Abbott Diabetes Care, Inc. provides medical professionals (and their duly authorized representatives and agents) who either have registered a practice or have registered as a professional user of the LibreView Data Management System ("Professional Users", "you", "your") and your patients with the FreeStyle family of products. For more information see +About Us and +EU and UK Representatives below.

We are committed to protecting Professional Users' and your patients' personal information. This Privacy Notice explains how we handle and what we do to keep Professional Users' and your patients' personal information secure when using the FreeStyle family of products. We understand that there is a lot of information included in this Privacy Notice. We want to provide you with a short and easily accessible summary of how we collect, protect, retain, store and disclose Professional Users' and your patients' personal information. For more information see +Background of the LibreView Data Management System, +Security of Professional Users' Personal Information and +Security of Professional Users' Patients' Personal Information below.

THIS SUMMARY IS NOT COMPREHENSIVE. YOU WILL NEED TO READ THE RELEVANT SECTIONS OF THE PRIVACY NOTICE BELOW TO FULLY UNDERSTAND HOW WE PROCESS PROFESSIONAL USERS' AND YOUR PATIENTS' PERSONAL INFORMATION.

We use personal information that includes Professional Users' name and contact details, and the names and contact details of the colleagues within a Professional User's practice who also use the Professional User version of LibreView. We process personal information of those of your patients where you input patients' information into the Professional User version of LibreView and when you upload the data from patients' readers, such as how often they scan or use their sensor, or readers, glucose values and targets. We also collect personal information if a Professional User requests customer support and we use cookies on our websites. For more information about Professional Users' and your patient's personal information, see +Personal Information Collection via the LibreView Data Management System and +Country Specific Provisions for Professional Users below. The +Country Specific Provisions for Professional Users supplement and/or amend specific provisions, where required by law, that appear to conflict with the overall contents of this Privacy Notice.

We use personal information to: (1) provide Professional Users with the FreeStyle family of products and services; (2) enable Professional Users' to view their patients' glucose values within the LibreView Data Management System; (3) comply with legal obligations, including those related to medical device safety, quality and improvement, complaints and adverse incident reports; and (4) send Professional Users marketing communications. For more information about our use of Professional Users' personal information, see +Use of Professional Users' Personal Information, +Medical Devices and other Legal Requirements (Professional Users), +Use of Cookies and Similar Technologies on LibreView, +Retention of Personal Information (Professional Users) and +How Abbott Sends Professional Users Marketing and Other Material below. For more information about your patients' personal information, see +Abbott's Use of Your Patients' Information, +Medical Devices and other Legal Requirements (Patients) and +Record Retention (Patients) below.

We strictly limit access to Professional Users' personal information to duly authorized personnel and strictly limit who we share Professional Users' and your patients' personal information with. We will never sell the information to third parties for our commercial benefit. We do share personal information with third party suppliers to provide Professional Users' with FreeStyle family of products, such as our third-party cloud service providers who are required to keep personal information confidential and secure. Wherever we provide personal information to third-party suppliers, they are required to comply with the conditions set forth in this document and keep personal information confidential and secure and to use Professional Users' personal information to the minimum extent necessary. For more information about data security, see +Security of Professional Users' Personal Information, +Security of Professional Users' Patients' Personal Information, +Disclosure of Professional Users' Personal Information by Us below. For more information about your patients' personal information, see +How Abbott Shares Personal Information of Professional Users' Patients with Third Parties below.

Where a Professional User's location grants you and your patients certain rights in relation to their personal information, we will work with you to respond to such requests. For more information about Professional Users' personal information, see +How Professional Users Can Access and Correct Personal Information and Their Rights below. For more information about Professional Users' patients' personal information, see +How Professional Users' Patients Can Access and Correct Personal Information and Their Rights below.

We store personal information on servers provided by third party companies located in the country closest to the Professional Users' country of residence. For more information about the Professional Users' personal information, see +Data Storage (Professional Users) and +Cross-Border Transfers of Professional Users' Personal Information below. For more information about your patients' personal information, see +Data Storage (Patients) and +Cross-Border Transfers of Professional Users' Patients' Personal Information.

Please contact us if you have any questions, comments or complaints. You can do this by emailing us at DiabetesCarePrivacy@abbott.com or DiabetesCareHIPAA@abbott.com for HIPAA-related inquiries. If you are a Professional User located in the European Economic Area, you may contact our European data protection officer or may make a complaint to your local data protection authority. The contact details, as well as other useful contact information, are available at www.EU-DPO.abbott.com. For more information, see +Contact Us below.

If you are a Professional User located in Brazil, you may contact our local data protection officer, Juliana Ruggiero, at privacybrasil@abbott.com or may make a complaint to the local data protection authority. For more information, see +Contact Us below.

When we update this Privacy Notice with material changes, we will alert Professional Users via the LibreView website, or by other means. For more information, see +Changes to this Privacy Notice below.

ABBOTT PRIVACY NOTICE
FOR PROFESSIONAL USE OF LIBREVIEW DATA MANAGEMENT SYSTEM

Effective Date: June 2021

Abbott Diabetes Care, Inc. ("Abbott" or "us", "our", "we") recognizes the importance of data protection and privacy and is committed to protecting personal information, including health-related information. This Privacy Notice describes how Professional Users' personal information and the personal information provided to Abbott by a Professional User about your practice, including patient personal and health-related information, is collected and used by Abbott and how it is uploaded, transmitted and stored within the LibreView Data Management System. References in this Privacy Notice to "affiliate companies" or "third parties" are those of Abbott's affiliate companies and third parties listed in the section titled +Disclosure of Professional Users' Personal Information by Us.

Please read this Privacy Notice carefully before creating a LibreView Data Management System Professional User account as it applies to the processing, transfer and storage of personal information by Abbott, certain affiliated companies and our processors (as described below) input or uploaded by Professional Users to the LibreView Data Management System. Certain of our affiliated companies and our processors may have access to this personal information, including health-related information of your patients, if, for example, such access is required to resolve a customer service issue Professional Users may have with the LibreView Data Management System. This Notice also sets out the information that you, as a Professional User, should provide to your patients (as set out in the +Information Professional Users Must Provide To Patients About How Personal Information, Including Health-Related Information, About Them Is Uploaded By A Professional User And Processed In The LibreView Data Management System section).

This Privacy Notice only applies to professional visitors to LibreView and to professionals that create a LibreView Data Management System account as a Professional User. This Privacy Notice does not apply to personal information collected through the use of other websites controlled by other Abbott affiliates or subsidiaries or via other methods, such as other Abbott websites, other Abbott customer call centers, or use of the FreeStyle Desktop Software, and other privacy policies may apply to the personal information processed or collected through these methods.

BY ACCEPTING OR AGREEING TO THIS PRIVACY NOTICE AND CREATING A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT AS A PROFESSIONAL USER, YOU EXPLICITLY ACKNOWLEDGE THAT YOUR USE OF THE LIBREVIEW DATA MANAGEMENT SYSTEM IS SUBJECT TO THIS PRIVACY NOTICE AND TO THE PROCESSING AND TRANSFER OF PERSONAL INFORMATION INCLUDING THE HEALTH-RELATED INFORMATION OF YOUR PATIENTS, AS DESCRIBED IN THIS PRIVACY NOTICE AND THAT YOU AS A PROFESSIONAL USER HAVE OBTAINED THE APPROPRIATE AUTHORIZATIONS, CONSENTS OR PERMISSIONS FOR YOU, YOUR PRACTICE AND YOUR PATIENTS, AS APPLICABLE, TO ACCEPT THIS PRIVACY NOTICE.

AS A PROFESSIONAL USER, YOU AGREE THAT YOU HAVE INFORMED YOUR PRACTICE AND YOUR PATIENTS THAT THEIR CONSENT IS AT THEIR FREE WILL AND YOU ACKNOWLEDGE THAT YOU AND THEY ARE NOT UNDER ANY LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION TO ABBOTT.

Abbott Diabetes Care, Inc. of 1420 Harbor Bay Parkway, Alameda, CA 94502, USA is the developer of FreeStyle family of products that include FreeStyle branded sensors, readers, and mobile applications ("FreeStyle App"). We have appointed representatives in the EU and UK. A full list of our EU and UK representatives is available at +EU and UK Representatives. References in this Privacy Notice to "affiliate companies" or "third parties" are those of Abbott's affiliate companies and third parties listed in the section titled +Disclosure of Professional Users' Personal Information by Us.

The LibreView website ("LibreView") and the LibreLinkUp mobile app ("LibreLinkUp App") have been developed by Newyu, Inc., a subsidiary of Abbott ("Newyu"). The LibreView and/or the LibreLinkUp App when used together with FreeStyle family of products make up the "LibreView Data Management System".

