees.
We collect and process your data on basis of consent/our legitimate interest to run the Partnering and Innovation Summit in preparation to potentially enter into a contractual relationship with you/for the performance of a contract with you.
Categories of personal data processed
Name, contact details, affiliations, country, number of times visiting a booth, seminars visited and health care professional status.
Recipients of personal data
Recipients of your data may be Roche’s affiliates around the world including in countries with privacy standards different from those in your country. Our Roche affiliates will use the data for the same purposes as we do. A list of Roche’s affiliates is available in the current annual report which can be found in the Investors section of www.roche.com.
Data is also shared with virtual exhibitors at the conference when you visit their stands.
Additional information in case your data is covered by GDPR: Regarding the exchange of data within the Roche Group, contracts containing the EU Standard Contractual Clauses according to EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010) 593) constitute appropriate and suitable safeguards to ensure compliance with GDPR.
Data processor for the (web based) Expo.IP system is Limited (Legal Entity), which is certified under the EU-U.S. Privacy Shield, which establishes appropriate and suitable safeguards to ensure compliance with GDPR according to the EU Commission decision of 12 July 2016 (C(2016) 4176).
We store your personal data for 15 months after the event has taken place.
Information about your rights if your data is covered by GDPR
Provided your personal data is covered by GDPR, please note that you have the right to request from Roche access to and rectification of your personal data as well as the right to data portability, if applicable, or erasure or restriction of processing of your personal data. Erasure or restriction of processing is only possible if and to the extent the processing of personal data is based on consent or legitimate interest. If data processing is based on consent, kindly note that you have the right to withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal. For sending us a note to exercise your right to withdraw consent, please see contact details in the section “Identity and contact details of the data controller” above.
To avoid that your data is entered in the systems again after your request for erasure, in your interest and for us to comply with GDPR we may keep your name and e-mail address with a flag “Don’t contact anymore” in our systems.
In the event you have the impression that our data processing is non-compliant with GDPR: You are entitled to lodge a complaint with the responsible supervisory authority.
For purposes of running the congress, we collect personal data from the registration form and from EXPO.IP.