Genentech, Inc. Privacy Notice

Last Updated June 2024

Para leer la Política de Privacidad en español, haga clic aquí.

For Washington residents and individuals whose consumer health data is collected in Washington, please see the Washington Consumer Health Data Privacy Policy for information regarding the processing of your consumer health data and how to exercise your rights.

Purpose and Reach | Information Collected | Consumer Health Data | Marketing, Cookies & Tracking | Third Parties | Your Rights Regarding Your Personal Data | Safeguarding Information | How Long Your Personal Data Will Be Retained | Special Note to Patients | Changes to This Privacy Notice | Contact Us

Who We Are

Genentech, Inc. (“Genentech,” “we,” “our,” or “us”) values your privacy and the protection of your Personal Data. This Privacy Notice (“Notice”) explains how we collect, store, use, share, transfer, delete, and process information collected from or about you known as Personal Data (defined further below in this Notice).

Purpose and Reach of this Privacy Notice

This Notice describes the types of Personal Data that Genentech may collect or process, how we may use and disclose that Personal Data, and how you may exercise any rights you may have regarding our processing of your Personal Data.

This Notice applies to Personal Data collected or processed by us:

  • Through online activities and services we offer (through websites, web surveys, newsletters, applications, email, online messaging services/channels, and otherwise) (“Online Services”);
  • Related to activities we undertake in recruiting participants for participation in clinical trials or activities related to identifying and contracting with study investigators and their staff;
  • In connection with post-approval pharmacovigilance and adverse events, complaints, and reports;
  • When we provide products or services to you or your doctor, hospital, medical treatment or scanning facility, or other healthcare provider (collectively, “Healthcare Provider,” which refers both to the Healthcare Provider institution, organization, or company, and individuals employed by or working for or with such organization) or, if you are a Healthcare Provider, your patients;
  • When you are applying to and/or enrolled in our patient support programs, including (but not limited to) Access Solutions, Genentech Patient Foundation, or Co-pay Assistance Programs;
  • When we provide products and services directly to you and in other situations where you interact with us, including but not limited to interacting with us through our telephone customer service centers, though email or SMS/text messages, or by visiting our sites and offices or our events (e.g., tradeshows and conferences) (such products and services, together with Online Services, are collectively, the “Products and Services”);
  • When you interact with us in a professional capacity, for example, if you are a Healthcare Provider or an employee of a company with which we do business or provide Products and Services;
  • When we undertake employment recruiting activities; or
  • Anywhere this Notice is posted or referenced.

Genentech may provide you with a different privacy notice in certain specific situations, in which case that privacy notice or policy will apply to the Personal Data collected or processed in that specific situation, rather than this one.

If you provide us with Personal Data of anyone other than yourself (such as a patient or family member), please note that you are responsible for complying with all applicable privacy and data protection laws prior to providing that information to Genentech (including obtaining consent, if required).

Please review this Notice carefully. To the extent permitted by applicable law, by providing us your Personal Data or otherwise interacting with us, you are agreeing to this Notice.

Information Collected

What is Personal Data?

Personal Data” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link to or associate with a specific individual.

Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license, state identification card, passport number, and other similar information. Data that could be considered Sensitive Personal Data is highlighted with an asterisk (*) in the chart below.

We will process any Personal Data we collect in accordance with applicable law and as described in this Notice (unless, as explained above, a separate policy or notice governs). In some circumstances, if you do not provide us with your Personal Data, certain Products and Services may be unavailable to you.

The below table is a high-level summary of the types of Personal Data we may collect from you. Following that high-level summary is additional detail and information on how we collect, process, and use Personal Data and the potential recipients of your Personal Data, now and in the preceding 12 months. Some jurisdictions require us to state the legal bases for processing your Personal Data, which are included below, but please note that not all jurisdictions may recognize all legal bases. The types of Personal Data we collect and disclose depends on your relationship with Genentech. Not all of the categories listed in the following charts may apply to you. If the nature of your relationship with Genentech changes, additional categories of Personal Data may also apply.