Abbott is a controller of the personal information you as a Professional User provide when creating your LibreView Data Management System account.

YOU AS A PROFESSIONAL USER ARE A CONTROLLER OF YOUR PATIENTS' PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION, WHERE YOU CREATE A PATIENT PROFILE IN THE LIBREVIEW DATA MANAGEMENT SYSTEM AND ENTER SUCH INFORMATION INTO THAT PROFILE. PROFESSIONAL USERS SHOULD NOTIFY SUCH PATIENTS ABOUT THE PROCESSING OF THE PATIENTS' PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, VIA THE LIBREVIEW DATA MANAGEMENT SYSTEM, INCLUDING ACCESS BY ABBOTT AS REQUIRED TO PROVIDE AND SUPPORT THE LIBREVIEW DATA MANAGEMENT SYSTEM. Abbott will process personal information of Professional User's patients, including health-related information, as set out in this Privacy Notice (see +Abbott's Use of Your Patients' Information and +Medical Devices and other Legal Requirements (Patients). THE NOTICE PROFESSIONAL USERS SHOULD PROVIDE TO THEIR PATIENTS ABOUT ABBOTT'S PROCESSING OF SUCH PATIENTS' PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION, is described in +Information Professional Users Must Provide To Patients About How Personal Information, Including Health-Related Information, About Them Is Uploaded By A Professional User And Processed In The LibreView Data Management System.

The term "controller" is used here in a manner consistent with the EU General Data Protection Regulation or equivalent terms in other applicable data protection and privacy laws.

"Professional User" includes only those medical professionals (and their duly authorized representatives and agents) who either have registered a practice or have registered as a professional user of the LibreView Data Management System.

The LibreView Data Management System is a cloud-based diabetes information management system that may be used by Abbott, Professional Users, and patients to aid in the review, analysis and evaluation of patients' historical glucose data, glucose test results, ketone test results and user-entered information including insulin, food, exercise, and notes to support an effective diabetes health management program. The LibreView Data Management System allows patients to create their own LibreView Data Management System account either via the FreeStyle App or via LibreView. When a patient creates a LibreView Data Management System account, they are able to upload data from the sensor via their FreeStyle App or their reader and share that information with Professional Users. This allows Professional Users to manage the care of patients who have a LibreView Data Management System account and share patient reports with other professional users in their practice. In countries where applicable, if a patient uses the FreeStyle App without creating a LibreView Data Management System account, or when a patient signs out of their LibreView Data Management System account, their personal information and glucose values will only be stored locally on their smartphone or reader, and they will not be able to share glucose values and related data with Professional Users through the LibreView Data Management System. When a patient creates a LibreView Data Management System account, Abbott is also a controller of the patients' personal information (separate from and independent of their Professional User) and Abbott provides such patients with an Individual User Privacy Notice.

Alternatively, the LibreView Data Management System allows Professional Users to create patient profiles and connect the patient's reader and upload the patient's information to their own Professional User LibreView Data Management System account. Professional Users are also able to use the LibreView Data Management System to send patient reports directly to their electronic medical record systems in countries where this is permitted, such as in the United States, or where the patient opts-in or otherwise consents to this data sharing if they are in a country that requires them to opt-in or consent. If a patient has a LibreView Data Management System Account, Abbott will be responsible for obtaining the patient's opt-in or consent, if required, but if the patient does not have a LibreView Data Management System account, the Professional User will be responsible for obtaining the patient's opt-in or consent, if required.

The LibreView Data Management System also allows Abbott to provide improved guidance for patients utilizing Abbott's readers and mobile apps. It also enables Abbott to improve quality, security and effectiveness of medical devices and systems and allows Abbott to develop innovative and effective treatments for, and management of, diabetes in the interest of public health.

AS A PROFESSIONAL USER YOU ARE RESPONSIBLE FOR (I) ANY PATIENT INFORMATION YOU ENTER INTO THE LIBREVIEW DATA MANAGEMENT SYSTEM, (II) THE PERSONAL INFORMATION OF OTHER PROFESSIONALS YOU INVITE TO JOIN A PRACTICE ACCOUNT, AND (III) YOUR USE OF THE PERSONAL INFORMATION OF ANY PATIENT WITH AN INDIVIDUAL LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT WHO SHARES DATA WITH YOU OR YOUR PRACTICE. AS A PROFESSIONAL USER YOU ARE THEREFORE RESPONSIBLE FOR COMPLYING WITH APPLICABLE DATA PROTECTION AND PRIVACY LAWS AND FOR OBTAINING, WHERE REQUIRED, ANY CONSENTS (INCLUDING EXPLICIT CONSENT) NEEDED UNDER APPLICABLE LAW.

This Privacy Notice applies to the personal information collected as part of a Professional User's use of their LibreView Data Management System Professional User account, including:

  • personal information you submit when creating a LibreView Data Management System account as a Professional User (either independently or in response to an invitation from a health care professional in your practice), which may include a Professional User's name, phone number (where applicable), email address, and the name of their healthcare organization and address, used for the purpose of providing Professional Users with a Professional User account;
  • the email addresses of other health care professionals in your practice, where you invite them to join the LibreView Data Management System, used for the purpose of allowing other health care professionals in the Professional User's practice to sign up for their own LibreView Data Management System account;
  • personal information, including health-related information, of your patients that Professional Users enter into the LibreView Data Management System when creating a patient profile;
  • personal information, including health-related information, that Professional Users upload from a patient's reader to the LibreView Data Management System so that Professional Users can be provided with information about how patients are managing their diabetes. By uploading patient information, a Professional User is able to access and display data from your patients' readers (such as how often they scan or use their sensor, their use of readers, glucose targets, glucose values, logged insulin, logged food, logged exercise and other logged notes, information about sensor: sensor generation, sensor started and ended information, Bluetooth connection and disconnection data, information about whether glucose information has been viewed by a patient (where applicable);
  • personal information, including demographic and health-related information, of your patients that you as a Professional User share with other healthcare professionals within your practice, so that both the Professional User and the other healthcare professional can be provided with information about how patients are managing their diabetes;
  • personal information Professional Users provide to us when you report a complaint or adverse event, so that we can fulfill our legal requirements as a medical device manufacturer;
  • personal information Professional Users provide to us when you request customer or technical support related to your LibreView Data Management System account so that we can provide you with support; and
  • information about your use of LibreView through cookies and other technologies (please see the section titled +Use of Cookies and Similar Technologies on LibreView for more information): your domain name; your browser type and operating system; your IP address; and other troubleshooting data.

Where you as a Professional User create a practice account on the LibreView Data Management System you will be required to provide us with practice information, which includes the practice name, address, phone number and whether you wish to transfer your existing patients into the practice account. When you as a Professional User create a practice account, you become the administrator for that practice account. An automatic practice ID is assigned to each practice account and providing that ID to your patients will allow them to connect with your practice account.

To invite a patient to create a LibreView Data Management System account, you as a Professional User may be required to enter the patient's name, phone number, date of birth, country, and email address for adult users and, in the case of pediatric use, the email address of the parent/guardian, the child's name, date of birth and country. If the patient invited by the Professional User has already registered for a LibreView Data Management System account, when the Professional User connects with that patient, the Professional User will see patient account information and previous uploads of data from their compatible sensors, readers and related statistics. In addition to the categories of information listed here, other categories of personal information may be collected from patients on occasion and in relation to certain programs. If and when that collection of information is necessary, we will explain how that information is collected, used, and shared. If there is any conflict between that explanation and this Privacy Notice, the explanation supersedes this Privacy Notice.

You as a Professional User may also create patient profiles where you can upload information from a patient's reader to the LibreView Data Management System, without inviting the patient to create a LibreView Data Management System account. Professional Users may delete patient profiles and any information you enter into such profiles at any time. To create a patient profile, you may be asked to enter the following information: patient's name, phone number, date of birth and email (optional).

Abbott will use Professional Users' personal information collected via the LibreView Data Management System to provide you with a LibreView Data Management System Professional User account and to:

  • give you access to information about your patients in an easy to use and effective manner;
  • help us address any technical issues related to the LibreView Data Management System or contact you regarding important product or performance issues;
  • respond to your questions or requests for support, troubleshooting or any performance issues as set out in greater detail in the privacy policy relevant to the Professional Users' country of residence which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html;
  • better understand how you interact with and use the LibreView Data Management System, including its functionality and features;
  • contact you to obtain further information about you and your use of the LibreView Data Management System; and
  • provide Professional Users with marketing information where you have opted-in to receive such communications.

