Abbott provides the myMerlin™ App (“App”) which transmits data to the Merlin.net™ Patient Care Network (“Merlin.net”) (together the “Services”) so that your doctor or clinic can remotely monitor your cardiac monitor and provide you with medical treatment. Pacesetter, Inc. (an Abbott company) provides Merlin.net.
We are committed to protecting your personal information. This Privacy Notice and Consent (“Privacy Notice”) explains how we handle your personal information for the Services and what we do to keep your personal information secure. We understand that a lot of information is included in this Privacy Notice. We want to provide you with a short and easily accessible summary of how we handle, protect, retain, store and disclose your personal information. For more information, see +About the Services and +Security of Personal Information below.
THIS SUMMARY IS NOT COMPREHENSIVE. YOU WILL NEED TO READ THE RELEVANT SECTIONS OF THE PRIVACY NOTICE BELOW TO FULLY UNDERSTAND HOW WE PROCESS YOUR PERSONAL INFORMATION.
We use personal information when you set up the App, which includes your date of birth and device serial number. We use your email address or telephone number for authentication purposes during pairings of your cardiac monitor. This App transmits information from your device to us, and if you contact our customer services, we will keep a separate record relating to your request for technical support. We also use personal information entered by your healthcare provider into Merlin.net. For more information, see +Collection and Processing of Your Personal Information and +Country Specific Provisions below.
We use personal information to: (1) provide you with the Services; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research once the personal information has been de-identified, pseudonymised, aggregated and/or anonymized, so that it does not identify you by name. We conduct research to understand how our products and services are used, their effectiveness and for real-world evidence studies. For more information, see +Abbott’s Own Use of Your Personal Information, +Medical Devices and other Legal Requirements, +Research, +Retention of Personal Information below.
We strictly limit who we share your personal information with and will never sell the information to third parties for our commercial benefit. We do share personal information with our affiliated companies to help support and provide technical assistance for the Services, for compliance purposes, to conduct research, or to perform troubleshooting/ diagnostics and broader analysis to detect systemic issues. For more information, see +Disclosure of Personal Information by Us and +Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider below.
Where your location grants you certain rights in relation to your personal information, we will respond to such requests. For more information, see +How Individual Users Can Access and Correct Personal Information and Your Rights below.
We store personal information relating to the Services on servers in the United States of America. For more information, see +Data Storage and +Cross-Border Transfers of Personal Information below. We also recommend that you check +COUNTRY SPECIFIC PROVISIONS, as there may be additional provisions that apply depending on your country of residence.
Please contact and direct all enquiries regarding the Services to your clinic in the first instance. Your clinic is the ‘controller’ of your personal data when they provide you with medical care. We are the ‘processor’ of your personal information on their behalf to provide you and your clinic with the Services. If you have any questions or comments relating to privacy, you can contact us by emailing us at privacy@abbott.com. If you are located in the European Economic Area, you may contact our European data protection officer or contact your local data protection authority. The contact details for Abbott’s European data protection officer, as well as other useful contact information, are available at www.EU-DPO.abbott.com. For more information, see +Contact Us below.
If we update this Privacy Notice with material changes, we will alert you by email or the App when you next use the App. For more information, see +Changes to this Privacy Notice below.
Pacesetter, Inc. (an Abbott company) provides the Merlin.net™ Patient Care Network (“Merlin.net”). Abbott provides the myMerlin™ mobile application (“App”) (together, Merlin.net and the App are referred to as the “Services”). Throughout this Privacy Notice, references to “Abbott,” “we,” “us,” and “our,” mean the group of Abbott companies, headquartered in Abbott Park, Illinois, United States of America.
We recognize the importance of data protection and privacy and are committed to protecting personal information, including health-related information. This Privacy Notice describes how your personal information is collected and used by Abbott when you use the Services.
Please read this Privacy Notice carefully before registering to use this App as it applies to the processing, transfer and storage of your personal information, including health-related data by Abbott and certain affiliated companies as described below. It also applies to the processing of your personal information by our affiliated companies and by our processors if required to resolve a customer service issue related to the Services.
