Global Privacy Policy

Introduction

Abbott and its affiliates are committed to protecting and respecting the privacy of individuals.

This policy sets out how and why we collect, use, and disclose personal information of individuals who interact with Abbott, as well as how we safeguard this information.

This policy also covers information that is collected, used, or disclosed through use of the www.abbott.com family of websites, which are available to visitors located throughout the world and operated for different purposes.

What is Personal Information?

Personal Information

Personal information means information that identifies you or could reasonably be used to identify you. Examples of personal information include your name, address, email address, affiliated organization or company name, birth date, age, gender, telephone number, account numbers, profession or specialty, education, or other specific types of personal information. Some kinds of personal information are sensitive personal information. In this policy when we use the term personal information, we include sensitive personal information unless we specifically state otherwise.

 

Sensitive Personal Information

Sensitive personal information means personal information relating to your racial or ethnic origin, religious or philosophical beliefs, sex life, political affiliation, trade union membership, or information relating to your health such as your diagnosis, treatment or condition information, or medical device model and serial numbers.

 

How Do We Collect Personal Information?

We collect personal information in a variety of ways, including through personal contact, through our employees and their attendance at industry events via our websites and the internet, over the telephone, through other correspondence where necessary to identify patients, through third parties who have your authority to disclose such personal information to us or where we are required to do so by law. Examples of when personal information may be collected would include when you contact us for more information about our products or services; you fill out or submit a registration form for an Abbott event or educational session; or we conduct business with our customers, such as providing products and services to customers and their patients.

Generally, where we request personal information from you, we will explain the purpose of its collection and use and to whom it may be disclosed at the time we collect it. The personal information collected by us will be limited to the minimum amount necessary for the purposes identified to you. If you decide to withhold information, it may limit our ability to provide you with the services or products you requested.

If you believe that a third party has disclosed your personal information to us without your consent to do so, please contact that third party. If they do not adequately respond to your inquiries, please let us know.

 

How Do We Use And Disclose Personal Information?

We only use and disclose personal information for the purposes that we have disclosed to you in this policy or at the time of the collection of the personal information, except as otherwise permitted or required by law. If for any reason we would like to use or disclose your personal information for a materially different purpose, we will obtain your consent before we proceed.

We may collect, use, and disclose personal information to meet the needs of our customers and for the following business purposes:

  • Recording and reporting on our products and related medical conditions, including reporting to regulatory and medical authorities and recording and responding to product inquiries, feedback, and complaints
  • Registering and tracking certain Abbott implanted devices in compliance with applicable legal obligations and for quality and safety purposes
  • Complying with our regulatory, legal, and ethical obligations (such as recording and reporting on adverse events and registering implantable devices)
  • Understanding our customers and their needs
  • Learning about our markets and improving our products and services
  • Shipping product information or providing products and services to our customers
  • Performing administrative functions such as accounting, billing, auditing, and collection activities
  • Performing services and technical support for our products and services
  • Ensuring and protecting health and safety
  • Or analytical purposes to evaluate and improve our business (such as analyzing our products and services, researching, improving and developing new products and services, and performing market research)
  • Contacting you (including by way of email), including:
    • In response to your inquiries, questions, or comments
    • To safeguard your interests
    • Provide you with information about our products and services, or those of others, that we believe may be of interest to you
    • To meet legal requirements
  • In the case of health care professionals (HCPs):
    • In connection with research and clinical trials that the HCP is involved with or that we believe the HCP may be interested in being involved with
    • Provide education, training, evaluation, and/or demonstration of products
    • To provide samples
    • In connection with conferences, symposia, expert panels, or other events with which we are involved or with which we believe an HCP may wish to be involved
    • Or complying with our corporate policies for expense reimbursement that require us to record the names and affiliations or attendees
  • In the case of patients
    • In connection with our patient programs, research and clinical trials
    • In the case of our contractors, distributors, or commissioned agents: In connection with our Business Purposes, including information to third party suppliers subject to obligations of confidentiality
    • Protecting our rights and property against fraud, unauthorized claims or transactions, and other liabilities
    • Disclosing information to external service providers that we engage to assist us in the conduct of our business (these service providers will only be permitted to use that information for assisting us)
    • In other ways to which you are notified prior to collection or to which you have authorized

We are responsible for personal information in our possession or custody, including personal information that we may transfer to third parties for processing, including storage. The personal information may be transferred outside of your country of residence, such as to the U.S., for processing or storage, consistent with the purposes identified above. These countries’ laws may not require the same level of privacy protection as is required in your country of residence. We require the same level of data protection worldwide and will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy policy.