Abbott may use personal information relating to Professional Users to comply with various legal requirements. For example, as a medical device manufacturer, Abbott has certain legal obligations to help ensure the ongoing safety of its devices. This may require Abbott to share personal information with regulatory authorities (e.g., where a Professional User reports an adverse incident relating to an Abbott device). Information Abbott may be required to share is not used to identify Professional Users individually, except where there is a legal obligation to include this information, such as when Professional Users report a complaint or adverse incident. Our parent company, Abbott Laboratories, assists us as a processor to ensure such information does not identify a Professional User by de-identifying, pseudonymizing, aggregating and/or anonymizing personal information.

The legal requirements for which Abbott may use this information include:

  • ensuring the ongoing safety of a device and any future development;
  • monitoring and improving the quality, security and effectiveness of medical devices and systems;
  • validating upgrades, and keeping the LibreView Data Management System safe and secure;
  • identifying options to improve the usability, performance and safety of the LibreView Data Management System.
  • testing and evaluating the LibreView Data Management System to improve product features and functionality; and
  • where required by law, responding to requests from any competent law enforcement body, regulatory or government agency, court or other third party where we believe the disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us, or to protect the safety, rights, or property of our customers, the public, Abbott or others, and to exercise, establish or defend Abbott's legal rights or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice, or as evidence in litigation in which we are involved.

We use the terms 'de-identify' and 'pseudonymize' interchangeably. The US Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) describe de-identified information as information where 'there is no reasonable basis to believe that the information can be used to identify an individual'. The EU General Data Protection Regulation (2016/679) (GDPR) defines 'pseudonymization' as 'the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information'. Anonymized data is information that does not relate to a person and from which a person cannot be identified, and this kind of data is not subject to data protection and privacy laws.

For more information about HIPAA, please see our Abbott Diabetes Care Notice of Privacy Practices and the +USA section below. For more information about GDPR, please see +European Economic Area, UK and Switzerland below.

We use cookies and similar technologies on LibreView to collect technical information. Cookies are text files containing small amounts of data that are downloaded to your computer when you visit a website. Cookies are useful because they allow us to recognize your computer and improve your experience on our websites. We also use Google's reCAPTCHA service to maintain the integrity of LibreView. The use of the reCAPTCHA service is subject to Google's Privacy Policy and Terms of Use.

Your web browser (such as Internet Explorer, Firefox, Safari or Chrome) then sends these cookies or similar technologies back to the website on each subsequent visit so that we can recognize you. These cookies can only be read by the server that sent them to your browser. Our systems may not recognize Do Not Track (DNT) headers or similar mechanisms from some or all browsers.

The cookies and similar technologies used on LibreView collect the following technical information: your domain name, browser type and operating system, IP address, and troubleshooting data, all of which are necessary to provide the LibreView Data Management System to you.

There are various ways that you can control and manage your cookies. Please remember that any settings you change will not just affect these cookies used by LibreView. These changes may apply to all websites that you visit (unless you choose to block cookies from particular sites).

LibreView uses the following types of cookies:

  • Cookies that are strictly necessary for us to operate and secure access to LibreView and to recognize you when you login to your LibreView Data Management System account.
  • Functionality and security cookies are used to help LibreView display the correct date and time for your user sessions and to help us protect the integrity of LibreView and to keep LibreView secure.

To find out more about cookies visit https://www.allaboutcookies.org.

Abbott will retain personal information associated with a Professional User account for the following periods for these purposes:

  • Creation/Use of a LibreView Data Management System account: for a period of 6 months following your last use of your account, and, where you contact us for customer support, for a period of at least 2 years but no longer than 10 years from the last date the device was made available for sale to the public by Abbott, or longer if required by law;
  • Diagnostic/troubleshooting data (U.S. only): pursuant to the U.S. Food and Drug Administration requirements related to diagnostic and troubleshooting data, contact information is kept for as long as a customer support ticket remains live. Once we have resolved or closed your customer support ticket, we retain your contact information and details of the fault for the longer of 2 years after you reported the fault or 10 years after the product is no longer manufactured. For further information visit https://freestyleserver.com/Payloads/cig/lrd/pn/DOC41501-020_rev-B-Attachment-2.html;
  • Marketing: we will provide you as a Professional User with marketing-related information unless and until you opt-out; or for a period that complies with applicable legal requirements; and
  • Medical Devices and Other Legal Requirements: as legally required for a maximum period of ten (10) years from the last date the device was made available for sale to the public by Abbott or other legally required retention period.

Unless otherwise stated above, Abbott will continue to store personal information associated with a Professional Users' LibreView Data Management System account while you have an active account. A LibreView Data Management System Professional User account will be considered to be inactive once there has been no account activity for six (6) months. If a LibreView Data Management System Professional User account is considered inactive, all personal information associated with that account, including any patient profiles created, may be permanently and irrevocably deleted, subject to compliance with applicable law. LibreView should not be used as a patient health record and Professional Users must download or print out information you may require from the LibreView Data Management System. The deletion of a LibreView Data Management System Professional User account will not have an impact on any individual user account created by any of your patients independently. We will notify Professional Users in advance by sending an email to the email address associated with the LibreView Data Management System account so that you have an opportunity to ensure your account stays current and available for your use. The section titled +Deleting A LibreView Data Management System Professional User Account explains how you as a Professional User can delete your account and what happens to your personal information once your account has been deleted.

We share personal information including health-related information with the following and in each case only the minimum amount of personal information necessary for the purposes for which the third party is engaged:

Abbott Laboratories: We share personal information with our parent company to assist us as a processor with tasks such as de-identifying, pseudonymizing, aggregating and/or anonymizing information.

Newyu (Abbott's subsidiary): As the developer and operator of LibreView and the LibreLinkUp App, Newyu will process personal information, including your patients' health-related information as either a "processor", or under HIPAA, as our Business Associate (please see our Abbott Diabetes Care Notice of Privacy Practices and the section titled +USA below for further information). Newyu may need to process personal information to resolve a customer service or technical issue where the issue cannot be resolved by your local Abbott customer support team.

Third-party suppliers: We share personal information with third-party suppliers as needed to provide, maintain, host, and support the LibreView Data Management System. Abbott uses Amazon Web Services (AWS), Microsoft Azure and other cloud providers (see below) to host LibreView Data Management System accounts in the cloud. Where we provide your personal information to third-party suppliers to assist us with the provision of your LibreView Data Management System account, they are required to keep your personal information confidential and secure and to use your personal information to the minimum extent necessary. Where possible, Abbott uses third party service providers to report system errors so that we can support and improve the LibreView Data Management System and in such instances, the information sent to such third parties will not involve the use of personal information.

Abbott uses AWS and OVH and/or AWS Paris to store LibreView Data Management System accounts (please see the section titled +Data Storage (Professional Users) for further information). Abbott uses Lomaco et AGPS to ensure invoicing of telemedicine acts in France to the social security system.

Local affiliated Abbott companies: We share personal information with local affiliates so that you as a Professional User can receive direct marketing communications from us (if required by law, you will only receive such communications where you have opted-in).

Other third parties: We may share de-identified, pseudonymized, aggregated, and/or anonymized information with affiliated Abbott companies and with other third parties for the purposes relating to the +Medical Devices and other Legal Requirements (Professional Users) section set out above. This is information that Abbott securely holds and will not be used to identify Professional Users individually by name or email address.

We may also share personal information with third parties (including affiliated Abbott companies) with whom we are jointly marketing a product or service or jointly conducting a program, survey or activity.

We will not sell or license personal information to third parties except in connection with the sale, merger, or transfer of a product line or division, so that the buyer can continue to provide Professional Users with information and services. We also will not sell personal information for commercial purposes to third parties and we may only share personal information with third parties where a Professional User has provided consent or where permitted by applicable law.

We reserve the right to disclose personal information, where required by law, to respond to any competent law enforcement body, regulatory or government agency, court or other third party where we believe the disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us, or to protect the safety, rights, or property of our customers, the public, Abbott or others, and to exercise, establish or defend Abbott's legal rights. Furthermore, where permitted or required by law, we may also disclose the information we collect from Professional Users where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice, or as evidence in litigation in which we are involved. The personal information associated with a Professional User's LibreView Data Management System account may be subject to foreign laws and may be accessible by foreign governments, courts, law enforcement, and regulatory agencies.

