CTM is committed to respecting and protecting your privacy.
This privacy policy sets out how we look after your personal data, how we will use your personal data, and tells you about your privacy rights and how the law protects you.
This privacy policy sets out our approach to protecting personal data on a worldwide basis and we recognize that different jurisdictions and legal systems will apply:
In the United States, the Federal Trade Commission has jurisdiction over our compliance regarding personal data. If you do not agree to the terms of this privacy policy, you should not access or use any CTM website or service.
In the rest of the world, different legal rules apply and, in particular, we will be using and protecting personal data in a way which is in accordance with the rules operating in the European Economic Area (“EEA”) which has adopted the General Data Protection Regulation (“GDPR”) and the United Kingdom (“UK”) which has adopted its own version of the GDPR. In the EEA or UK, the relevant national supervisory authority will have jurisdiction over our compliance in the relevant country. If you do not agree to the terms of this privacy policy, please do not access or use any CTM website or service.
TABLE OF CONTENTS
PURPOSE
THE DATA WE COLLECT ABOUT YOU
HOW YOUR PERSONAL DATA IS COLLECTED
HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
INTERNATIONAL TRANSFERS
DATA SECURITY
DATA RETENTION
YOUR DATA PRIVACY RIGHTS UNDER GDPR AND UK PRIVACY LAW
YOUR CALIFORNIA PRIVACY RIGHTS
DEFINITIONS
1. PURPOSE
This privacy policy describes how CTM collects, uses, processes and protects your personal data and informs the choices available to you regarding how you can choose and manage your personal data.
It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.
1.1 CONTROLLER
This privacy policy is issued on behalf of CTM so when “we”, “us” or “our” is mentioned in this privacy policy, we are responsible for processing your data.
We have appointed a data protection officer who is responsible for dealing with questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data protection officer using the details set out below.
1.2 CONTACT DETAILS
Our contact details for privacy rights requests and information about our privacy practices are: Full name of legal entity: Clinical Trial Media, Inc. Name or title of data protection officer: Richard Cudmore Email address: privacy@clinicaltrialmedia.com Telephone number: 516-470-0720 Postal address: 100 Motor Parkway, Suite 528, Hauppauge, NY 11788, USA URL: https://clinicaltrialmedia.com/request-form/
1.3 COMPLAINTS
You have the right to make a complaint at any time to the relevantnational supervisory authority in the country where you reside. To find more about this right and to locate the appropriate Data Privacy Authority, go to the European Commission website (https://ec.europa.eu/info/policies/justice-and-fundamental-rights_en) if in the UK, go to the Information Commissioner’s Office (“ICO”) website (www.ico.org.uk). If you are in the United States, you may contact the US Federal Trade Commission regarding your concerns. For more information, please see https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc.
We would, however, appreciate the chance to deal with your concerns before you approach one of the national supervisory authorities, so please contact us in the first instance.
1.4 CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES IN YOUR PERSONAL DATA
We reserve the right to amend this privacy policy and will notify you by updating this notice, so please check it from time to time, especially if you have ongoing dealings with us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
1.5 THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information related to an identified or identifiable natural person. It does not, however, include data where the identity has been removed (anonymized data).
We may collect, use, store and transfer different categories of personal data about you which we have grouped together as follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, date of birth, and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes banking details of clients, suppliers, and agents for the making of payments by us and to us in relation to the services we provide.
Transaction Data includes details of products and services you have received or purchased from us and/or affiliates.
Technical Data includes internet protocol (“IP”) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey/questionnaire responses.
Usage Data includes information about how you use our website, products, and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and/or affiliates.
Health Data includes information in relation to any aspect of your health and/or consequences of taking part in any clinical trials organized by our clients.
We may also collect, use and share Aggregated Data such as general statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Apart from Health Data and industry-wide or governmental survey(s)/questionnaire(s) where we are obliged to take part, we do not normally collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and trade union membership).
2.1 IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect the categories of data described above from and about you including through:
Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by mail, phone, and email, or otherwise. This includes personal data you provide when you:
apply online or otherwise for our services or products;
contract to receive our services; or
request marketing material to be sent to you.
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, log files, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. This aggregate data gives a “macro-view” of the visitor traffic pattern and insight to what sections of the website users visits most. We use this information to determine what kind of technology is available on the visitors’ computers so it can better serve them by utilizing more advanced technologies (e.g., Macromedia Flash). None of this information is linked to any Personal Information.
We passively collect and log the following information from visitors to our site such as:
Browser type
IP Address
Domain Name
Access Time
Operating System
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
We may receive Technical Data from the following parties:
analytics providers such as Google;
advertising networks;
search information providers;
portals.
Contact and Transaction Data from providers of technical, payment and delivery services.
Identity and Contact Data from data brokers or aggregators.
4. HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you, or to perform other legal obligations.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (this applies in the EEA and UK).
Where we need to comply with a legal or regulatory obligation.
In the EEA, in relation to sending direct marketing communications to you via email or text message, we will only do so where (i) we have your express consent or (ii) you are an existing client. You have the right to withdraw consent to marketing at any time by contacting us.