This Privacy Notice does not apply to personal information processed or collected by other Abbott affiliates or subsidiaries or via other methods, such as other Abbott websites, other Abbott customer call centers. Your doctor’s use of Merlin.net and other privacy policies may apply to the personal information processed or collected through these methods.
By registering and using this App, you accept this Privacy Notice and you:
BY ACCEPTING OR AGREEING TO THIS PRIVACY NOTICE AND CONSENT, YOU EXPLICITLY ACKNOWLEDGE THAT YOUR USE OF THIS APP AND THE SERVICES ARE SUBJECT TO THIS PRIVACY NOTICE AND TO THE PROCESSING AND TRANSFER OF PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, AS DESCRIBED IN THIS PRIVACY NOTICE.
WHERE REQUIRED BY THE LAW OF YOUR COUNTRY OF RESIDENCE, CLICKING “ACCEPT” OR “AGREE” MEANS THAT YOU ARE PROVIDING EXPLICIT CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION AND TO TRANSFER YOUR PERSONAL INFORMATION TO ABBOTT’S SERVERS LOCATED IN THE UNITED STATES OF AMERICA.
YOUR CONSENT IS GRANTED AT YOUR FREE WILL AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION TO ABBOTT.
Abbott is the manufacturer of the App, Confirm Rx™ Insertable Cardiac Monitor (“ICM”) and Jot Dx™ ICM.
Pacesetter, Inc. (a St. Jude Medical, LLC affiliate and wholly owned subsidiary of Abbott Laboratories) of 15900 Valley View Court, Sylmar, California 91342, United States of America, is the provider of Merlin.net.
Your healthcare provider is a controller of your personal data for the purposes of providing your medical care. Your healthcare provider is responsible for how such data is processed and for ensuring that information transmitted through the Services complies with applicable privacy and data protection laws. The reference to ‘controller’ is based on its definition in the data protection laws of the EEA, the UK and Switzerland and, where applicable, has the equivalent meaning of similar terms in other countries data protection and privacy laws in which you reside.
Abbott is a controller of personal information when we use personal information to: (1) provide you with the Services; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research relating to the Services. For further information see +Abbott’s Own Use of Your Personal Information.
Merlin.net is a remote care system that holds information transmitted from your ICM through the Services.
The Services enable the prompt, automated transmission of information collected from your ICM and uploaded via the App to Abbott’s private and secure database. Through Merlin.net, your healthcare provider can see when your heart starts beating differently. The App sends your heart data to your clinic based on the settings set by your healthcare provider. The Services help your healthcare provider to monitor your heart’s rhythm and modify your treatment without the need for you to visit a clinic in person.
You must keep your mobile device connected to WiFi or to cellular/mobile data, and you must use the App so that your heart data can be remotely monitored by your healthcare provider. Before you can use the Services, your healthcare provider must register you on Merlin.net. Once you have entered your date of birth and the serial number of your ICM in the App, you may need to obtain an activation code, which you can elect to have sent to you. Once you have entered this activation code in the App, you must ensure that Bluetooth®1 wireless technology is maintained “ON” in order to pair your ICM to the App. Please keep “Notifications” “ON” to receive status updates and reminders. The App will inform you once set up is complete.
At regular intervals, the App will connect to your ICM and transmit information about how the ICM is performing. The App will also transfer information about your heart’s rhythm to your healthcare provider, who will be able to receive alerts and updates, as well as log into Merlin.net to monitor your heart’s rhythm.
The following categories of your personal information are processed when you use the App:
The App links with and transmits data from your ICM to Merlin.net. The Services relating to Merlin.net use additional personal information, including health-related data that your healthcare provider inputs when creating a Merlin.net patient profile for you. That personal information may include your phone number or email, ICM model and serial number, and other optional fields including gender, race, preferred language, clinical comments and the functioning of your ICM, dates of treatment and transmissions, information about your condition, a clinic assigned patient number or other patient identifier. Your healthcare provider may also input the information of an emergency contact for you. Abbott may need to access this personal information to support and maintain the Services.