We have implemented administrative, technical and physical safeguards to protect personal information, including health-related information, from unauthorized or unlawful access, accidental loss, destruction, damage, misuse, disclosure and alteration, including the use of cryptographic technologies. Abbott restricts access to personal information by its employees on a need to know basis. Personal information including health-related information may only be accessed by duly authorized personnel, respecting the principles of proportionality, and necessity and all personal information is treated confidentiality. Please keep in mind that no internet or Wi-Fi transmission is 100% secure, so please exercise caution when uploading personal information, especially health-related information, to the LibreView Data Management System Professional User account.

FreeStyle sensors transmit personal glucose information to FreeStyle mobile apps and readers using NFC (Near Field Communication) and Bluetooth technologies. NFC and Bluetooth are both secure means of transferring information between devices. NFC provides added protection by requiring very close physical proximity. Encrypted Bluetooth connections for FreeStyle sensors are established during an NFC communication between a FreeStyle sensor and a FreeStyle mobile app or reader.

You as a Professional User are responsible for protecting against unauthorized access to your LibreView Data Management System account, practice and patient profiles. We recommend securing access to LibreView and thereby your practice and patient profiles by always logging-out, choosing a robust password for your LibreView Data Management System Professional User account that nobody else knows or can easily guess, implementing security settings on your smartphone or computer such as a password to access it, keeping your device locked when not in use and keeping your account information and passwords private. Abbott is not responsible for any lost, stolen or compromised passwords or for any activity on Professional Users' LibreView Data Management System account from unauthorized users where caused by a Professional User. If you think your LibreView Data Management System account has been compromised, please contact us as soon as possible at DiabetesCarePrivacy@abbott.com. Please also note that the LibreView Data Management System may be unavailable during periods of routine maintenance.

Abbott uses Amazon Web Services (AWS) and Microsoft Azure to host Professional Users' LibreView Data Management System accounts in the cloud. The servers that host LibreView Data Management System accounts may be located in North America, Europe and Asia, the Middle East and the Asia Pacific countries. If you as a Professional User reside in a member country of the European Union (EU), your personal information uploaded to your LibreView Data Management System account will be stored on servers within the territory of the European Union. For French users, Abbott hosts LibreView Data Management System accounts with OVH and/or AWS Paris. OVH and AWS Paris are accredited by the French agency for digital health, the ASIP Santé, to host health-related information. The personal information (including your patients' health-related information) you upload to your LibreView Data Management System account will be stored in the country closest to your country of residence or otherwise in accordance with the data storage and privacy requirements of your selected country. When your personal information is hosted in a country other than the country you selected, it may become subject to the laws of the host country, which may not be equivalent to the laws of the country you selected. Abbott has implemented appropriate security measures and controls to protect your personal information. For more information about our global server locations and on which server personal information is stored, please see https://files.libreview.io/files/globalLogos/pp-image.png.

If you as a Professional User select a country outside the United States of America as your location, we may occasionally need to access, transfer or view your personal information in order to provide you with technical support related to your LibreView Data Management System Professional User account and/or support and maintain the LibreView Data Management System. The personal information may include your name, email address, and in certain exceptional circumstances where the issue requires the support team to view patient personal information, the health-related information of your patients. Access to personal information is via a secure network from the United States of America and only occurs to the extent it is necessary to provide the technical support and/or maintenance required. Professional Users' use of technical support is governed by the privacy policies relevant to your country of residence, which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html

In addition, we also transfer Professional Users' personal information (in de-identified, pseudonymized aggregated and/or anonymized form where possible), for the purpose of complying with our legal obligations as described in the +Medical Devices and other Legal Requirements (Professional Users) section. The United States of America may not provide data protection or privacy laws equivalent to the laws of your country; however, we follow regulatory guidance and implement appropriate contractual, technical and organizational safeguards and supplemental measures to protect personal information and will implement additional safeguards as required to continue to protect personal information.

BY CREATING A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT AND BY ACKNOWLEDGING AND AGREEING TO THIS PRIVACY NOTICE, WE ARE INFORMING YOU AS A PROFESSIONAL USER OF THESE TRANSFERS OF PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA AND TO THE ACCESS OF PERSONAL INFORMATION, INCLUDING YOUR PATIENTS' HEALTH-RELATED INFORMATION, WHICH MAY BE REQUIRED IN EXCEPTIONAL CIRCUMSTANCES TO RESPOND TO ANY SUPPORT REQUESTS YOU SUBMIT OR TO SUPPORT AND MAINTAIN THE LIBREVIEW DATA MANAGEMENT SYSTEM. THE LAWS IN THE UNITED STATES OF AMERICA MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION FOR PERSONAL INFORMATION WHEN COMPARED TO SWITZERLAND, THE UNITED KINGDOM, A EUROPEAN ECONOMIC AREA COUNTRY OR OTHER COUNTRY WITH DATA PROTECTION OR PRIVACY LAWS IN WHICH YOU ARE LOCATED.

Abbott (or its affiliates) may use your personal information as a Professional User to send you advertising and marketing-related information about diabetes care or their other products and services if (where required by law) you opt-in to receive such communications. We may also invite Professional Users to participate in surveys about our products, provide you with news and newsletters, or notify you about special offers and promotions at any time. These materials may be sent by us or by an affiliate of Abbott. Professional Users may opt out from receiving marketing-related communications by either clicking on the unsubscribe link in each marketing-related communication or by contacting us at DiabetesCarePrivacy@abbott.com.

Abbott will not sell personal information to third parties for direct marketing purposes.

Where you as a Professional User opt out of receiving marketing-related information about diabetes care, we may continue to send you non-marketing related information in compliance with the law. This information may be in relation to necessary system and service updates or issues including product safety.

You may correct your profile information (your name, email address and password) through the LibreView Data Management System account settings which can be accessed through LibreView. We are not able to correct or amend any sensor readings or any data uploaded from a FreeStyle reader by you or your patients, but we will assist you with deleting your LibreView Data Management System Professional User account and creating a new one so that you can reload the correct information.

Depending on the location of a Professional Users' practice, you may have the right to: (a) access the personal information we hold about you; (b) request we correct any inaccurate personal information we hold about you; (c) delete any personal information we hold about you; (d) restrict or cease the processing of personal information we hold about you; (e) object to the processing of personal information we hold about you; and/or (f) receive any personal information you have provided to us on the basis of your consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company by using the export function in your LibreView Data Management System account, where accessible. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit your personal information to another company.

To request the exercise of these rights, please contact us using any of the methods set out in the section titled +Contact Us.

Your patients may also have these rights in relation to the personal information held about them through the LibreView Data Management System. Abbott will provide reasonable assistance and cooperation to assist Professional Users with responding to requests by your patients to exercise their rights.

If you would like to delete your LibreView Data Management System Professional User account, you may do so by logging into your LibreView Data Management System account via www.libreview.com and using the delete account functionality. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information when required by law.

Once your LibreView Data Management System account and any associated personal information (which includes your personal information and your patient personal information you uploaded under your patient profile) has been deleted, you will no longer have access to the LibreView Data Management System and deletion of your account is irreversible. You are not therefore able to reactivate your LibreView Data Management System account or retrieve any personal information, including health-related information, so you may want to download and save any required information before requesting that we delete your account from the LibreView Data Management System.

If your patient has shared their LibreView Data Management System account information with you and requests that we delete their LibreView Data Management System account, once deleted, you will no longer be able to remotely view information from their reader or FreeStyle App.

If you reside in the United States, please see the +USA section for additional information related to deleting your LibreView Data Management System Account.

Abbott reserves the right to delete inactive LibreView Data Management System accounts after six (6) months. We will notify you in advance by sending an email to the email address associated with your LibreView Data Management System account so that you have an opportunity to ensure your account stays current and available for your use.

LibreView may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Notice, but instead is governed by the privacy notices of those third-party websites. We are not responsible for the information practices of such third-party websites.

If you as a Professional User have questions, comments, or complaints about our privacy practices, or if you would like to exercise any of your rights set out in the section titled +How Professional Users Can Access and Correct Personal Information and Their Rights please contact us by clicking on the "Contact Us" link in one of our websites or emailing us at DiabetesCarePrivacy@Abbott.com. Alternatively, you may write to us at:

Attn: Privacy Officer
Abbott Diabetes Care Inc.
1420 Harbor Bay Parkway
Alameda, CA 94502
USA

For Brazil: If you have questions, comments, or complaints about our privacy practices, or if you would like to exercise any of your rights set out in the section titled +How Professional Users Can Access and Correct Personal Information and Their Rights please contact us by clicking on the "Contact Us" link in one of our websites or emailing our local DPO, Juliana Ruggiero, at privacybrasil@abbott.com.