4.1 PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in table format, a description of the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity
Category of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
(a) Identity (b) Contact
Performance of a contract with you
To process and deliver services and/or perform contractual obligations for you, including collecting and recovering money owed to us
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover funds due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey/questionnaire
(a) Identity (b) Contact (c) Profile(d) Marketing and Communications
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To consider whether you are eligible/suitable for taking part in a specific clinical trial, related clinical investigation, or clinical support program carried our clients
(a) Identity (b) Contact (c) Health
(a) Necessary for our legitimate interests to develop our products/services (b) Necessary in order to comply with contractual obligations with our end-clients
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)
(a) Identity (b) Contact (c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) (b) Necessary to comply with a legal obligation (c) Necessary to resolve disputes
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences; provide audit record for consent
(a) Technical (b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
Necessary for our legitimate interests (to develop our products/services and grow our business)
To comply with legal obligations, including proper government investigations, subpoenas, or other legal process or as otherwise necessary to prevent physical or financial harm or to prevent crime and fraud
(a) Necessary for our legitimate interests (to protect our business, employees, customers, and the public) (b) Necessary to comply with a legal obligation (c) Necessary to resolve disputes
4.2 DISCLOSING INFORMATION TO THIRD PARTIES
We generally do not share your personal clinical data with any company outside CTM except for our trusted clients and service providers where needed for investigations and trials.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt in data and consent; this information will not be shared with any third parties.
We may have to share your personal data with the parties set out below for the purposes set out in the table in section 4.1 above.
Third-party sub-contractors who provide services for us and/or help to provide services to you. In the event that we use sub-contractors who have access to your personal data, we ensure that there are strict contractual terms in place to ensure that they only process personal data to the extent that we instruct them to do so in writing and there are suitably worded confidentiality and data protection clauses in all such contracts.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change of control arises in relation to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We may disclose personal information to law enforcement, government authorities or otherwise in response to legal subpoenas or process as required by applicable law or in circumstances involving the possibility of physical or financial harm, fraud, or crime.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not sell your personal data to any third party. Our use and disclosure of Personal Identifiable Health Information(“PIHI”) is limited to the minimum amount of personal data needed to accomplish the intended purpose of the specific clinical investigation or clinical trial and is used in relation to pre-screening activities for such clinical research projects. This includes using study questionnaires that only ask health and medical related questions that are directly associated with the relevant clinical research project as specified in approved protocols.
PIHI will generally not be used by us or disclosed by us to any third parties unless we have clear consent from you to do so.
Exceptionally, PIHI may be disclosed by us where we are required to do so by a relevant law or regulation. In particular, this includes, but is not limited to, situations where we are required to disclose such PIHI in relation to requests by public authorities to meet national security or law enforcement requirements. This will include use and/or disclosure in order to:
prevent or control disease, injury or disability;
report disease, injury or disability;
assist public health surveillance, investigations or interventions;
report child abuse or neglect or domestic violence;
avert a serious threat to individual(s) or public health or safety;
to coroners and/or medical examiners or for tissue donation;
in response to legal proceedings and relevant court orders or subpoenas;
for specialized government functions and worker’s compensation;
by workforce members who are whistle-blowers or victims of a criminal act;
when we believe in good faith that disclosure is necessary to protect our rights or to protect your safety, the safety of others or investigate fraud.
4.3 OPTING OUT
We also provide visitors to our website the opportunity to opt-in to receive email communications from us. In this case, we ask the visitor for his or her email address and name. These communications will include our promotions and any other information that we feel may be pertinent to the visitor. You may opt out of receiving any, or all, of these communications by contacting us, by clicking on the “unsubscribe” link in any email we send to you, by replying to any email we send you and entering the word UNSUBSCRIBE in the subject line.
Visitors may opt in to receive text messages (SMS/MMS) to your mobile number. Such messages may include information about upcoming clinical trials, real-time texts to ask and answer questions about a clinical research program, and your possible eligibility. Message frequency will vary depending on the conversation, and you can opt-out of this service at any time by texting “STOP” to the phone number. If you are experiencing any issues with this service, you can reply by texting “HELP,” emailing us at privacy@clinicaltrialmedia.com or phoning us here: (516) 321-4814. Message and data rates may apply for any messages sent to you from us, and to us from you. If you have questions about your text plan or data plan, please contact your wireless provider.
Where you opt out of receiving email or text information/reminder messages, this will not apply to personal data provided to us to enable us to provide you with a product or service, warranty registration, product/service experience or other transactions.
4.4 COOKIES
We only use cookies to record user-specific information on what pages users’ access or visit, record past activity, and session management and personalization. Use of cookies allows a better user experience when visitors return to the website.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly.
4.4.1 Cookie Control. CTM’s interactive cookie statement clearly states how the user’s behavior is tracked and offers easy-to-use controls for granting and revoking consent. The user has the control to prevent cookies from being placed on their computer until consent via an affirmative act.
4.5 CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4.6 USE OF HEALTH DATA IN THE UNITED STATES
The Health Insurance Portability and Accountability Act of 1996(“HIPAA”) and subsequent regulations published by the Department of Health and Human Services (“DHHS”) impose restrictions on other organizations (Covered Entities) which may be covered under HIPAA with respect to your relationship with CTM. CTM may, in providing subject recruiting call center services for one of these organizations, be required to comply with certain aspects of HIPAA in their conduct of human subject research activities.
Although CTM is not a Covered Entity as defined in the HIPAA privacy regulations, our policies and procedures, which govern the privacy rights of research participants included in this privacy policy, are compatible with those required by HIPAA for Covered Entities and will become standard for research activities involving PIHI.
All PIHI data collected by CTM in connection with subject recruiting for a clinical research study is captured electronically and transmitted through a secure network connection to a secure database. CTM’s data security policies are consistent with Good Clinical Practices, HIPAA and GDPR standards. CTM maintains separate Security Policies for Physical Security, Network Security and Application Security.
5. INTERNATIONAL TRANSFERS
Some personal data may be held on servers in the US. This will involve transferring your data outside the European Economic Area (“EEA”) or the UK. In addition, we use third parties who have IT servers located in the United States which hold your personal data. You consent to the transfer of your personal information to the United States.