 

 

 

 

 

 

 

 

 

 

**In limited circumstances, recipients may include, (1) in the event of a sale, assignment, merger, consolidation, corporate reorganization, or transfer, to the buyer, assignee, or transferee; and (2) government or regulatory officials, law enforcement, courts, public authorities, or others when permitted by this Notice or required by law.

***Please click on the "Your Privacy Choices" link at bottom of our website for more information on how we use cookies and similar technologies.

****This includes the removal of identifiers from protected health information required under the Health Insurance Portability and Accountability Act (“HIPAA”), 45 CFR § 164.514(b)(2), for such data to be considered de-identified. In the course of research, study doctors and authorized personnel may still have access to named subject records collected for such research. We will not attempt to re-identify you or anyone else from this de-identified data, and if we disclose it to third parties, we will require that they commit to not attempting to re-identify you or anyone else from the de-identified data.

Consumer Health Data

The law of the state in which you reside or in which your Personal Data is collected may make specific requirements in connection with Personal Data that is linked or is reasonably capable of being linked to you and that identifies your past, present, or future physical or mental health status (“Consumer Health Data”). Please note that the collection of consumer health data subject to the Washington State My Health My Data Act (the “MHMDA”) is addressed in the separate Washington Consumer Health Data Privacy Policy.

To the extent your Personal Data constitutes “Consumer Health Data,” the categories of Consumer Health Data being collected; the manner in which it will be used; the categories of sources from which it is collected; the categories of third parties and affiliates with whom it is being shared; the purposes of collecting, using and sharing it; and the manner in which it will be processed are all provided in the “Information Collected” section of this Notice (primarily as “Information regarding your treatment”). Additional information about Genentech’s activities can be found in the “Marketing, Cookies & Tracking” and “Third Parties” sections of this Notice.

To the extent that the state in which you live requires us to provide certain rights to you in connection with your Consumer Health Data, we will provide the following rights to you based on your state’s law:

  • To request our confirmation that we are collecting, sharing, or selling your Consumer Health Data;
  • To request to review and to make changes to any of your Consumer Health Data;
  • To request that we delete your Consumer Health Data;
  • To request a list of all third parties with whom we have shared or sold your Consumer Health Data;
  • To request that we stop collecting, sharing, or selling your Consumer Health Data;

To exercise any of these rights, follow the procedure explained in the “Your Rights Regarding Your Personal Data” section of this Notice.

A third party may collect Consumer Health Data over time and across different websites or online services when you use any of our websites or Online Services. For more information, see the “Marketing, Cookies & Tracking” and “Third Parties” sections of this Notice.

This section (and the Notice more generally) is effective as of the “Last Updated” date above. We will notify you of changes to this section (and the Notice more generally) as described in the “Changes to This Privacy Notice” section.

Marketing, Cookies, and Tracking

Marketing Uses, Cookies, and Other Activities

To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, we may engage in the following activities:

  • We may use your contact details to contact you to determine whether you would like to initiate a business relationship with us or to send you marketing emails. If you do not wish to receive such marketing emails, you may opt out by declining to receive such emails when registering or in our subsequent communications by following opt-out or unsubscribe instructions included in the email or at other information collection points on the Online Services.
  • We may display advertisements to you regarding Products and Services that we believe are relevant to you based on your activities on the Online Services or on other web or digital properties. Such advertisements may be shown on our Online Services or the online services of others. We achieve this by using, and allowing third parties (e.g., Facebook, LinkedIn) to use certain cookies, eTags, pixels, web beacons, and other tracking technologies to track your activities on our Online Services and other online services. For more information about these activities and how to manage or opt out of them, please click on the "Your Privacy Choices" link at the bottom of our website.
  • We may make customer offers to you based on your activities across different Online Services, including activities on other web or digital properties or your other interactions with Genentech that are not via the Online Services (e.g., regional offers based on the location of your office listed on order forms).
  • We also perform statistical analyses of the users of our Online Services to improve the functionality, content, design, and navigation of the Online Services.