Attn: Juliana Ruggiero Privacy Officer
Laboratórios do Brasil Ltda.
Rua Michigan 735, São Paulo/SP
CEP: 04566-905

For HIPAA-related inquiries, please contact us at: DiabetesCareHIPAA@abbott.com.

For European Economic Area, UK and Switzerland Users, see the +European Economic Area, UK and Switzerland section below for additional contact details.

In all communications to us, please include the email address used to create your LibreView Data Management System Professional User account and a detailed explanation of your request.

If we make material changes to our privacy practices, an updated version of this Privacy Notice will reflect those changes. You as a Professional User will be alerted to updates to this Privacy Notice by email or when you next log into LibreView. You will be notified if there is a new version of this Privacy Notice and will be prompted to read and accept it so that you can continue to access and use your LibreView Data Management System account via LibreView.

Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes, and good business practices to the extent that it does not materially change the privacy practices described in this Privacy Notice.

If you do not agree to the changes to this Privacy Notice, you should delete your LibreView Data Management System account by logging into your account via www.libreview.com and using the delete account functionality.

YOU AS A PROFESSIONAL USER ARE A CONTROLLER OF YOUR PATIENTS' PERSONAL INFORMATION INCLUDING HEALTH-RELATED INFORMATION WHERE YOU CREATE A PATIENT PROFILE IN THE LIBREVIEW DATA MANAGEMENT SYSTEM AND ENTER SUCH INFORMATION INTO THAT PROFILE. PROFESSIONAL USERS' MUST NOTIFY SUCH PATIENTS OF ALL OF THE INFORMATION CONTAINED WITHIN THIS SECTION AND, WHERE APPLICABLE, OBTAIN THEIR EXPLICIT CONSENT TO THE USE OF THEIR PERSONAL INFORMATION BY ABBOTT. Abbott processes patient personal information as a 'controller' for the purposes set out in this Privacy Notice (see +Abbott's Use of Your Patients' Information and +Medical Devices and other Legal Requirements (Patients) for more information about Abbott's processing of this information as a controller).

You as a Professional User should advise your patients that we use their personal information including health-related information provided to us by you for the following reasons:

  • to provide patients with a link to create a LibreView Data Management System account where you have requested one to be sent to them so that they will have access to their personal information, including health-related information, in an easy to use and effective manner, to allow them to store, back-up and retrieve historical glucose values and to have continuous access to information about how they manage their diabetes. When a patient creates a LibreView Data Management System account, Abbott provides such patient with an Individual User Privacy Notice, which explains Abbott's processing of their personal information, as a controller, as part of providing the patient with a LibreView Data Management System account; and
  • to help us fix any technical issues with the LibreView Data Management System, including where we contact you or your patient regarding important product or performance issues, or where we respond to your or your patients' questions or respond to requests for support, troubleshooting or any performance issues, including where you share diagnostic data, including health-related information, with us, as set out in greater detail in the privacy policies relevant to your country of residence which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html.

When we process personal information, we may need to disclose the personal information to third parties as described in +How Abbott Shares Personal Information of Professional Users' Patients with Third Parties below.

Abbott may use personal information relating to patients, including health-related information, to comply with various legal requirements. For example, as a medical device manufacturer, Abbott has certain legal obligations to help ensure the ongoing safety of its devices. This may require Abbott to share personal information with regulatory authorities (e.g., where a Professional User reports an adverse incident relating to an Abbott device). Information Abbott may be required to share is not used to identify a patient individually by name or email address, except where there is a legal obligation to include this information, such as when a health care provider makes a complaint or reports an adverse incident. Our parent company, Abbott Laboratories, assists us as a processor to ensure such information does not identify a patient by de-identifying, pseudonymizing, aggregating and/or anonymizing the personal information.

The legal requirements for which Abbott may use this information include:

  • ensuring the ongoing safety of a device and any future development;
  • monitoring and improving the quality, security and effectiveness of medical devices and systems;
  • performing broader analysis to detect systemic issues for public interest in the area of public health;
  • validating upgrades, and keeping the LibreView Data Management System safe and secure;
  • identifying options to improve the usability, performance and safety of the LibreView Data Management System;
  • testing and evaluating the LibreView Data Management System to improve product features and functionality; and
  • where required by law, responding to requests from any competent law enforcement body, regulatory or government agency, court or other third party where we believe the disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us, or to protect the safety, rights, or property of our customers, the public, Abbott or others, and to exercise, establish or defend Abbott's legal rights. or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice, or as evidence in litigation in which we are involved.

We use the terms 'de-identify' and 'pseudonymize' interchangeably. The US Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) describes de-identified information as information where 'there is no reasonable basis to believe that the information can be used to identify an individual'. The EU General Data Protection Regulation (2016/679) (GDPR) defines 'pseudonymization' as 'the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information'. Anonymized data is information that does not relate to a person and from which a person cannot be identified, and this kind of data falls outside data protection and privacy laws.

For more information about HIPAA, please see our Abbott Diabetes Care Notice of Privacy Practices and the +USA section below for further information. For more information about GDPR, please see the +European Economic Area, UK and Switzerland section below.

You as a Professional User should inform your patients that Abbott will retain personal information associated with your Professional User account for the following periods for these purposes:

  • Medical Devices and Other Legal Requirements: as legally required for a maximum period of ten (10) years from the last date the device was placed on the market by Abbott or other legally required retention period in order to comply with its obligations as described in the +Medical Devices and other Legal Requirements (Professional Users) section; and
  • Diagnostic/troubleshooting data (U.S.): pursuant to the U.S. Food and Drug Administration requirements related to diagnostic and troubleshooting data, contact information is kept for as long as a customer support ticket remains live. Once we have resolved or closed your customer support ticket, we retain your contact information and details of the fault for the longer of 2 years after you reported the fault or 10 years after the product is no longer manufactured. For further information visit https://freestyleserver.com/Payloads/cig/lrd/pn/DOC41501-020_rev-B-Attachment-2.html.

Unless otherwise stated above, Abbott will continue to store your patients' personal information for the period that you have an active Professional User LibreView Data Management System account, unless you choose to delete their patient information sooner. Your Professional User LibreView Data Management System account will be considered to be inactive once there has been no activity on it for six (6) months.

Where your patient is a child, you should advise their parent/guardian of the following:

  • When you invite a child to register for a LibreView Data Management System account, you are required to enter the email address of their parent/guardian as children are not permitted to hold their own LibreView Data Management System account. Where required, you may need to obtain the consent of the child's parent/guardian for their child to be able to use the LibreView Data Management System, and upon obtaining such consent, a LibreView Data Management System account will be created for use by the child.
  • If you have a child patient already authorized by his/her parent/guardian to use an existing LibreView Data Management System account, the parent/guardian will be notified and must authorize the sharing of the information contained within the LibreView Data Management System account being used by the child, with you. We will send parents/guardians notice via their registered email address when such settings have been accessed, and it is the parent's/guardian's responsibility to manage these settings for the child.
  • At any time, a parent/guardian may stop the collection of a child's personal information, including health-related information, by requesting that Abbott delete the LibreView Data Management System account they set up for use by their child by contacting us at DiabetesCarePrivacy@abbott.com. Such requests will result in the deletion of the account being used by the child, and you should advise the parent/guardian that we retain aggregated and de-identified information and may need to retain certain personal information as required by law.

When you as a Professional User upload or enter personal information about your patients into the LibreView Data Management System, you should inform your patients that we share their personal information, including health-related information, as follows and in each case only the minimum amount of personal information is shared, which is necessary for the purposes for which the third party is engaged:

Healthcare Providers: Healthcare providers have the ability to use the LibreView Data Management System to create patient profiles and to connect patients' readers to their LibreView Data Management System account in order to view and print out patient reports and to remotely view patient reports and share those reports with other professionals in their practice. Abbott discloses such information to patients' healthcare providers pursuant to its contract with the healthcare provider and processes such information as a 'processor'.

Where requested by the Professional User, Abbott may also share patients' personal information with Professional Users' electronic medical records system, but only in countries where this is permitted or where the patient has opted into or otherwise consented to such sharing. Where Abbott shares patients' personal information and health-related information in this way, it does so under a data sharing agreement with the Professional User. If the patient does not have a LibreView Data Management System account and the patient visits their healthcare professional to connect their reader to the healthcare provider's LibreView Data Management System account, which in turn connects to the healthcare provider's electronic medical records system, then it is the responsibility of the healthcare provider to obtain opt-in or other consent as required by law.

Additionally, in the United States, Abbott may disclose your patient's personal information to their healthcare provider or to other third parties in accordance with our Abbott Diabetes Care Notice of Privacy Practices, including when the healthcare provider requests that the LibreView Data Management System send a report of your glucose data directly to their electronic medical record system. Please see the section titled +USA for additional information.