In the event we disclose personal information to our service providers, we require our service providers to agree to contractual requirements that are consistent with our privacy and security policies and to comply with applicable legal requirements. We prohibit our service providers from using personal information except for the specific purpose for which we supply it to them or in any way that violates laws and regulations applicable to the personal information in question. We remain responsible and liable under EU and Swiss-approved Standard Contractual Clauses (“SCCs”) and Privacy Shield Principles if a third-party service provider uses or discloses personal information in a manner inconsistent with these provisions, unless we prove that we are not responsible for the event giving rise to the damage.

We may also use and disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment, or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction, and informed consent to such disclosure. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing personal information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use, and disclose your personal information for substantially similar purposes as described in this privacy policy. In the event the transaction does not go through, we will require, by contract, the other party(ies) to the transaction not to use or disclose your personal information in any manner whatsoever for any purpose, and to return or destroy such personal information.

Abbott and our affiliates may disclose personal information as required by law, regulation, warrant, subpoena, court order, or regulator or law enforcement agency or personnel, as well as in respect to a criminal investigation or to meet government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose certain information to government authorities. Only the information specifically requested is disclosed and we take precautions to verify that the authorities making the request have legitimate grounds to do so. We also may release certain personal information when we believe that such release is reasonably necessary to protect the rights, property, and safety of others and ourselves.

There are some situations in which we are legally permitted to disclose personal information, such as employing reasonable and legal methods to enforce our rights or to investigate suspicion of illegal activities.

Except as set forth herein, Abbott does not disclose, sell, and/or trade customer lists to third party companies or organizations.

Is Personal Information Collected Through The Use Of Cookies Or Similar Technologies?

Cookies are small data files that are sent to your browser and saved on your computer or mobile device when you visit a website. Cookies enable the website to store your preferences (such as login, language, font size, and other display preferences) and other information on your computer or mobile device and save you time on subsequent visits by eliminating the need to repeatedly enter the same information. The use of cookies will help to simplify the login process, provide you with better service on the website, and provide you with personalized content on the website. Cookies also enable Abbott to maintain and improve our websites by providing Abbott with information on how visitors find and use our websites, how well the websites are performing, and to compile and analyze the website usage for statistics and trends.

Some of the information that we collect using cookies is non- personal information, which means it does not identify you as an individual person. The non-personal information collected through the use of cookies may include the type of web browser software you use (i.e., Internet Explorer), the name of the domain from which you access the internet, the date and time you access our website, the pages you visited on our website, or search terms you used on our website. Personal information may also be collected through the use of cookies which may include your login information or other information that you enter into a form or data field on our website.

Through the use of website cookies, we monitor which pages of our website visitors view and how often visitors view them. Through the use of these cookies, we are able to capture standard Web traffic information such as time, date, IP address, and browser, but in most circumstances the information captured cannot identify you as an individual.

Abbott may contract with third parties to track and analyze your usage of our websites through the use of cookies and similar technologies. These third parties may collect and analyze information for us on the use of our websites and the information accessed in order to measure the effectiveness of our marketing or advertisements. The information collected on our behalf by these third parties does not contain your personal information.

How Do We Use Cookies And Similar Technologies?

The Abbott websites use session cookies and persistent cookies. Session cookies are temporary bits of information that are erased once you exit your web browser window or turn off your computer. Session cookies are used for purposes such as improving the navigation and usability of our websites, blocking visitors from providing inappropriate information, and collecting aggregated statistical information. Persistent cookies are more permanent bits of information that are placed on the hard drive of your computer or mobile device. Persistent cookies remain on your hard drive until you delete them. Persistent cookies are used for purposes such as retrieving your user preferences and saved login information, customizing the website based on your preferences, and helping us to determine what areas of the website visitors find most valuable. Persistent cookies may contain personal information, but only if you have given your consent to the use of such personal information.

Our website may include social media widgets such as buttons that can be used to share information or interact with other social media sites (i.e., Facebook, LinkedIn, Twitter). This feature may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Your interactions with this feature are governed by the privacy policy of the social media company providing the widget.

