Abbott, through its local affiliate, provides the myMerlinPulse™ App (“App”) for an implantable heart device obtained from us (including, where available, the Avant™, Neutrino™, Gallant™, and Entrant™ implantable heart device (“Device”)) which transmits data to the Merlin.net™ Patient Care Network (“Merlin.net”) (together the “Services”) so that your doctor or clinic can remotely monitor and program your heart device and provide you with medical treatment. Your Clinic has entered into an agreement with Abbott to provide it with Merlin.net which holds information about your cardiac device and heart condition. The local Abbott affiliated company for your associated Clinic’s principal location is referred to as “Abbott” in this Privacy Policy and is the provider of Merlin.net to your Clinic.
We are committed to protecting your personal information. This Privacy Notice (“Privacy Notice”) explains how we handle your personal information for the Services and what we do to keep your personal information secure. We understand that a lot of information is included in this Privacy Notice. We want to provide you with a short and easily accessible summary of how we handle, protect, retain, store and disclose your personal information. For more information, see +About the Services and +Security of Personal Information in the full Privacy Notice below.
THIS SUMMARY IS NOT COMPREHENSIVE. YOU WILL NEED TO READ THE RELEVANT SECTIONS OF THE PRIVACY NOTICE BELOW TO FULLY UNDERSTAND HOW WE PROCESS YOUR PERSONAL INFORMATION.
We use personal information when you set up the App, which includes your date of birth and device serial number. We use your email address or telephone number for authentication purposes during pairings of your heart device. This App transmits information from your device to us, and if you contact our customer services, we will keep a separate record relating to your request for technical support. We also use personal information entered by your healthcare provider into Merlin.net. For more information, see +Collection and Processing of Your Personal Information and +Country Specific Provisions in the full Privacy Notice below.
We use personal information to: (1) provide you with the Services; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research once the personal information has been de-identified, pseudonymized, aggregated and/or anonymized, so that it does not identify you by name. We conduct research to understand how our products and services are used, their effectiveness and for real-world evidence studies. For more information, see +Abbott’s Own Use of Your Personal Information, +Medical Devices and other Legal Requirements, +Research, +Retention of Personal Information in the full Privacy Notice below.
We strictly limit who we share your personal information with and will never sell the information to third parties for our commercial benefit. We do share personal information with our affiliated companies to help support and provide technical assistance for the Services, for compliance purposes, to conduct research, or to perform troubleshooting/ diagnostics and broader analysis to detect systemic issues. For more information, see +Disclosure of Personal Information by Us and +Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider in the full Privacy Notice below.
Where your location grants you certain rights in relation to your personal information, we will respond to such requests. For more information, see +How Individual Users Can Access and Correct Personal Information and Your Rights in the full Privacy Notice below.
Personal information relating to the Services is stored either on servers in the United States of America or in a regional deployment in Europe, depending on your country of residence. For more information, see +Data Storage and +Cross-Border Transfers of Personal Information in the full Privacy Notice at the link below. We also recommend that you check +COUNTRY SPECIFIC PROVISIONS, as there may be additional provisions that apply depending on your country of residence.
Please contact and direct all enquiries regarding the Services to your clinic in the first instance. Your clinic is the ‘controller’ of your personal data when they provide you with medical care. We are the ‘processor’ of your personal information on their behalf to provide you and your clinic with the Services. If you have any questions or comments relating to privacy, you can contact us by emailing us at privacy@abbott.com. If you are located in the European Economic Area, you may contact our European data protection officer or contact your local data protection authority. The contact details for Abbott’s European data protection officer, as well as other useful contact information, are available at www.EU-DPO.abbott.com. For more information, see +Contact Us in the full Privacy Notice below.
If we update this Privacy Notice with material changes, we will alert you by email or the App when you next use the App. For more information, see +Changes to this Privacy Notice in the full Privacy Notice below.
To access the full Privacy Notice, click on the link for your region:
US: https://www.cardiovascular.abbott/us/en/policies/mymerlinpulse-app-privacy.html
Outside US: https://www.cardiovascular.abbott/int/en/policies/mymerlinpulse-app-privacy.html
™ Indicates a trademark of the Abbott group of companies.
© 2024 Abbott. All rights reserved
Version Date: January 2024
Abbott, through its local affiliate, provides the Merlin.net™ Patient Care Network (“Merlin.net”). Your Clinic has entered into an agreement with Abbott to provide it with Merlin.net which holds information about your cardiac device and heart condition. The local Abbott affiliated company for your associated Clinic’s principal location is referred to as “Abbott,” “we,” “us,” and “our,” in this Privacy Policy and is the provider of Merlin.net to your Clinic. Abbott provides the myMerlinPulse™ mobile application (“App”) (together, Merlin.net and the App are referred to as the “Services”).
We recognize the importance of data protection and privacy and are committed to protecting personal information, including health-related information. This Privacy Notice describes how your personal information is collected and used by Abbott when you use the Services.
Please read this Privacy Notice carefully before registering to use this App as it applies to the processing, transfer and storage of your personal information, including health-related data by Abbott and certain affiliated companies as described below. It also applies to the processing of your personal information by our affiliated companies and by our processors if required to address a customer service issue related to the Services.
This Privacy Notice does not apply to personal information processed or collected by other Abbott affiliates or subsidiaries or via other methods, such as other Abbott websites, other Abbott customer call centers. Your doctor’s use of Merlin.net and other privacy policies may apply to the personal information processed or collected through these methods.
By registering and using this App, you accept this Privacy Notice and you:
BY ACCEPTING OR AGREEING TO THIS PRIVACY NOTICE, YOU EXPLICITLY ACKNOWLEDGE THAT YOUR USE OF THIS APP AND THE SERVICES ARE SUBJECT TO THIS PRIVACY NOTICE AND TO THE PROCESSING AND TRANSFER OF PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, AS DESCRIBED IN THIS PRIVACY NOTICE. (THIS PARAGRAPH DOES NOT APPLY TO USERS IN THE EUROPEAN ECONOMIC AREA (“EEA”), UNITED KINGDOM (“UK”) AND SWITZERLAND. FOR MORE INFORMATION, SEE REGIONAL SECTIONS BELOW).
WHERE REQUIRED BY THE LAW OF YOUR COUNTRY OF RESIDENCE, CLICKING “ACCEPT” OR “AGREE” MEANS THAT YOU ARE PROVIDING EXPLICIT CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION AND TO TRANSFER YOUR PERSONAL INFORMATION TO ABBOTT’S SERVERS LOCATED IN THE UNITED STATES OF AMERICA.
YOUR CONSENT IS GRANTED AT YOUR FREE WILL AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION TO ABBOTT.
+About Us
Abbott is the manufacturer of the App and the implantable heart device, including, where available, the Avant™, Neutrino™, Gallant™, and Entrant™ implantable heart device (“Device”) and Abbott, through its local affiliate, is the provider of Merlin.net to your Clinic.
Your healthcare provider is a controller of your personal data for the purposes of providing your medical care. Your healthcare provider is responsible for how such data is processed and for ensuring that information transmitted through the Services complies with applicable privacy and data protection laws. The reference to ‘controller’ is based on its definition in the data protection laws of the EEA, the UK and Switzerland and, where applicable, has the equivalent meaning of similar terms in other countries data protection and privacy laws in which you reside.
Abbott is a controller of personal information when we use personal information to: (1) provide you with the Services; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research relating to the Services once the personal information has been de-identified, pseudonymized, aggregated and/or anonymized. For further information see +Abbott’s Own Use of Your Personal Information.
+About the Services
Merlin.net is a remote care system that holds information transmitted from your Device through the Services.
The Services enable the automated transmission of information collected from your Device and uploaded via the App to Abbott’s private and secure database. Through Merlin.net, your healthcare provider can receive regular updates on the performance and status of your Device and its effect on your health so as to monitor your condition remotely. The Services help your healthcare provider to monitor your heart condition and/or modify your treatment without the need for you to visit a clinic in person as frequently.
Before you can use the Services, your healthcare provider must register you on Merlin.net and you must have a mobile device that meets minimum system requirements. Once you have entered your date of birth and the serial number of your Device in the App, you must pair the App to your Device. If you need to re-pair your Device with another App after the first-time registration, you must also obtain an activation code, which you can elect to have sent to the email address or telephone number that you provided to your healthcare provider. Once you have entered this activation code in the App, you must pair your Device to the App. The App will inform you once set up is complete. The App sends transmissions from your Device to Merlin.net, so that your healthcare provider can remotely monitor your Device.
Depending on your location, our call center agents may contact you following the implant of your Device to assist you with your use of the App, including answering any queries you may have on using the App on your mobile device, pairing the App to your mobile device and basic troubleshooting of the App on your mobile device.
+Collection and Processing of Your Personal Information
The following categories of your personal information are processed when you use the App:
The App links with and transmits data from your Device to Merlin.net. The Services relating to Merlin.net use additional personal information, including health-related data that your healthcare provider inputs when creating a Merlin.net patient profile for you. That personal information may include your phone number or email, Device model and serial number, and other optional fields including gender, race, preferred language, clinical comments and the functioning of your Device, dates of treatment and transmissions, information about your condition, a clinic assigned patient number or other patient identifier. Your healthcare provider may also input the information of an emergency contact for you, including their name, phone number, and address. You may choose whether or not to provide an emergency contact and to do so, you must have received your emergency contact’s authorization to provide their information for the purpose of being your emergency contact. Abbott may need to access this personal information to support and maintain the Services.
