Roche complies with regulatory requirements currently in force and respects your personal rights at all steps of processing your personal data.
As part of our respect for and recognition of the importance of your personal data, we commit to:
comply with the law and codes of integrity, and remain transparent with respect to any processes we are undertaking;
take steps to ensure your personal data remains accurate and up-to-date, where appropriate;
use your personal data solely for specific, clear and legitimate purposes, process it only as long as reasonably required for such purposes, and refrain from using your data for any purpose unrelated with the foregoing;
process personal data only in connection with, and limited and proportional to the stated purpose, that is to refrain from obtaining unneeded personal data, and to anonymize, delete or destroy data which is no longer needed;
retain your personal data for no longer than the prescribed timeframes in the applicable regulations, or necessary for the stated purpose, and anonymize, delete or destroy the same at the end of the prescribed time frame; and
ensure protection of your personal data, and take appropriate technical and organizational measures to prevent unlawful access, or attempts to damage or destroy the same.
A detailed description of how these principles are implemented in actual practice is provided in the following section.
For these reasons, we would like to inform you on the principles, guidelines and practices that we have in place to guide protection, lawful processing and ensuring the security of your personal data obtained by Roche through
describe in the most express and understandable way which personal data is obtained about you, and how and for what purpose your personal data so obtained would be processed;
inform you about the recipients of your data, and the purposes for which your data would be transferred to them;
inform you about the legal grounds and the methods used for collecting your personal data;
inform you about your rights under KVKK with respect to your personal data; and
explain to you in a transparent manner our responsibility to protect your rights and privacy.
This Notice is valid only for
visit the Website,
contact Roche, including for communicating a complaint, request or suggestion,
fill out a form provided on the Website or social media, or post a comment regarding a product or service, or
are involved in a dispute.
Processing of your personal data includes your name, contact details, e-mail address and other identifying information. We may also collect certain types of personal data which do not directly identify you by name, but which may be used to determine that your computer or device has been used to access our website.
As part of our making services available on the website
receiving and handling requests, complaints and suggestions,
corporate communication activities,
provision of services, personalized based on users’ preferences and usage patterns,
responding to unfavorable or defamatory claims, or unfair allegations against our company, or our employees, executives or users,
analyzing and measuring the performance of our Website,
monitoring adverse events and other pharmacovigilance activities,
security, including protecting the website,
submission of mandatory reporting and requisite information and documents to judicial or regulatory authorities, public prosecutors, courts, ministries, and other public agencies or organizations as provided under law or to fulfill a legal obligation,
conducting Roche’s business in an efficient and lawful manner, improving our processes, measuring efficiency and productivity and performing essential audits,
protecting trade secrets and personal data, ensuring security of our digital infrastructure and systems,
resolving legal disputes, protecting the rights and legal interests of Roche, the Roche Group and its shareholders, and
conducting productivity analyses of our business operations, and strategy planning.
Completing a Process. Some sections of the website may be used to collect your personal data to perform a service that you have requested, or to understand your areas of interest or preferences. In those cases, we may collect your contact information and also a history of your previous interactions with us.
Personalizing Your Experience. We may collect information on your past interactions with us to improve our services.
Website Analysis and Monitoring. Within the confines of law, we may pool the personal data you have provided with other information that you have provided via the Website, social media or other means of communication. We may also, to the extent allowed by law, pool Personal Data collected via our websites and online resources, Roche’s offline records and other information provided to us by third parties.
Operating and Maintaining the Website. We use this information to secure our websites, network systems and other assets, which may include your IP address and geographical location, the resources that you have access to or similar other information. We used automated means to collect this information for our legitimate business purposes.
Cookies. A cookie is a small data file containing your internet browser files, which may be installed on your computer’s hard drive by a website. Cookies make it possible for us to become aware that the computer used for browsing our websites had been previously used to visit a Roche /
We utilize third-party software and services to provide the content of our Website to you. Such service providers may access information such as the model of your device, device software, IP address, the geographical region of access, user behavior and user habits, to help improve and maintain availability of those services. We receive assurances from our service providers that they will use this information only for the specified purposes, and they may divulge this information to others only to meet a legal obligation or for other lawful purposes such as their use of other service providers.
In some cases, law enforcement, judicial authorities or other competent persons or institutions may ask us to divulge the information that we have. Your personal data may be divulged to law enforcement, judicial authorities or other competent public officials or third parties only when we are required by law, or to help prevent commission or identify perpetrators of a criminal act, but in any case always in line with the legislation in force.
We utilize third-party service providers to provide information in the interest of public health, organize awareness and educational campaigns, facilitating access to accurate and consistent scientific information, conduct our business operations, manage our processes, administer the Website, ensure data security, perform our contractual obligations, exercise our rights, fulfill our legal obligations, and improve the efficiency and robustness of our processes. Such utilization of service providers may require our transferring your personal data to them, as part of the contractual relationship we have with them and to the extent necessary in connection with the services they render for us. In any case, we observe our principles in processing or transferring your personal data, and remain ultimately responsible for its security. Moreover, we will never sell your personal data to third parties who would use them for purposes not specifically provided herein.
Because we are a part of the Roche Group, we use digital platforms or systems which may be cloud-based or using servers that are located in Türkiye or elsewhere, in conducting our business operations to improve the efficiency and robustness of our processes. It is therefore possible that the jurisdictions to which your personal data is transferred may include those in respect to which the Personal Data Protection Board or the European Commission has not recognized as providing sufficient security for personal data, in other words, countries which may not have in place essential protections for your personal data. We warrant that the jurisdictions in which the systems receiving your data are located are those recognized as secure countries by competent authorities, and where this is not the case, we will ensure that the recipients of personal data will have in place the necessary precautions to ensure security of personal data.