Whenever we transfer and/or process your personal data outside of the EEA or UK, we ensure a similar degree of protection is afforded to it by using specific contracts approved by the European Commission (or UK ICO) which give personal data the same protection it has in Europe.
6. DATA SECURITY
We and our third party hosting partners have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances in the EEA and UK you can ask us to delete your data: see the section below entitled “Your Data Privacy Rights Under GDPR and UK Privacy Law” for further information.
We may also anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. YOUR DATA PRIVACY RIGHTS UNDER GDPR AND UK PRIVACY LAW
Under certain circumstances in the EEA and UK, you have the following rights under data protection laws in relation to your personal data:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
In the EEA, you have the right to make a complaint at any time to the relevant national supervisory authority. For example, in the UK this would be the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach one of the national supervisory authorities so please contact us in the first instance.
You will not have to pay a fee to access your personal data or to exercise any of the other rights.
8.2 WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8.3 TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within 30 business days. Occasionally it may take us longer than 30 business days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. YOUR CALIFORNIA PRIVACY RIGHTS
If you are a resident of California, you have the following rights with respect to your Personal Information:
The right to know what Personal Information we have collected, used, disclosed and sold about you. To submit a request to know, please contact us. You also may designate an authorized agent to make a request for access on your behalf.
The right to request that we delete any Personal Information we have collected about you. To submit a request for deletion, please contact us. You also may designate an authorized agent to make a request for deletion on your behalf.
When you exercise these rights and submit a proper request to us, we will verify your identity by asking you for identifying information such as your email address, telephone number, and/or information about your account with us. We also may use a third-party verification provider to verify your identity. Please note that we are only required to honor such requests twice in a 12-month period.
Your exercise of these rights will have no adverse effect on the price and quality of our goods or services.
For the 12-month period prior to the date of this Privacy Policy, CTM has not sold any Personal Information collected about you; nor does it have any plans to do so in the future.
10. DEFINITIONS
EEA and UK
Legitimate Interest means, in the EEA or UK, the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contactingus.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
GDPR is the European Union General Data Protection Regulation.
UNITED STATES
Covered Entity means an institution, organization or other entity that is subject to the rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Covered Entities include: (i) a health plan, (ii) a healthcare clearinghouse and, (iii) a healthcare provider who transmits any personal identifiable health information in electronic form in connection with a transaction covered by HIPAA.
Personal Identifiable Health Information (“PIHI”) means any information including demographic information collected from an individual that:
relates to (a) the past, present or future physical or mental health or condition of an individual; (b) the provision of healthcare to an individual; or (c) the past, present or future payment for the provision of healthcare to the individual; and
identifies the individual or there is a reasonable basis to believe it can be used to identify the individual; and
PIHI does not include education records or medical records covered by the Family Education Rights and Privacy Act or employment records held by CTM in its role as an employer.
CALIFORNIA
Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
FOR ANY JURISDICTION
Third Parties means:
Service providers acting as processors and who provide services to us.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services to us.
Regulators and other state authorities acting as processors or joint controllers in any jurisdiction in which we are operating and who require reporting of processing activities in certain circumstances.
AbbVie Inc.
Privacy Notice
Effective date: May 11, 2023
This Privacy Notice explains how AbbVie Inc., 1 North Waukegan Rd., North Chicago, IL 60064, and its affiliates or subsidiaries that post a direct link to this Privacy Notice (collectively, “AbbVie”) may process personal data about you through your online and off-line interactions with us through AbbVie services, products, communications, and digital properties (including websites and mobile applications) that refer to this Privacy Notice and where AbbVie may obtain and control your personal data from a third party (collectively, “AbbVie Relationships”).
AbbVie is an international company. This Privacy Notice may be supplemented or replaced by country level AbbVie privacy notices that are applicable only to certain AbbVie affiliates or subsidiaries located in those countries, or by privacy notices for specific activities, such as clinical research. Please refer to the privacy notice provided to you or linked on those AbbVie websites for more information about applicable AbbVie privacy practices. You may also visit our Privacy Center to access our global privacy notices available online.
This section describes the general categories of personal data that we may collect for the purposes described in this Privacy Notice. You can find additional information on the types of personal data we collect on job applicants, health care professionals, and patient and customer programs, by clicking on the relevant links. You can also find additional information on personal data we collect through cookies and similar technologies in the cookies and similar tracking and data collection technologies section below.
Personal Data we collect from you or from other sources
AbbVie may collect personal data from you directly that you choose to provide us, for example as part of a registration or in response to a questionnaire, as well as information about your AbbVie Relationships. AbbVie may also obtain personal data indirectly, such as from publicly available sources (e.g., websites or publicly accessible databases), third-party data vendors, health care providers and health insurance companies, and third-party partners and collaborators. We may combine personal data from multiple online and offline sources. The categories of personal data that AbbVie may collect about you, some of which may be considered sensitive personal data, include:
Direct identifiers and contact information, including your name, address, phone number, or email address;
Registration information, such as your username and password;
Data relating to your
participation in our programs, services, and offerings, including information about products and treatments and health conditions that are of interest to you or that you may have received;
Transaction data, including purchases and inquiries;
Financial account data, such as your credit card number;
Income information, such as when you request financial assistance for one of our products;
Health-related information that may be considered sensitive personal data, such as information about a physical or mental health condition, treatments you may have received, safety and health information in relation to any of our products or services, or health insurance information;
Demographic information, such as your age and gender, and sensitive demographic personal data, such as your race, ethnicity or sexual orientation;
Payment-related information if you provide a service to AbbVie;
Geolocation data, such as if you provide your zip code to AbbVie to search for services near you, your device location, and sensitive geolocation personal data, such as your precise location with your permission; and
Personal data collected automatically, such as internet activity and other information from the devices and browsers that you use, including your device type, IP address, advertising identifiers, pages that you visit before and after using AbbVie’s online services, search history, and information about the links you click, pages you view, and advertising you interact with on AbbVie’s online services.
