Abbott Diabetes Care, Inc. provides you and your patients with the FreeStyle family of products. For more information see +About Us, +Controller Information and +EU Representatives below.

We are committed to protecting your and your patients’ personal information. This Privacy Notice explains how we handle and what we do to keep your and your patients’ personal information secure when using the FreeStyle family of products. We understand that there is a lot of information included in this Privacy Notice. We want to provide you with a short and easily accessible summary of how we handle, protect, retain, store and disclose your and your patients’ personal information. For more information see +Background of the LibreView Data Management System, +Security of Your Personal Information, +Security of Your Patients’ Personal Information below.

THIS SUMMARY IS NOT COMPREHENSIVE. YOU WILL NEED TO READ THE RELEVANT SECTIONS OF THE PRIVACY NOTICE BELOW TO FULLY UNDERSTAND HOW WE PROCESS YOUR AND YOUR PATIENTS’ PERSONAL INFORMATION.

If you are a healthcare professional (whom we call Professional Users), we process personal information that includes your name, contact details and the names and contact details of your colleagues within your practice who also use the Professional User version of LibreView. We process personal information of individual patients that have created their own LibreView account and those of your patients where you input their information into the Professional User version of LibreView. We process data from their sensors, meters or readers, such as how often they scan or use their sensor, readers or meters, glucose values and targets. We also collect personal information if you request customer support and use cookies on our websites. For more information about your and your patient’s personal information, see +Personal Information Collection via the LibreView Data Management System, +Country Specific Provisions for Professionals below.

We use personal information to: (1) provide you and your patients with the FreeStyle family of products; (2) enable you to provide your patients with the FreeStyle family of products; and (3) conduct analytics once the personal information has been de-identified, pseudonymized, aggregated and/or anonymized, so that it does not identify patients by name. We conduct analytics to understand how our products and services are used and for product safety, quality and improvement. For more information about your personal information, see +Use of Personal Information, +Data Analysis, +Use of Cookies and Similar Technologies on LibreView, +Retention of Personal Information and +How Abbott Sends You Marketing and Other Material below. For more information about your patients’ personal information, see +Abbott’s Use of Your Patients’ Information, +Data Analysis, +Record Retention and +How Abbott Sends Marketing and Other Material below.

Internally, the data we collect are only accessed by duly authorized personnel, respecting the principles of proportionality, necessity and relevance to the objectives of Abbott, in addition to the commitment of confidentiality and preservation of privacy under the terms of this Privacy Notice.

We strictly limit who we share your and your patients’ personal information with and will never sell the information to third parties for our commercial benefit. We do share personal information with third party suppliers to provide you with FreeStyle family of products, such as our third-party cloud service providers. Wherever we provide your and your patients’ personal information to third-party suppliers, they are required to comply with the conditions set forth in this document and keep personal information confidential and secure and to use personal information to the minimum extent necessary. We also share personal information with some of our affiliates in the Abbott group of companies, in particular to de-identify, pseudonymize, aggregate and/or anonymize personal information for data analysis. For more information about your personal information, see +Disclosure of Personal Information by Us below. For more information about your patients’ personal information, see +How Abbott Shares Personal Information of your Patients with Third Parties below.

Where your location grants you and your patients certain rights in relation to their personal information, we will work with you to respond to such requests. For more information about your personal information, see +How Professional Users Can Access and Correct Personal Information and Your Rights below. For more information about your patients’ personal information, see +How Individual Users Can Access and Correct Personal Information and Their Rights below.

We store personal information on servers provided by third party companies located in the region closest to your country of residence. For more information about your personal information, see +Data Storage and +Cross-Border Transfers of Personal Information below. For more information about your patients’ personal information, see +Data Storage and +Cross Border Transfers of Your Patients’ Personal Information below.

Please contact us in the first instance if you have any questions, comments or complaints. You can do this by emailing us at DiabetesCarePrivacy@Abbott.com or DiabetesCareHIPAA@Abbott.com for HIPAA-related inquiries. If you or your patients are located in the European Economic Area, you may contact our European data protection officer or may make a complaint to your local data protection authority. The contact details, as well as other useful contact information, are available at www.EU-DPO.abbott.com. For more information, see +Contact Us below.

When we update this Privacy Notice with material changes, we will alert you and your patients through email, or through logging into a LibreView website. For more information, see +Changes to this Privacy Notice below.

ABBOTT PRIVACY NOTICE FOR PROFESSIONAL USE OF LIBREVIEW DATA MANAGEMENT SYSTEM

Effective Date: June 2020

Abbott Diabetes Care, Inc. (“Abbott” or “us”, “our”, “we”) recognizes the importance of data protection and privacy and is committed to protecting personal information, including health-related information. This Privacy Notice describes how the personal information you provide to us about you and your practice, including the health-related information of your patients, is collected and used by Abbott and how it is uploaded, transmitted and stored by you in the LibreView Data Management System.

Please read this Privacy Notice carefully before creating a LibreView Data Management System account as it applies to your use of the LibreView Data Management System and to the processing, transfer and storage of the personal information you provide to us, including health-related information in the cloud by Abbott and certain affiliated companies or our processors as described below. Certain of our affiliated companies and our processors may have access to personal information and health-related information of your patients if required to resolve a customer service issue you may have with LibreView Data Management System. This Notice also sets out the information that you, as a Professional User, should provide to your patients.

This Privacy Notice only applies to professional visitors to LibreView and to professionals that create a LibreView Data Management System account as a Professional User. This Privacy Notice does not apply to personal information collected through the use of other websites controlled by other Abbott affiliates or subsidiaries or via other methods, such as other Abbott websites, other Abbott customer call centers, or use of FreeStyle Desktop Software, and other privacy policies may apply to the personal information processed or collected through these methods.

BY ACCEPTING OR AGREEING TO THIS PRIVACY NOTICE AND CREATING A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT AS A PROFESSIONAL USER, YOU EXPLICITLY ACKNOWLEDGE THAT YOUR USE OF THE LIBREVIEW DATA MANAGEMENT SYSTEM IS CONDITIONED UPON YOUR ACCEPTANCE OF THIS PRIVACY NOTICE AND TO THE PROCESSING AND TRANSFER OF PERSONAL INFORMATION, INCLUDING THE HEALTH-RELATED INFORMATION OF YOUR PATIENTS, AS DESCRIBED IN THIS PRIVACY NOTICE AND THAT YOU HAVE THE APPROPRIATE AUTHORIZATIONS, CONSENTS OR PERMISSIONS FOR YOURSELF, YOUR PRACTICE AND YOUR PATIENTS, AS APPLICABLE, TO ACCEPT THIS PRIVACY NOTICE.

YOUR CONSENT IS GRANTED AT YOUR FREE WILL AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION TO ABBOTT.

+About Us and Controller Information

Abbott Diabetes Care, Inc. of 1420 Harbor Bay Parkway, Alameda, CA 94502, USA is the developer of FreeStyle family of products that include FreeStyle branded sensors, readers, and mobile applications (“FreeStyle App”). We have appointed representatives in the EU. A full list of our EU representatives is available at +EU Representatives.