+Your Healthcare Provider’s Use of Your Information
Your healthcare provider will collect your personal information as part of your medical treatment and will input your information into Merlin.net. Your healthcare provider uses the Services to help monitor your Device and your heart rhythm. This provides your healthcare provider with the type of information that may result in them adjusting your Device or asking you to come in for an appointment.
Your healthcare provider or clinic processes your personal information for the following purposes:
+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider
We process your personal information as a processor on behalf of your healthcare provider or clinic. Such processing is on the instructions of your healthcare provider or clinic and relates to the following purposes:
Depending on your location, we may provide support services to your healthcare provider or clinic from locations in: Sweden; other European locations, particularly if we have operations in your country of residence; or our other support centers located in the United States of America, Costa Rica and/or Malaysia. We may also use other third parties to provide technical or clinical support to your healthcare provider or clinic. Where we use any third party to help us provide support Services to your healthcare provider or clinic, we put in place adequate measures to safeguard the confidentiality, integrity and security of your personal information.
The reference to ‘processor’ is based on its definition in the data protection laws of the EEA, the UK and Switzerland and, where applicable, has the equivalent meaning of similar terms in other countries data protection and privacy laws in which you reside.
+Abbott’s Use of Your Personal Information
Abbott processes your personal information, including your health-related personal information, as a controller for the following purposes:
When your healthcare provider creates a patient profile in Merlin.net for you, and where required by applicable law, you provided your explicit consent for Abbott to de-identify, pseudonymize, aggregate, and/or anonymize your personal information to conduct research. For more information, see the +Research section.
Apart from the above processing, Abbott may only use your data for other purposes if you have consented for Abbott to do so. Please see the Merlin Data Use Consent form relating to these purposes.
The reference to ‘controller’ is based on its definition in the data protection laws of the EEA, the UK and Switzerland and, where applicable, has the equivalent meaning of similar terms in other countries data protection and privacy laws in which you reside.
+Data Storage
We receive data transmitted by the App and Device before it is then stored. Personal information is stored either on premises in the United States of America or in a regional deployment in the Europe, depending on the location of your healthcare provider. If your healthcare provider is located in the United States of America or in countries outside of the EEA, the UK or Switzerland, personal information will be stored on servers in the United States of America. For the EEA, the UK and Switzerland personal information will be stored either in a regional deployment in the EU (if your healthcare provider has agreed to store information in this deployment) or on servers in the United States of America.
From the third quarter of 2023 for healthcare providers in the EEA, the UK and Switzerland who have elected to store personal data in the EU regional deployment, Abbott uses Microsoft Azure to host information transmitted from your Device through this App, and, if your healthcare provider is located in a member country of the EEA, Switzerland or the UK, the App will transmit your personal information to servers within the territory of the EU. For French users, Microsoft Azure is certified by the French agency for digital health, the Agence du Numérique Santé to host health-related information. Personal information transmitted to Merlin.net may be hosted in the country closest to your healthcare provider’s country location or otherwise in accordance with the data storage and privacy requirements of your healthcare provider’s location.
When your personal information is transmitted and hosted on Merlin.net servers in a country other than the country location of your healthcare provider or your country of residence, it may become subject to the laws of the host country, which may not be equivalent to the laws of the country of your healthcare provider or your country of residence. Abbott has implemented appropriate security measures and controls to protect your personal information. For more information about our global server locations and on which servers your personal information, including health-related information, is stored, please contact your healthcare provider.
See also +Security of Personal Information and +Cross-Border Transfers of Personal Information.
+Medical Devices and other Legal Requirements
Abbott may use personal information where legally required and where possible we will de-identify, pseudonymize, aggregate and/or anonymize information to comply with our legal obligations as a medical device manufacturer. This information is securely held by Abbott and will not be used to identify you individually by your name or email address, except where we are under a legal obligation to include this information. Where such use of personal information is subject to legal requirements, we do not require consent.
The legal requirements for which Abbott will use this information are:
We use the terms ‘de-identify’ and ‘pseudonymize’ interchangeably. US health insurance portability law (HIPAA) describes de-identified information as information where ‘there is no reasonable basis to believe that the information can be used to identify an individual’. The EU General Data Protection Regulation (2016/679) (GDPR) defines ‘pseudonymization’ as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information’. Anonymized data is information that does not relate to a person and from which a person cannot be identified, and this kind of data usually falls outside data protection and privacy laws.
For more information about GDPR, please see +EEA, UK, Cayman Islands, Switzerland and Thailand below.
+Research
Where required by applicable law, Abbott requests your explicit consent to allow us to de-identify or pseudonymize, aggregate, and/or anonymize your personal information to conduct research for limited purposes.
If a data set used for research purposes, the data will not include your name, address, phone number, or email address. We take steps to ensure that there is no reasonable basis from which the de-identified or pseudonymized data can be used to identify you individually. Data used in research may include Device model and serial number, intervals between implant date and subsequent visit dates, implant date, and demographics such as place of residence and age.
We conduct research using this de-identified or pseudonymized data, or aggregated, statistical and/or anonymized data for the following purposes:
Where you have been asked to consent to the processing of your personal information, you can withdraw consent at any time by contacting us. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that where you withdraw consent, Abbott will only stop processing your personal information that relates to the withdrawal of consent. Abbott will still process personal information where it is under a contractual obligation to do so with your healthcare provider or other legal obligation to do so, such as described in +Medical Devices and other Legal Requirements.
If you are ever asked to participate in a clinical trial, and where required by applicable law, you will be asked to provide a separate informed consent to the research site prior to taking place in any such trial and your participation is completely voluntary. The research is this section does not relate to participation in a clinical trial. For more information about HIPAA, please see +USA below for further information. For more information about GDPR, please see +EEA, UK, Cayman Islands, Switzerland and Thailand below.
+Retention of Personal Information
Information collected from your Device will be retained for a maximum period of seven (7) years from the date of your most recent transmission (that is, the date you last use your Device and/or the App), except as may be required by law.
The section +Deleting Your Information from Merlin.net explains how you can arrange to have your healthcare provider or clinic delete your information from the Merlin.net Patient Care Network.
+Disclosure of Personal Information by Us
We may share your personal information as follows:
+Security of Personal Information
Abbott has implemented appropriate security controls within the Services to protect your personal information from accidental or unlawful destruction or accidental loss, alteration, disclosure, or access.
Information received from your Device is encrypted before transmission to ensure that it will remain secure and confidential. The Services include various security measures to enhance the security of your patient profile and to prevent unauthorized access to, or disclosure of, your personal information. Only those authorized by your healthcare provider or clinic, including their authorised staff, will have access to your patient profile and only through unique IDs and passwords. Abbott has implemented various security and access controls to ensure that only authorized persons within Abbott may access pseudonymized, aggregated and de-identified data.
We use Bluetooth®1 4.0 wireless technology or higher to transmit different sets of personal information between medical devices and iOS or Android devices. Any information relating to measurements taken from your Device is transmitted through Bluetooth technology.
Please be aware that the Services may be unavailable during periods of routine maintenance.
+Cross-Border Transfers of Personal Information
Depending on the location of your clinic, information collected via the Services may be transferred to and stored in the United States of America. The data protection laws of the USA may not offer protections for personal information equivalent to those of the EEA, the UK, Switzerland or your country of residence. If you are located in the EEA, the UK or Switzerland, and your data is stored in the USA, your healthcare provider and Abbott will have entered into the European Commission approved standard contractual clauses, and for the UK, the UK Addendum for international transfers. You are requested to explicitly consent to the transfer of your personal information to Abbott’s servers in the United States of America.
If you contact us directly and request technical support, your personal information (including health-related data) may be accessible by our remote care teams in the USA, Sweden (or other European locations), Costa Rica and/or Malaysia. Abbott intracompany data transfers are governed by a data transfer agreement providing adequate safeguards to protect personal information.
We also refer you to +COUNTRY SPECIFIC PROVISIONS, for additional provisions that apply to international transfers of personal information depending on your country of residence.
BY USING THIS APP AND BY ACKNOWLEDGING THIS PRIVACY NOTICE AND CONSENT, WE ARE INFORMING YOU OF THESE TRANSFERS OF YOUR PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA, SWEDEN (OR OTHER EUROPEAN LOCATIONS), COSTA RICA AND/OR MALAYSIA AND TO THE ACCESS OF YOUR PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, WHICH MAY BE REQUIRED IN EXCEPTIONAL CIRCUMSTANCES TO RESPOND TO ANY SUPPORT REQUESTS YOU OR YOUR DOCTOR REQUESTS. THESE COUNTRIES MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION FOR YOUR PERSONAL INFORMATION WHEN COMPARED WITH DATA PROTECTION OR PRIVACY LAWS IN WHICH YOU RESIDE.
+How Abbott Sends Marketing and Other Material
We will not knowingly send you advertising or marketing-related information, unless you have opted into receiving these types of communications from us in relation to our other products and services.
Neither Abbott nor its affiliates or licensors will knowingly send advertising or marketing-related information to children.
We do not sell your personal information to third parties for direct marketing.
Please note that we may send you non-marketing related information about necessary App and service updates or issues relating to product safety.
+How Abbott Protects Children’s Privacy
Children can be enrolled in Merlin.net by a healthcare provider or clinic. At any time, a parent/guardian may stop the collection of a child’s personal information, including health-related information, by contacting the healthcare provider or clinic and requesting that the account be deleted. This action will delete the Merlin.net account associated with the child, but we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
+How Individual Users Can Access and Correct Personal Information and Your Rights
To exercise any data protection or privacy rights, you should contact your healthcare provider or clinic in the first instance. We are not able to correct or amend any readings from your Device that have been uploaded.