Also, the third parties referenced above, or their subsidiaries, subcontractors, or third-party service providers who receive your personal data, and/or some of the systems that they use may be located abroad. Third parties who receive your personal data provide formal assurances that the jurisdictions wherein the systems which your personal data is transferred to are recognized by competent authorities are secure countries, and where this is not the case, that the recipients of personal data will have in place the necessary precautions to ensure security of personal data.
How long we keep your personal data may vary depending on the purpose of collection and processing of your data. Please review our Retention and Destruction Policy at
Where your personal data is in scope for GDPR (i.e. you are located in the European Economic Area), we would like to remind you that you also have the right to ask Roche to cease processing or delete your personal data, in addition to your right to access or demand correction of your personal data, or mobility of your person data. Cessation of processing or deletion of personal data is only possible if and to the extent processing is based on consent or a legitimate interest.
If processing of personal data is based on your express consent, you have the right to withdraw your consent at any time, but in any case without impairing the validity of processing conducted prior to withdrawal of consent. Please refer to the contact details provided below to exercise your right to withdraw consent.
To prevent your personal data to be reintroduced into the system after your request for its erasure, we may retain your name and email address on Roche’s systems after attaching it with the note “do not contact.”
If you have the impression that Roche’s processing of your personal data contradicts the requirements of GDPR, you have the right to file a grievance with a competent regulatory authority.
In line with data protection rules in place in both Türkiye and the European Union, we have in place reasonable safeguards to prevent unauthorized or unlawful access to or collection of personal data. We uphold data security and privacy as default features in all processes that we develop and digital infrastructures and systems that we use to facilitate our business operations.
The precautions that we have in place to safeguard your personal data which you entrust us with include both organizational systems and procedures, and physical and technical restrictions. Access to your personal data is restricted to authorized and properly-trained individuals and to the extent necessary.
Moreover, in cases where your personal data is with third parties, we secure assurances from them that they will have in place proper organizational and technical safeguards to ensure security of your personal data, and limit and restrict processing to the specified purpose of processing.
If we become aware that, despite all of our precautions, your personal data has been unlawfully obtained or accessed by unauthorized third parties, we will report it to the competent authorities in line with the procedure laid down in the applicable regulations.
Personal data of third parties which you have divulged via
In cases where you divulge personal data belonging to a third party, it is your responsibility to fulfill the legal requirement to inform them on transfer of personal information and to obtain their express consent as required under legislation, if any of the conditions for processing and/or transferring personal data without express consent have not been met. Roche is under no obligation to verify that the person in question has given their express consent, or that any of the aforesaid conditions has been met. Roche reserves the right to recover from you any damages, whether direct or indirect, that Roche may suffer as a result of your transferring personal data of a third party to Roche without express consent of the person concerned or without meeting the conditions laid down in the Law.
We would like to remind you that you have the following rights under the legislation:
Learn about whether your personal has been processed;
Request information on whether your personal has been processed
Learn about the purpose of processing of your personal data, and whether your personal data is being used in line with the stated purpose;
Learn about the third parties who have received your personal data, in or outside Türkiye;
Request correction where the processing of your personal data has been flawed or incomplete;
Request deletion or destruction of your personal data within the confines of the requirements laid down in the KVKK;
Request that the third parties who received your personal data be notified of your request for correction, deletion or destruction;
Object to the results of analyses performed by automated systems based on the data collected; and
Seek redress in the event you suffer any harm from unlawful processing of your data.
You may forward your request for exercising any of your rights listed above to Roche using the contact procedure and the contact details described in Roche Müstahzarları Sanayi A.Ş. and Roche Diagnostics Turkey A.Ş. Application Form for Contacting Data Controller. If you feel that your request has not been answered within the prescribed deadline or in an appropriate manner, you may contact the Personal Data Protection Board.
We will continue our work within the scope and limits of information security in order to meet the expectations of our customers and the institutions / organizations that we serve under the contract and to increase our service capabilities.
Recognizing that any personal, confidential / commercial / private information processed in all information technology systems we serve within the scope and limits of information security is the privacy of the customer of the institution / organization we serve, this information is the information / approval of the customer at any place / person / institution / organization. We will ensure that it is unobtainable, adhering to the terms of Confidentiality / Integrity / Accessibility.
We are committed to comply with legal and regulatory requirements, to consider contractual or third party obligations or dependencies,
Also fulfilling the requirements of the Information Security Management System by continuous improvement.
Commercial Title: Roche Müstahzarları Sanayi Anonim Şirketi
MERSİS No.: 0735001546600018
Headquarters Address: Uniq İstanbul, Ayazağa Cad. No.4 D/101 Maslak 34396 Sarıyer, İstanbul
Commercial Title: Roche Diagnostics Turkey Anonim Şirketi
MERSİS No.: 0179000249100014
Headquarters Address: Esentepe Mah. Kırgülü Sk. Metrocity İş Mrkz D Bl. No: 4/5 Şişli İstanbul
Site Responsible: Bahar Süral
The information provided on this site is not for diagnostic or medical advice, but for informational purposes. If you have or think you have a disease to be treated, consult a specialist physician.
For adverse events related to Roche products,
To contact us about other issues;
Roche Pharma Address: Roche Müstahzarları San A.Ş. Uniq İstanbul Ayazağa Caddesi No:4D/101 34396 Maslak/İstanbul Tel: +90 212 366 90 00
Roche Diagnostics Address: Roche Diagnostics Turkey A.Ş. Esentepe Mah. Kırgülü Sk. Metrocity İş Merkezi D Bl. No: 4/5 34394 Şişli /İstanbul; Tel: +90 212 306 06 06
Supervisor: Bahar Süral