The LibreView website (“LibreView”) and the LibreLinkUp mobile app (“LibreLinkUp App“) have been developed by Newyu, Inc. (“Newyu”). The LibreView and/or the LibreLinkUp App when used together with FreeStyle family of products make up the “LibreView Data Management System”.

Abbott is the controller of the personal information you provide when creating your LibreView Data Management System account.

EXCEPT AS OTHERWISE PROVIDED IN THIS PRIVACY NOTICE, YOU ARE A CONTROLLER OF THE PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, OF YOUR PATIENTS FOR WHOM YOU HAVE CREATED A PATIENT PROFILE. YOU SHOULD NOTIFY YOUR PATIENTS ABOUT YOUR, YOUR PRACTICE’S AND ABBOTT’S PROCESSING OF THEIR PERSONAL INFORMATION AND HEALTH-RELATED INFORMATION, INCLUDING TRANSFERS, OR ACCESS WHICH MAY BE REQUIRED. Abbott will process the personal information of your patients, including their health-related information, as a ‘processor’ for the purpose of the health care you provide to your patients to protect their vital interests, and you will be the controller of your patients’ personal information in such instances. Abbott also processes patient personal information as a ‘controller’ for the purposes set out in this Privacy Notice (see +Abbott’s Use of Your Patients’ Information and +Data Analysis for more information and where your patient has their own LibreView Data Management System account).

+Background of the LibreView Data Management System

“Professional User” includes only those medical professionals (and their duly authorized representatives and agents) who either have registered a clinical practice or have registered as a professional user of the LibreView Data Management System.

The LibreView Data Management System is a cloud-based diabetes information management system that may be used by Abbott, Professional Users, and patients to aid in the review, analysis and evaluation of patients’ historical glucose data, glucose test results, ketone test results and user-entered information including insulin, food, exercise, and notes to support an effective diabetes health management program. The LibreView Data Management System also allows individual users to create their own LibreView Data Management System accounts, upload their own information and share that information with Professional Users. Alternatively, patients can visit their health care professional, allowing their health care professional to connect the patient’s reader or meter to their own Professional User LibreView Data Management System account. The LibreView Data Management System also permits Professional Users to create patient profiles and to remotely manage patients who have LibreView Data Management System accounts, as well as to share those reports with other professionals in their practice.

The LibreView Data Management System allows Abbott to provide improved guidance for patients utilizing Abbott’s meters, readers and mobile apps. It also enables Abbott to improve quality, security and effectiveness of medical devices and systems and allows Abbott to develop innovative and effective treatment for and management of diabetes in the interests of public health.

AS A PROFESSIONAL USER YOU ARE RESPONSIBLE FOR (I) ANY PATIENT INFORMATION YOU ENTER INTO THE LIBREVIEW DATA MANAGEMENT SYSTEM, (II) THE PERSONAL INFORMATION OF OTHER PROFESSIONALS YOU INVITE TO JOIN A PRACTICE ACCOUNT, AND (III) YOUR USE OF PERSONAL INFORMATION OF ANY INDIVIDUAL WITH A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT. YOU ARE THEREFORE RESPONSIBLE FOR COMPLYING WITH APPLICABLE DATA PROTECTION AND PRIVACY LAWS AND FOR OBTAINING, WHERE REQUIRED, ANY CONSENTS (INCLUDING EXPLICIT CONSENT) NEEDED UNDER APPLICABLE LAW.

+Personal Information Collection via the LibreView Data Management System

This Privacy Notice applies to:

  • personal information you submit when creating a LibreView Data Management System account as a Professional User (either independently or in response to an invitation from a health care professional in your practice), which includes your name, email address, and the name of your healthcare organization and address;
  • the email addresses of other health care professionals in your practice, where you invite them to join the LibreView Data Management System;
  • personal information, including demographic and health-related information, of your patients that you enter into the LibreView Data Management System when you create a patient profile. This also includes the data from your patients’ meters or readers (such as how often they scan or use their sensor, their use of readers or meters, glucose targets, glucose values, logged insulin, logged food, logged exercise and other logged notes) that you upload into the LibreView Data Management System (or that your patients choose to share with you);
  • personal information, including demographic and health-related information, of your patients that you share with other healthcare professionals within your practice;
  • personal information we process in providing you with customer services relating to your use of the LibreView Data Management System; and
  • information about your use of LibreView through cookies and other technologies (please see the section entitled +Use of Cookies and Similar Technologies on LibreView for more information): your domain name; your browser type and operating system; web pages that you view; links that you click; your IP address; the length of time that you visit LibreView; the referring URL or the web page that led you to LibreView; and other troubleshooting and analytical data.

Where you create a practice on the LibreView Data Management System (“Practice”), you will be required to provide us with practice information, which includes the practice name, address, phone number and whether you wish to transfer your existing patients into the Practice. When you create a Practice, you become the administrator for that Practice. An automatic Practice ID is assigned, which if you provide to your patients, will allow them to connect with your Practice.

To invite a patient to create a LibreView Data Management System account, you will be required to enter the patient’s name, date of birth, country, and email address for adult users and, in the case of pediatric use, the email address of the parent/guardian, the child’s name, date of birth and country. If the patient you invited has already registered for a LibreView Data Management System account, when you connect with that patient, you will see patient account information and previous uploads of data from their compatible sensors, readers or meters and related statistics. In addition to the categories of information listed here, other categories of personal information may be collected from patients on occasion and in relation to certain programs. If and when that collection of information is necessary, we will explain how that information is collected, used, and shared. If there is any conflict between that explanation and this Privacy Notice, you should rely upon that explanation and not this Privacy Notice.

You may also create a patient profile where you can upload information from a patient’s meter or reader to the LibreView Data Management System, without inviting the patient to create a LibreView Data Management System account. You may delete patient profiles and any information you enter into such profiles at any time. To create a patient profile, you will be asked to enter the following information: patient’s name, date of birth and email (optional).

+Use of Personal Information

Abbott will use the personal information collected via the LibreView Data Management System to provide you with a LibreView Data Management System account, including:

  • to give you access to information about your patients in an easy to use and effective manner;
  • to help us fix any technical issues with the LibreView Data Management System, including where we contact you regarding important product or performance issues, or where we respond to your questions or respond to your request for support, troubleshooting or any performance issues as set out in greater detail in our Abbott Diabetes Care Customer Support Privacy Notice which you can access at https://www.diabetescare.abbott/customer-privacy.html
  • to better understand how you and your patients interact with and use the LibreView Data Management System, including its functionality and features, including contacting you in order to obtain further information about you and your use of the LibreView Data Management System (please also see +Data Analysis for more information); and
  • to provide you with marketing information, including based on your use of the LibreView Data Management System if (where required by law) you opted-in to receive such communications. when you set up your LibreView Data Management System account.