How we may use Personal Data
We may use your personal data for the business and commercial purposes relating to your AbbVie Relationships, communicating with you, improving AbbVie Relationships and our products and services, and for other internal business purposes. You can find additional information on how we use personal data for job applicants, health care professionals, and patient and customer programs by clicking on the relevant links. You can also find additional information on how we use personal data we collect through cookies and similar technologies in the cookies and similar tracking and data collection technologies section below.
Administering programs, services, and other interactions with you
We may use your personal data for everyday business purposes, such as payment processing and financial account management, contract management, website administration, fulfilment, corporate governance, and reporting obligations. We may also use your personal data to provide you with the programs or services that you requested, or to administer AbbVie services, such as direct purchasing, participating in a savings program or signing up to receive a rebate. This means that we may use your personal data to respond to your questions, provide you with your requested services, offer you optimal customer experience, perform our contractual obligations to you, or perform actions based on your consent.
Marketing communications and disease awareness
We provide marketing communications that promote the use of or offer participation in AbbVie products, services, programs, research events or provide other information that may be of interest to you, such as information on certain health conditions. We will use your personal data to send you marketing communications and to determine the types of marketing communications to send.
You can opt-out of marketing communications at any time. Marketing communication opt-out instructions are included in each marketing communication you receive, submit a request at Your Privacy Choices or you can email us at privacyoffice@abbvie.com.
Customized experiences and improving relationships
personal data may be used to create customized offers, information, or services tailored to your interests and preferences. It may also be used to develop and improve your AbbVie Relationships. In some cases, we collect your personal data with your consent. In other cases, we collect this information for our legitimate business interest to optimize and customize AbbVie Relationships.
Business and product administration and improvement
To discover new facts that could help AbbVie better understand customer needs and help improve, develop, and evaluate product services, materials, programs, and treatments, AbbVie analyzes personal data for its legitimate interests in business and product improvement.
Compliance with laws and regulations
We may process your Personal Data to comply with laws and regulations, including those related to pharmacovigilance. We may also use Personal Data to monitor compliance with our policies and procedures, for fraud prevention, and to investigate and prosecute users who violate our rules or who engage in behavior that is illegal or harmful to others or to others’ property.
How we may disclose personal data
We generally share personal data with third parties for the business and commercial purposes described below. We do not sell personal data to third parties, but we do disclose your personal data to third parties, or allow third parties to collect your personal data, for targeted advertising and analytics purposes. You can find additional information on how we share personal data for job applicants, health care professionals, and patient and customer programs by clicking on the relevant links. You can also find additional information on how we share personal data we collect through cookies and similar technologies in the job applicants, health care professionals, and cookies and similar tracking and data collection technologies section below.
Affiliates and vendors
We have relationships with various vendors, including our affiliated companies, that help us operate our business and for whom it may be required to have access to your personal data while providing services to AbbVie. We require them to handle your personal data collected through the AbbVie Relationships in accordance with appropriate contractual privacy and security provisions.
Business and research partners
We may partner with other companies and public and private organizations to provide you with products, content, or services on a joint or “co-branded” basis. You should be aware that this Privacy Notice and the collection, use, and disclosure of personal data described herein apply in such co-branded cases. For example, we may use and disclose your personal data as part of a joint or co-branded service or program for purposes described in this Privacy Notice, such as sharing with advertising partners for the benefit of the joint or co-branded service or adverse event reporting. In addition to this Privacy Notice, the relevant partner’s privacy notice may also apply, and, in limited cases, there may be a shared privacy notice.
For co-branded forms and sites, you may see displayed both the AbbVie logo and the logo of the co-branding partner. To access co-branded services, you may have to complete a registration form, and this registration information may be shared with AbbVie’s co-branding partners, and you should read the individual privacy policies of our co-branding partners, as they may differ in some respects from ours.
In addition, we may disclose personal data to our external auditors, attorneys, accountants, and similar professionals based on our legitimate interest in the operation of our business and our obligations to comply with applicable laws and regulations.
Disclosures for legal obligations, to authorities and for product safety
If you contact AbbVie regarding your experience using our products, we may use the information you provide to us to submit our reports to the U.S. Food and Drug Administration, other similar health and medicine government agencies across the world, and as otherwise required of us by law. We also may use the information to contact your prescribing physician to follow up regarding an unexpected event involving the use of our product.
In certain limited circumstances, we may need to disclose your Personal Data to comply with a legal obligation, process, or demand and for reasons of public interest, such as to comply with reporting obligations to our governing regulatory authorities regarding the safety of our products, in response to a subpoena, or to meet national security or law enforcement requirements.
Disclosure to subsequent owner or operator
If you contact AbbVie regarding your experience using our products, we may use the information you provide to us to submit our reports to the U.S. Food and Drug Administration, other similar health and medicine government agencies across the world, and as otherwise required of us by law. We also may use the information to contact your prescribing physician to follow up regarding an unexpected event involving the use of our product.
In certain limited circumstances, we may need to disclose your personal data to comply with a legal obligation, process, or demand and for reasons of public interest, such as to comply with reporting obligations to our governing regulatory authorities regarding the safety of our products, in response to a subpoena, or to meet national security or law enforcement requirements.
Disclosure to subsequent owner or operator
We may transfer your personal data to a successor entity upon a merger, consolidation or other corporate reorganization, to a purchaser of all or a portion of our assets, or pursuant to a financing arrangement or co-promotional agreement. The personal data we have about you may be transferred to parties to the transaction based on our legitimate interest in preparing for and completing the transaction. Any successor entity shall be bound by terms and conditions reasonably similar to this Privacy Notice.