Your healthcare provider will collect your personal information as part of your medical treatment and will input your information into Merlin.net. Your healthcare provider uses the Services to help monitor your ICM and your heart rhythm.
Your healthcare provider or clinic processes your personal information for the following purposes:
We process your personal information as a processor on behalf of your healthcare provider or clinic. Such processing is on the instructions of your healthcare provider or clinic and relates to the following purposes:
Depending on your location, we may provide support services to your healthcare provider or clinic from locations in: Sweden; other European locations, particularly if we have operations in your country of residence; or our other support centers located in the United States of America and Malaysia. We may also use other third parties to provide technical or clinical support to your healthcare provider or clinic. Where we use any third party to help us provide support Services to your healthcare provider or clinic, we put in place adequate measures to safeguard the confidentiality, integrity and security of your personal information.
The reference to ‘processor’ is based on its definition in the data protection laws of the EEA, the UK and Switzerland and, where applicable, has the equivalent meaning of similar terms in other countries data protection and privacy laws in which you reside.
Abbott processes your personal information, including your health-related personal information, as a controller for the following purposes:
When your healthcare provider creates a patient profile in Merlin.net for you, and where required by applicable law, you provided your explicit consent for Abbott to de-identify, pseudonymise, aggregate, and/or anonymise your personal information to conduct research. For more information, see the +Research section.
The reference to ‘controller’ is based on its definition in the data protection laws of the EEA, the UK and Switzerland and, where applicable, has the equivalent meaning of similar terms in other countries data protection and privacy laws in which you reside.
We receive data transmitted by the App and ICM before it is then stored in the Merlin.net servers, which are located in the United States of America. When your personal information is hosted in a country other than your country of residence, it may also become subject to the laws of the host country, which may not be equivalent to the laws of your country of residence. We have implemented appropriate security measures and controls to protect your personal information. While the United States has laws governing patient health information, those laws may not be equivalent to privacy or data protection laws in your country of residence.
See also +Security of Personal Information and +Cross-Border Transfers of Personal Information.
Abbott may use personal information where legally required and where possible we will de-identify, pseudonymize, aggregate and/or anonymize information to comply with our legal obligations as a medical device manufacturer. This information is securely held by Abbott and will not be used to identify you individually by your name or email address, except where we are under a legal obligation to include this information. Where such use of personal information is subject to legal requirements, we do not require consent.
The legal requirements for which Abbott will use this information are:
We use the terms ‘de-identify’ and ‘pseudonymize’ interchangeably. US health insurance portability law (HIPAA) describes de-identified information as information where ‘there is no reasonable basis to believe that the information can be used to identify an individual’. The EU General Data Protection Regulation (2016/679) (GDPR) defines ‘pseudonymization’ as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information’. Anonymized data is information that does not relate to a person and from which a person cannot be identified, and this kind of data usually falls outside data protection and privacy laws.
For more information about GDPR, please see +European Economic Area, UK, Cayman Islands, Switzerland and Thailand below.
Where required by applicable law, your healthcare provider will have obtained your explicit consent to allow us to de-identify or pseudonymise, aggregate, and/or anonymise your personal information to conduct research for limited purposes.
If a data set used for research purposes, the data will not include your name, address, phone number, or email address. We take steps to ensure that there is no reasonable basis from which the de-identified or pseudonymised data can be used to identify you individually. Data used in research may include ICM model and serial number, intervals between implant date and subsequent visit dates, implant date, and demographics such as place of residence and age.
We conduct research using this de-identified or pseudonymised data, or aggregated, statistical and/or anonymised data for the following purposes:
If you are ever asked to participate in a clinical trial, and where required by applicable law, you will be asked to provide a separate informed consent to the research site prior to taking place in any such trial and your participation is completely voluntary. The research is this section does not relate to participation in a clinical trial.