+Data Storage

Abbott uses Amazon Web Services (AWS) to host your LibreView Data Management System accounts in the cloud. The servers that host LibreView Data Management System accounts may be located in North America, Europe and the Asia Pacific region. If you reside in a member country of the European Union (EU), your personal information and health-related information you upload to your LibreView Data Management System account will be stored on servers within the territory of the European Union. For French users Abbott hosts LibreView Data Management System accounts with OVH. OVH is accredited by the French agency for digital health, the ASIP Santé, to host health-related information. The personal information (including your patients’ health-related information) you upload to your LibreView Data Management System account will be stored in the region closest to your country of residence or otherwise in accordance with the data storage and privacy requirements of your selected country/region. When your personal information is hosted in a country other than the country you selected, it may become subject to the laws of the host country, which may not be equivalent to the laws of the country you selected. Abbott has implemented appropriate security measures and controls to protect your personal information.

+Data Analysis

Abbott uses de-identified, pseudonymized, aggregated and/or anonymized information for limited purposes. Our parent company Abbott Laboratories assists us as a data processor with this data analytics process. In particular, Abbott Laboratories helps us with the processes related to de-identifying, pseudonymizing, aggregating and/or anonymizing personal information. This information is securely held by Abbott and will not be used to identify you individually by your name or email address. The purposes for which Abbott will use this information are:

  • to improve the quality, security and effectiveness of medical devices and systems and to allow for the development of innovative and effective treatment for and management of diabetes in the interests of public health;
  • to create, access, retain, use and disclose to our affiliated companies and to third party researchers, health care entities or professionals, or public health authorities for the purposes of scientific research, statistical purposes and analysis;
  • to evaluate how the LibreView Data Management System is provided and used and its effectiveness, including its performance or impact on users (including base user demographics, such as geography);
  • to research, develop and test health care systems and management;
  • to validate upgrades, and to keep the LibreView Data Management System safe and secure; and
  • to research, develop and test medical devices, including new and existing features and functionality and to test and improve the LibreView Data Management System for product development, data analysis, statistical and survey purposes.

Abbott conducts product usage analysis based on de-identified, pseudonymized, aggregated and/or anonymized data for limited purposes, in particular to help us understand the performance of the LibreView Data Management System. This information is also available to Newyu as the developer of LibreLinkUp App and LibreView.

We use the terms ‘de-identified’ and ‘pseudonymized’ interchangeably. US health insurance portability law (HIPAA) describes de-identified information as information where ‘there is no reasonable basis to believe that the information can be used to identify an individual’. The EU General Data Protection Regulation (2016/679) (GDPR) defines ‘pseudonymization’ as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information’.

For more information about HIPAA, please see our HIPAA Notice of Privacy Practices and +USA below for further information. For more information about GDPR, please see +EEA and Switzerland below.

When we conduct data analysis we use limited demographic information, such as year of birth and country of residence. This limited demographic data is paired with LibreView Data Management System data (such as account settings, glucose target ranges, mealtime patterns, usage days, average glucose results, and so on). A data set processed for data analysis purposes will never include a Professional User’s or patient’s name, address, phone number or email address. Aggregated information processed for data analysis is statistical information combined from several measurements. We take steps to ensure there is no reasonable way that de-identified, pseudonymized or aggregated data can be used to identify an individual. Abbott will not combine such de-identified, pseudonymized or aggregated information with any other information that can be used to identify patients.

Anonymized data is information that does not relate to a person and from which a person cannot be identified, and this kind of data usually falls outside privacy and data protection laws.

+Use of Cookies and Similar Technologies on LibreView

We use cookies and similar technologies on LibreView to collect technical information. Cookies are text files containing small amounts of data that are downloaded to your computer when you visit a website. Cookies are useful because they allow us to recognize your computer and improve your experience on our websites. We also use Google’s Invisible reCAPTCHA service to maintain the integrity of LibreView. The use of the Invisible reCAPTCHA service is subject to Google’s Privacy Policy and Terms of Use.

Your web browser (such as Internet Explorer, Firefox, Safari or Chrome) then sends these cookies or similar technologies back to the website on each subsequent visit so that we can recognize you. These cookies can only be read by the server that sent them to your browser. Our systems may not recognize Do Not Track (DNT) headers or similar mechanisms from some or all browsers.

The cookies and similar technologies used on LibreView collect the following technical information: your domain name, browser type and operating system, the webpages you view, links you click, IP address, length of time you visit LibreView, the referring URL or the webpage that led you to LibreView and troubleshooting and analytical data to help us provide the LibreView Data Management System to you. We may combine this automatically collected information with other information we have about you.

There are various ways that you can control and manage your cookies. Please remember that any settings you change will not just affect these cookies used by LibreView. These changes may apply to all websites that you visit (unless you choose to block cookies from particular sites).

LibreView uses the following types of cookies:

  • Cookies that are strictly necessary for us to operate and secure access to LibreView and to recognize you when you login to your LibreView Data Management System account.
  • Functionality and security cookies are used to help LibreView display the correct date and time for your user sessions and to help us protect the integrity of LibreView and to keep LibreView secure.

To find out more about cookies visit https://www.allaboutcookies.org.

+Retention of Personal Information

Abbott will continue to store personal information associated with your LibreView Data Management System account while you have an active account. Your LibreView Data Management System account will be considered to be inactive once there has been no activity on it for six (6) months. If your LibreView Data Management System account is considered inactive, all personal information associated with that account may be de-identified for the purposes set out in the section entitled +Data Analysis and all other personal information, including any patient profile you have created, may be permanently and irrevocably deleted, subject to compliance with applicable law. LibreView should not be used as a patient health record and you must download or print out information you may require from the LibreView Data Management System. The deletion of your LibreView Data Management System account will not have an impact on any individual user account created by any of your patients independently. We will notify you in advance by sending an email to the email address associated with your LibreView Data Management System account so that you have an opportunity to ensure your account stays current and available for your use. The section entitled +Deleting your LibreView Data Management System Account explains how you can delete your account and what happens to your personal information once your account has been deleted.

+Disclosure of Personal Information by Us

We share personal information with the following:

Abbott Laboratories: We share personal information with our parent company to assist us as a data processor with the data analytics process, in particular, the processes related to de-identifying, pseudonymizing, aggregating and/or anonymizing information.

Third-party suppliers: We share personal information with third-party suppliers as needed to provide, maintain, host, and support the LibreView Data Management System. Newyu will process personal information, including your patients’ health-related information, on our behalf as a third-party supplier and as our Business Associate under HIPAA (please see our HIPAA Notice of Privacy Practices at HIPAA Notice of Privacy Practices and the section entitled +USA below for further information). Abbott uses Amazon Web Services (AWS) and other cloud providers to host LibreView Data Management System accounts in the cloud. Where we provide your personal information to third-party suppliers to assist us with the provision of your LibreView Data Management System account, they are required to keep your personal information confidential and secure and to use your personal information to the minimum extent necessary. Where possible, Abbott uses third party service providers to report system errors so that we can support and improve the LibreView Data Management System and in such instances the information sent to such third parties will not involve the use of personal information.

Abbott uses third-party service providers to provide you with the LibreView Data Management System. The information sent to such third parties will not involve the use of personal information.

Abbott uses AWS and OVH to store LibreView Data Management System accounts (please see the section entitled +Data Storage for further information). Abbott uses Lomaco et AGPS to ensure invoicing of telemedicine acts in France to the social security system.