Processing Using Website Tracking

On certain of our websites, we use Google Analytics, to help us understand how users engage with this and other of our websites. Google Analytics may track your activity on our sites (i.e., the pages you have seen and the links you have clicked on) and helps us measure how you interact with the content that we provide. This information is used to compile reports and to help us improve the sites. The reports we receive disclose website trends without identifying individual visitors. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or clicking on the "Your Privacy Choices" link at bottom of our website.

Do-Not-Track Signals

Certain web browsers and other programs may transmit “opt-out” signals, also called a Global Privacy Control (or GPC) signal (we refer to these as “GPC Signals”), to websites with which the browser communicates. In most cases you will need to change your web browser’s settings or add an application to your web browser to enable your browser to send a GPC Signal. Roche’s websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites. For users that access our websites from U.S. states that have laws requiring recognition of GPC Signals, we will recognize and apply the GPC Signal to inactivate all of the cookies for that website, except for cookies that are necessary for the website to operate (“Strictly Necessary Cookies”). Additionally, if you are accessing our websites from one of these states, you can determine if your browser GPC Signal has been recognized by clicking on the “Your Privacy Choices” link in the footer of the website that will include a short message at the top of the preference center indicating that your GPC Signal has been received. For users from states not currently requiring recognition of the GPC Signal, our website servers may recognize and apply the GPC Signal for only targeted advertising cookies, but will not apply the GPC Signal to functional, performance or social media cookies. Further, a specific GPC Signal acknowledgement notice will not be included in the preference center, but you can always check and adjust your cookie settings by going to the Your Privacy Choices link in the footer of this website.

Behavioral Advertising

Where allowed by law, as described above, we use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. In some jurisdictions, you may have the right to opt out of these types of targeted advertisements. See the Opt-out of Sale or Sharing or Processing of Sensitive Data section below to do so.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page by going to http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt-out of sharing personal data or opt-out of targeted advertising for any website you visit by clicking on the Your Privacy Choices link located at the bottom of that website.

Opt-out of Sale, Sharing, Targeted Advertising, or Limit the Use of Sensitive Data

Certain of Genentech’s practices may be considered the sale or sharing of Personal Data under applicable law. You may have the right to opt-out of the sale of Personal Data, opt-out of sharing of Personal Data for purposes of cross-context behavioral advertising, which in other states is the right to opt-out of targeted advertising, and the right to limit the use of sensitive Personal Data. To exercise these rights, please see the “Your Rights Regarding Your Personal Data” section below.

Interactive Features of our Websites

To the extent we offer any public or group forums on our Products and Services, such as newsfeeds, blogs, message boards, or similar tools (“Interactive Features”), the posts or comments you make may be public and viewed by others. You should use care before posting information about yourself, including Personal Data. You acknowledge and understand that you have no expectation of privacy or confidentiality in the content you submit to Interactive Features over the Products and Services. Except when required to do so by applicable law, we assume no obligation to remove Personal Data you post on our Products and Services, and your disclosure of any Personal Data through the Interactive Features is at your own risk.

Third Parties

Service Providers

Service providers acting on our behalf must execute agreements requiring them to maintain confidentiality and to process Personal Data as necessary to perform their functions in a manner consistent with this Notice, other applicable privacy notices, and as explicitly permitted or required by applicable laws, rules, and regulations.

Combination of Data with Data Received from Third Parties

We may combine information we collect, including Personal Data, with Personal Data that we may obtain from third parties.

Links to Other Websites

Our Products and Services may contain links to other websites, applications, products, or services that are not owned or operated by Genentech, such as social media websites and applications like Facebook and Twitter. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third-party websites, applications, products, and services.

Your Rights Regarding Your Personal Data

Please note that in many circumstances, we cannot effectively do business with you without processing some Personal Data about you (e.g., your contact information). For example, when you contact our customer service representatives, we may require you to provide information to authenticate your identity to assist you with your request. If you are unable to provide this information, we may be unable to process your request.