Cookies and similar tracking and data collection technologies
We may share your personal data with our advertising and marketing partners so they can use it on our behalf to serve you advertisements that are relevant to you, based on your interests (“targeted advertising”). For example, when you interact with us online, we and our third-party advertising partners, including social media partners, advertising networks and exchanges and data analytics providers, may use cookies, web beacons, and other similar tracking technologies to collect personal data from your browser or device, as described in this section. We may also use, share, and disclose that personal data for the additional purposes described in this section. The categories of personal data collected and the purposes of use and disclosure described in this section are in addition to any other collection, use and disclosure of personal data practices described separately in this Privacy Notice.
Personal data that may be collected through cookies and similar tracking and data collection technologies through our websites and mobile applications
We may collect the following additional categories of personal data through your usage of our websites and mobile applications.
IP address
We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit our website, which identifies the electronic device you use to access websites and allows us to customize content.
Other personal data from Cookies and Similar Tracking and Data Collection Technologies
We collect information automatically through your online interactions with us through tracking and data-collection technologies such as cookies, web beacons and pixels, APIs, web services, scripts, browser analysis tools, and server logs. A “cookie” is a small data file sent from a website’s server which is stored on your device’s hard drive, which can track your interests and preferences and recognize you as a return visitor. A “Web beacon” (also known as a pixel tag) is a small, transparent image embedded in a website, email, or application which can track user activity and site traffic, including data about the websites or applications you visited before or after coming to our website or application.
The following types of cookies are used on AbbVie digital properties. Depending on the website, Functional Cookies and Analytics Cookies may be collectively described as Functional Cookies.
Required Cookies: These cookies are necessary for core features of a site to operate properly.
Functional Cookies: These cookies are used to provide a better user experience on the site, such as measuring interactions with particular content or remembering settings.
Analytics Cookies: These cookies allow us to analyze site usage to evaluate and improve its performance. They are used to track certain metrics, such as site response times, and measure interactions with particular content.
Advertising Cookies: These cookies are used to show you ads that are more relevant to you on AbbVie digital properties and elsewhere online and across your devices. We may share this information with our marketing and advertising vendors for a number of purposes described in the sections below.
To learn more about cookies and other tracking and data-collection technologies, please visit all about cookies. If you would like to see a detailed list of the cookies we use on our websites, including the third parties that place cookies on our websites, the specific cookie, and cookie lifespan, please click on cookie settings at the footer of this page. If the cookie lifespan is not disclosed in the cookie settings, we use a default life span of thirteen (13) months for our own cookies, unless a shorter period is required by law.
Mobile tracking
Some AbbVie Relationships are available as either mobile applications or mobile sites that you can use on your mobile device. If you use a mobile device to access and use the AbbVie Relationships, we may collect mobile-specific information in addition to the other information described above, such as advertising ID, device type, location information, and your use of the AbbVie Relationships.
How we may use personal data collected through cookies and similar data collection and tracking technologies
In addition to the uses described separately in this Privacy Notice, we may use your personal data collected online for the additional purposes as described in this section.
Customized user experiences
We may use your IP address and the personal data that we obtain automatically through the use of cookies or similar technologies to make our websites and mobile applications easier for you to use and navigate, to assist in your registrations and login, to personalize the content by anticipating the information and services that may be of interest to you, and to personalize and improve our interactions with you by making the information we provide more relevant to you. For example, we may use your IP address or other personal data, such as your zip code, in order to suggest clinics that may be near you.
We may also add your website usage data to the general profile we maintain about you so that our AbbVie Relationships with you are a more personalized experience. When we send email communications, we may place a web beacon or similar technology in the email to know whether your device is capable of receiving HTML emails, or to collect data on whether the email or an attachment or link in the email has been opened. We use this data to help us determine and document if a particular part of our communication was more relevant to you.
In some cases, we collect this personal data with your consent. In other cases, we collect this information for our legitimate business interest to optimize and customize your user experience.
Digital analytics and improvement
We may use the personal data that you provide to us and the online information we collect automatically through cookies and similar technologies to monitor user traffic patterns and preferences. We may also track email communications through web beacons or similar technology in emails to create aggregated statistics and reports to analyze the effectiveness of and improve our marketing campaigns.
We collect this information for our legitimate business interests of security, improvement, analytics and optimization of AbbVie Relationships
Targeted advertising
We may provide you with online advertisements for AbbVie products and services on our own websites or third-party websites and mobile services that are tailored to you, which may be based on the personal data that you provide to us, your purchases or use of our products and services, or based on cookies and similar tracking and data collection technologies.
Social Media Analysis
We may also analyze public sources, such as websites and social media channels, to monitor, analyze and improve our understanding of interactions with and views of our products, services, and events. AbbVie and its service providers will respect the privacy notices and terms of use applicable to such sources in performing such activities.
Tell-A-Friend Functions
We may offer “tell-a-friend” functionality on our sites. If you choose to use this function, we will collect your friend’s contact information. We will automatically send your friend a one-time email with the information you specified or inviting your friend to visit the site. We use this personal data you provide us as part of the “tell-a-friend” functionality for the sole purposes of sending this one-time email.
How your personal data collected through cookies and similar data collection and tracking technologies may be shared
In addition to the types of disclosures of personal data described separately in this Privacy Notice, we may share personal data online for the additional purposes as described in this section.
Third-party analytics and measurement
We may share your personal data with our third-party analytics and measurement partners, such as to Google, in order to track and measure performance on our own website and digital properties, including metrics like session duration, session count, and page activity. We may also share your personal data in order to track and measure the performance of our advertisements across other websites and digital properties, such as ad impressions, clicks, and on-site activity.
