Accu-Chek View Data Privacy Statement
1 Scope of application of this document, Controller
This document explains how personal data is processed when the Accu-Chek® View app is used.
2 Description of Accu-Chek® View
2.1 Description of the app, data processed
The Accu-Chek® View app allows you to take part in the digital prevention and diabetes management program for patients with metabolic syndrome, pre-diabetes and Type 2 diabetes run by Roche. The digital prevention and diabetes management program aims to actively involve you in your medical treatment. The app allows you to keep updated on your progress against individual therapeutic goals such as your personal daily step target.
The Accu-Chek® View app allows you to capture the following medical parameters in a single mobile app:
- number of steps taken.
- blood glucose,
- blood pressure
- abdominal girth and
You can monitor these and provide the data to your healthcare professional or coach for therapy support.
You can also:
- save your personal medication plan and
- receive reminders to take your medication.
You can share your health data with your healthcare professional or coach at any time.
Your healthcare professional or coach will have an up-to-date summary of your current health status and can, for example, get in touch using a messaging function if any readings are critical and give you individual recommendations at an early stage.
You can only obtain the QR code for the full version of the app from your healthcare professional or coach. If your healthcare professional or coach are not participating in the diabetes program run by Roche, you can use the app to a limited extent by running it in test mode (see section 4.1). Roche only processes your QR code for login/identification purposes in the app; only your healthcare professional has your name and contact details.
Accu-Chek® View does not process your data for automated individual decision-making purposes as set out in Art. 22 GDPR. It merely provides you, your healthcare professional and any other recipients nominated by you with information they and you can use to make your own decisions.
2.2 Permissions required
Permissions required by the Accu-Chek® View app:
- Call telephone numbers directly (this permission is required if you wish to call your healthcare professional/coach or Roche Customer Service)
- Take photos and videos (this permission is required if you want to personalize your app),
- Full Internet access (this permission is required to share your medical information with your healthcare professional),
- Create Bluetooth connections (this permission is required if you want to connect peripherals such as the Accu-Chek® Guide meter),
- Control vibration (this permission is required if you want to receive reminders)
- Test access to protected storage (this permission is required to have your data encrypted on your smartphone).
2.3 Offline use
If you only use the Accu-Chek® View app locally, i.e. in offline mode or test mode, no personal data is transferred to Roche
3 Processing of personal data by Roche
3.1 Consent for basic functions
In Accu-Chek® View, Roche processes your health data described in section 2 to allow you to use the Accu-Chek® View functions. This is based on your explicit consent, which you have provided to your healthcare professional. Your data is secure and Roche does not have access to this data. Nor does Roche know your name unless you have contacted Roche, for example to exercise your rights. When you use Accu-Chek® View, only you and your healthcare professional have access to your personal data.
To use the Accu-Chek® View app, please enter the code your healthcare professional gave you after you provided your consent. This code tells Roche that you have consented and that you are authorized to use the app.
You can withdraw consent at any time with future effect. If you no longer wish to take part in the program and wish to erase all your data, you can either leave the program directly using the “Leave Health Program” function in the Accu-Chek® View app or contact your healthcare professional who will arrange for the data to be erased. If you want to rejoin the program your healthcare professional will have to re-register you. In this case however you will not be able to access historical data.
3.2 Consent to statistical analysis
If you consent, we will process information about your use of the app for evaluation and statistical analysis (“usage information”) in order to understand how you use the Accu-Chek® View app, which functions are particularly popular with users and how we can improve the way the app is operated. Roche does not attribute the usage information to you personally and protects you against any personal attribution by third parties. This use for statistical analysis is disabled during offline use or in test mode. During online use it is disabled until you consent to this use. To do this, apply the relevant setting in the Accu-Chek® View app. You can withdraw consent at any time with future effect by disabling the setting in the Accu-Chek® View app.
You can also use the Accu-Chek® View app as normal without this consent, but if you do consent you will be helping us to refine the app.
4 Saving and sharing data under user control
4.1 Test mode
When you are in test mode, personal data is only saved in your Accu-Chek® View app locally on your mobile device and is not passed on. Test mode allows you to try out key features of the app without registering for a digital prevention and diabetes management program. There are limitations on the features you can use, mainly due to the lack of healthcare professional/patient interaction, relating to (i) connecting to the Accu-Chek® View backend, (ii) connecting external devices such as a pedometer or blood glucose meter via Bluetooth Low Energy, (iii) using the messaging function, (iv) using the medication plan, (v) support for prescription requests.
4.2 Sharing data with a healthcare professional or other recipients
The Accu-Chek® View app can only be used to its full extent under the digital prevention and diabetes management program. You must have a valid QR code to login. You can obtain this from your healthcare professional/coach when you register for the program.
You can set the Accu-Chek® View app to share data with a recipient participating in the program, such as a healthcare professional or your doctor/coach (hereafter referred to collectively as “recipients”). Data sharing is enabled after your healthcare professional registers you on a program relevant to the digital prevention and diabetes management program.