Depending on your place of residence, you may have the right to: (a) access the personal information we hold about you; (b) request we correct any inaccurate personal information we hold about you; (c) delete any personal information we hold about you; (d) restrict the processing of personal information we hold about you; (e) object to the processing of personal information we hold about you; and/or (f) receive any personal information you have provided to us on the basis of your consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit your personal information to another company.
Children may also have the right to access the personal information held about them. Where we receive a request for access for a child’s personal information from the child’s parent/guardian, we may respond directly to the child’s parent/guardian or recommend that they contact their child’s doctor or clinic. We will always seek to verify the identity of person seeking access to a child’s information, whether it is from the child him/herself or from a parent or guardian.
To request the exercise of these rights, please contact your healthcare provider or clinic in the first instance as the controller of your personal information for the purpose of providing you medical care. You may contact us where we are the controller of your personal information using any of the methods set out in the section entitled +Contact Us.
+Deleting Your Information from Merlin.net
If you have been implanted with a Device, the only way your healthcare provider can monitor you is via Merlin.net. Therefore, if you elect not to be enrolled in Merlin.net it will affect your healthcare provider’s ability to monitor your condition and adjust the settings on your Device and may affect their ability to treat you.
If you would like to have your information deleted from Merlin.net, you may do so by contacting your healthcare provider or clinic. If you request deletion of your information from Merlin.net and still have your Device, your healthcare provider will not be able to remotely monitor your heart’s rhythm. Please be aware that if your healthcare provider or clinic deletes your information in Merlin.net, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
+Contact Us
If you have questions, concerns or complaints about the processing of your personal information for the purpose of your medical care or wish to exercise your data protection rights, please contact your healthcare provider or clinic directly.
If you have questions, comments, or complaints about our privacy practices, please contact us by clicking on the “Contact Us” link in one of our websites or emailing us at privacy@abbott.com. Alternatively, you may write to us at:
Attn: Privacy Officer, Abbott, One St. Jude Medical Drive, St. Paul, MN 55117, USA
For EEA, UK and Switzerland users, see also below under your regional section for additional contact details.
For Users in Brazil: If you have questions, comments, or complaints about our privacy practices, or if you would like to exercise any of your rights set out in the +How Individual Users can Access and Correct Personal Information and Your Rights section, please contact us by clicking on the “Contact Us” link in one of our websites or emailing our local DPO, Juliana Ruggiero, at privacybrasil@abbott.com. Alternatively, you may write to us at:
Attn: Juliana Ruggiero Privacy Officer
Laboratórios do Brasil Ltda.
Rua Michigan 735, São Paulo/SP
CEP: 04566-905
In all communications to us, please include the email address used to register for this App and a detailed explanation of your request.
+Changes to this Privacy Notice
This Privacy Notice is kept under regular review. If we make material changes to our privacy practices, an updated version of this Privacy Notice will reflect those changes. You will be alerted to updates to this Privacy Notice by email or the App when you next use the App.
Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Notice.
+COUNTRY SPECIFIC PROVISIONS
+Algeria, Armenia, Chile, Dominican Republic, Colombia, Libya, Morocco, Pakistan, Panama, Paraguay, Saudi Arabia, Trinidad & Tobago, and Tunisia
Your consent is required for Abbott to process your personal information generally. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider or clinic. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment.
+Argentina
The Public Information Access Agency, in its capacity as supervisory body of Act No. 25.326, has jurisdiction over all accusations and complaints made by those affected in their rights for infringements to regulations in force referred to the protection of personal information.
+Australia
If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principle (“APPs”) or a privacy code that applies to us, or if you have any queries or concerns about our Privacy Notice or the way we handle your personal information, please contact us using the details above and we will take reasonable steps to investigate and respond to you.
If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. See http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.
We are not likely to disclose your personal information overseas, except as permitted by the Privacy Act 1988 (Cth), unless we otherwise advise you in writing. We may transfer your personal information to the United States. You consent to that disclosure and agree that by giving that consent, Australian Privacy Principle 8.1 no longer applies, and we are not required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.
+Azerbaijan
BY CLICKING “ACCEPT” OR “AGREE” YOU ARE PROVIDING YOUR CONSENT TO THE CROSS-BORDER TRANSFER OF YOUR PERSONAL INFORMATION INCLUDING YOUR HEALTH-RELATED INFORMATION (AS SPECIAL CATEGORY PERSONAL INFORMATION) FOR THE PURPOSES DESCRIBED IN THIS PRIVACY NOTICE.
For users under the age of 18, the consent must be given by one of their parents or guardians.
After expiry of the retention period determined in +Retention of Personal Information, your personal information will either be deleted or archived in accordance with and in the manner established by applicable data protection laws.
In addition to your rights described in +How Individual Users Can Access and Correct Personal Information and Your Rights, you may also withdraw your consent any time or serve a written objection as to processing of your personal information by contacting your healthcare provider. If you withdraw your consent or serve a written objection, collection and processing of your personal data will be stopped and Abbott will retain de-identified/pseudonymized information. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment.
+Bahrain
We process your personal data in accordance with Law No.30 of 2018 Promulgating the Personal Data Protection Law (“PDPL”).
By clicking “accept” or “agree”, you are deemed to explicitly consent to the processing of your personal information, to the extent that Abbott relies on consent as legal grounds for processing under the PDPL.
Abbott may retain your personal information for as long as necessary to fulfil the purposes for which it has been collected, as outlined in this Privacy Policy, or any longer retention period required by law.
For more information about your rights under the PDPL and how to exercise them, please contact Abbott at the contact information listed under +Contact Us.
You have the right to lodge a complaint with the Bahrain Personal Data Protection Authority (“PDPA”) in relation to the processing of your personal data. The complaints form and the contact details of the PDPA are available on the following weblink: www.pdp.gov.bh.
+Belarus
Clicking “accept” or “agree” means that you are providing explicit consent to collecting, processing, using, storing and transferring to third parties (or making available in another way, including cross-border transfer) of your personal information, including health-related information.
+Bosnia and Herzegovina and Montenegro
The controller of your personal data for the purposes of medical treatment is your doctor/clinic. Abbott, through its local affiliate, Abbott Laboratories S.A., Bul. Mihajla Pupina 115d, 11070 Novi Beograd, Serbia is the controller of personal data to (1) provide you with this App; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research once the personal information has been de-identified, pseudonymized, aggregated and/or anonymized, so that it does not identify you by name. Abbott conducts research to understand how our products and services are used, to measure their performance and effectiveness, to improve future products, and in connection with real-world evidence studies.
+Brazil
In case of updates to this Privacy Notice that require new collection of consent, you will be notified through the contacts you have provided us.
Consent: To process personal information concerning your health, you must provide Abbott affirmative consent to use the Apps. You may withdraw your consent at any time by contacting us at privacy@abbott.com.
Legal basis for the processing of your personal information: Abbott processes your information based on the following legal basis as set out in the Lei Geral de Proteção de Dados (LGPD):
Your rights: If you would like to exercise any of your rights set out in the section titled +How Individual Users can Access and Correct Personal Information and Your Rights and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”, or other right as applicable, in the subject line of the email.) We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirements. You have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott’s processing of your personal information.
+Canada
BY ACCESSING OR USING THE APP AND SERVICES, YOU SIGNIFY THAT YOU HAVE READ, UNDERSTOOD AND CONSENT TO OUR COLLECTION, STORAGE, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION, INCLUDING PERSONAL HEALTH INFORMATION, AS DESCRIBED IN THIS PRIVACY NOTICE.
You acknowledge and understand that many of our service providers, business partners and affiliates operate from outside of Canada. By using the App and Services, you consent that your personal information, including personal health information, may be stored, processed, or transferred to other countries (including the United States where we are headquartered) which may not guarantee the same level of protection of personal information as the jurisdiction in which you reside. Your personal information will be subject to the local laws of the jurisdiction where it is transferred and in certain circumstances, other foreign governments, courts, law enforcement agencies or regulatory agencies may be entitled to access your personal information.
We have in place appropriate physical, technological, and organizational safeguards including access controls to protect personal information against loss, theft, and unauthorized access, use and disclosure. Notwithstanding the safeguards we employ and our commitment to protecting personal information, we cannot guarantee the security or error-free transmission or storage of personal information. There are risks inherent in the use of electronic means to transmit and hold information in electronic format. Any transmission of information is at your own risk.
We may retain your personal information for as long as necessary to fulfil the purposes for which it has been collected, as outlined in this Privacy Notice, or any longer retention period required by law.
Please note that if you exercise certain of your rights set out in the section titled +How Individual Users Can Access and Correct Personal Information and Your Rights, including withdrawing your consent, this may limit our ability to provide you with certain Services.
Any changes that we make to this Privacy Notice will become effective when we make a modified version of the Privacy Notice available on the App. Your continued use of the App and/or the Services following any such change constitutes your agreement to follow and be bound by the most recent version of this Privacy Notice.
+EEA, UK, Cayman Islands, Switzerland and Thailand
We process your personal information as a processor when providing our services to your doctor or clinic and may have access to your health data to provide your doctor or clinic with technical and customer support.