For more information about GDPR, please see +European Economic Area, UK, Cayman Islands, Switzerland and Thailand below.
Information collected from your ICM will be retained for a maximum period of seven (7) years from the date of your most recent transmission (that is, the date you last use your ICM and/or the App), except as may be required by law.
The section +Deleting Your Information from Merlin.net explains how you can arrange to have your healthcare provider or clinic delete your information from the Merlin.net Patient Care Network.
We may share your personal information as follows:
Abbott has implemented appropriate security controls within the Services to protect your personal information from accidental or unlawful destruction or accidental loss, alteration, disclosure, or access.
Information received from your ICM is encrypted before transmission to ensure that it will remain secure and confidential. The Services include various security measures to enhance the security of your patient profile and to prevent unauthorised access to, or disclosure of, your personal information. Only those authorised by your healthcare provider or clinic, including their authorised staff, will have access to your patient profile and only through unique IDs and passwords. Abbott has implemented various security and access controls to ensure that only authorised persons within Abbott may access pseudonymised, aggregated and de-identified data.
We use Bluetooth®1 4.0 wireless technology or higher to transmit different sets of personal information between medical devices and iOS or Android devices. Any information relating to measurements taken from your ICM is transmitted through Bluetooth technology.
Please be aware that the Services may be unavailable during periods of routine maintenance.
Information collected via the Services will be transferred to and stored in the United States of America. The data protection laws of the USA may not offer protections for personal information equivalent to those of the European Union, the UK, Switzerland or your country of residence. Your personal data will be transferred on the basis of EU and Swiss approved Standard Contractual Clauses. You also explicitly consent to the transfer of your personal information to Abbott’s servers in the United States of America.
If you contact us directly and request technical support, your personal information (including health-related data) may be accessible by our remote care teams in the USA, the European Union or Malaysia (transfers to Malaysia do not apply to residents of the European Union, the UK or Switzerland). Abbott intracompany data transfers are governed by a data transfer agreement providing adequate safeguards.
BY USING THIS APP AND BY ACKNOWLEDGING THIS PRIVACY NOTICE AND CONSENT, WE ARE INFORMING YOU OF THESE TRANSFERS OF YOUR PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA, SWEDEN AND/OR MALAYSIA (TRANSFERS TO MALAYSIA DO NOT APPLY TO RESIDENTS OF THE EUROPEAN UNION, THE UK OR SWITZERLAND) AND TO THE ACCESS OF YOUR PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, WHICH MAY BE REQUIRED IN EXCEPTIONAL CIRCUMSTANCES TO RESPOND TO ANY SUPPORT REQUESTS YOU OR YOUR DOCTOR REQUESTS. THESE COUNTRIES MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION FOR YOUR PERSONAL INFORMATION WHEN COMPARED WITH DATA PROTECTION OR PRIVACY LAWS IN WHICH YOU RESIDE.
We will not knowingly send you advertising or marketing-related information, unless you have opted into receiving these types of communications from us in relation to our other products and services.
Neither Abbott nor its affiliates or licensors will knowingly send advertising or marketing-related information to children.
We do not sell your personal information to third parties for direct marketing.
Please note that we may send you non-marketing related information about necessary App and service updates or issues relating to product safety.
Children can be enrolled in Merlin.net by a healthcare provider or clinic. At any time, a parent/guardian may stop the collection of a child’s personal information, including health-related information, by contacting the healthcare provider or clinic and requesting that the account be deleted. This action will delete the Merlin.net account associated with the child, but we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
To exercise any data protection or privacy rights, you should contact your healthcare provider or clinic in the first instance. We are not able to correct or amend any readings from your ICM that have been uploaded.
Depending on your place of residence, you may have the right to: (a) access the personal information we hold about you; (b) request we correct any inaccurate personal information we hold about you; (c) delete any personal information we hold about you; (d) restrict the processing of personal information we hold about you; (e) object to the processing of personal information we hold about you; and/or (f) receive any personal information you have provided to us on the basis of your consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit your personal information to another company.