Abbott Laboratories: We share patients' personal information with our parent company to assist us as a processor with tasks such as de-identifying, pseudonymizing, aggregating and/or anonymizing information and to assist with IT operations to support the diagnostic data platform.

Newyu (Abbott's subsidiary): As the developer and operator of LibreView and the LibreLinkUp App, Newyu will process patient personal information, including health-related information, as a processor and our Business Associate under HIPAA (please see our Abbott Diabetes Care Notice of Privacy Practices and the section titled +USA below for further information). Newyu may also need to process personal information to resolve a customer service or technical issues where the issue cannot be resolved by your local Abbott customer support.

Third-party suppliers: We share patients' personal information with third-party suppliers to provide, maintain, host, and support the LibreView Data Management System. Abbott uses Amazon Web Services (AWS), Microsoft Azure and other cloud providers (see below) to host LibreView Data Management System accounts in the cloud. Where we provide personal information to third-party suppliers to assist us with the provision of LibreView Data Management System accounts, they are required to keep personal information confidential and secure and to use Personal Information to the minimum extent necessary. Where possible, Abbott uses third party service providers to report system errors so that we can support and improve the LibreView Data Management System and in such instances, the information sent to such third parties will not involve the use of personal information.

Abbott uses AWS and OVH and/or AWS Paris in France to store LibreView Data Management System accounts (please see the sections titled +Data Storage (Patients) for further information). Abbott uses Lomaco et AGPS to ensure invoicing of telemedicine acts in France to the social security system.

Local affiliated Abbott companies: Where we require assistance from Abbott companies in your country to address diagnostics/troubleshooting and any issue your patient has reported, we will share the minimum amount of your patient's personal information necessary to such Abbott company.

Other third parties: We may share personal information with third parties where your patient has expressly asked us to do so and/or provided consent to share their personal information, including health-related information, with third parties (including our partners), including where they choose to share reports with you. We will not sell or license personal information to third parties except in connection with the sale, merger, or transfer of a product line or division, so that the buyer can continue to provide you with information and services. We will not sell personal information for commercial purposes to third parties and we may only share personal information with third parties where you have provided consent or where otherwise permitted by applicable law.

We reserve the right to disclose personal information, where required by law, to any competent law enforcement body, regulatory or government agency, court or other third party where we believe the disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us, or to protect the safety, rights, or property of our customers, the public, Abbott or others, and to exercise, establish or defend Abbott's legal rights. Furthermore, where permitted or required by law, we may also disclose the information we collect about your patients where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice, or as evidence in litigation in which we are involved.

You as a Professional User should inform your patients that we have implemented administrative, technical and physical safeguards to protect personal information, including health-related information, from unauthorized or unlawful access, accidental loss, destruction, damage, misuse, disclosure and alteration, including through the use of cryptographic technologies. Abbott restricts access to personal information by its employees on a need to know basis. Personal information including health-related information may only be accessed by duly authorized personnel, respecting the principles of proportionality, and necessity and all personal information is treated in confidentiality. Please keep in mind and remind your patients that no internet or Wi-Fi transmission is 100% secure, so please exercise caution when uploading their personal information, especially health-related information, to your LibreView Data Management System Professional User account.

You as a Professional User should also inform your patients that FreeStyle sensors transmit personal glucose information to FreeStyle mobile apps and readers using NFC (Near Field Communication) and Bluetooth technologies. NFC and Bluetooth are both secure means of transferring information between devices. NFC provides added protection by requiring very close physical proximity. Encrypted Bluetooth connections for FreeStyle sensors are established during an NFC communication between a FreeStyle sensor and a FreeStyle mobile app or reader.

You as a Professional User should also inform your patients that the LibreView Data Management System may be unavailable during periods of routine maintenance.

You as a Professional User should inform your patients that Abbott uses Amazon Web Services (AWS) or Microsoft Azure to host LibreView Data Management System accounts in the cloud. The servers that host LibreView Data Management System accounts may be located in North America, Europe and Asia, the Middle East and the Asia Pacific countries. If you reside in a member country of the European Union (EU), your personal information including health-related information you upload to your LibreView Data Management System account will be stored on servers within the territory of the European Union. For French users Abbott hosts LibreView Data Management System accounts with OVH. OVH is accredited by the French agency for digital health, the ASIP Santé to host health-related information. The personal information including health-related information you upload to their LibreView Data Management System account, or your LibreView Data Management System account which contains their patient profile, will be stored in the country closest to the patient's country of residence or otherwise in accordance with the data storage and privacy requirements of your selected country/region. When the patient's personal information is hosted in a country other than the country it selected (or you selected on its behalf), it may become subject to the laws of the host country, which may not be equivalent to the laws of the country you selected. Abbott has implemented appropriate security measures and controls to protect personal information. For more information about our global server locations and on which server patients' personal information, including health-related information, is stored, please see https://files.libreview.io/files/globalLogos/pp-image.png.

If your patients are located outside the United States of America, we may occasionally need to access, transfer or view their personal information, such as their name and email address, and in certain exceptional circumstances your patients' health-related information contained in the LibreView Data Management System, via a secure network from the United States of America where necessary for us to provide you with technical support and/or to support and maintain the LibreView Data Management System. Your use of technical support is governed by the privacy policies relevant to your country of residence, which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html.

In addition, we also transfer your patients' personal information (in de-identified, pseudonymized, aggregated and/or anonymized form where possible), for the purpose of complying with our legal obligations as described in the section. The United States of America may not provide data protection or privacy laws equivalent to the laws of their country of residence; however, we follow regulatory guidance and implement appropriate contractual, technical and organizational safeguards and supplemental measures to protect personal information including access via a remote network and, where required by law, a data transfer agreement, and will implement additional safeguards as required to continue to protect personal information.

Once device related data is uploaded to the LibreView Data Management System, it may not be changed by Abbott.

Depending on your patients' place of residence, they may have the right to: (a) access the personal information we hold about them; (b) request we correct any inaccurate personal information we hold about them; (c) delete any personal information we hold about them; (d) restrict or cease the processing of personal information we hold about them; (e) object to the processing of personal information we hold about them; and/or (f) receive any personal information they have provided to us on the basis of their consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company by using the export function in their LibreView Data Management System account, where accessible. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit your patients' personal information to another company.

Where you as a Professional User have created a patient profile in the LibreView Data Management System, you as a Professional User are responsible for handling requests from such patients to exercise the above rights in accordance with applicable data protection and privacy laws.

Where you have created or added a patient profile to the LibreView Data Management System, we will co-operate with you to fulfill valid patient requests to exercise their above rights upon receiving proper notice from you.

The Public Information Access Agency, in its capacity as supervisory body of Act No. 25.326, has jurisdiction over all accusations and complaints made by those affected in their rights for infringements to regulations in force referred to the protection of personal information.

If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principle ("APPs") or a privacy code that applies to us, or if you have any queries or concerns about our Privacy Notice or the way we handle your personal information, please contact us using the details above and we will take reasonable steps to investigate and respond to you.

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. See http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner's office. We are not likely to disclose personal information overseas, except as permitted by the Privacy Act 1988 (Cth), unless we otherwise advise you in writing. We may transfer personal information to the United States. You consent (or, in the case of your patients' personal information commit to obtaining the necessary consent) to that disclosure and agree that by giving or obtaining that consent, Australian Privacy Principle 8.1 no longer applies, and we are not required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.

YOU AS A PROFESSIONAL USER ACKNOWLEDGE AND AGREE THAT WHERE YOU CREATE A PATIENT PROFILE IN THE LIBREVIEW DATA MANAGEMENT SYSTEM AND ENTER PATIENT DATA INTO THAT PROFILE OR USE THE PERSONAL INFORMATION OF ANY INDIVIDUAL WITH A LIBREVIEW DATA MANAGEMENT SYSTEM ACCOUNT WHO SHARES DATA WITH YOU OR YOUR PRACTICE FOR THE PURPOSE OF PROVIDING MEDICAL TREATMENT, YOU ARE THE CONTROLLER AND ARE RESPONSIBLE FOR COMPLYING WITH APPLICABLE DATA PROTECTION AND PRIVACY LAWS.

When your patient creates a LibreView Data Management System account and grants you access to that account or where you set up a LibreView Data Management System account for your patient, and in each case provide the patient with medical treatment, Abbott (through the LibreView Data Management System) acts as a "processor" by processing both your and your patient's personal information on your behalf.