Third-party targeted advertising
We may provide you with online advertisements for AbbVie products and services on third-party websites and mobile services that are tailored to you, which may be based on the personal data that you provide to us or to a third-party website that you are visiting, or on your browsing activity, purchases, or interests. We may share some of your device information with our advertising partners that we have obtained from cookies and other data-collection and tracking technologies based on your AbbVie Relationships. We may also serve you advertisements for AbbVie products or services that you have previously viewed on AbbVie digital properties. Our third-party advertising partners may also serve you advertisements based on your location information, such as if you are near a particular health conference.
Your Cookie and Location Choices
You can click on “cookie settings” at the footer of this page to opt out of a non-required cookie category.
Your browser also may have tools to disable cookies. Please note, however, that these tools only apply to the particular browser on that device and may not control all types of technologies. In addition, some cookies are essential to the functioning of our websites and deleting or disabling them on your browser will reduce the site’s functionality.
Due to differences between websites and mobile apps, you may need to take additional steps to opt out of cookie-based advertising for mobile applications. Please check your device settings and mobile app permissions for additional information n on how to opt out. You also may stop further data collection from a mobile application by removing it from your mobile device.
Separately, you also may be able to control the collection and use of your location information through your device’s operating system settings or through app settings.
Links to third-party sites and social media plug-ins
This Privacy Notice only applies to AbbVie Relationships linked to this Privacy Notice and does not apply to third-party websites to which AbbVie Relationships may link, including links to outside websites or advertisements from third parties. We encourage you to review the privacy statements provided by all third parties prior to providing them with personal data.
AbbVie Relationships may use social media plug-ins (e.g., the Facebook “Like” button and the “Share to Twitter” button) to enable you to easily share information with others. When you visit our sites as part of an AbbVie Relationship, the operator of the social plug-in and integrated social media platforms can place a cookie on your device that enables that operator to receive your personal data that allow the operator to recognize individuals who have previously visited our sites. If you are logged into the social media site while browsing on our site, the social media plug-in allows that social media site to receive information that you have visited our site. The social media plug-in also allows the social media site to share information about your activities on our site with other users of that social media site. These sharing settings are managed by the social media site, and you should refer to those sites’ privacy policies for information about their privacy and data-sharing practices.
Your privacy rights
Depending on the jurisdiction in which you live, you may have certain rights with respect to AbbVie’s use and disclosure of your personal data.
Consistent with the collection practices described in this Privacy Notice, we may collect certain categories and specific pieces of personal data either from you or from other third parties. We collect, use, and disclose personal data for our business and commercial purposes described in this Privacy Notice.
We do not sell your personal data, but we do disclose your personal data to third parties, or allow third parties to collect your personal data, for targeted advertising and analytics purposes. If you live in certain jurisdictions within the United States, you may opt out of these disclosures, as described further below.
Furthermore, AbbVie receives, and may further share with its collaborators and partners, as described in this Privacy Notice, deidentified health data from health care providers and health plans, subject to the Health Insurance Portability and Accountability Act of 1996, as amended, and implementing regulations (collectively, “HIPAA”). The health data received by AbbVie was deidentified based on either HIPAA’s “safe harbor” method, which means that certain direct identifiers were removed from the health data, or HIPAA’s expert determination method, which means that a qualified statistician reviewed the health data shared with AbbVie and confirmed that there is a very small risk that an individual could be identified from the remaining health data. When data is deidentified in accordance with either HIPAA’s expert determination or safe harbor method, there is a very small, but not zero, chance that the deidentified health data could be linked back to a specific individual. Deidentified data is not protected by HIPAA.
You may, depending on where you reside, have the right to request:
Information about the personal data that AbbVie has collected, used, and disclosed about you. This includes:
the categories of personal data collected
the categories of sources from which your personal data was collected
the business or commercial purposes for which AbbVie collected your personal data
the categories of your personal data that was disclosed for a business or commercial purpose
the categories of third parties with whom AbbVie shared your personal data
The specific personal data that AbbVie has collected about you.
To have your personal data deleted.
To have your personal data corrected.
To transmit personal data to another controller,
To withdraw your consent at any time (this will not affect the lawfulness of previous data-processing activities) or object to any use of your personal data.
To opt out of the use or disclosure of your personal data for purposes of targeted advertising.
To limit certain uses and disclosures of your sensitive personal data
To exercise your right to limit the use and disclosure of your sensitive personal data, you can click on the “Your Privacy Choices” link here or at the footer of some of our sites. Note that after you exercise this right we may still continue to use your sensitive personal data for certain purposes, such as to provide you with services or goods that you have requested.
To exercise your right to opt out of the sharing of your personal data for targeted advertising, you can click the “Your Privacy Choices” link here or at the footer of some of our sites. You can also click on the “Cookie Settings” link at the footer of our sites to opt out of advertising and analytics cookies, as described further in Section IV above on “Advertising, cookies, and similar technologies.”
We also support the Global Privacy Control, which is a browser-based opt-out preference signal that communicates your privacy preferences to the websites you visit. For more information on the Global Privacy Control, please visit their website here. Note that because the Global Privacy Control is a browser-based mechanism, your opt-out preference will apply only to the browser from which you exercised that choice and only if that browser supports the Global Privacy Control. You are welcome, however, to enable the Global Privacy Control on all of your browsers and devices. Further, the Global Privacy Control will only opt you out of the disclosure of your cookie-based personal information. To opt-out of the disclosure of your non-cookie based personal information, you can click the “Your Privacy Choices” link or at the footer of some of our sites.