Children may also have the right to access the personal information held about them. Where we receive a request for access for a child’s personal information from the child’s parent/guardian, we may respond directly to the child’s parent/guardian or recommend that they contact their child’s doctor or clinic. We will always seek to verify the identity of person seeking access to a child’s information, whether it is from the child him/herself or from a parent or guardian.
To request the exercise of these rights, please contact your healthcare provider or clinic in the first instance as the controller of your personal information for the purpose of providing you medical care. You may contact us where we are the controller of your personal information using any of the methods set out in the section entitled +Contact Us.
If you have been implanted with an ICM, the only way your healthcare provider can monitor you is via Merlin.net. Therefore, if you elect not to be enrolled in Merlin.net it will affect your healthcare provider’s ability to monitor your condition and may affect their ability to treat you.
If you would like to have your information deleted from Merlin.net, you may do so by contacting your healthcare provider or clinic. If you request deletion of your information from Merlin.net and still have your ICM, your healthcare provider will not be able to remotely monitor your heart’s rhythm. Please be aware that if your healthcare provider or clinic deletes your information in Merlin.net, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
If you have questions, concerns or complaints about the processing of your personal information for the purpose of your medical care or wish to exercise your data protection rights, please contact your healthcare provider or clinic directly.
If you have questions, comments, or complaints about our privacy practices, please contact us by clicking on the “Contact Us” link in one of our websites or emailing us at cnprivacy@abbott.com. Alternatively, you may write to us at:
Attn: Privacy Officer, Abbott, One St. Jude Medical Drive, St. Paul, MN 55117, USA
For EEA, UK and Switzerland users, see also below under your regional section for additional contact details.
For Users in Brazil: If you have questions, comments, or complaints about our privacy practices, or if you would like to exercise any of your rights set out in the +How Individual Users can Access and Correct Personal Information and Your Rights section, please contact us by clicking on the “Contact Us” link in one of our websites or emailing our local DPO, Juliana Ruggiero, at privacybrasil@abbott.com. Alternatively, you may write to us at:
Attn: Juliana Ruggiero Privacy Officer
Laboratórios do Brasil Ltda.
Rua Michigan 735, São Paulo/SP
CEP: 04566-905
In all communications to us, please include the email address used to register for this App and a detailed explanation of your request.
This Privacy Notice is kept under regular review. If we make material changes to our privacy practices, an updated version of this Privacy Notice will reflect those changes. You will be alerted to updates to this Privacy Notice by email or the App when you next use the App.
Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Notice.
Abbott operates as a business associate to your healthcare provider in making this App available to you in compliance with the Health Insurance Portability and Accountability Act and its implementing regulations (collectively “HIPAA”). As a result, personal information, including health-related information, that is collected via this App is governed by HIPAA, and we may use and disclose your personal information consistent with our business associate obligations and as outlined in this Privacy Notice and Consent.
California Civil Code Section 1798.83 permits residents of the State of California to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. Abbott is required to respond to a customer request only once during any calendar year. To make such a request you should send a letter to Privacy Officer, Abbott, One St. Jude Medical Drive, St. Paul, MN 55117. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information sharing that is covered will be included in our response.
If you have any questions regarding Abbott’s compliance with the California Consumer Privacy Act (CCPA) and your rights under CCPA, please visit https://www.abbott.com/privacy-policy.html.
The Public Information Access Agency, in its capacity as supervisory body of Act No. 25.326, has jurisdiction over all accusations and complaints made by those affected in their rights for infringements to regulations in force referred to the protection of personal information.
If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principle (“APPs”) or a privacy code that applies to us, or if you have any queries or concerns about our Privacy Notice or the way we handle your personal information, please contact us using the details above and we will take reasonable steps to investigate and respond to you.
If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. See https://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office. We are not likely to disclose your personal information overseas, except as permitted by the Privacy Act 1988 (Cth), unless we otherwise advise you in writing. We may transfer your personal information to the United States. You consent to that disclosure and agree that by giving that consent, Australian Privacy Principle 8.1 no longer applies, and we are not required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.
