Where are we based and what regulations do we follow?
We are based in the UK and follow all legal requirements set out in Law. We are GDPR compliant and we are registered with the Information Commissioners Office registration number Z3628968.
All sensitive/credit information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases. We comply with The Payment Card Industry Data Security Standard (PCI DSS) Certificate # 1AA-4D15-61BD-3390.
This information is intended to explain to you what kind of data we collect, from what sources and for what purposes.
Identity and contact details of the data controller
F. Hoffmann-La Roche Ltd, Grenzacherstrasse 124, CH-4070 Basel, Switzerland, email: firstname.lastname@example.org (“Roche”) is data owner.
In the event that your personal data is covered by the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”): EU representative of F. Hoffmann-La Roche Ltd is Roche Privacy GmbH, Emil-Barell-Str. 1, D-79639 Grenzach-Wyhlen.
Please direct any questions and requests related to this information to F. Hoffmann-La Roche Ltd, Global Privacy Office, Grenzacherstrasse 124, CH-4070 Basel, Switzerland, email: email@example.com.
Purposes and legal basis for processing
We collect and process your data on the basis that users have given their consent, for the performance of an agreement with the users, and for the purposes of our legitimate interests.
Your personal data is collected and used for purposes of operating this site and responding to any requests for information or complaints.
Furthermore, Roche will process aggregated, anonymous data for the following purposes:
- To measure usage of this site
- To improve the educational content of the ATLAS game
- To improve the overall user experience of the ATLAS game
- To develop future educational initiatives
Categories of personal data processed
We may collect your contact details including your name and email address that you provide to us to take the steps necessary to respond to your request. Furthermore, we collect your IP address as part of the analytics of the operation of the site. No personal identifiable data is collected. Aggregate data for the management and improvement of the site is collected.
Recipients of personal data
Recipients of your data may be Roche’s affiliates around the world including in countries with privacy standards different from those in your country. Our Roche affiliates will use the data for the same purposes as we do. A list of Roche’s affiliates is available in the current annual report which can be found in the Investors section of www.roche.com.
Additional information in case your data is covered by GDPR: Regarding the exchange of data within the Roche Group, contracts containing the EU Standard Contractual Clauses according to EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010) 593) or according to EU Commission decision of 04 June 2021 (EU 2021/914), whichever is applicable, constitute appropriate and suitable safeguards to ensure compliance with GDPR.
Data processor for the web-based ATLAS game is Focus Games Ltd., 309 The White Studios Templeton Business Centre, 62 Templeton Street Glasgow G40 1DA UK (“Focus Games”), email: firstname.lastname@example.org.
We store your personal data for a maximum period of one year from the date the data was collected.
Information about your rights if your data is covered by GDPR
Provided your personal data is covered by GDPR, please note that you have the right to request access to and rectification of your personal data as well as the right to data portability, if applicable, or erasure or restriction of processing of your personal data. Erasure or restriction of processing is only possible if and to the extent the processing of personal data is based on consent or legitimate interest. If data processing is based on consent, kindly note that you have the right to withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal. For sending us a note to exercise your right to withdraw consent, please contact Focus Games at: email@example.com.
To avoid that your data is entered in the systems again after your request for erasure, in your interest and for us to comply with GDPR we may keep your name and email address with a flag “Don’t contact anymore” in our systems.
In the event you have the impression that our data processing is non-compliant with GDPR: You are entitled to lodge a complaint with the responsible supervisory authority.