Abbott may also use web beacons (also known as clear GIFs, invisible GIFs, and internet tags) in combination with cookies to help us understand how visitors use our website. A web beacon is a tiny graphic that is placed on the website, which is used to track which pages are viewed and what information is consulted. We use web beacons to measure traffic and related behavior, and to improve the content available on our websites.

How Can You Manage The Use Of Cookies?

You must consent to the use of essential cookies on our website. You may give your opt-in consent to non-essential cookies by accepting the use of cookies when prompted in the pop-up banner when you visit our website. Some sections and functions of our website may not work properly if you decline non-essential cookies.

Some browsers also offer "Do Not Track" signals, which is a browser setting that provides a single, persistent choice to opt-out of third party web tracking. If your browser has the "Do Not Track" signal enabled, Abbott will not collect or use any information from users who do not accept the use of cookies as described above.

How Do We Comply With Information Protection Regulations?

As a global company, in all countries where we do business, Abbott is committed to complying with applicable laws and regulations when we collect, use, process, transfer, and store information. We value the personal information we are responsible for in our line of work and we protect this information by implementing privacy and security controls throughout our organization. We utilize an Information Security Framework based on ISO/IEC 27001, which integrates with our Privacy Framework based on ISO/IEC 29100. ISO standards are accepted internationally as risk-based auditable principles and allow you to have confidence that your information is being handled securely.

Abbott complies with all applicable laws and regulations for personal information we collect, use, process, transfer, and store. Additionally, Abbott complies with the EU and Swiss-approved Standard Contractual Clauses (“SCCs”), which allows for the transfer of personal information from individuals in the United Kingdom, European Union and Switzerland to the United States. Abbott adheres to the EU and Swiss-approved SCCs, as well as the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. To learn more about how Abbott complies with SCC and Privacy Shield Principles, please visit abbott.com/policies.html.

Children’s Privacy

This site is not intended for use by children under the age of 18 and Abbott does not intentionally collect personal information from such children. If we discover that a child has provided us with personal information online through this website, we will take reasonable steps to delete this information. If you believe we may have received personal information from a child under the age of 18, please immediately contact us at cnprivacy@abbott.com.

How Can You Opt Out Of Marketing Mailings?

We may from time to time send you marketing material that we believe may be of interest to you. You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use it for such purposes or if we intend to disclose your information to any third party for such purposes. If you no longer wish to receive information from us, please use the “opt-out” or “unsubscribe” link on the email to remove yourself from the mailing list. You may also elect not to receive such materials by:

  • Checking certain boxes on the forms we use to collect your information
  • Contacting us at the following address:

    Privacy Officer
    Abbott
    036X, AP06A-2
    100 Abbott Park Rd
    Abbott Park, IL 60064
    USA
    privacy@abbott.com

  • Please note that we may be required to send certain information to you under a legal, regulatory, or ethical requirement.

Where We Store Your Personal Information

The personal information that we collect from you may be transferred to countries other than your own for storage. Generally personal information that we collect from you will be transferred to and stored in the U.S. The U.S. may have different levels of privacy protection than apply in your country. Your personal information may be processed by staff working in countries other than your own working for us or for one of our related companies, affiliates, or suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal information via our website, you agree to any such transfers, storage, or other processing. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy policy.

It is important to note that some or all of your personal information provided to third party service providers may be held by them in countries other than your own, including the U.S. You acknowledge and understand that your personal information will be subject to the applicable laws of each such jurisdiction, which may not require the same level of protection as your country of residence. For example, government entities in the U.S., among other countries, may have certain legislative rights to access your personal information. If you would like access to written information about our policies and practices with respect to service providers outside your jurisdiction, you may email privacy@abbott.com. Our Privacy Officer or representative will address your questions about the collection, use, disclosure, or storage of personal information by our service providers worldwide.

Security Of Your Personal Information

The security of your information is important to us and we take reasonable steps to secure and protect personal information, as outlined in this policy. Unfortunately, no internet transmission is 100% secure and there will always be risks when using or transmitting information over the internet. Please consider this risk when you visit our sites or send information to us via email or other electronic means.

We take reasonable steps and utilize no less than industry standard security safeguards, including maintaining physical, electronic, and procedural safeguards in compliance with industry standards and applicable laws to protect personal information from loss and unauthorized access, modification, disclosure, inappropriate alteration, or misuse.