Note further that, as distinct from the Global Privacy Control, some web browsers may transmit “do-not-track” signals to web services with which your browser communicates. As of the effective date of this Privacy Notice, an industry standard has not yet been established on how to respond to these signals; therefore, AbbVie does not currently respond to these signals. However, you can opt-out from advertisers that use your browsing history to deliver online behavioral advertisements via the mechanisms listed above.
To exercise your other privacy rights, such as to delete, access, or correct your personal data, you or your authorized representative can submit a request here. After you make your request, we will use the information we have to verify your identity (and if applicable, your authorized agent’s identity), and to match the personal data we have collected about you, if any, to your verified identity. Our verification process may include a request for additional information to confirm your identity or your authorized agent’s identity, or to obtain proof that you have given your authorized agent permission to act on your behalf. If our verification process is successful, we will respond to your request within the time and in the manner required by applicable law. If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, we will attempt to contact you to inform you.
If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions. You may be entitled, however, to appeal our decisions and can do so by following the instructions provided in the correspondence we send to you communicating our decision. Under local law, you may also be entitled to lodge a complaint with your local data-protection authority.
Should you exercise any of your privacy rights, AbbVie will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request. However, certain AbbVie Relationships may require your consent to have your personal data shared with AbbVie to provide the service or to allow us to use and disclose your personal data to provide the AbbVie Relationships. When you exercise your deletion right, you may lose access to certain aspects of AbbVie Relationships that require your personal data to perform the service.
Additional information for job applicants
If you have applied for employment with AbbVie, the personal data submitted with your job application may include your resume; previous professional, education and other background information; driver’s license information; social security number or equivalent national identification (as required or permitted by local law); cover letter; licenses; permits and certifications held; reference information; and any other information that you choose to provide (e.g., employment preferences, willingness to relocate, awards or professional memberships). This information may come from you, a recruiter, your references, prior employers, or your educational institutions.
Consistent with applicable law, we may ask questions about race/ethnic origin, gender, veteran status, and disability status of our applicants, for the monitoring of equal employment opportunity compliance. Except as specifically requested or legally required, we ask that you avoid submitting information in your application that may qualify as sensitive information under applicable law. Sensitive information includes data about race, color, religion, ethnicity, nationality or national origin, age, gender identity or expression, sexual orientation, marital status, medical or health information (including physical or mental disabilities or pregnancy status), genetic or biometric information, political or philosophical beliefs, political party or trade union membership, veteran status, photographs, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings, or any other legally protected status.
Personal data will be processed based on our legitimate interest in processing your job application and evaluating your candidacy and qualifications and to conduct reference checks. We may also inquire about criminal records and perform a background check following a conditional offer of employment, where permitted by applicable law. We may also process personal data from your job application for regulatory, compliance and legal purposes, consistent with this Privacy Notice. personal data may also be used for additional administrative purposes, including aggregate management reporting, internal training, and as generally required to operate our business.
We may share the data on your applications with recruiters, consultants, attorneys, preemployment background check services, and our affiliates.
Additional information for health care professionals
We may collect additional categories of personal data through your online and offline interactions with us, in addition to the categories described in the ”Your personal data we may collect” section above if you are a health care professional, as described in this section. We also use and disclose personal data about health care professionals for the additional purposes described in this section. We retain your personal data as described in the “Data Security and retention” section below. To understand how we may use and disclose your personal data for targeted advertising and to opt out, see the “Your Privacy Rights” section above. The categories of personal data collected and the purposes of use and disclosure described in this section are in addition any other collection, use and disclosure of personal data practices described separately in this Privacy Notice.
Additional personal data that AbbVie may collect about health care professionals
If you are health care professional, we may collect personal data about you directly from you, or from third-party sources such as the organization where you work, publicly available sources, interactions with AbbVie (including online available sources), and participation in AbbVie-sponsored or -supported initiatives such as AbbVie-sponsored clinical research and development activities, third-party databases, and reporters of pharmacovigilance events.
We may collect the following additional categories of personal data about health care professionals:
Professional details, such as resumes or other documents or forms provided directly to us, place of practice, job title, professional contact details, medical specialty, professional license number, professional qualifications and scientific activities (such as previous clinical trial experience, activity on social media platforms or other websites, and participation in past or pending research studies with us and other companies), organizational or institutional affiliations, publication of academic or scientific research and articles, and membership in associations and boards
Personal data provided to participate in our sponsored or -supported initiatives, such as our sponsored clinical research and development activities, online or in-person seminars regarding product information, educational events, and clinical information updates
Details of interactions with us, such as what kind of meetings we have held, topics discussed, your knowledge of and questions you have had about our business and products, what kind of material we have displayed to you, and any feedback that you have provided, as well as your opinions of and routines for prescribing, routines regarding your patients, diagnoses, and automatic tracking information in online interactions with us
Payment and other transfers of value details received from your interactions with AbbVie, which may include your tax identification number or national identification number (where required or permitted by law), contributions to costs of educational events (such as registrations fees, travel and accommodation expenses) and fees for services, including consultancy services
Additional uses and disclosures of health care professional personal data
We use and disclose personal data of health care professionals for the following additional purposes.
For the performance of our contract with you if you or your institution entered into a consulting, professional services, or other type of agreement with us.