Where you set up a LibreView Data Management System account for your patient, Abbott acts as a processor of your patients' data when providing technical support to you and supporting and maintaining the LibreView Data Management System. Your use of technical support is governed by the privacy policies relevant to your country of residence which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html.

Where Abbott uses patient personal data you enter into the LibreView Data Management System where required by law, including to comply with medical devices regulatory requirements, Abbott will be the controller and will comply with applicable local data protection and privacy laws. Where your patient has independently created a LibreView Data Management System account, either for their own use or for the use of a child or other person for whom they provide care, Abbott will be a controller of the patient's personal information and will comply with applicable local data protection and privacy laws. Abbott will treat all such patient personal information, including data concerning health information, in accordance with the LibreView Individual User Privacy Notice.

You should ensure that your patients are made aware of the following information, which applies equally to them and to you:

Both you and your patients have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott's processing of your personal information. The contact details of our European data protection officer along with other useful contact information are available at www.EU-DPO.abbott.com.

If you or your patients would like to exercise any rights in respect of your personal information, as set out in the Privacy Notice, and are contacting us by email, please title your email subject line accordingly (for example, "Correction Request" or "Access Request"), or other right as applicable in the subject line of the email. We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirement.

Abbott processes personal information as a controller based on the following legal bases described in the GDPR:

For Italy only – Where a GDPR Article 6 and a GDPR Article 9 lawful basis is referred to above, please refer only to the references to GDPR Article 9 for the lawful basis.

We may need to access and/or transfer personal information contained in the LibreView Data Management System, and in certain exceptional circumstances the health-related information of patients, as explained in +Cross-Border Transfers of Professional Users' Personal Information and +Cross-Border Transfers of Professional Users' Patients' Personal Information via a secure network from the United States of America to the extent necessary for us to provide you with technical support or to troubleshoot any LibreView Data Management System issues. Such cross-border transfers are only where required and on a case-by-case basis and are pursuant to the derogations set out in GDPR Articles 49(1)(b) and 49(c) as such transfers are limited to those necessary for us to perform our contract with you, or a contract in the interests of your patients, for the provision of a LibreView Data Management System Professional User account. We also transfer personal information to the United States to comply with our legal obligations, as further described in +Cross-Border Transfers of Professional Users' Personal Information and +Cross-Border Transfers of Professional Users' Patients' Personal Information, and +Medical Devices and other Legal Requirements (Professional Users) and +Medical Devices and other Legal Requirements (Patients). Such cross-border transfers are made pursuant to the derogation set out in GDPR Article 49(1)(d) because it is in the public interest for Abbott to comply with its legal obligations.

Notwithstanding the foregoing, we will agree to enter into an adequacy mechanism for data transfers, such as the European Commission approved Standard Contractual Clauses.

If we make changes to our privacy practices that result in a change to the processing of personal data, an updated version of this Privacy Notice will reflect those changes. You will be notified if there is a new version of this Privacy Notice and will be prompted to read and accept it so that you can continue to access and use your LibreView Data Management System account via LibreView. Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes, and good business practices to the extent that it does not change how personal data is processed. If you do not agree to the changes to this Privacy Notice, you should delete your LibreView Data Management System account by logging into your account via www.libreview.com and using the delete account functionality.

Abbott has appointed the following local representatives in the EU and UK:

Country Representative name Representative address
Austria Abbott Gesellschaft m.b.H. Perfektastraße 84A 1230 Vienna, Austria
Belgium Luxembourg Abbott S.A. Einstein 14, 1300 Wavre, Belgium
Czech Republic Croatia Abbott Laboratories, s.r.o. Prague 6 Hadovka Office Park Evropská 2591/33d, Prague 160 00, Czech Republic
Denmark Abbott A/S Emdrupvej 28 C DK – 2100 Copenhagen, Denmark
Finland Abbott OY Pihatorma 1AFIN 02240 ESPOO, Finland
France Abbott France S.A.S Batiment Florence, 3 Place Gustave Eiffel, Rungis 94518, France
Germany Abbott GmbH Max-Planck-Ring 2, 65205 Wiesbaden, Deutschland
Greece Abbott Laboratories (Hellas) A.B.E.E.E. Vouliagmesis Ave 512, 174 56 Alimos, Greece
Hungary Abbott Laboratories (Hungary) Health Products and Medical Equipment Trading and Servicing Limited Liability Company 1095 Budapest, Lechner Odon fasor 7, Budapest 1106, Hungary
Ireland Abbott Laboratories, Ireland, Limited 4051 Kingswood Drive, City West Business Campus, Dublin 24, Ireland
Italy Abbott S.R.L. Via Amsterdam 125, 00144 Roma, Italia
Netherlands Abbott B.V. Wegalaan 9, 2132 JD Hoofddorp, Nederland
Poland Abbott Laboratories Poland Sp z.o.o. ul. Postepu 21 b, 02-676, Warsaw, Poland
Portugal Abbott Laboratorios, Limitada da Alfragide 67, Alfrapark D, Amadora 2610-008, Portugal
Romania Abbott Laboraboratories SA Abbott Diabetes Care, Romania, Bucuresti 014459, sector 1, Floreasca Business Park, Calea Floreasca 169 A, Corp B, Romania
Slovakia Abbott Laboratories Slovakia s.r.o. Karadzicova 10, 821 08 Bratislava 2, Slovenska republika
Spain Abbott Laboratories, S.A. Costa Brava 13, 28034 Madrid, Spain
Sweden Abbott Scandinavia AB Hemvarnsgatan 9, 171 54 Solna, Sweden
United Kingdom Abbott Laboratories Ltd. Abbott House, Vanwall Business Park, Vanwall Road, Maidenhead, Berkshire SL6 4XE, United Kingdom

By accepting or agreeing to this Privacy Notice, you are deemed to have explicitly consented to all of the contents herein. Where you enter patient data into the LibreView Data Management System or use the personal information including health-related information of any individual with a LibreView Data Management System account, you shall notify your patients of the purposes, methods and scope of sharing the personal information including health-related information, as well as the type, identity, and data security capabilities of the data recipient, and obtain the informed and explicit consent of your patients. For patients who are under the age of 14, consent must be given by their guardian. More information regarding how we process personal information including health-related information for customer support purposes is available in our Abbott Diabetes Care Customer Support Privacy Notice which is available at https://www.diabetescare.abbott/customer-privacy.html. You and your patients may withdraw your consent at any time by logging into your LibreView Data Management System account via www.libreview.com and using the delete account functionality.

If you are a healthcare professional (whom we call Professional Users), we will collect personal information you submit when creating a LibreView Data Management System account as a Professional User (either independently or in response to an invitation from a health care professional in your practice), which includes your name, email address, telephone number and the name of your healthcare organization and address and the names, contact details and telephone numbers of your colleagues within your practice who also use the Professional User version of LibreView. Abbott will not use this identifying information when it de-identifies, pseudonymizes, aggregates or anonymized information to comply with its legal obligations.

We are not legally required to obtain consent to collect or use yours or your patient's personal information including health-related information under certain circumstances if the collection or use of your personal information including health-related information is:

  • related to the fulfillment of obligations imposed by laws and regulations;
  • directly related to national security or national defense;
  • directly related to public safety, public health, or significant public interests;
  • directly related to a criminal investigation, prosecution or trial, or the enforcement of a judgment, etc;
  • required to safeguard the basic rights and interests of individuals (such as the right to life and property) where obtaining consent would be impracticable;
  • of personal data that you or your patients or their guardians (for children under the age of 14) have made publicly available;
  • of personal data that was obtained from legitimate public sources, such as legitimate news reports or open government information;
  • necessary for signing and performing a contract as requested by you, your patient, or your patient's guardian if the patient is under the age of 14; or
  • necessary for maintaining the safe and stable operation of the products or services provided, such as discovering and resolving technical issues of the products or services.

In addition to other rights you or your patients have under this Privacy Notice, you and your patients have the following additional rights:

  • The right to withdraw consent – where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time.
  • The right to object to a decision which is based solely on automated processing - You have the right in certain circumstances not to be subject to a decision which is based solely on automated processing without human intervention.

If you or your patients have questions or would like to exercise any of these rights in respect of your personal information including health-related information, as set out in the Privacy Notice, please contact us at +Contact Us. We will do our best to respond to all reasonable requests in a timely manner in accordance with applicable legal requirement. We may charge a reasonable administrative fee for repeated requests within 3 months.

We may not process your requests if they are unreasonable or repetitive. We will not be able to carry out your request if:

  • your request relates to our obligations under applicable laws and regulations;
  • your request directly relates to national security or national defense security;
  • your request directly relates to public safety, public health, major public interests,
  • your request directly relates to criminal investigation, prosecution, adjudication, and enforcement;
  • sufficient evidence proves that you make the request in bad faith or abuse your right;
  • responding to your request would severely damage the lawful interests of you or other persons or organizations; or your request touches upon our trade secrets.