Local affiliated Abbott companies: We share personal information with local affiliates so that you can receive direct marketing communications from us (if required by law, you will only receive such communications where you have opted-in).

Other third parties: We may share de-identified, pseudonymized, aggregated, and/or anonymized information with affiliated Abbott companies and with other third parties for the purposes relating to the +Data Analysis set out above. This is information that Abbott securely holds and will not be used to identify you individually by your name or email address.

We may also share personal information with third parties (including affiliated Abbott companies) with whom we are jointly marketing a product or service or jointly conducting a program, survey or activity.

We will not sell or license personal information to third parties except in connection with the sale, merger, or transfer of a product line or division, so that the buyer can continue to provide you with information and services. For the avoidance of doubt, we will never sell personal information for commercial purposes to third parties and we may only share personal information with third parties where you have provided consent or where permitted by applicable law.

We reserve the right to disclose personal information to respond to authorized information requests from government authorities, to address national security situations, or when otherwise required by law. Furthermore, where permitted or required by law, we may also disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice, or as evidence in litigation in which we are involved. The personal information associated with your LibreView Data Management System account may be subject to foreign laws and may be accessible by foreign governments, courts, law enforcement, and regulatory agencies.

+Security of Your Personal Information

We have implemented administrative, technical and physical safeguards to protect personal information, including health-related information, from unauthorized or unlawful access, accidental loss, destruction, damage, misuse, disclosure and alteration, including through the use of cryptographic technologies. Abbott restricts access to personal information by its employees on a need to know basis. Please keep in mind that no internet or Wi-Fi transmission is 100% secure, so please exercise caution when uploading personal information, especially health-related information, to your LibreView Data Management System account.

FreeStyle sensors transmit personal glucose information to FreeStyle mobile apps and readers using NFC (Near Field Communication) and Bluetooth technologies. NFC and Bluetooth are both secure means of transferring information between devices. NFC has the added level of protection by requiring very close physical proximity.  Bluetooth connections for FreeStyle sensors are established during an encrypted NFC communication between a FreeStyle sensor and a FreeStyle mobile app or reader.

You are responsible for protecting against unauthorized access to your LibreView Data Management System account, practice and patient profiles. We recommend securing access to LibreView and thereby your practice and patient profile by always logging-out, choosing a robust password for your LibreView Data Management System account that nobody else knows or can easily guess, implementing security settings your mobile device or computer such as a password to access it, keeping your device locked when not in use and keeping your account information and password private. Abbott is not responsible for any lost, stolen or compromised passwords or for any activity on your LibreView Data Management System account from unauthorized users where caused by you. If you think your LibreView Data Management System account has been compromised, please contact us as soon as you are able at DiabetesCarePrivacy@Abbott.com. Please also note that the LibreView Data Management System may be unavailable during periods of routine maintenance.

+Cross-Border Transfers of Personal Information

If you selected a country outside the United States of America as your location, we may occasionally need to access or view your personal information, such as your name and email address, and in certain exceptional circumstances the health-related information of your patients, via a secure network from the United States of America to the extent it is necessary for us to provide you with technical support or to troubleshoot any LibreView Data Management System issues in relation to your account. More information about how we process personal information for customer support purposes is available in our Abbott Diabetes Care Customer Support Privacy Notice which is available at https://www.diabetescare.abbott/customer-privacy.html

In addition, we also transfer de-identified, pseudonymized aggregated and/or anonymized data, which does not identify your patients by name, for the purpose of conducting data analysis as described in the section entitled +Data Analysis. The United States of America may not provide data protection or privacy laws equivalent to the laws of your country; however, we put appropriate measures in place to protect your personal information.

BY CREATING A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT AND BY ACKNOWLEDGING AND AGREEING TO THIS PRIVACY NOTICE, WE ARE INFORMING YOU OF THESE TRANSFERS OF PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA AND TO THE ACCESS OF PERSONAL INFORMATION, INCLUDING YOUR PATIENTS’ HEALTH-RELATED INFORMATION, WHICH MAY BE REQUIRED IN EXCEPTIONAL CIRCUMSTANCES TO RESPOND TO ANY SUPPORT REQUESTS YOU SUBMIT. THE UNITED STATES OF AMERICA MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION FOR PERSONAL INFORMATION WHEN COMPARED TO SWITZERLAND, A EUROPEAN ECONOMIC AREA COUNTRY OR OTHER COUNTRY WITH DATA PROTECTION OR PRIVACY LAWS IN WHICH YOU ARE LOCATED.

+How Abbott Sends You Marketing and Other Material

Abbott (or its affiliates) may use your personal information to send you advertising and marketing-related information about diabetes care or their other products and services if (where required by law) you opted-in to receive such communications when you set up your LibreView Data Management System account. We may also invite you to participate in surveys about our products, provide you with news and newsletters, or notify you about special offers and promotions at any time. These materials may be sent by us or by an affiliate of Abbott. You may opt out from receiving marketing-related communications by either clicking on the unsubscribe link at the bottom of marketing-related emails or by contacting us at DiabetesCarePrivacy@Abbott.com.

Abbott will not sell personal information to third parties for direct marketing.

Where you opt out of receiving marketing-related information about diabetes care, we may continue to send you non-marketing related information. This information may be in relation to necessary system and service updates or issues including product safety.

+How Professional Users Can Access and Correct Personal Information and Your Rights

You may correct your profile information (your name, email address and password) through the LibreView Data Management System account settings which can be accessed through LibreView. We are not able to correct or amend any sensor readings or any data uploaded from a FreeStyle reader or meter by you or your patients, but we will assist you with deleting your LibreView Data Management System account and creating a new one so that you can reload the correct information.

Depending on the location of your practice, you may have the right to: (a) access the personal information we hold about you; (b) request we correct any inaccurate personal information we hold about you; (c) delete any personal information we hold about you; (d) restrict the processing of personal information we hold about you; (e) object to the processing of personal information we hold about you; and/or (f) receive any personal information you have provided to us on the basis of your consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company by using the export function in your LibreView Data Management System account, where accessible. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit your personal information to another company.

To request the exercise of these rights, please contact us using any of the methods set out in the section entitled +Contact Us.

Your patients may also have these rights in relation to the personal information held about them through the LibreView Data Management System. Abbott will provide reasonable assistance and cooperation in assisting you to respond to any request by your patient to exercise their rights.

+Deleting your LibreView Data Management System Account

If you would like to delete your LibreView Data Management System account, you may do so by logging into your LibreView Data Management System account via www.libreview.com and using the delete account functionality. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

Once your LibreView Data Management System account and any associated personal information has been deleted, you will no longer have access to the LibreView Data Management System and deletion of your account is irreversible. You are not therefore able to reactivate your LibreView Data Management System account or retrieve any personal information, including health-related information, so you may want to download and save any required information before requesting that we delete your account from the LibreView Data Management System.

If your patient has shared their LibreView Data Management System account information with you and requests that we delete their LibreView Data Management System account, once deleted, you will no longer be able to remotely view information from their meter, reader or FreeStyle App.