Legal basis for the processing of your personal information: Abbott processes your personal information, including your health-related personal information, as a controller on the following legal bases as set out in the GDPR:
When your healthcare provider created a patient profile in Merlin.net for you, you provided your explicit consent for Abbott to de-identify, pseudonymize, aggregate, and/or anonymize your personal information, including its transfer to Abbott in the USA, to conduct research. We conduct research using this de-identified or pseudonymized data, or aggregated, statistical and/or anonymized data for the following purposes:
For more information, see the +Research section.
We also process your personal information as a processor and do so on behalf of your healthcare provider. Your healthcare provider processes your personal information on the following legal bases under European Union or national law:
“GDPR” refers to the General Data Protection Regulation (2016/679) as to EU Member State implementing legislation, and for the UK, it refers to the UK Data Protection Act 2018, each as may be amended from time to time. Where we have included a country above that it outside the European Union, it has been done because such countries contain substantially similar or near equivalent laws to the GDPR.
Data transfers: Information collected via the Services will be transferred to and stored in the United States of America. If you request technical support your personal information (including health-related data) will be accessible by our remote care teams in the USA or Sweden only. Your personal data will be transferred on the basis of EU Standard Contractual Clauses.
If you are located in the EEA, Switzerland or UK, your healthcare provider and Abbott will have entered into the European Commission approved Standard Contractual Clauses, and for the UK, the UK Addendum for international transfers.
If you contact us directly and request technical support, your personal information (including health-related data) may be accessible by our remote care teams in the USA, and the EU. Abbott international intracompany data transfers are governed by a data transfer agreement incorporating the European Commission approved Standard Contractual Clauses providing adequate safeguards to protect personal information transferred outside the EEA, Switzerland, and the UK. See + Data Storage
Abbott also transfers your personal information, as a “controller”, as necessary for Abbott to comply with its legal requirements, such as those related to the quality and safety of medical devices or reimbursement or payment of medical costs, as described in +Medical Devices and other Legal Requirements, or, where required by law subject to your explicit consent, such as conducting research, as described in +Research.
The references to “controller” and “processor” are based on their respective definitions in the GDPR, the UK Data Protection Act 2018 and the Swiss Federal Act of Data Protection of 25 September 2020, each as may be amended from time to time.
Data Protection Officer: The contact details of our European data protection officer along with other useful contact information are available at www.eu-dpo@abbott.com.
Your rights: If you would like to exercise any of your rights set out in the section entitled +How Individual Users Can Access and Correct Personal Information and Your Rights and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”, or other right as applicable, in the subject line of the email.) We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirement. You have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott’s processing of your personal information.
Additional information for users in France: In addition to the provisions contained in this section, specific requirements do apply for France.
Health data hosting: your personal information will only be hosted on secure servers located in the Republic of Ireland, a member of EU, and will not be transferred to the United States of America, unless it is absolutely necessary. These servers located hold the health data hosting (“HDS”) certification in accordance with the provisions of the French public health Code.
Interoperability & security: Abbott is committed to comply with the interoperability and security requirements adopted by the French Digital Health Agency (“ANS”), as amended from time to time. This includes compliance with national health identity requirements, so that your health data can be referenced with your National health identifier (“INS”) on Merlin.net. We may then collect INS information such as your gender and place of birth if you are based in France. This also includes compliance with data portability requirements, so that Merlin.net allows the export of your health data.
+EEA and Swiss Local Abbott Affiliated Companies
| Country | Representative Name | Representative Address |
|---|---|---|
| Austria, Romania | Abbott Medical Austria Ges.m.b.H. | Perfektastraße 84A 1230 Wien, Austria |
| Belgium, Luxembourg | Abbott Medical Belgium | The Corporate Village, Building Figueras, DaVinci Iaan, 11 Box F1, Zaventem, Belgium |
| Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Iceland, Latvia, Malta, Slovakia, Slovenia | St. Jude Medical Coordination Center | The Corporate Village, Building Figueras, DaVinci Iaan, 11 Box F1, Zaventem, Belgium |
| Denmark | Abbott Medical Danmark A/S | Produktionsvej 14, 2600 Glostrup, Denmark |
| Estonia | Abbott Medical Estonia OÜ. | Mõisa 4/Vabaõhumuuseumi tee 3, 13522, Tallinn, Estonia |
| Finland | Abbott Medical Finland Oy | Vantaankoskentie 14, FI-01670 Vantaa, Finland |
| France | Abbott Medical France SAS. | 1-3, esplanade du Foncet, CS 90087, 92442 Issy les Moulineaux Cedex, France |
| Germany | Abbott Medical GmbH | Helfmann-Park 7, 65760 Eschborn, Germany |
| Greece | Abbott Medical Hellas Limited Liability Trading Company (trade name: Abbott Medical Hellas Ltd.) In Greek: Άμποτ Ιατρικά Ελλάς Εμπορική Εταιρεία Περιορισμένης Ευθύνης and trading name of Άμποτ Ιατρικά Ελλάς Ε.Π.Ε | Iroos Matsi & Archaeou Theatrou Str., 17456 Alimos-Athens, Greece |
| Hungary | Abbott Medical Korlátolt Felelősségű Társaság (Abbreviated Name: Abbott Medical Kft.). | Tóth Lőrinc utca 41. II. em., Budapest, 1126, Hungary |
| Ireland | Abbott Medical Ireland Limited | Riverside One, Sir John Rogerson's Quay, Dublin 2 D02X576, Ireland |
| Italy | Abbott Medical Italia S.p.A. | Sesto San Giovanni, Milano, Viale Thomas Alva, Edison 110 CAP 20099, Italy |
| Lithuania | UAB Abbott Medical Lithuania | Seimyniskiu str. 3, LT-09312 Vilnius, Lithuania |
| Netherlands | Abbott Medical Nederland B.V. | Standaardruiter 13, 3905 PT Veenendaal, Netherlands |
| Norway | Abbott Medical Norway AS | Gullhaugveien 7, Oslo, 0484, Norway |
| Poland | Abbott Medical spółka z ograniczoną odpowiedzialnością. | ul. Postepu 21B, 02-676, Warsaw, Poland |
| Portugal | Abbott Medical Austria Ges.m.b.H. | Perfektastraße 84A 1230 Wien, Austria |
| Belgium, Luxembourg | Abbott Medical (Portugal) – Distribuicao de Produtos Medicos, Lda. | Estrada de Alfragide 67, Alfragide Edifico D, Amadora, Portugal |
| Spain | Abbott Medical España, S.A. | Francisca Delgado No. 11, Núcleo 3 – 3º Arroyo de la Vega, Alcobendas 28108, Spain |
| Sweden | Abbott Medical Sweden AB | Isafjordsgatan 15, 164 07 Kista, Sweden (Business Office) Jarfalla, PO Box 7051, 164 07 Kista, Stockholm, Sweden (Registered Office) |
| Switzerland | Abbott A.G. | Neuhofstrasse 23, Neuhofstrasse 23, CH-6341 Baar/Zug |
+Egypt
You have the right to receive notification of any data breaches of your personal data within three business days of us notifying the Data Protection Authority of such breach. You have the right to exercise your rights in accordance with the Data Protection Law by written notice to us, and we are obliged to respond to your request within six business days. In case of a failure to protect your personal data or in case of our refusal to respect your legal rights with respect to your personal data or in case you are dissatisfied with our response to any request by you, you have the right to file a complaint with the Data Protection Authority.
+Hong Kong
We are committed to protecting the privacy, confidentiality and security of the personal information we hold by complying with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“PDPO”) with respect to the management of personal information.
Children and mentally incapacitated persons can be enrolled in Merlin.net by a healthcare provider. At any time, a parent/guardian may stop the collection of a child or mentally incapacitated person’s personal information, including health-related information, by contacting the healthcare provider and requesting that the account be deleted. This action will delete the Merlin.net account associated with the child or mentally incapacitated person concerned, but we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
Children and mentally incapacitated persons may also have the right to access the personal information held about them. Where we receive a request for access for a child or mentally incapacitated person’s personal information from his or her parent/guardian, subject to the applicable law we may respond directly to the parent/guardian or recommend that they contact the child or mentally incapacitated person’s doctor or clinic. We will seek to verify the identity of person seeking access to a child or mentally incapacitated person’s information, whether it is from the child or mentally incapacitated person himself/herself or from a parent or guardian.
Where we conduct research purposes as set out in this Privacy Notice, and have de-identified, pseudonymized, aggregated and/or anonymized data from your personal data on Merlin.net, we will not attempt to re-identify any individuals from anonymized data or use the information of any individuals even if re-identification is possible.
You agree that we may share, disclose and transfer your personal data to such third parties as stated in, and in accordance with the provisions of, this Privacy Notice. Except as provided in this Privacy Notice, your personal data will not be disclosed to other parties without your voluntary and express consent. Where we intend to use your personal data for direct marketing purposes, we will comply with the notification requirements under the PDPO and obtain the consent or an indication of no objection from you before using your personal data for such purposes. You have the choice to have your personal data held by us erased and express your choice not to have the personal data shared or transferred.
You have the right to request access to (at a fee where appropriate) and correction of your personal data held by us. If you wish to do so, please contact our Privacy Officer in accordance with the section entitled +Contact Us herein.
You also have the right to lodge a complaint about any act or practice done or engaged in relating to your personal data with the Office of the Privacy Commissioner for Personal Data.