In case of updates to this Privacy Notice that require new collection of consent, you will be notified through the contacts you have provided us.
Consent: To process personal information concerning your health, you must provide Abbott affirmative consent to use the Apps. You may withdraw your consent at any time by contacting us at privacy@abbott.com.
Legal basis for the processing of your personal information: Abbott processes your information based on the following legal basis as set out in the Lei Geral de Proteção de Dados (LGPD):
Your rights: If you would like to exercise any of your rights set out in the section titled + How Individual Users can Access and Correct Personal Information and Your Rights and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”, or other right as applicable, in the subject line of the email.) We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirements. You have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott’s processing of your personal information.
By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to the collection of your personal information, including personal identification number and health-related information and use of personal information in respect of all of the contents herein. For users under the age of 14, consent must be given by their guardian. If we discover that personal information of any minor under the age of 14 has been collected without the consent of his/her guardian, we will try to delete the relevant data as soon as possible. You may withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
We are not legally required to obtain consent to collect or use your personal information, including health-related information, under certain circumstances if the collection or use of your personal information, including health-related information is:
In addition to other rights you have under this Privacy Notice, you have the following additional rights:
If you have questions or would like to exercise any of these rights in respect of your personal information, including health-related information, please contact your healthcare provider in the first instance. If you contact us, we will work with your healthcare provider and do our best to respond to all reasonable requests in a timely manner in accordance with applicable legal requirements. We may charge a reasonable administrative fee for repeated requests within 3 months. If there is any material change to this Privacy Notice, we may publish the amendments in the form of a public announcement.
Requests to exercise your rights directed to us may not be processed if they are unreasonable or repetitive. We will not be able to process your request if:
Unless deletion is legally required or pursuant to your request, Abbott may retain any personal information, including health-related information, that you provide to us for the purpose of improving treatment guidance for patients using this App and Abbott’s cardiac-related products.
Personal information, including health-related information, generated and collected by us in China (excluding Hong Kong, Macau and Taiwan) is stored in China (excluding Hong Kong, Macau and Taiwan). Given that Abbott operates globally, your personal information may be transferred to and accessed by entities located outside of China (excluding Hong Kong, Macau and Taiwan).
We have in place a comprehensive security program that complies in all respects with applicable law and industry practices to protect your personal information, including health-related information. We will take all the commercially reasonable actions to ensure not to collect any personal information including health-related information irrelevant to the purposes as set out in this Privacy Notice, and will only retain your personal information, including health related information, within the retention period hereunder or a longer period as required by applicable laws. We will update and publish information about security risk, and a personal information security impact assessment as required by applicable laws.
In the event of a security incident related to your personal information, including health-related information, we will inform you in a timely manner as required by applicable laws by email, or other available contact methods with general information about the incident and its possible impact, the remediation actions we have taken and will take, and with advice to you on actions to mitigate any risks and to remediate the impact. We may report such incident and the remediation actions to the regulatory agency as required.
We process your personal information as a processor when providing our services to your doctor or clinic and may have access to your health data to provide your doctor or clinic with technical and customer support.
Legal basis for the processing of your personal information: Abbott processes your personal information, including your health-related personal information, as a controller on the following legal bases as set out in the GDPR:
When your healthcare provider created a patient profile in Merlin.net for you, you provided your explicit consent for Abbott to de-identify, pseudonymise, aggregate, and/or anonymise your personal information to conduct research. We conduct research using this de-identified or pseudonymised data, or aggregated, statistical and/or anonymised data for the following purposes:
For more information, see the +Research section.
We also process your personal information as a processor and do so on behalf of your healthcare provider. Your healthcare provider processes your personal information on the following legal bases under European Union or national law:
“GDPR” refers to the General Data Protection Regulation (2016/679) as to EU Member State implementing legislation, and for the UK, it refers to the UK Data Protection Act 2018, each as may be amended from time to time. Where we have included a country above that it outside the European Union, it has been done because such countries contain substantially similar or near equivalent laws to the GDPR.