Abbott reserves the right to delete inactive LibreView Data Management System accounts after six (6) months. We will notify you in advance by sending an email to the email address associated with your LibreView Data Management System account so that you have an opportunity to ensure your account stays current and available for your use.

+Third Party Links to LibreView

LibreView may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Notice, but instead is governed by the privacy notices of those third-party websites. We are not responsible for the information practices of such third-party websites.

+Contact Us

If you have questions, comments, or complaints about our privacy practices, please contact us by clicking on the “Contact Us” link in one of our websites or emailing us at DiabetesCarePrivacy@Abbott.com. Alternatively, you may write to us at:

Attn: Privacy Officer
Abbott Diabetes Care Inc.
1420 Harbor Bay Parkway
Alameda, CA 94502
USA

For HIPAA-related inquiries, please contact us at: DiabetesCareHIPAA@Abbott.com.

For EEA Users see also below under your regional section for additional contact details.

In all communications to us, please include the email address used to create your LibreView Data Management System account and a detailed explanation of your request.

+Changes to this Privacy Notice

If we make material changes to our privacy practices, an updated version of this Privacy Notice will reflect those changes. You will be alerted to updates to this Privacy Notice by email or when you next log into LibreView. You will be notified if there is a new version of this Privacy Notice and will be prompted to read and accept it so that you can continue to access and use your LibreView Data Management System account via LibreView.

Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes, and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Notice.

If you do not agree to the changes to this Privacy Notice, you should delete your LibreView Data Management System account by logging into your account via www.libreview.com and using the delete account functionality.

+INFORMATION YOU MUST PROVIDE TO PATIENTS ABOUT HOW PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, ABOUT THEM AND UPLOADED BY YOU IN THE LIBREVIEW DATA MANAGEMENT SYSTEM IS PROCESSED

YOU AS A PROFESSIONAL USER AND HEALTH CARE PROFESSIONAL ARE A CONTROLLER, EXCEPT AS OTHERWISE PROVIDED IN THIS PRIVACY NOTICE, OF THE PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION OF THOSE OF YOUR PATIENTS FOR WHOM YOU HAVE CREATED A PATIENT PROFILE. YOU MUST NOTIFY YOUR PATIENTS OF ALL OF THE INFORMATION CONTAINED WITHIN THIS SECTION. Abbott processes patient personal information as a ‘controller’ for the purposes set out in this Privacy Notice (see +Abbott’s Use of Your Patients’ Information and +Data Analysis for more information and where your patient has their own LibreView Data Management System account).

+Abbott’s Use of Your Patients’ Information

You should advise your patients that we use their personal information provided by you for the following reasons:

  • to provide them with a LibreView Data Management System account where they have requested the creation of a LibreView Data Management System account based on the invite link you sent so that they will have access to their personal information, including health-related information, in an easy to use and effective manner, to allow them to store, back-up and retrieve historic glucose values and to have continuous access to information about how they manage their diabetes. Provision of a LibreView Data Management System account may also be to a parent/guardian on behalf of a child or on behalf of a person that provides care for another person with diabetes;
  • to help us fix any technical issues with the LibreView Data Management System, including where we contact you or your patient regarding important product or performance issues, or where we respond to your or your patients’ questions or respond to request for support, troubleshooting or any performance issues as set out in greater detail in our Abbott Diabetes Care Customer Support Privacy Notice which you can access at https://www.diabetescare.abbott/customer-privacy.html; and where your patient shares diagnostic/troubleshooting data, including health-related information, with us and where we perform broader analysis to detect systemic issues.
  • where they have opted in, to provide patients with LibreView Data Management System accounts with marketing information, which may be tailored based on the information uploaded or connected to their LibreView Data Management System account (including their health-related information). If they have opted in, they will also be provided with an opportunity to opt-out through each marketing communication they receive from us; and
  • to contact them in order to learn more about their use of the LibreView Data Management System

+Data Analysis

Abbott uses de-identified, pseudonymized, aggregated and/or anonymized information for limited purposes. Our parent company Abbott Laboratories assists us as a data processor with this data analytics process. In particular, Abbott Laboratories helps us with the processes related to de-identifying, pseudonymizing, aggregating and/or anonymizing your patients’ personal information. This information is securely held by Abbott and will not be used to identify you individually by name or email address. The purposes for which Abbott will use this information are:

  • to improve the quality, security and effectiveness of medical devices and systems and to allow for the development of innovative and effective treatment for and management of diabetes in the interests of public health;
  • to create, access, retain, use and disclose to our affiliated companies and to third party researchers, health care entities or professionals, or public health authorities for the purposes of scientific research, statistical purposes and analysis;
  • to evaluate how the LibreView Data Management System is provided and used and its effectiveness, including its performance or impact on users (including base user demographics, such as geography);
  • to research, develop and test health care systems and management;
  • to validate upgrades, and to keep the LibreView Data Management System safe and secure;
  • to research, develop and test medical devices, including new and existing features and functionality and to test and improve the LibreView Data Management System for product development, data analysis, statistical and survey purposes; and
  • to perform broader analysis to detect systemic issues for public interest in the area of public health.

Abbott conducts product usage analysis based on de-identified and pseudonymized, aggregated and/or anonymized data for limited purposes, in particular to help us understand the performance of the LibreView Data Management System. This information is also available to Newyu as the developer of LibreLinkUp App and LibreView.

We use the terms ‘de-identified’ and ‘pseudonymized’ interchangeably. US health insurance portability law (HIPAA) describes de-identified information as information where ‘there is no reasonable basis to believe that the information can be used to identify an individual’. The EU General Data Protection Regulation (2016/679) (GDPR) defines ‘pseudonymization’ as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information’.

For more information about HIPAA, please see our HIPAA Notice of Privacy Practices and +USA below for further information. For more information about GDPR, please see +EEA and Switzerland below.

When we conduct data analysis we use limited demographic information, such as year of birth and country of residence. This limited demographic data is paired with LibreView Data Management System data (such as account settings, glucose target ranges, mealtime patterns, usage days, average glucose results, and so on). A data set processed for data analysis purposes will never include a Professional User’s or patient’s name, address, phone number or email address. Aggregated information processed for data analysis is statistical information combined from several measurements. We take steps to ensure there is no reasonable way that de-identified, pseudonymized or aggregated data can be used to identify an individual. Abbott will not combine such de-identified, pseudonymized and/or aggregated information with any other information that can be used to identify patients.

Anonymized data is information that does not relate to a person and from which a person cannot be identified, and this kind of data usually falls outside privacy and data protection laws.

If your patient uses the FreeStyle Desktop Software: information uploaded to the LibreView Data Management System is hosted separately and independently from the FreeStyle Desktop Software. Abbott will never combine these data (the de-identified data obtained through the FreeStyle Desktop Software and the data uploaded to the LibreView Data Management System). Abbott uses administrative, technical and organizational measures to ensure that these data flows remain separate.