Nothing herein constitutes your registration for the Electronic Health Record Sharing System (“EHRSS”) and we shall not be liable under the Electronic Health Record Sharing System Ordinance (Cap. 625 of the Laws of Hong Kong) or otherwise in relation to the EHRSS.
+India
Abbott has implemented reasonable security practices commensurate to the standards required under applicable law.
Your consent is required for Abbott to collect, process, use and store your sensitive personal information, including physical, health condition) and to transfer your sensitive personal data to any third party. Abbott may share your sensitive personal information with third parties such as your health data. Additionally, we will ensure that such third party will afford the same or better level of data protection to your sensitive personal data. By accepting or agreeing to this Privacy Notice, you hereby provide your consent to the processing of your personal information, including sensitive personal data, as described herein. You may withdraw your consent any time by contacting our grievance redressal officer at privacy@abbott.com.
Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law. You have the right to review information provided by you to ensure that it is not inaccurate or deficient. Your sensitive personal information would only be collected if it is necessary to achieve the purposes expressly mentioned in this Privacy Notice.
+Israel
ANY PERSONAL INFORMATION YOU PROVIDE IS MADE AT YOUR FREE WILL AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE PERSONAL INFORMATION TO ABBOTT.
Certain rights as listed in Section +How Individual Users Can Access and Correct Personal Information and Your Rights might apply to your Personal Information.
+Japan
Abbott complies with the Act on the Protection of Personal Information (“APPI”) in handling personal information.
References in this Privacy Policy to "children" also include "persons with limited legal capacity”.
The terms “Pseudonymized (de-identified) information" and "anonymized information" in this Privacy Notice are different from such terms as defined and protected under the APPI. However, we will keep both types of data secure and will not process them without a legal obligation or your consent.
With respect to +Disclosure of Personal Information by Us, if we disclose personal information to a third party, we will supervise that third party to ensure that the personal information is appropriately secured.
Your consent is required for Abbott to handle your “special care-required personal data” (referred to in this Privacy Notice as your health-related information) and to transfer your personal information, including health-related information, to any third party outside of Japan (excluding the EU, which is designated by the Personal Information Protection Commission Japan (“PPC”) as a country with a protection system of the same level as that of Japan.). By accepting or agreeing to this Privacy Notice, you are deemed to have consented to the processing of your personal information, including health-related information, as described herein. You may withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
You have the right to lodge a complaint with the PPC regarding the handling of your personal data.
+Jordan
Your written consent is required for Abbott to process your personal information except where we do so for us to comply with a legal obligation as described in +Medical Devices and other Legal Requirements. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law. No actions taken by Abbott will violate any applicable legislations in Jordan. All actions will be in conformity with the Telecommunication Law No (13) of the year 1995, the Personal Data Protection Law No.24 of 2023, IoT regulations of 2023, and any relevant regulations and/or instructions that the Telecommunications Regulatory Commission (TRC), or any other competent authority have issued in the past or will issue in the future.
You acknowledge and agree to provide accurate, correct, and updated information to Abbott. In the event of any changes or updates to the information previously provided, you have a continuing duty to promptly inform Abbott of such changes and understand the importance of this obligation for the quality and effectiveness of the Services provided. Failure to fulfil this duty may affect the accuracy and efficiency of Abbott's Services, and you acknowledge and accept the consequences that may arise from inaccurate or outdated information.
You are entitled to obtain a written certificate that your data is protected in a manner that is compliance with the regulations of the Data Protection Act No. 24 of 2023. You also have the following rights in Jordan:
+Kazakhstan
CLICKING “ACCEPT” OR “AGREE” MEANS THAT YOU ARE PROVIDING EXPLICIT CONSENT TO THE COLLECTING AND PROCESSING OF YOUR PERSONAL INFORMATION INCLUDING HEALTH-RELATED PERSONAL INFORMATION. “PROCESSING OF PERSONAL INFORMATION” MEANS ACTIONS AIMED AT ACCUMULATING, STORING, MODIFYING, USING, DISSEMINATING, DEPERSONALISING, BLOCKING AND DESTROYING PERSONAL INFORMATION. IN PARTICULAR, YOUR CONSENT APPLIES TO CROSS-BORDER TRANSFER OF YOUR PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION, TO THE USA, SWEDEN (OR OTHER EUROPEAN LOCATIONS), COSTA RICA, AND/OR MALAYSIA AS WELL AS TO OTHER COUNTRIES AT THE DISCRETION OF ABBOTT AND TO THE TRANSFERRING AND ACCESS TO YOUR PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION BY THIRD PARTIES. YOUR CONSENT WILL APPLY TO THE COLLECTING AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE CONDITIONS INDICATED IN THIS PRIVACY NOTE (INCLUDING THE LIST OF THE PERSONAL INFORMATION, THE TERMS OF ITS COLLECTING AND PROCESSING, THE CONDITIONS FOR DISSEMINATION OF THE PERSONAL INFORMATION AND OTHER CONDITIONS INDICATED IN THIS PRIVACY NOTICE).
Please note that the collection, processing of your personal data may be without your consent in cases established by the law of the Republic of Kazakhstan including in cases of implementation of international treaties ratified by the Republic of Kazakhstan.
+Malaysia
General: In the event the Malaysian Personal Data Protection Act 2010 and/or all regulations, codes, standards and/or legal requirements made pursuant to or issued under the Malaysian Personal Data Protection Act 2010 (“Malaysian Data Protection Laws”) apply, this section shall apply to the processing of your personal information by Abbott.
Consent. This Privacy Notice serves to inform you that your personal information is being processed by Abbott or on Abbott’s behalf and you hereby give your consent to the processing of your personal information in accordance with this Privacy Notice, including the transfer your personal information to a place outside of Malaysia. By clicking on the “accept” or “agree” button or ticking on the “accept” or “agree” check box, you are providing explicit consent to the processing of your personal information including health-related information for the purposes stated in this Privacy Notice and as supplemented by this section to the extent the Malaysian Data Protection Laws apply.
Data access and correction requests. You have the right to request access to and to request correction of your personal information subject to the following and subject to provisions of the Malaysian Data Protection Laws: (a) you may, upon payment of a prescribed fee (if any), make a data access request or a data correction request in writing to us; and (b) we may refuse to comply with your data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.
Limiting the Processing of Personal Information. You may, by providing us with a notice in writing, limit the processing of your personal information (including to request us to cease or not begin processing your personal information for purposes of direct marketing). You have the right to withdraw your consent previously given to us (in full or in part) by providing us with a notice in writing and upon receiving such notice, we will cease the processing of the personal data. If you limit the processing or withdraw your consent to any or all use of your personal information, we may not be in a position to continue to administer any arrangement or contractual relationship in place, which in turn may result in: (i) us being unable to (continue to) process your personal data for any of the purposes stipulated in this Privacy Notice or provide you with any of our services/products; (ii) unable to (continue to) perform our contractual obligations owed to you (if any); and/or (iii) the termination of any arrangements/agreements/contracts you have with us, without any liability on our part. It will also affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment.
Versions and Conflict. In the event of any inconsistency between the English version and the Bahasa Malaysia version of this Notice, the English version shall prevail over the Bahasa Malaysia version.
In respect of the +Medical Devices and other Legal Requirements section above, consent will not be required only to the extent permitted by the Malaysian Data Protection Laws.
In respect of the +Changes to this Privacy Notice section above, to the extent that any changes will trigger the requirement to obtain fresh consent under the Malaysian Data Protection Laws (i.e., addition to the purposes in which we may process your personal information for or an addition of a class of third parties in which we may disclose your personal information to), we will procure consent from you in respect of such changes.
+Mauritius
You have the right to lodge a complaint with the Data Protection Commissioner regarding the processing of your personal data, by sending an e-mail at dpo@govmu.org.
+ Monaco
In addition to the provisions contained in the section “EEA, UK, Cayman Islands, Switzerland and Thailand” specific requirements apply for Monaco.
If you do not consent or choose not to provide your personal information, we may not be able to provide you with Services or only with limited Services.
In case of complaint, you also have the right to lodge a complaint with the Monaco Data Protection Authority (CCIN), 11 rue du Gabian, 98000 in Monaco.
+Mongolia
For users under the age of 18, Consent must be given by their parent or guardian.
By accepting or agreeing to this Privacy Notice, you are providing your consent to collecting, processing, using, storing and transferring to third parties (including cross-border transfer) of your personal information, including health-related information.
+Morocco
Your explicit written consent is required for the data controller (as defined by Moroccan law No. 09-08 on the protection of individuals with regard to the processing of personal data) or/and Abbott, as the case may be, to process your personal information. By accepting the terms of this Privacy Notice, you are deemed to have explicitly consented in writing to the processing of your personal information as described herein. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. For users under the age of 18, the consent must be given by one of their parents or guardians.
Notwithstanding the foregoing, if you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider or clinic. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
After expiry of the retention period determined in +Retention of Personal Information, your personal information will either be deleted or archived in accordance with and in the manner established by applicable data protection laws.
In addition to your rights described in +How Individual Users Can Access and Correct Personal Information and Your Rights, you may also withdraw your consent any time or serve a written objection as to processing of your personal information by contacting your healthcare provider. If you withdraw your consent or serve a written objection, collection and processing of your personal data will be stopped and Abbott will retain de-identified/pseudonymized information. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment.
You have the right to obtain from the data controller or/and Abbott as a controller or sub-contractor, as the case may be, upon request, without delay and free of charge, information about the data concerning you being processed and access to your personal data; and to oppose and rectify at any time, free of charge and without any justification, to the data concerning you being processed.