Electronic customer files are kept in highly secure environments with restricted access. Paper-based files are stored in locking filing cabinets. Access to electronic and paper-based files is restricted to authorized employees who have a legitimate business purpose and reason for accessing personal information.

We manage our server environment appropriately and strictly adhere to our firewall infrastructure. We have our security practices reviewed on a regular basis and we routinely employ current technologies to ensure that the confidentiality and privacy of your information is not compromised.

For those areas of our website collecting sensitive information, our website uses Secure Socket Layer (SSL) and 128-bit encryption technologies to enhance security when you visit the secured areas of these websites. SSL is the industry standard tool for protecting and maintaining the security of message transmissions over the internet. When you access your accounts or send information from secured sites, encryption will scramble your data into an unreadable format to protect it from interception by others.

To safeguard against unauthorized access to your accounts, you are required to “sign-on” using a user ID and a password to certain secured areas of Abbott websites. Both user ID and password are encrypted when sent over the internet. If you are unable to provide the correct password, you will not be able to access these sections. You are required to keep your password and user ID secure and not provide that information to third parties. If you suspect that someone is using your user ID or password, please reset your password and immediately report the unauthorized access to our Privacy Officer by sending an email to privacy@abbott.com. You have an active role in protecting your own information. Please safeguard your environment and use reasonable steps to ensure that others do not access your information through your computer. Remember to logout to keep your information secure. Abbott will not be liable for disclosures of your personal information due to errors in transmission or unauthorized acts of third parties.

When you call our customer service centers for patient and product questions, you will be required to verify your identity by providing personal information. We will only use this information in order to identify you.

Access And Accuracy

You may request access to personal information we hold about you by sending written request to privacy@abbott.com. We will process that request in line with applicable laws and our policies and procedures in place for dealing with such requests and will respond to you within a reasonable time frame.

There may be circumstances where we are unable to provide access to your personal information. We may deny or restrict access for legally permissible reasons, such as situations where the information contains references to other individuals and is not reasonably severable, or where the information cannot be disclosed for legal, security, or commercial proprietary reasons. We will advise you of any reason for denying or restricting an access request

We shall make every reasonable effort to ensure your personal information is maintained in an accurate, complete, and up-to- date form. If you believe that we have inaccurate, incomplete, or out-of-date personal information about you, you may ask us at any time to correct or delete that information by sending a written request to privacy@abbott.com. When an individual successfully demonstrates the inaccuracy or incompleteness of personal information held by us, we will correct, update, or delete the information as required. Where appropriate, we will communicate these changes to other parties who may have received incorrect information from us.

Please note that before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will only use this information in order to verify your identity.

In the course of daily operations, access to personal information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. For example, when you contact us, our designated employees will access your information to verify who you are and to assist you in fulfilling your requests.

As a condition of their employment, all employees of Abbott are required to abide by the privacy standards we have established. Employees are trained about the importance of privacy including prohibiting the disclosure of any personal information to unauthorized individuals or parties.

Unauthorized access and/or disclosure of personal information by an employee of Abbott is strictly prohibited. All employees are expected to maintain the confidentiality of personal information at all times and failure to do so will result in appropriate disciplinary measures being taken, which may include dismissal.

Subject to applicable business, legal, or regulatory requirements, we securely destroy, erase, or de-identify personal information when it is no longer required to fulfill our services and commitments to you or to enforce our rights or meet our obligations.

Abbott websites may contain links to third-party websites that are not governed by this privacy policy. Although we endeavor to link only to websites with high privacy standards, our privacy policy will no longer apply once you leave any of our websites.

Links to third-party sites are provided for information only and do not constitute endorsements of those sites. Abbott is not responsible for the content of links or third-party sites and does not make any representation regarding their content or accuracy. Your use of third party websites is at your own risk.

Additionally, we are not responsible for the privacy practices employed by third party websites. Therefore, we suggest that you examine the privacy policies of those websites to learn how your information may be collected, used, shared, and disclosed by the third party in question.

Updates To This Policy

This policy will be published on all of our corporate websites worldwide. Abbott may amend this policy from time to time. The revisions will take effect on the date of publication of the amended policy, as stated.