If there is any material change to this Privacy Notice, we may publish the amendments in the form of a public announcement.

Personal information including health-related information generated and collected by us in China is stored in China (excluding Hong Kong, Macau and Taiwan). Given that Abbott operates globally, yours and your patient's personal information may be transferred to and accessed by entities located outside of China (excluding Hong Kong, Macau and Taiwan). The types of personal information that may be shared or transferred include any personal information collected by LibreView Data Management System or provided to us by you or your patients or their guardians; and the recipients of your personal information may include but are not limited to Abbott Laboratories Trading (Shanghai) Co., Ltd., located at F31, Ciro's Plaza, 388 NanJing West Road, Shanghai P.R. China , and our parent company Abbott Labs, and Newyu (Abbott's subsidiary), each located in the U.S.A. for the purposes of developing and improving products and services or, improving user experience. If a patient's personal information is used for research, it is de-identified, pseudonymized, aggregated and/or anonymized, so that it does not identify patients by name. Unless deletion is legally required or pursuant to user's request, Abbott may retain any patient personal information, including health-related information, that you or your patients or their guardians provide to us through the LibreView Data Management System for the purpose of improving treatment guidance for patients utilizing Abbott's FreeStyle family of products, and/or LibreLinkUp App.

We have in place a comprehensive security program that complies in all respects with applicable Law and industry practices to protect your and your patients' personal information (including health related information). We will take all the commercially reasonable actions to ensure not to collect any personal information irrelevant to the purposes as set out in this Privacy Notice, and will only retain your and your patients' personal information (including health related information) within the retention period hereunder or a longer period as required by applicable laws. We will update and publish information about security risk, and personal information security impact assessment as required by applicable laws.

In the event that there is any security incident related to your and / or your patients' personal information (including health related information), we will inform you or your patients in a timely manner as required by applicable laws by email, or other available contact methods about following: general information about incident and its possible impact, the remediation actions we have taken and will take, the advice to you or your patient on the actions to mitigate the risks and to remediate the impact. In the meantime, we may report such incident and the remediation actions to the regulatory agency as required.

You should ensure that your patients are aware of how the LibreView Data Management System collects their personal information and their rights under this Privacy Notice and obtain their written or express consent for your sharing or transferring their personal information.

Your consent is required for Abbott to process your personal information generally. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. You may withdraw your consent at any time by logging into your LibreView Data Management System account via www.libreview.com and using the delete account functionality.

You are also responsible for obtaining your patients' consent for Abbott to process their personal information as described in this Privacy Notice.

It is important when you sign up for a LibreView Data Management System account that you select France as your country of residence as this will determine where your data is stored. If you have incorrectly identified a different country as your country of residence, do not complete the installation. Instead, return to www.libreview.com and click "Sign Up". The controller for your LibreView Data Management System account is Abbott Diabetes Care, Inc., 1420 Harbor Bay Parkway, Alameda, California 94502 United States. Our local representative is Abbott France S.A.S., Batiment Florence, 3 Place Gustave Eiffel, Rungis 94518, France. Abbott shares personal information for the purpose of invoicing telemedicine acting with its processor Lomaco et AGPS under the French social security system.

Your and/or your patients' LibreView Data Management System accounts will be considered to be inactive once there has been no activity on them for six (6) months. Abbott reserves the right to treat this inactivity as equivalent to a data subject request for personal data erasure.

By accepting or agreeing to this Privacy Notice, you consent to us contacting you electronically where required to notify you of any security event affecting your and/or your patients' personal information.

Abbott Laboratories de México, S.A. de C.V. residing at Calzada de Tlalpan 3092, Colonia Ex Hacienda Coapa, Alcaldía Coyoacán, Mexico City, Postal Code 04980 is responsible for the treatment of personal data that is collected in accordance with the Federal Law on Protection of Personal Data in Possession of individuals. You can find more information about how we process your personal information for customer support purposes in the privacy policies relevant to your country of residence which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html.

If you have inquiries related to this privacy policy or how your personal data is processed, please contact:
Karen Torrevillas – Data Privacy Officer
Abbott Laboratories
Address: 8/F Venice Corporate Center Turin St., McKinley Town Center, Taguig City
Contact Number: 7028622; 0917-6328959
Email: karen.torrevillas@abbott.com

If you reside in Russia, your and your patients' personal information and health-related information uploaded to the LibreView Data Management System will be stored on servers within the territory of Russia.

The following Russian IT security requirements apply:

We have implemented the following administrative, physical and technical safeguards to:

  • ensure security of premises, where the equipment of information systems is placed, and prevent unauthorized parties from uncontrolled intrusion or access to premises;
  • ensure safety of all personal data media (such as CDs, flash drives or other portable media);
  • have a document in place determining a list of employees whose work duties require access to the personal data processed in the information system;
  • use information security tools, of which compliance with the requirements of the information security laws of the Russian Federation is duly assessed and confirmed, when such tools are necessary for the neutralization of actual risks;
  • establish a business unit responsible for the security of the personal data in the information system or impose this responsibility on an existing division;
  • ensure that all changes of access rights (except the admin access rights that are manually logged/transacted) with regard to the personal data in the information system are automatically recorded in the electronic messages log; and
  • provide access to the electronic messages log only to those employees or other authorized persons who need this access for the discharge of their work duties.

To meet our contractual obligations to provide you with the LibreView Data Management System, your and your patients' personal information and health-related information may be transferred to the US and/or Ireland.

You may have the right to exercise any other rights provided by the Russian data protection laws. To request the exercise of these rights, please contact us using any of the methods set out in the section titled +Contact Us.

If you have any questions related to this Privacy Notice or if you would like to exercise any of your rights set out in the section titled +How Professional Users Can Access and Correct Personal Information and Your Rights, please contact:

Data Privacy Officer
3 Fraser Street #23-28
DUO Tower
Singapore 189352
ATTN: Data Protection Officer
sgdpo@abbott.com

In all communications to us, please include a detailed explanation of your request or query. We will do our best to respond to all reasonable requests in a timely manner. We reserve the right to charge a reasonable fee to process an access request, as permitted under the Personal Data Protection Act 2012.

You have the right to lodge a complaint to the Information Regulator regarding the processing of your personal information, by writing to: The Information Regulator, SALU Building, 316 Thabo Sehume Street, PRETORIA, Ms Mmamoroke Mphelo, Tel: 012 406 4818, Fax: 086 500 3351, inforeg@justice.gov.za

You should ensure that your patients are made aware of this right.

Some functions within Abbott may operate as a "Covered Entity" pursuant to the Health Insurance Portability and Accountability Act and its implementing regulations ("HIPAA") and may use any patient personal information, including health information, that you provide to us through the LibreView Data Management System for the purpose of improving treatment guidance for patients utilizing Abbott's FreeStyle family of products, and/or LibreLinkUp App. Abbott may use and disclose patient personal information, including health information, that you provide to us through the LibreView Data Management System in accordance with our Abbott Diabetes Care Notice of Privacy Practices, available on LibreView and which sets out your patients' rights with respect to any health information provided by you to us. For example, Abbott may share patients' personal information when health care providers request that the LibreView Data Management System sends a report of patients' glucose data directly to their electronic medical record system.

If you are a California resident, please also see section +California of this Privacy Notice.

California Civil Code Section 1798.83 permits residents of the State of California to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. Abbott is required to respond to a customer request only once during any calendar year. To make such a request you should send a letter to Abbott Diabetes Care Inc., Attn: Privacy Officer, 1420 Harbor Bay Parkway, Alameda, CA 94502, USA. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information sharing that is covered will be included in our response.

You should ensure that your patients are also made aware of this right.

Personal information that is collected via the LibreView Data Management System is governed by HIPAA (for more information please see +USA), however, if you have any questions regarding Abbott's compliance with the California Consumer Privacy Act (CCPA) and your rights under CCPA, please visit https://www.abbott.com/privacy-policy.html .

If you choose to delete your LibreView Data Management System account, Abbott may also retain any patient personal information, including health-related information, that you provide to us through the LibreView Data Management System for the purpose of improving treatment guidance for patients utilizing Abbott's FreeStyle family of products, and/or LibreLinkUp App.

It is your responsibility to ensure that your patients are made aware of the following pieces of information:

Please contact DiabetesCareHIPAA@abbott.com with any questions about your patients' HIPAA rights.

DOC40648-005_rev-E_en-US