+Record Retention

You should inform your patients that Abbott will continue to store personal information while there is an active LibreView Data Management System account. Their LibreView Data Management System account will be considered to be inactive once there has been no activity on it for six (6) months. If their LibreView Data Management System account is considered inactive, all personal information, including data derived from their use of the LibreLinkUp App, FreeStyle App, or a FreeStyle meter or reader, from the computer used to interact with LibreView and health-related information associated with that account may be de-identified for the purposes set out in the section entitled +Data Analysis and all other personal information may be permanently and irrevocably deleted. We will notify individuals in advance by sending an email to the email address associated with their LibreView Data Management System account so that they have an opportunity to ensure that their account stays current and available for your use.

If your patients did not opt to create a LibreView Data Management System account, your patients’ personal information, as contained within their patient profile, will be retained for as long as you have an active LibreView Data Management System account, unless you choose to delete that information sooner.

+How Abbott Protects the Privacy of Children

Where your patient is a child, you should advise their parent/guardian of the following:

  • When you invite a child to register for a LibreView Data Management System account, you are required to enter the email address of their parent/guardian as children are not permitted to hold their own LibreView Data Management System account. Where required, you may need to obtain the consent of the child’s parent/guardian for their child to be able to use the LibreView Data Management System, and upon obtaining such consent, a LibreView Data Management System account will be created for use by the child.
  • If you have a child patient already authorized by his/her parent/guardian to use an existing LibreView Data Management System account, the parent/guardian will be notified and must authorize the sharing of the information contained within the LibreView Data Management System account being used by the child, with you. We will send parents/guardians notice via their registered email address when such settings have been accessed, and it is the parent’s/guardian’s responsibility to manage these settings for the child.
  • At any time, a parent/guardian may stop the collection of a child’s personal information, including health-related information, by requesting that Abbott delete the LibreView Data Management System account they set up for use by their child by contacting us at DiabetesCarePrivacy@Abbott.com. Such requests will result in the deletion of the account being used by the child, and you should advise the parent/guardian that we retain aggregated and de-identified information and may need to retain certain personal information as required by law.

+Data Storage

You should inform your patients that Abbott uses Amazon Web Services (AWS) to host LibreView Data Management System accounts in the cloud. The servers that host LibreView Data Management System accounts may be located in North America, Europe and the Asia Pacific region. If you reside in a member country of the European Union (EU), your personal information and health-related information you upload to your LibreView Data Management System account will be stored on servers within the territory of the European Union. For French users Abbott hosts LibreView Data Management System accounts with OVH. OVH is accredited by the French agency for digital health, the ASIP Santé to host health-related information. The personal information and health-related information you upload to their LibreView Data Management System account, or your LibreView Data Management System account which contains their patient profile, will be stored in the region closest to the patient’s country of residence or otherwise in accordance with the data storage and privacy requirements of your selected country/region. When the patient’s personal information is hosted in a country other than the country it selected (or you selected on its behalf), it may become subject to the laws of the host country, which may not be equivalent to the laws of the country you selected. Abbott has implemented appropriate security measures and controls to protect personal information.

+How Abbott Shares Personal Information of your Patients with Third Parties

You should inform your patients that we share their personal information as follows.

Abbott Laboratories: We share their personal information with our parent company to assist us as a data processor with the data analytics process, in particular, the processes related to de-identifying, pseudonymizing, aggregating and/or anonymizing information and to assist with IT operations to support the diagnostic data platform.

Third-party suppliers: We share their personal information with third-party suppliers to provide, maintain, host, and support the LibreView Data Management System. Newyu will process personal information, including health-related information, on our behalf as a third-party supplier and as our Business Associate under HIPAA (please see our HIPAA Notice of Privacy Practices at HIPAA Notice of Privacy Practices and the section entitled +USA below for further information). Abbott uses Amazon Web Services (AWS) and other cloud providers to host LibreView Data Management System accounts in the cloud. Where we provide personal information to third-party suppliers to assist us with the provision of the LibreView Data Management System account, they are required to keep personal information confidential and secure and to use Personal Information to the minimum extent necessary. Where possible, Abbott uses third party service providers to report system errors so that we can support and improve the LibreView Data Management System and in such instances the information sent to such third parties will not involve the use of personal information.

Abbott uses third-party service providers to provide the LibreView Data Management System. The information sent to such third parties will not involve the use of personal information.

Abbott uses AWS and OVH in France to store LibreView Data Management System accounts (please see the section entitled +Data Storage for further information). Abbott uses Lomaco et AGPS to ensure invoicing of telemedicine acts in France to the social security system.

Local affiliated Abbott companies: Where your patients opt-in to receive direct marketing communications from us, we may share their personal information, such as name and email address but not health-related data, with local affiliated Abbott companies with whom we are jointly marketing a product or service or jointly conducting a program, survey or activity. For patients located in the United States of America, provided that such disclosure complies with HIPAA (please see the section entitled +U.S. for further information). Where we require assistance from Abbott companies in your region to address diagnostic/troubleshooting and the fault your patient has reported, we will share the minimum of your patient’s personal information necessary to them.

Other third parties: We may share de-identified, pseudonymized, aggregated, and/or anonymized information with affiliated Abbott companies and with other third parties for the purposes relating to the +Data Analysis set out above. This is information that Abbott securely holds and will not be used to identify your patients individually by name or email address.

We also may share Personal Information with third parties where your patient has expressly asked us to do so, including where they use the share functionality in the FreeStyle App or choose to share reports with you. We will not sell or license Personal Information to third parties except in connection with the sale, merger, or transfer of a product line or division, so that the buyer can continue to provide you with information and services. For the avoidance of doubt, we will never sell Personal Information for commercial purposes to third parties and we may only share Personal Information with third parties where you have provided consent or where permitted by applicable law.

For FreeStyle App users with Android devices, Android requires location services permissions to be granted in order to connect apps with Bluetooth devices. Google’s Location Services include features that collect a user’s precise location data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. This data will be collected by Google if a user grants access to his or her location. For more information on Google’s privacy practices relating to this data, please see Android’s support website. After the initial connection between the FreeStyle App and a Sensor, you may choose to stop sharing location data with Google using your mobile device settings, but you will have to turn on Google’s Location Services to connect a new Sensor. Abbott will not use your Personal Information derived from Google’s Location Services.

We reserve the right to disclose Personal Information to respond to authorized information requests from government authorities, to address national security situations, or when otherwise required by law. Furthermore, where permitted or required by law, we may also disclose the information we collect from your patients where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice, or as evidence in litigation in which we are involved. Personal Information may be subject to foreign laws and may be accessible by foreign governments, courts, law enforcement, and regulatory agencies.

+Security of Your Patients’ Personal Information

You should inform your patients that we have implemented administrative, technical and physical safeguards to protect personal information, including health-related information, from unauthorized or unlawful access, accidental loss, destruction, damage, misuse, disclosure and alteration, including through the use of cryptographic technologies. Abbott restricts access to personal information by its employees on a need to know basis. Please keep in mind and remind your patients that no internet or Wi-Fi transmission is 100% secure, so please exercise caution when uploading their personal information, especially health-related information, to your LibreView Data Management System account.