Data transfers: Information collected via the Services will be transferred to and stored in the United States of America. If you request technical support your personal information (including health-related data) will be accessible by our remote care teams in the USA or Sweden only. Your personal data will be transferred on the basis of EU Standard Contractual Clauses.
Data Protection Officer: The contact details of our European data protection officer along with other useful contact information are available at www.eu-dpo@abbott.com.
Your rights: If you would like to exercise any of your rights set out in the section entitled + How Individual Users can Access and Correct Personal Information and Your Rights. and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”, or other right as applicable, in the subject line of the email.) We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirement. You have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott’s processing of your personal information.
Pacesetter, Inc. has appointed the following companies as its country representatives:
| Country | Representative Name | Representative Address |
|---|---|---|
| Austria, Romania | Abbott Medical Austria Ges.m.b.H. | Perfektastraße 84A 1230 Wien, Austria |
| Belgium, Luxembourg | Abbott Medical Belgium | The Corporate Village, Building Figueras, Da Vinci laan, 11 Box F1, Zaventem, Belgium |
| Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Iceland, Latvia, Malta, Slovakia, Slovenia | St. Jude Medical Coordination Center | The Corporate Village, Building Figueras, Da Vinci laan, 11 Box F1, Zaventem, Belgium |
| Denmark | Abbott Medical Danmark A/S | Produktionsvej 14, 2600 Glostrup, Denmark |
| Estonia | Abbott Medical Estonia OÜ | Mõisa 4/Vabaõhumuuseumi tee 3, 13522, Tallinn, Estonia |
| Finland | Abbott Medical Finland Oy | Vantaankoskentie 14, FI-01670 Vantaa, Finland |
| France | Abbott Medical France SAS | 1-3, esplanade du Foncet, CS 90087, 92442 Issy les Moulineaux Cedex, France |
| Germany | Abbott Medical GmbH | Helfmann-Park 7, 65760 Eschborn, Germany |
| Greece | Abbott Medical Hellas Limited Liability Trading Company (trade name: Abbott Medical Hellas Ltd.) In Greek: Άμποτ Ιατρικά Ελλάς Εμπορική Εταιρεία Περιορισμένης Ευθύνης and trading name of Άμποτ Ιατρικά Ελλάς Ε.Π.Ε | Iroos Matsi & Archaeou Theatrou Str., 17456 Alimos-Athens, Greece |
| Hungary | Abbott Medical Korlátolt Felelősségű Társaság (Abbreviated Name: Abbott Medical Kft.) |
Tóth Lőrinc utca 41. II. em., Budapest, 1126, Hungary |
| Ireland | Abbott Medical Ireland Limited | Riverside One, Sir John Rogerson's Quay, Dublin 2 D02X576, Ireland |
| Italy | Abbott Medical Italia S.p.A. | Sesto San Giovanni, Milano, Viale Thomas Alva, Edison 110 CAP 20099, Italy |
| Lithuania | UAB Abbott Medical Lithuania | Seimyniskiu str. 3, LT-09312 Vilnius, Lithuania |
| Netherlands | Abbott Medical Nederland B.V. | Standaardruiter 13, 3905 PT Veenendaal, Netherlands |
| Norway | Abbott Medical Norway AS | Gullhaugveien 7, Oslo, 0484, Norway |
| Poland | Abbott Medical spółka z ograniczoną odpowiedzialnością. | ul. Postepu 21B, 02-676, Warsaw, Poland |
| Portugal | Abbott Medical (Portugal) – Distribuicao de Produtos Medicos, Lda. | Estrada de Alfragide 67, Alfragide Edifico D, Amadora, Portugal |
| Spain | Abbott Medical España, S.A. | Francisca Delgado No. 11, Núcleo 3 – 3º Arroyo de la Vega, Alcobendas 28108, Spain |
| Sweden | Abbott Medical Sweden AB | Isafjordsgatan 15, 164 07 Kista, Sweden (Business Office) Jarfalla, PO Box 7051, 164 07 Kista, Stockholm, Sweden (Registered Office) |
Under the European Union Withdrawal Act 2020, European Union law will continue to apply in the United Kingdom until 31 December 2020. We will put appropriate measures in place to protect your personal information when we transfer it to the United States. Our local representative is Abbott Medical U.K. Limited, Elder, Central Boulevard, Blythe Valley Park, Solihull, B90 8AJ, UK.