To the extent that the state in which you live has a data protection law that requires us to offer some or all of the following rights to you, we will provide the following rights to you based on your state’s law:

  • To opt-out of sharing your Personal Data for cross-context behavioral advertising or, in other states, to opt-out of targeted advertising;
  • To request access to and a copy or representative summary of your Personal Data, including to provide your Personal Data directly to another organization, i.e., a right to data portability;
  • To request to know about the Personal Data we process about you or, in other states, to request to acknowledge our processing of your Personal Data or a list of the categories of third parties to which your Personal Data has been disclosed;
  • To request that we correct your Personal Data;
  • To request that we delete your Personal Data;
  • To request that we limit the processing of your Sensitive Personal Data;
  • To opt-out of processing of Sensitive Personal Data;
  • To appeal the denial of a request; and
  • To lodge a complaint with the data protection authority in your jurisdiction.

You can opt-out of sharing personal data or opt-out of targeted advertising for any website you visit by clicking on the Your Privacy Choices link located at the bottom of that website. To learn if you have the other above rights in the state in which you live and to exercise any of these rights with respect to your Personal Data, please complete the form located here or, if you prefer, you can call us toll-free at (800) 975-7105. We will not discriminate against you for exercising any of the rights described above, although we may not be able to continue to provide you Products and Services or it may otherwise affect the way we are able to interact with you.

We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. We may, after receiving your request, require additional information from you to honor your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

In the event you wish to make a complaint about how we process your Personal Data, please contact us at [email protected] and we will handle your request as soon as possible. Even if you make a complaint to us, you may always lodge a complaint with the relevant authority in your location.

When we receive your Personal Data from our customers and process your Personal Data on their behalf, we do so at their request and subject to their instructions. We do not have control over our customers’ privacy and security practices and processes. If your Personal Data has been submitted to us by a Genentech customer and you wish to exercise any of the above-mentioned rights, please contact the relevant customer directly.

Safeguarding Information

Consistent with applicable laws and requirements, Genentech has put in place physical, technical, and administrative safeguards designed to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we unfortunately are not able to guarantee security for data collected through our Products and Services. In addition, it is your responsibility to safeguard any passwords, ID numbers, or similar individual information associated with your use of the Products and Services.

How Long Your Personal Data Will Be Retained

We generally retain Personal Data for as long as needed for the specific business purpose or purposes for which it was collected or obtained, and as outlined in this Notice. In some cases, we may be required to retain Personal Data for a longer period of time by law or for other necessary business purposes. Whenever possible, we aim to de-identify the information or otherwise remove some or all information that may identify you from records that we may need to keep for periods beyond the specified retention period. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject that affects the Personal Data; and (iii) whether retention is determined to be necessary or advisable for Genentech due to applicable statutes of limitations, litigation, or other legal or regulatory obligations. Genentech takes reasonable steps to dispose of Personal Data upon the expiration of retention periods taking into consideration these litigation, legal, or regulatory obligations.

Special Note to Patients

If you are a patient, please note that this Notice is distinct from your Healthcare Provider’s HIPAA Notice of Privacy Practices, which describes how your Healthcare Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. Genentech collects, uses, and discloses any Personal Data it receives from your Healthcare Provider in accordance with its HIPAA-required agreements with your Healthcare Provider.

Changes to This Privacy Notice

We reserve the right to change this Notice from time to time. We will alert you when changes have been made by indicating the date this Notice was last updated as the date the Notice became effective or as otherwise may be required by law. It is recommended that you periodically revisit this Notice to learn of any changes.

Contact Us

If you have questions or comments about this Notice or about how your Personal Data is processed, please contact us by one of the methods below:

Email: [email protected]

Mail: Genentech, Inc.

Attn: Privacy Office

1 DNA Way

South San Francisco, CA 94080

Phone: 877-GENENTECH or (800) 975-7105

We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. Note that your request to exercise your data privacy rights must be done through the web form and 800 number listed under Your Rights Regarding Your Personal Data. We may, after receiving your request, require additional information from you to honor your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.