If data sharing is enabled, measurements and manually entered readings are automatically sent out to all recipients. Please note that all recipients have access to the parameters captured on the app in plain text and so they will be able to attribute the data captured by you personally.
4.3 Saving and erasing data
All data are exclusively stored by Roche at their subcontractor SAP SE in St. Leon-Rot (Germany) in a data center that is certified to ISO 27001 security standards. Neither Roche nor its subcontractors can view the contents of the data. Only recipients set up by you, such as your healthcare professional, and you yourself can view it.
Roche normally stores your personal data for the duration of the contract. If your personal data no longer needs to be stored for the purposes described above, for example if you leave the program via the app, Roche will erase your data.
5 Linking third-party devices, Apple Health
5.1 Linking third-party devices
A wide range of devices and applications are supported and can be linked to the Accu-Chek® View app. You can view the individual devices/applications that are supported in the Accu-Chek® View app menu under Devices => “Link additional devices free of charge”.
5.2 List of devices and linking Accu-Chek® View app and Apple Health app (available for Apple devices only)
The Accu-Chek® View app can be paired with pedometers, blood pressure monitor, scales etc. connected via the optional Validic interface to allow it to share data with these devices. The app connects recording devices such as:
- Accu-Chek® Guide meter
6 Purpose limitation and security
All processing is conducted in a way that ensures your personal data is kept appropriately secure and confidential in each case. This comprises protection against unauthorized and unlawful processing, accidental loss, accidental destruction or damage by appropriate technical and organizational measures. For these purposes we use strict internal procedures, security features and the latest encryption methods such as AES-256. We regularly revise these measures taking into account the state of the art.
7 Categories of recipients
We employ IT service providers such as SAP SE as processors for storage of data and for the technical implementation of Accu-Chek® View. SAP’s Health Engagement Platform generally processes aggregated, anonymized data to prevent you from being identified. If you consent to the processing of usage data described in section 3.2, SAP SE accesses your usage data on our behalf to refine the mobile smartphone application without attributing this data to you personally. SAP SE only accesses your data where this is necessary to ensure the server systems operate properly. Roche does not pass on your personal data to recipients outside the European Economic Area.
8 Data Protection Officer
You can contact our Data Protection Officer on any matters relating to data privacy law at
(Data Protection Officer, c/o Sandhofer Str. 116, 68305 Mannheim; [email protected]). He is responsible for monitoring compliance (independently and with full authority) with all data privacy regulations and is subject to strict legal obligations on confidentiality and non-disclosure.
9 Children and data protection
The Accu-Chek® View app is only intended to be used by persons who have reached the minimum age under the applicable laws and regulations on age limits in the relevant country. Ages are checked by the healthcare professional.
We will need to adjust this policy from time to time to take account of developments in Internet (and data privacy) technology and procedures. We will announce any adjustments in an appropriate manner and give reasonable advance notice and shall obtain new consents if necessary.
11 Your rights
11.1. Withdrawal of consent
If Roche processes your personal data based on your consent, you can withdraw that consent at any time. This shall not affect the lawfulness of the processing performed prior to the withdrawal. We shall continue to provide our services to the extent that they do not depend on the withdrawn consent.
11.2. Access, rectification and restriction
11.2.1. All users have the right to obtain access to information regarding the processing of his or her personal data. Most of the data can be viewed and rectified after logging in to the Accu-Chek® View app. In all other cases, you can contact the Roche Data Protection Officer referred to above or your healthcare professional at any time. Only your healthcare professional can release data since Roche does not have access to it. However Roche can answer your questions on how the app works.
11.2.2. If it emerges that some of your personal data is inaccurate, you can have inaccurate data rectified or incomplete data completed. You can correct most of the data yourself in the Accu-Chek® View app, otherwise please contact Roche or your healthcare professional. Only your healthcare professional has access to the data and only they can correct it. Roche can rectify errors in the app (such as an incorrect calculation). You also have the right to the restriction of data processing whilst your concern is reviewed.
11.3. Erasure (“right to be forgotten”)
You have the right to have your personal data erased. If you wish to erase your data because you no longer wish to take part in Accu-Chek® View, you can either leave the program directly using the “Leave Health Program” function in the Accu-Chek® View app or contact your healthcare professional who will request that the data be erased. Subsequently, after 30 days of inactivity, your data will be erased. You will only remain on the system if the app is actively used within this period. Once erased, data will be irrevocably erased and cannot be restored. If you want to rejoin the program your healthcare professional will have to re-register you. In this case however you will not be able to access historical data.
11.4. Data portability
If you leave the program you will be provided on request with the personal data the app captured concerning you in a standard electronic format. Please contact the healthcare professional if you wish to exercise this option.
11.5.1. If you believe that we are not adequately upholding your data privacy rights, please contact our Data Protection Officer (see above). We shall deal with your concerns immediately.
11.5.2. You also have the right to complain to a competent supervisory authority, for example at your permanent place of residence.