Your local Abbott affiliated company is Abbott Morocco S.AR.L., 42, Bd Abdelmoumen, N°12, Résidence Walili Street, Casablanca 0340 – Maroc.
+New Zealand
If you wish to make a complaint about a breach of the Privacy Act 2020 (including the codes issued under the Privacy Act 2020 such as the Health Information Privacy Code 2020), or if you have any queries or concerns about our Privacy Notice or the way we handle your personal information, please contact us using the details above. We will take reasonable steps to investigate and respond to you.
If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Privacy Commissioner. See https://www.privacy.org.nz/your-rights/making-a-complaint/to obtain the relevant complaint forms and contact details of the Office of the Privacy Commissioner. In addition to your rights to requires correction of your personal information held by us, you also have the right to provide Abbott with a statement of the correction sought to your personal information (“Statement of Correction”), and request that Abbott attach the Statement of Correction to your personal information if we do not make the correction you have sought.
+North Macedonia
YOUR CONSENT IS GRANTED AT YOUR FREE WILL AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION TO ABBOTT.
Medical Devices and other Legal Requirements and Research: With regard to the term ‘pseudonymize’ used in the +Medical Devices and other Legal Requirements section and the +Research section, please note that the Law on Personal Data Protection of the Republic of North Macedonia (published in Official Gazette of the Republic of North Macedonia No. 42/20) (”MK DP Law”) defines ‘pseudonymization’ as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person’.
Legal basis for the processing of your personal information: Abbott processes your personal information, including your health-related personal information under the MK DP Law as those set out above in the section +EEA, Switzerland and UK, and Cayman Islands.
Data transfers:
For transfers of personal information from North Macedonia by your healthcare provider to Abbott, as “processor”, appropriate safeguards will be applied in accordance with the MK DP Law such as data transfer agreements providing adequate safeguards equivalent to the protections afforded under the MK DP Law. You can obtain a copy of the appropriate safeguards by contacting us on: privacy@abbott.com
The references to “controller” and “processor” are based on their respective definitions in the MK DP Law, as may be amended from time to time.
Abbott’s Authorized representative is Abbott Laboratories S.A., Bul. Mihajla Pupina 115d, 11070 Novi Beograd, Serbia
+Oman
Your explicit written consent is required for Abbott to process your personal information. By accepting the terms of this Privacy Notice, you are deemed to have explicitly consented in writing to the processing of your personal information as described herein. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. Notwithstanding the foregoing, if you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider or clinic. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
+Palestine
Your prior consent is required for Abbott to process your personal information as required by Cabinet Resolution No. (3)/ 2019 and in conformity with the Basic Law as amended in 2005, except where we do so for us to comply with a legal obligation as described in Decree by Law No. (31) / 2018 Concerning Medical and Health Protection and Safety, Decree by Law No. (10)/2018 Concerning Cybercrimes and +Medical Devices and other Legal Requirements. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you withdraw your consent, you understand that the information that has already been collected in Merlin.net will continue to be processed as described herein and in the Patient Consent Form. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
+Philippines
BY CLICKING “ACCEPT” OR “AGREE” YOU ARE PROVIDING EXPLICIT CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION FOR THE PURPOSES STATED IN THIS AGREEMENT AND AS SUPPLEMENTED BY THIS SECTION FOR PHILIPPINE USERS. YOU UNDERSTAND THAT BY CLICKING “ACCEPT” OR “AGREE”, YOU ARE ALSO PROVIDING EXPLICIT CONSENT TO EACH SEPARATE AND ADDITIONAL CONSENT FOR THE PROCESSING OF PERSONAL INFORMATION, INCLUDING HEALTH RELATED INFORMATION, AS SET OUT IN THIS SECTION ENTITLED “PHILIPPINES” AND WE WILL PROCESS PERSONAL INFORMATION PURSUANT TO SUCH CONSENT.
Your personal information will be processed in accordance with the requirements of Republic Act No. 10173 or the Data Privacy Act of 2012 (“DPA”), its implementing rules and regulations (“IRR”), and the relevant rules and regulations issued by the National Privacy Commission of the Philippines (“NPC”).
You may request access to your personal information, to have it rectified or erased if there are grounds, to object to its processing or to restrict access to it, and, where possible, obtain a copy of the personal information held about you and to have any inaccurate or incomplete information relating to you corrected or updated. You are entitled to object to the processing of your personal information, on legitimate grounds, and to request the anonymization and/or deletion of such information. You also have the right to lodge a complaint about how your personal information is processed with your local data protection regulator. You are also entitled to all rights granted to you as a data subject under the DPA, its IRR, and the relevant rules and regulations issued by the NPC.
To the extent that Abbott uses your personal information for its own purpose, you will be asked to signify your consent under the Merlin.net Consent form.
You may withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott may retain aggregated and de-identified information and may need to retain certain personal information as required by law.
If you have inquiries related to this privacy policy or how your personal data is processed, please contact:
Abbott Laboratories
Attention: Office of Ethics and Compliance
Venice Corporate Center
No. 8 Turin Street, Mckinley Town Center,
Fort Bonifacio, Taguig City, 1634 Philippines
+63287028622; +639176328959
Email: privacy@abbott.com
+Republic of Moldova
In accordance with Personal Data Protection Law No. 133 from 08.07.2011 (hereinafter the “Law 133/2011”), your electronic acceptance serves as evidence of your consent to the processing and transfer of your personal information as set out in this privacy EULA and privacy notice, except where we process your personal data to comply with a legal obligation as described in +Medical Devices and other Legal Requirements, or where we use the data for our legitimate interests, provided that this interest does not prejudice your interests or the fundamental rights and freedoms. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law. In relation to us processing your personal information, apart from the rights outlined in +How Individual Users Can Access and Correct Personal Information and Your Rights:
Abbott will also notify your local data protection authority – the National Personal Data Protection Centre – of any processing of your personal information, where national law requires them to do so.
Retention of personal information. We never retain your personal data longer than needed for achieving the data processing purposes. At the end of the personal data processing operations, if you will not give us your consent for another destination or for a further processing, your personal data will be: a) destroyed; or b) transferred to another operator, provided that the initial operator guarantees that subsequent processing has purposes similar to those in which the initial processing was performed; c) transformed into anonymous data and stored exclusively for statistical, historical or scientific research purposes, except as may be required by law.
In addition, Abbott as a controller has issued a personal data security policy in compliance with the Requirements regarding the security of personal data when processing them within the personal data information systems approved by Government Resolution No. 1123 dated 14.12.2010, namely has performed and provided, (1) the designation of the person responsible for the security policy; (2) the security measures; (3) the mechanism for implementing security measures; (4) the nominal list of users, authorized to access personal data; (5) the configuration of the personal data information system and of the network; (6) the detailed description of the criteria, according to which the personal data processed in the manually kept register are accessible; (7) the technical documentation regarding security controls; (8) the schedule of security checks; (9) measures for detecting cases of access and / or unauthorized processing of personal data; (10) the reports of security incidents.
If you have inquiries related to this privacy policy or how your personal data is processed, please contact the responsible person for personal data processing at privacy@abbott.com.
+Russia
This Mobile Application Privacy Notice constitutes the Privacy Policy of Abbott +Cross-border Transfers of Personal Information. We ensure recording, systemization, accumulation, storage, clarification (update, change) and extraction of personal information of Russian Federation citizens with the use of databases located in the territory of the Russian Federation when collecting this personal information in any manner including via the Internet. Retention of personal information. We never retain your personal data longer than needed for achieving the data processing purposes. When the purposes are achieved, we delete your personal data within 30 days. Security of Personal Information. We uninterruptedly improve our personal data protection system and take all necessary administrative, legal and technical measures with a view to international standards. We fulfil a number of data security requirements to protection of personal data processed via information systems according to article 19 of the Russian Federal Law On Personal Data No.152-ФЗ dated 27 July 2006, and other enactments. In particular, we fulfil the following requirements depending on the security level of information systems chosen by us: ensure security of premises accommodating the personal data information systems equipment in a way that prevents any person without appropriate access rights from uncontrolled intrusion or stay in these premises; ensure safety of all personal data media; adopt by the general manager’s decision a document determining list of employees whose work duties require access to the personal data processed in the information system; use information security tools, of which compliance with the requirements of the information security laws of the Russian Federation is duly assessed and confirmed, when such tools are necessary for the neutralization of actual risks; appoint an employee responsible for the security of the personal data in the information system or impose this responsibility on an appropriate division; ensure that all changes of access rights with regard to the personal data in the information system are automatically recorded in the electronic messages log; and provide access to the electronic messages log only to those employees or other authorized persons who need this access for the discharge of their work duties.
+Saudi Arabia
In accordance with Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443H and amended by Royal Decree No. (M/148) dated 5/9/1444H ("PDPL"), your consent is required for Abbott to process your personal information. By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to all of the contents herein. This Privacy Notice sets out information on the collection, use, disclosure to third parties, outsourcing of the processing, and cross-border transfer of your personal information, including health-related information, by Abbott, in connection with the provision of the App and the Services.
We process your personal information as a processor when providing our services to your healthcare provider or clinic and may have access to your health data to provide your healthcare provider or clinic with technical and customer support.
