Data Protection

    The data controller in accordance with the General Data Protection Regulation (GDPR) is:

    RoX Health GmbH
    Schlesische Str. 29/30
    10997 Berlin
    [email protected]

    You can reach the Data Protection Officer of Rox Health via Roche Deutschland Holding GmbH, Datenschutzbeauftragter, Emil-Barell-Straße 1, 79639 Grenzach-Wyhlen or via email to [email protected].

    Rox Health GmbH ("RoX") is aware that the protection of privacy and therefore also the protection of our customers' personal data is very important and assigns it considerable importance. RoX has therefore taken the necessary steps to comply with global data protection requirements and therefore observes the laws of the EU, Germany and other applicable norms. Your personal data is exclusively processed to the extent permitted by law and in consideration of valid laws, especially the transparency obligation.

    Rights of the Data Subject

    If your personal data is processed, you are a data subject in accordance with GDPR and you have the following rights with regard to the data controller:

    1. Right to Restriction of Processing

    Subject to the following requirements, you can request restriction of processing of personal data concerning you:

    1. if you dispute the accuracy of the personal data concerning you for a duration that makes it possible for the controller to verify the accuracy of the personal data;
    2. processing is unlawful and you reject the erasure of personal data and instead request a restriction of the use of the personal data;
    3. the controller no longer needs the personal data for the purposes of the processing, but it is required for the establishment, exercise or defence of legal claims, or
    4. if you have lodged an objection to processing in accordance with Article 21(1) GDPR and it has not yet been determined whether the legitimate interests of the controller override your reasons.

    If the processing of personal data concerning you was restricted, this data – apart from its storage – can only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of important public interests of the European Union or a Member State.

    If the restriction of processing was limited by the aforementioned requirements, you will be informed by the data controller before the restriction is lifted.

    2. Right to Erasure

    4.1 You can request from the data controller for the personal data concerning you to be erased without undue delay, and the data controller is obliged to erase this data without undue delay if one of the following reasons applies:

    1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
    2. You withdraw your consent to processing in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and there is no other legal ground for processing.
    3. You object to processing in accordance with Article 21(1) GDPR and there are no overriding legitimate interests for processing, or you object to the processing in accordance with Article 21(2) GDPR.
    4. The personal data concerning you has been unlawfully processed.
    5. The personal data concerning you must be erased to comply with a legal obligation under the European Union or Member State law to which the controller is subject.
    6. The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

    4.2 If the data controller has published the personal data concerning you and, in accordance with Article 17(1) GDPR, is obliged to erase such data, the controller shall take suitable measures in consideration of the technology available and costs of implementation, including technical measures, to inform data controllers who process personal data that you as data subject have requested the deletion of all links to this personal data or copies or replications of this personal data.

    4.3 The right to erasure does not apply if the processing is necessary

    1. to exercise the right of freedom of expression and information;
    2. to fulfil a legal obligation that requires processing in accordance with the law of the European Union or the Member States, to which the data controller is subject, or to perform a task that is in the public interest or that is exercised in the capacity of an official authority incumbent upon the data controller;
    3. for reasons of public interest in the field of public health in accordance with points (h) and (i) of Article 9(2) and Article 9(3) GDPR;
    4. for archive, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Article 89(1) GDPR, insofar as the right named in Paragraph 1 is expected to make the achievement of the aims of this processing impossible or seriously impaired; or
    5. to assert, exercise or defend legal claims.

    3. Right to Information

    If you have asserted the right to correction, erasure or restriction of processing towards the data controller, they shall be obliged to inform all recipients to whom personal data concerning you has been disclosed of this correction or erasure of data or restriction of processing, unless this proves to be impossible or involves disproportionate effort. You have the right for the data controller to inform you about these recipients.

    4. Right to Data Portability

    You have the right to receive personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format.

    5. Right to Object

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

    6. Right to Withdraw Consent

    You have the right to withdraw your data protection consent at any time. The lawfulness of any processing of your data that takes place on the basis of your consent prior to the withdrawal will not be affected by revocation of consent.

    7. Right to Lodge a Complaint

    You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.

    The relevant supervisory authority is: Berlin state officer for data protection and freedom of information, An der Urania 4-10 · 10787 Berlin, tel. +49 30 2155050, website https://www.datenschutz-berlin.de/

    Cookies

    ROX Health's website does not use cookies. We respect your privacy and have designed our website to function without the need for cookie technology. You can browse our website without any cookies being stored on your device.

    Website Analytics

    This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour. The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.

    Applications

    You can submit applications to us. If you send personal data about yourself to us as part of an application, we will store it and use it as part of the selection process and/or to contact you. The legal basis for the processing of your data is Article 6(1)(b) GDPR.

    Data Privacy Policy Concerning Children

    Our website is intended for an adult audience. If we discover that a user is not yet 16 years old, we will not collect any personal data from them before receiving verifiable consent from their legal guardian.