Your consent is required for Abbott to process your personal information generally. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider or clinic. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
Pacesetter, Inc. is certified with the ASIP Santé to host personal health data, including the following activities:
The controller of your personal data for the purposes of medical treatment is your doctor/clinic. Pacesetter, Inc. (a St. Jude Medical, LLC affiliate and wholly owned subsidiary of Abbott Laboratories, Inc.) of 15900 Valley View Court, Sylmar, California 91342, United States of America is the controller of personal data to (1) provide you with this App; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research once the personal information has been de-identified, pseudonymised, aggregated and/or anonymized, so that it does not identify you by name. We conduct research to understand how our products and services are used, their effectiveness and for real-world evidence studies. For more information, see +Abbott’s Own Use of Your Personal Information, +Medical Devices and other Legal Requirements, +Research, and +Retention of Personal Information. Our local representative is Abbott Medical France SAS., 1-3, esplanade du Foncet, CS 90087, 92442 Issy les Moulineaux Cedex, France.
Your consent is required for Abbott to handle your “special care-required personal data” (referred to in this Privacy Notice as your health-related information) and to transfer your personal information, including health-related information, to any third party outside of Japan (except for transfers to the EU, for which an adequacy decision has been issued by the Japanese government). By accepting or agreeing to this Privacy Notice, you are deemed to have consented to the processing of your personal information, including health-related information, as described herein. You may withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
You have the right to lodge a complaint to the Information Regulator regarding the processing of your personal information, by writing to: The Information Regulator, SALU Building, 316 Thabo Sehume Street, PRETORIA, Tel: 012 406 4818, Fax: 086 500 3351, inforeg@justice.gov.za.
By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to all of the contents herein. For users under the age of 14, consent must be given by their guardian. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
This Privacy Notice sets out information on the collection, use, provision to third parties, outsourcing of the processing, and cross-border transfer of your personal information, including health-related information, by Pacesetter, Inc., in connection with the provision of the App and the Services. All of the following categories of processing of personal information, including health-related information, are necessary for the provision of the App and the Services. Therefore, you will be unable to receive this App and the Services if you choose not to consent to such processing.
You may provide your consent collectively to all of the following consent categories by accepting or agreeing to this Privacy Notice:
You may withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
Your consent is required for Abbott to process your personal information except where we do so for us to comply with a legal obligation as described in +Medical Devices and other Legal Requirements. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you would like to have your information deleted from Merlin.net, you may do so by contacting your healthcare provider or clinic. Please be aware that if you ask your healthcare provider or clinic to delete your information from Merlin.net, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
MAT-2107843 v1.0
Unless otherwise specified, all product and service names appearing in this Internet site are trademarks owned by or licensed to Abbott, its subsidiaries or affiliates. No use of any Abbott trademark, trade name, or trade dress in this site may be made without the prior written authorization of Abbott, except to identify the product or services of the company.
Unless otherwise specified, all product and service names appearing in this Internet site are trademarks owned by or licensed to Abbott, its subsidiaries or affiliates. No use of any Abbott trademark, trade name, or trade dress in this site may be made without the prior written authorization of Abbott, except to identify the product or services of the company.
The following content is intended for Healthcare Professionals except for those in France. Some of the content is not in compliance with the French Advertising law N°2011-2012 dated 29th December 2011, article 34.
Si vous êtes un professionnel de santé exerçant en France ou dans les territoires Français, veuillez visiter notre site en français.
Do you want to continue?