Legal basis for the processing of your personal information: Abbott processes your personal information, including your health-related personal information on the following basis:
When your healthcare provider creates a patient profile in Merlin.net for you, you also provide your explicit consent for Abbott to de-identify, pseudonymize, aggregate, and/or anonymize your personal information, including its transfer to Abbott in the USA, to conduct research. We conduct research using this de-identified or pseudonymized data, or aggregated, statistical and/or anonymized data for the following purposes:
For more information, see the +Research section. For sake of clarity, anonymization is the removal of all direct and indirect identifiers that indicate your identity in a way that permanently makes it impossible to identify the Data Subject.
The Clinic has taken the appropriate organizational, technical and administrative measures to protect your Health Data from any unauthorized use, misuse, use for purposes other than for which it was collected, or breach, and any procedures or means that guarantee the preservation of the privacy of its owners; and it has adopted and implemented the requirements and controls issued by the Ministry of Health, the Saudi Health Council, the Saudi Central Bank, the Council of Health Insurance, and other related entities involved in regulating Health Services and health insurance services, that specify the tasks and responsibilities of employees of health care providers, health insurance companies, health insurance claims management companies and those which are contracted by them carrying out the processing of the health data.
In addition to the rights set out in the section entitled +How Individual Users Can Access and Correct Personal Information and Your Rights, you have the right to lodge a complaint (within ninety days of your coming to know of any breach) with your local data protection authority if you have concerns with Abbott’s processing of your personal information. You also have a right to withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott may retain aggregated and de-identified (anonymized data) information and may need to retain certain personal information as required by law. Where we have de-identified, pseudonymized, aggregated and/or anonymized data from your personal data on Merlin.net, we will not attempt to re-identify any individuals from anonymized data. You also have the right to obtain from the controller a restriction of processing when you are contesting the accuracy of your personal data for a period of time that can enable the controller to verify the accuracy of the personal data. Please note that a controller may request any necessary supporting documents or evidence to verify the request for update, correction, or complete the personal data.
+Serbia
The controller of your personal data for the purposes of medical treatment is your doctor/clinic. Abbott Laboratories S.A., Bul. Mihajla Pupina 115d, 11070 Novi Beograd, Serbia is the controller of personal data to (1) provide you with this App; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research once the personal information has been de-identified, pseudonymized, aggregated and/or anonymized, so that it does not identify you by name. We conduct research to understand how our products and services are used, to measure their performance and effectiveness, to improve future products, and in connection with real-world evidence studies.
Legal basis for the processing of your personal information: The relevant part from COUNTRY SPECIFIC PROVISIONS for EEA, Switzerland, UK, and Cayman Islands in this Privacy Policy applies, with the reference to "the GDPR" and "European Union or national law" to be substituted by "Serbian Data Protection Act (2018)".
Data transfers: Abbott is subject to the Serbian Data Protection Act (2018) and information collected via the Services will be transferred to and stored in the USA as described in the section entitled +Cross-Border Transfers of Personal Information. While the privacy laws of the USA are not equivalent to those of Serbia, as Abbott is directly subject to the Serbian Data Protection Act (2018) for the purposes set out in the section entitled +Abbott’s Own Use of Your Personal Information, your personal information remains protected in compliance with it. Where Abbott processes data as a “processor” on behalf of your healthcare provider, Abbott processes such personal data under the instructions of your healthcare provider and subject to our contract with them.
Your rights: In addition to the rights set out in the section entitled +How Individual Users Can Access and Correct Personal Information and Your Rights, you have the right to lodge a complaint with your local data protection authority if you have concerns with Abbott’s processing of your personal information.
+Singapore
By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to all of the contents herein. For users under the age of 13, Consent must be given by their parent or guardian. If you would like to delete your Merlin.net account, you may do so by contacting your healthcare provider. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
This Privacy Notice sets out information on the collection, use, disclosure to third parties, outsourcing of the processing, and cross-border transfer of your personal information, including health-related information, by Abbott in connection with the provision of the App and the Services. All of the following categories of processing of personal information, including health-related information, are necessary for the provision of the App and the Services.
You may provide your consent collectively to all of the following consent categories by accepting or agreeing to this Privacy Notice:
You may withdraw your consent any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
Note that National Identification Card (NRIC) and other national identification numbers such as birth certificate numbers, foreign identification numbers, work permit numbers and passport numbers will only be collected, used or disclosed by us if (a) the collection, use or disclosure is required by the law; or (b) it is necessary to establish or verify an individual’s identity to a high degree of accuracy.
In the event of a security incident related to your personal information, we will take all steps required under Singapore data protection laws to deal with the incident and we may report such incident and the remediation actions to the Personal Data Protection Commission as required.
Data transfers: Information collected via the Services will be transferred to and stored in the United States of America. If you request technical support, your personal information (including health-related data) will be accessible by our remote care teams in the USA, Sweden or Malaysia. Abbott intends to use data transfer agreements providing adequate safeguards, such as Standard Contractual Clauses in relation to such cross-border data transfers.
If you have enquires related to this privacy policy or how your personal data is processed, please contact: Data Privacy Officer at privacy@abbott.com.
+South Africa
Legal basis for the processing of your personal information: The relevant part from the above section +EEA, UK, Cayman Islands, Switzerland and Thailand in this Privacy Policy applies, with the reference to "the GDPR" and "European Union or national law" to be substituted by "South African Protection of Personal Information Act 4 of 2013)". The terms “controller” and “processor” used herein are to be treated as equivalent to the terms “responsible party” and “operator” as defined in the Protection of Personal Information Act 4 of 2013.
You have the right to lodge a complaint to the Information Regulator regarding the processing of your personal information, by sending the prescribed form to by writing to POPIAComplaints@inforegulator.org.za.
+South Korea
BY CLICKING “ACCEPT” OR “AGREE” YOU ARE PROVIDING EXPLICIT CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION FOR THE PURPOSES STATED IN THIS NOTICE AND AS SUPPLEMENTED BY THIS SECTION FOR SOUTH KOREAN USERS. YOU UNDERSTAND THAT BY CLICKING “ACCEPT” OR “AGREE”, YOU ARE ALSO PROVIDING EXPLICIT CONSENT TO EACH SEPARATE AND ADDITIONAL CONSENT FOR THE PROCESSING OF PERSONAL INFORMATION, INCLUDING HEALTH RELATED INFORMATION, AS SET OUT IN THIS SECTION ENTITLED “SOUTH KOREA” AND WE WILL PROCESS PERSONAL INFORMATION PURSUANT TO SUCH CONSENT.
For users under the age of 14, consent must be given by their guardian.
To the extent permitted under applicable law, you may exercise your rights to make requests to Abbott for the perusal, correction, deletion, and suspension of the processing of your personal information by writing, email, and any other methods prescribed under Article 41(1) of the Enforcement Decree of the Personal Information Protection Act and Abbott will promptly respond to any such requests from you. You may also exercise the foregoing rights by contacting Abbott at the address set out in this section below. Abbott will verify whether any such requests are actually being made by you or your duly appointed legal representative. Provided, however, that in cases where your health care provider is responsible for processing your personal information, you should direct requests for the exercise of rights to your personal information to such health care provider.
The following provision “To exercise your data protection or privacy rights, you should contact your healthcare provider or clinic in the first instance. You may correct your profile information by contacting your healthcare provider. We are not able to correct or amend any readings from your Device that have been uploaded” in +How Individual Users Can Access and Correct Personal Information and Your Rights is not applicable to users in South Korea.
You may withdraw your consent any time by contacting your healthcare provider or using any of the methods set out in the section entitled +Contact Us. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and anonymized information and may need to retain certain personal information as required by law.