Through a notice on our website, we will notify you of any material changes to this policy and draw your attention to the changes made. In the event that the changes we make to the policy are substantial and/or affect the personal information we have already collected in accordance with this policy, you will be entitled to withdraw your consent to such personal information handling practices. Withdrawal of your consent may impact our ability to provide you the services or products you have requested. You may notify us of your desire to withdraw consent by contacting our Privacy Officer at privacy@abbott.com.

The current applicable version of this policy is accessible at https://www.cardiovascular.abbott/us/en/policies/global-privacy-policy.html.

Complaint About An Interference With Privacy And Contact Information

If you believe that any action taken by us conflicts with this privacy policy or any applicable local law, you may make a complaint by contacting the Abbott Privacy Office:

Privacy Officer
Abbott
036X, AP06A-2
100 Abbott Park Rd
Abbott Park, IL 60064
USA
privacy@abbott.com

In compliance with the SCC, Abbott commits to resolve complaints about our collection or use of personal information. Individuals in the European Union or Switzerland with inquiries or complaints regarding our SCC compliance should first contact Abbott, Inc. by sending the inquiry or complaint to:

Privacy Officer
Abbott
036X, AP06A-2
100 Abbott Park Rd
Abbott Park, IL 60064
USA
privacy@abbott.com

We will respond within 45 days of receiving any complaints. Any complaints or concerns that cannot be resolved internally will be referred to an alternative dispute resolution provider located in the U.S..

Please address all requests or questions about how we deal with your personal information or this policy to our Privacy Officer at privacy@abbott.com.

EU General Data Protection Regulation

For persons located in the UK and the EEA: The EU General Data Protection Regulation (“GDPR”) governs the rights you have in relation to your personal data, and what companies that process your personal data are permitted and required to do. It also requires that we provide you with the following information in addition to that which you have already received: This supplemental notice supersedes any information you have already received from us.

 

Further Rights

The GDPR rights in relation to your personal data are:

  • The right to rectify or erase any wrong or incomplete personal data that Abbott holds about you.
  • The right to access the personal data that Abbott holds about you.
  • The right, in some cases, to object to the processing of your personal data on legitimate grounds.
  • The right not to be subjected to automated decision making intended to evaluate certain personal aspects relating to you, such as analytics based on conduct. Please refer to the cookies section of the privacy notice for more information on how to exercise this right if it is indicated that cookies are being used.
  • Where you have provided your personal data to us with your consent or as part of a contract, the right to the portability of that personal data to another person or, if it’s technically feasible for us to do so, to another company.
  • The right to lodge a complaint with your national data protection supervisory authority or to receive compensation for any damage you suffer.
  • The right to withdraw your consent to Abbott’s processing of your personal data without detriment, where you have provided consent for Abbott to process your personal data.

 

Further Information You Need To Know

International transfers — We transfer your personal data outside of the UK or the European Economic Area (“EEA”) to third countries which do not offer the same level of protection as required by the UK or the EEA. In order to safeguard your personal data, we will only make such transfers on the basis of (i) a decision of the European Commission that permits this, or (ii) subject to EU and Swiss-Approved Standard Contractual Clauses. Please note, Abbott has entered into data transfer agreements based on the EU and Swiss Standard Contractual Clauses to transfer your personal data from the UK or the EEA to third countries, which includes the United States. To access or receive a copy of the EU/Swiss Standard Contractual Clauses which we use to export your personal data from the UK or the EEA, please contact our EU DPO (details below).

Storage — Your personal data will be stored for as long as it is needed to provide you with (i) the Abbott service or product that you have requested; and/or (ii) access to our websites and services. Alternatively, your personal data will also be stored for as long as we require it to respond to your queries and concerns or in accordance with any legal requirements, including those in relation to product or medical device safety. For further information please contact your local customer care or the EU-DPO office using the details below.

Why we need your data — The provision of personal data to Abbott is required to fulfil the terms of a contract you have with Abbott, to provide you with a product or service you have requested, to comply with local laws, such as those relating to product or medical device safety. Any failure to provide such personal data will mean that Abbott cannot provide you with the product or service you have requested.

Customer care, queries and issues — Please follow Abbott’s normal recommended channels.

Data Protection Officer — If you have any queries in relation to the processing of your personal data please contact our EU DPO at https://www.abbott.com/eu-dpo.html.

MAT-2314769 v1.0