You should also inform your patients that FreeStyle sensors transmit personal glucose information to FreeStyle mobile apps and readers using NFC (Near Field Communication) and Bluetooth technologies. NFC and Bluetooth are both secure means of transferring information between devices. NFC has the added level of protection by requiring very close physical proximity.  Bluetooth connections for FreeStyle sensors are established during an encrypted NFC communication between a FreeStyle sensor and a FreeStyle mobile app or reader.

You should also inform your patients that the LibreView Data Management System may be unavailable during periods of routine maintenance.

+Cross Border Transfers of Your Patients’ Personal Information

If your patients are located outside the United States of America, we may occasionally need to access or view their personal information, such as their name and email address, and in certain exceptional circumstances your patients’ health-related information, via a secure network from the United States of America where necessary for us to provide you with technical support or to troubleshoot any LibreView or System issues with your account or a patient profile. More information about how we process personal information for customer support purposes is available in our Abbott Diabetes Care Customer Support Privacy Notice which is available at https://www.diabetescare.abbott/customer-privacy.html.

If your patients request our support and shares their diagnostic/troubleshooting data (including health-related data) from their mobile device through the FreeStyle mobile application, we will transfer their data to the United States of America to the extent it is necessary for us to provide them with technical support and to perform broader analysis to detect systemic issues.

In addition, we also transfer de-identified, pseudonymized, aggregated and/or anonymized data, which does not identify your patients by name, for the purpose of conducting data analysis as described in the section entitled +Data Analysis. The United States of America may not provide data protection or privacy laws equivalent to the laws of their country of residence; however, we put appropriate measures in place to protect personal information.

+How Abbott Sends Marketing and Other Material

Abbott will not send marketing materials to those of your patients for whom you create a patient profile. If, however, your patient has their own LibreView Data Management System account, Abbott (or its affiliates) may send those of your patients who have created a LibreView Data Management System account advertising and marketing-related information or ask if they would like to participate in surveys about diabetes care or other products and services if (where required by law) they opted-in to receive such communications. Such patients may also receive marketing information which is tailored to their specific needs based on the information uploaded or connected to their LibreView Data Management System account (including health-related information). We may also invite them to participate in surveys about our products, provide them with news and newsletters, or to notify them about special offers and promotions. These materials may be sent by us or by an affiliate of Abbott. They may opt out from receiving marketing-related communications by either clicking on the unsubscribe link at the bottom of marketing-related emails we send them or by contacting us at DiabetesCarePrivacy@Abbott.com. We will process opt-out requests without undue delay.

Neither Abbott nor its affiliates or licensors will knowingly send advertising or marketing-related information to children.

Abbott will not sell your patients’ personal information to third parties for direct marketing.

Where patients opt-out of receiving marketing-related information about diabetes care, we or Newyu may send them non-marketing related information. This information may be in relation to necessary system and service updates or issues relating to product safety.

+How Individual Users Can Access and Correct Personal Information and Their Rights

Once device related data is uploaded to the LibreView Data Management System, it may not be changed by Abbott. Where a patient has created a LibreView Data Management System account, they may correct their profile information via their account settings.

Depending on your patients’ place of residence, they may have the right to: (a) access the personal information we hold about them; (b) request we correct any inaccurate personal information we hold about them; (c) delete any personal information we hold about them; (d) restrict the processing of personal information we hold about them; (e) object to the processing of personal information we hold about them; and/or (f) receive any personal information they have provided to us on the basis of your consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company by using the export function in their LibreView Data Management System account, where accessible. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit your patients’ data to another company.

Where a patient requests to exercise such rights to the personal information you hold about them, for example in their patient profile, you are responsible for handling their request in accordance with applicable data protection and privacy laws.

Where you have created or added a patient to the LibreView Data Management System, we will co-operate with you to delete their information following notice from you to remove them from the LibreView Data Management System.

COUNTRY SPECIFIC PROVISIONS FOR PROFESSIONALS

+Argentina

The Public Information Access Agency, in its capacity as supervisory body of Act No. 25.326, has jurisdiction over all accusations and complaints made by those affected in their rights for infringements to regulations in force referred to the protection of personal information.

+Australia

If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principle (“APPs”) or a privacy code that applies to us, or if you have any queries or concerns about our Privacy Notice or the way we handle your personal information, please contact us using the details above and we will take reasonable steps to investigate and respond to you.

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. See http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office. We are not likely to disclose personal information overseas, except as permitted by the Privacy Act 1988 (Cth), unless we otherwise advise you in writing. We may transfer personal information to the United States. You consent (or, in the case of your patients’ personal information commit to obtaining the necessary consent) to that disclosure and agree that by giving or obtaining that consent, Australian Privacy Principle 8.1 no longer applies, and we are not required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.

+EEA and Switzerland

YOU ACKNOWLEDGE AND AGREE THAT WHERE YOU ENTER PATIENT DATA INTO THE LIBREVIEW DATA MANAGEMENT SYSTEM OR USE THE PERSONAL INFORMATION OF ANY INDIVIDUAL WITH A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT FOR THE PURPOSE OF PROVIDING MEDICAL TREATMENT, EXCEPT AS OTHERWISE PROVIDED IN THIS PRIVACY NOTICE, YOU ARE THE CONTROLLER AND ARE RESPONSIBLE FOR COMPLYING WITH APPLICABLE DATA PROTECTION AND PRIVACY LAWS. Where Abbott uses identifiable patient data you enter into the LibreView Data Management System for the purposes of analytics, system troubleshooting, system and/or customer support, research or reporting, Abbott will be the controller and will comply with applicable local data protection and privacy laws. More information about how we process personal information for customer support purposes is available in our Abbott Diabetes Care Customer Support Privacy Notice which is available at https://www.diabetescare.abbott/customer-privacy.html Where your patient has independently created a LibreView Data Management System account, either for their own use or for the use of a child or other person for whom they provide care, Abbott will be the controller and will comply with applicable local data protection and privacy laws. Abbott will treat all such patient personal information for which it is a controller, including health-information, in accordance with the LibreView Individual User Privacy Notice. When your patient has created a LibreView Data Management System account and grants you access to that account or where you set up a LibreView Data Management System account for your patient, Abbott (through the LibreView Data Management System) will be processing both your and your patient’s personal information as a ‘data processor’ on your behalf as a healthcare professional where you process your patient information to protect their vital interests as determined in your sole discretion as their healthcare professional.

You should ensure that your patients are made aware of the following information, which applies equally to them and to you:

Both you and your patients have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott’s processing of your personal information. The contact details of our European data protection officer along with other useful contact information are available at www.EU-DPO.abbott.com.

If you or your patients would like to exercise any rights in respect of your personal information, as set out in the Privacy Notice, and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”), or other right as applicable in the subject line of the email. We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirement.