Provision of Personal Information to Third Parties
| Recipients | Purposes of Use of Recipients | Items of Personal Information to be Provided | Periods of Retention/Use of Recipients |
|---|---|---|---|
| The healthcare provider of each patient/user | Purposes indicated in the “+Your Healthcare Provider’s Use of Your Information” section | Items of personal information indicated in the “+Collection and Processing of Your Personal Information” section | Until purposes of processing have been completed |
Abbott Laboratories, | Purposes indicated in the “+Abbott’s Own Use of Your Personal Information” section | Items of personal information indicated in the “+Collection and Processing of Your Personal Information” section | For the period during which Pacesetter Inc. acts as an outsourced processor |
Complaints and adverse incidents | Name of reporter, information about complaint or incident | As required by laws related to medical devices | |
Abbott Medical (Malaysia) Sdn. Bhd. At 35, 1st Floor, Jalan Kelisa Emas 1, Tama Kelisa Emas, 13700 Seberang Java, Penang, Malaysia | Second and/or third level technical support | Those items listed in the “+Collection and Processing of Your Personal Information” section as necessary to resolve the technical support issue. See “+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider” section for more information. | For the period during which Abbott acts as an outsourced processor |
Abbott Medical Sweden AB | Second and/or third level technical support | Those items listed in the “+Collection and Processing of Your Personal Information” section as necessary to resolve the technical support issue. See “+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider” section for more information | For the period during which Abbott acts as an outsourced processor |
Abbott Medical Costa Rica | Second and/or third level technical support | Those items listed in the “+Collection and Processing of Your Personal Information” section as necessary to resolve the technical support issue. See “+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider” section for more information | For the period during which Abbott acts as an outsourced processor |
| St. Jude Medical, LLC, 1 St. Jude Medical Dr., St. Paul, MN 55117, USA | Scientific and/or clinical research | Aggregated, De-identified/pseudonymized personal data. See “+Research” section for more information | Indefinite |
(Cross-border) Outsourcing of the Processing of Personal Information to Third Parties
| Recipients | Outsourced Tasks | Items of Personal Information to be Transferred | Countries Where Personal Information is Transferred | Date/Time of Transfer | Method of Transfer | Recipients’ Purposes of Use and Periods of Retention/Use |
|---|---|---|---|---|---|---|
| Abbott Medical (Malaysia) Sdn. Bhd. At 35, 1st Floor, Jalan Kelisa Emas 1, Tama Kelisa Emas, 13700 Seberang Java, Penang, Malaysia | Second and/or third level technical support | Those items listed in “+Collection and Processing of Your Personal Information” section as necessary to resolve the technical support issue. See “+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider” section for more information | Malaysia | As required to resolve a technical support issue | Secure VPN | Until outsourced tasks have been completed and the outsourced contract has concluded |
| Abbott Medical Sweden AB, Isafjordsgatan 15, 164 07 Kista, Sweden (Business Office) Jarfalla, PO Box 7051, 164 07 Kista, Stockholm, Sweden (Registered Office) | Second and/or third level technical support | Those items listed in the “+Collection and Processing of Your Personal Information” section as necessary to resolve the technical support issue. See “+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider” section for more information | Sweden | As required to resolve a technical support issue | Secure VPN | Until outsourced tasks have been completed and the outsourced contract has concluded |
| Abbott Medical Costa Rica Abbott Coyol Free Zone, Bldg #44B Alajuela, Costa Rica | Second and/or third level technical support | Those items listed in the “+Collection and Processing of Your Personal Information” section as necessary to resolve the technical support issue. See “+Abbott’s Access to Personal Information When Providing Services to Your Healthcare Provider” section for more information | Costa Rica | As required to resolve a technical support issue | Secure VPN | Until outsourced tasks have been completed and the outsourced contract has concluded |
| St. Jude Medical, LLC 1 St. Jude Medical Dr., St. Paul, MN 55117, USA | Scientific and/or clinical research | Aggregated, De-identified/pseudonymized personal data. See “+Research” section for more information | USA | As required for scientific and/or clinical research | Secure VPN | Indefinite |
After the retention period, we destroy your personal information as set out below:
Destruction Process: We select the personal information to be destroyed and destroy the personal information with the approval of the Data Protection Officer (“DPO”).
Destruction Method: We destroy personal information recorded and stored in the form of electronic files by using a technical method (e.g., low level format) ensuring that the records cannot be reproduced, while personal information and stored in the form of paper documents shall be shredded or incinerated.
Local Abbott affiliated company
If you have any questions and complaints related to the processing of the personal information, you may contact us at: Abbott Korea Ltd., Samtan Bldg., 5th Floor, 421 YoungDong-Daero, Kangnam-Ku, Seoul 135-846 Korea or you may email us at: privacy@abbott.com
Additional Consents for the Collection, Use, and Provision of Personal Information for South Korea
+Taiwan
If you do not consent or choose not to provide your personal information, we may not be able to provide you with Services or only with limited Services.
+Thailand
“PDPA” refers to the Personal Data Protection Act B.E. 2562 (A.D. 2019), as amended from time to time, and related rules, regulations, and directives and governmental requirements.
Children’s Privacy: Children can be enrolled in Merlin.net by a healthcare provider, providing that for consent from a parent or legal guardian of a child whose age is below 10 years old must be duly obtained, and for a child whose age is more than 10 years old but less than 20 years old, unless such child is legally married or permitted under the applicable laws, consent from both the child and his/her parent or legal guardian must be duly obtained.
Cross-border Transfer: To legitimise the export of Personal Data originating from Thailand under applicable Data Protection Laws, Abbott has taken reasonable steps to enter into an appropriate data transfer agreement with your healthcare provider.
Your Rights: Pursuant to the PDPA and subject to its effectiveness, you are entitled to various rights in relation to your Personal Information which are: (i) to request access to or obtain a copy of the personal information held about you, or to request the disclosure of the source of your personal information which you did not consent to; (ii) to obtain your personal information in a format which is usable and readable by automatic tools or equipment, if any, or to request that your personal information in such format be transmitted to another controller; (iii) to object to the processing of your personal information; (iv) to have your personal information erased, destructed, or de-identified; (v) to request that the processing of your personal information be suspended; (vi) to have any inaccurate or incomplete information relating to you corrected or updated; (vii) where the processing of your personal information relies on consent as a legal basis, you have the right to withdraw your consent at any time; and (viii) to lodge a complaint about how your personal information is processed with your local data protection authority the Personal Data Protection Commission.
Your request to exercise any of the rights to your personal data described above is subject to the limitations and conditions of the PDPA.
If you do not provide us with your personal data, we may not be able to provide you with our Services or perform our obligations under the agreement between you and us.
Contact Us: For any inquiries or concerns regarding this Privacy Notice, or if you would like to exercise any of your rights to your personal data, please contact us using the contact details above. Our data protection officer and our local representative can be contacted at privacy@abbott.com.
+Turkey
The controller of your personal data for the purposes of medical treatment is your clinic/healthcare provider. ST JUDE MEDICAL TURKEY MEDİKAL ÜRÜNLER TİCARET LİMİTED ŞİRKETİ Icerenkoy Mahallesi Umut Sokak No:10-12, Quick Tower K:6 Atasehir, Istanbul, Turkey is the controller of personal data to (1) provide you with this App; (2) comply with legal obligations, including those related to medical device safety, quality and improvement; and (3) conduct research once the personal information has been de-identified, pseudonymized, aggregated and/or anonymized, so that it does not identify you by name.
Within this framework, your personal data may processed and transferred in the light of the principles set forth in Article 4(2) of the Law No. 6698 on the Protection of Personal Data ("LPPD"), by obtaining your explicit consent or in the presence of the reasons set forth in Article 5/2 (c) “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract”, or Article 5/2 (ç) “It is mandatory for the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.” or without obtaining explicit consent as set forth in Article 6(3).
If you are a parent/guardian creating an account for use by a child or otherwise using the App and a system account for the benefit of a child, you also must provide prior explicit consent for sensitive personal information of your child, to be collected, processed and used via the App and the Merlin.net as well as your explicit consent for transfer of your child’s personal data outside Turkey.
Your personal data will be transferred outside of Turkey and your explicit consent to such transfer shall be required before the commencement of the services.
Abbott reserves the right to charge a fee over the fee tariff determined by the Personal Data Protection Board if you submit a request regarding your rights.
For any inquiries or concerns regarding this Privacy Notice, or if you would like to exercise any of your rights to your personal data, please contact your healthcare provider or clinic. Abbott’s can be contacted by clicking here or at privacy@abbott.com.
+Ukraine
Your consent is required for Abbott to process your personal information except where we do so for us to comply with a legal obligation as described in +Medical Devices and other Legal Requirements. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you would like to have your information deleted from Merlin.net, you may do so by contacting your healthcare provider or clinic. Please be aware that if you ask your healthcare provider or clinic to delete your information from Merlin.net, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
+United Arab Emirates (“UAE”)
Abbott has incorporated appropriate safeguards within its contracts with parties (including Abbott affiliates) located outside of the UAE with whom it may share your personal data as described within this Privacy Policy (see +Data Storage, +Disclosure of Personal Information by Us, and +Cross-Border Transfers of Personal Information) to ensure that your personal data is processed in line with applicable data protection laws, including those in force in the UAE from time to-time.
If and to the extent to which Abbott requires your consent to perform processing activities which we perform as controller (see +Abbott’s Own Use of Your Personal Information), by clicking “accept or “agree” you expressly consent to the collection, storage, use and disclosure of your personal information as described in this Privacy Notice. Where Abbott relies upon your consent to process your personal data you can revoke your consent at any time but this may impact your ability to continue to use our Services.
+United Kingdom
Your local Abbott affiliate is Abbott Medical U.K. Limited, Elder, Central Boulevard, Blythe Valley Park, Solihull, B90 8AJ, UK.
+USA
Abbott operates as a business associate to your healthcare provider in making this App available to you in compliance with the Health Insurance Portability and Accountability Act and its implementing regulations (collectively “HIPAA”). As a result, personal information, including health-related information, that is collected via this App is governed by HIPAA, and we may use and disclose your personal information consistent with our business associate obligations and as outlined in this Privacy Notice and Consent.
+California
California Civil Code Section 1798.83 permits residents of the State of California to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. Abbott is required to respond to a customer request only once during any calendar year. To make such a request you should send a letter to Privacy Officer, Abbott, One St. Jude Medical Drive, St. Paul, MN 55117. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information sharing that is covered will be included in our response.
If you have any questions regarding Abbott’s compliance with the California Consumer Privacy Act (CCPA) and your rights under CCPA, please visit https://www.abbott.com/privacy-policy.html.
+Vietnam
By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to all of the contents herein. For users under the age of 7, Consent must be given by their parent or guardian. For users from the age of 7 to 15, Consent must be given by both users and their parent or guardian.
You may withdraw your consent at any time by contacting your healthcare provider. Please be aware that if you withdraw consent, it will affect your healthcare provider’s ability to remotely monitor your device and may affect your treatment. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.
END OF PRIVACY NOTICE – THIS PRIVACY NOTICE IS FOR THE PURPOSE OF DISCLOSING TO YOU HOW YOUR PERSONAL DATA IS USED AND PROCESSED BY ABBOTT. IT IS NOT AN AGREEMENT AND DOES NOT FORM PART OF THE END USER LICENSE AGREEMENT THAT FOLLOWS.
MAT-2403673 v2.0
Stay Connected