Abbott processes personal information as a controller based on the following legal bases as set out in the GDPR:

  • Abbott’s legitimate business interests when we de-identify, pseudonymize, aggregate and/or anonymize data to better understand how you interact with and use the LibreView Data Management System, including its functionality and features.
  • Abbott’s legitimate business interests and consent to send marketing information connected with your LibreView Data Management System account from your local Abbott company. Please note that Abbott will only send marketing communications to patients that have a LibreView Data Management System account and where they have opted in to receive marketing-related communications.
  • Public interest in the area of public health, including where you receive reimbursement or are otherwise entitled to public funding for use of Abbott’s medical devices, to monitor and improve the quality, security and effectiveness of medical devices and systems, to identify and implement quality improvements or new developments and where we use information obtained from your use of the LibreView Data Management System to help us fix or enhance the LibreView Data Management System.
  • Public interest in the area of public health and to conduct scientific research when we de-identify, pseudonymize and/or aggregate information in the LibreView Data Management System. We also conduct data analytics on anonymized data which is not subject to EU data protection laws.
  • Patients’ consent when they share their diagnostic/troubleshooting data (including health-related data) with us from their mobile device through the FreeStyle App if necessary for us to respond to their request for support, such as diagnostic and troubleshooting of any performance issues.
  • Public interest in the area of public health when we de-identify, pseudonymize and/or aggregate diagnostic/troubleshooting data that you share with us from your mobile device through the FreeStyle App to perform broader analysis to detect systemic issues.
  • Legal requirements related to the regulation, quality and safety and post-market surveillance of medical devices.

+EU Representatives

Abbott has appointed the following local representatives in the EU:

Country Representative name Representative address
Austria Abbott Gesellschaft m.b.H. Perfektastraße 84A 1230 Vienna, Austria
Belgium Luxembourg Abbott S.A. Einstein 14, 1300 Wavre, Belgium
Czech Republic Croatia Abbott Laboratories, s.r.o. Prague 6 Hadovka Office Park Evropská 2591/33d, Prague 160 00, Czech Republic
Denmark Abbott A/S Emdrupvej 28 C DK – 2100 Copenhagen, Denmark
Finland Abbott OY Pihatorma 1AFIN 02240 ESPOO, Finland
France Abbott France S.A.S Batiment Florence, 3 Place Gustave Eiffel, Rungis 94518, France
Germany Abbott GmbH & Co. KG Max-Planck-Ring 2, 65205 Wiesbaden, Deutschland
Greece Abbott Laboratories (Hellas) A.B.E.E.E. Vouliagmesis Ave 512, 174 56 Alimos, Greece
Hungary Abbott Laboratories (Hungary) Health Products and Medical Equipment Trading and Servicing Limited Liability Company 1095 Budapest, Lechner Odon fasor 7, Budapest 1106, Hungary
Ireland Abbott Laboratories, Ireland, Limited 4051 Kingswood Drive, City West Business Campus, Dublin 24, Ireland
Italy Abbott S.R.L. Via Amsterdam 125, 00144 Roma, Italia
Netherlands Abbott B.V. Wegalaan 9, 2132 JD Hoofddorp, Nederland
Poland Abbott Laboratories Poland Sp z.o.o. ul. Postepu 21 b, 02-676, Warsaw, Poland
Portugal Abbott Laboratorios, Limitada da Alfragide 67, Alfrapark D, Amadora 2610-008, Portugal
Romania Abbott Laboraboratories SA Abbott Diabetes Care, Romania, Bucuresti 014459, sector 1, Floreasca Business Park, Calea Floreasca 169 A, Corp B, Romania
Slovakia Abbott Laboratories Slovakia s.r.o. Karadzicova 10, 821 08 Bratislava 2, Slovenska republika
Spain Abbott Laboratories, S.A. Costa Brava 13, 28034 Madrid, Spain
Sweden Abbott Scandinavia AB Hemvarnsgatan 9, 171 54 Solna, Sweden
United Kingdom Abbott Laboratories Ltd. Abbott House, Vanwall Business Park, Vanwall Road, Maidenhead, Berkshire SL6 4XE, United Kingdom

+California

California Civil Code Section 1798.83 permits residents of the State of California to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. Abbott is required to respond to a customer request only once during any calendar year. To make such a request you should send a letter to Abbott Diabetes Care Inc., Attn: Privacy Officer, 1420 Harbor Bay Parkway, Alameda, CA 94502, USA. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information sharing that is covered will be included in our response.

You should ensure that your patients are also made aware of this right.

Personal information that is collected via the LibreView Data Management System is governed by HIPAA (for more information please see +USA), however, if you have any questions regarding Abbott’s compliance with the California Consumer Privacy Act (CCPA) and your rights under CCPA, please visit https://www.abbott.com/privacy-policy.html.

+Chile, Colombia and Saudi Arabia

Your consent is required for Abbott to process your personal information generally. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. You may withdraw your consent at any time by logging into your LibreView Data Management System account via www.libreview.com and using the delete account functionality.

You are also responsible for obtaining your patients’ consent for Abbott to process their personal information as described in this Privacy Notice.

+France

It is important when you sign up for a LibreView Data Management System account that you select France as your country of residence as this will determine where your data is stored. If you have incorrectly identified a different country as your country of residence, do not complete the installation. Instead, return to www.libreview.com and click “Sign Up”. The controller for your LibreView Data Management System account is Abbott Diabetes Care, Inc., 1420 Harbor Bay Parkway, Alameda, California 94502 United States. Our local representative is Abbott France S.A.S., Batiment Florence, 3 Place Gustave Eiffel, Rungis 94518, France.

+South Africa

You have the right to lodge a complaint to the Information Regulator regarding the processing of your personal information, by writing to: The Information Regulator, SALU Building, 316 Thabo Sehume Street, PRETORIA, Ms Mmamoroke Mphelo, Tel: 012 406 4818, Fax: 086 500 3351, inforeg@justice.gov.za

You should ensure that your patients are made aware of this right.

+USA

Some functions within Abbott may operate as a “Covered Entity” pursuant to the Health Insurance Portability and Accountability Act and its implementing regulations (collectively “HIPAA”) and may use any patient personal information, including health information, that you provide to us through the LibreView Data Management System for the purpose of improving treatment guidance for patients utilizing Abbott’s FreeStyle family of products, and/or LibreLinkUp App. Abbott’s use of patient personal information, including health information, that you provide to us through the LibreView Data Management System will be additionally governed by our HIPAA Notice of Privacy Practices, available on LibreView at HIPAA Notice of Privacy Practices and which sets out your patients’ rights with respect to any health information provided by you to us.

If you are a California resident, please also see section +California of this Privacy Notice.

If you choose to delete your LibreView Data Management System account, Abbott may also retain any patient personal information, including health-related information, that you provide to us through the LibreView Data Management System for the purpose of improving treatment guidance for patients utilizing Abbott’s FreeStyle family of products, and/or LibreLinkUp App.

It is your responsibility to ensure that your patients are made aware of the following pieces of information:

  • Their health information will be used to provide improved treatment guidance for you and patients using the LibreView Data Management System, as well as for research purposes, Abbott’s health care operations activities, and other purposes and activities as described in this Privacy Notice and our HIPAA Notice of Privacy Practices.
  • Abbott retains the right to maintain any patient personal information, including health information, that you provide to us through the LibreView Data Management System for the purpose of improving treatment guidance for patients utilizing Abbott’s FreeStyle family of products.

Please contact DiabetesCareHIPAA@abbott.com with any questions about your patients’ HIPAA rights.

DOC40648-005_rev-A_en-US