Based on our legitimate interests in developing and improving our services, we will use and disclose personal data about health care professionals for:
managing and improving our relationship with you, including planning, organizing and reviewing any collaboration with you, and for contacting you
helping ensure that we provide you with information that is relevant based on your expertise, interests and preferences
recruitment and evaluation of the suitability of health professionals for their participation in clinical trials and market research and other research studies
conducting market and research studies in the public and private sectors
communicating with you about our products and programs (subject to any additional marketing consent requirements), engage with you about scientific or educational programs, administer our patient-support programs and provide access to you where applicable, respond to product orders, and provide product samples
research and analytics purposes to develop and evaluate our products, services, materials and treatment
internal accounting and analysis in connection with our internal policies and rules, such as our AbbVie Code of Business Conduct
Based on our legal obligations and for reasons of public interest, we will use and disclose personal data about health care professionals for:
safety monitoring, reporting and auditing and responding to inquiries or issues in relation to our products
complying with applicable laws and regulations, including requirements imposed by industry codes of conduct to collect payment and other transfer of value data of health care professionals and the public disclosure of such data, subject to applicable local consent requirements to publish such data in a manner that identifies the health care professional individually
Additional information for participants in patient and customer programs
We may collect additional categories of personal data through your online and offline interactions with us, in addition to the categories described in the “Your personal data we may collect” section above, about participants in AbbVie’s patient and customer programs, as described in this section, including patient support programs and loyalty programs . We may also use and disclose personal data about participants in patient and customer programs for the additional purposes described in this section. We retain your personal data as described in the “Data Security and retention” section below. To understand how we may use and disclose your personal data for targeted advertising and to opt out, see the “Your Privacy Rights” section above. The categories of personal data collected and the purposes of use and disclosure described in this section are in addition any other collection, use and disclosure of personal data practices described separately in this Privacy Notice.
Additional personal data that AbbVie collects for Patient and Customer Programs
If you are a participant in a patient or customer program, we may process the following additional categories of personal data about you, which we received from you directly, or from your health care professionals, health care insurers, and related third parties:
contact data such as address, phone number and other contact details
personal details such as name, date of birth and gender
data collected or created regarding your use of our programs and services
financial information related to qualification in certain income-based and financial support programs, including your social security number or national identification number (where permitted or required by law)
sensitive data such as identifiable health data relating to your disease or condition, medical history, treatments you may have received, reason for discontinuation, data on active management of the disease and insurance coverage and benefits related to your use of our products
Additional uses of data in the context of patient and customer programs
With your consent, we use and disclose your personal data as part of your program participation to administer and manage the program, including customization of the program to you, delivery of products and services, administering loyalty programs, reminding you to take your product as prescribed or to obtain a refill of your product, and to provide you with program support, communications, and materials relating to your treatment and the program. We may also contact your health care professional for drug safety information and to provide health care professional with information about your medicine and your participation in a program.
Based on our legal obligations and for reasons of public interest, we may use and disclose your personal data in our programs for safety monitoring, reporting and auditing, and responding to inquiries or issues in relation to our products, as well as to comply with applicable laws and regulations.
We will also use personal data that does not directly identify you for the compatible purposes of analytics, research and related publications, including to evaluate, develop and improve AbbVie’s programs and related services, products and medicines.
Loyalty programs
Some of our programs may offer discounts or other value to consumers that voluntarily participate and that involves the collection and sharing of consumer personal data as described in the “Your personal data we may collect” and “How we may disclose personal data” sections of this Privacy Notice. Based on our reasonable and good faith estimate, personal data we collect through such programs do not have monetary value. We receive value from the such programs in increased customer loyalty and patronage. Because some of our programs involve tracking product usage and purchases, it is necessary to collect and process your health-related data from you as part of your participation. Participation in our programs is voluntary and you may withdraw by visiting Your Privacy Choices here. If you make a data subjects rights request by visiting Your Privacy Choices requesting the deletion of your personal data necessary for your participation in a program, then you may not be able to continue your participation.
Privacy of children
AbbVie does not knowingly collect any personal data directly from anyone under the age of 16. All AbbVie Relationships that support children are directed to and are communicated with parents and guardians only. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us using one of the methods in the Your privacy rights and choices section, and we will work with you to address this issue.
Our contact information
You may contact us or our Global Privacy Office, including our Data Protection Officer, at any time, using the contact information below if you have questions about this Privacy Notice or have any other privacy request or inquiry. You can also opt-out or unsubscribe from any of our programs or services.
Please submit your privacy requests or inquiries here. You can also contact us by visiting “Your Privacy Choices”, by using the contact information feature on our mobile application, by emailing us at privacyoffice@abbvie.com, or by calling us toll-free at 1-800-255-5162. Alternatively, you may send a letter to the following address:
AbbVie Customer Service Attn: Privacy Department 36M 1 N. Waukegan Road North Chicago, IL 60064-6163
In all communications to us, please include the email address used for registration (if applicable), the website address, mobile application, or the specific program to which you provided personal data (e.g., AbbVie.com), and a detailed explanation of your request. We will respond to all reasonable requests in a timely manner, and we may need to further confirm your identity in order to process certain requests.
Data security and retention
AbbVie maintains appropriate technical, administrative, and physical controls to reasonably safeguard any personal data collected through AbbVie Relationships. However, there is always some risk that an unauthorized third party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting personal data over the Internet, especially your health-related information. We cannot guarantee that unauthorized third parties will not gain access to personal data about you; therefore, when submitting personal data to us, you must weigh both the benefits and the risks.
We will only keep personal data as long as necessary for the fulfillment of the purposes outlined in this Privacy Notice, except if otherwise required by applicable laws or legal orders. The criteria used to determine our retention periods include (i) the length of time we have an ongoing AbbVie Relationship with you; (ii) whether there is a legal or best practice retention obligation to which we are subject; and (iii) whether retention is needed in light of litigation or regulatory investigations.
International personal data transfers
We may transfer personal data internationally as described in this section.
Intercompany transfers
Personal data may be transferred and processed by and among AbbVie Inc. in the U.S., the parent company of AbbVie, and its affiliates in other countries. For a full list of AbbVie Inc.’s affiliates and their jurisdictions, please see our most recent SEC filing here. Our company maintains an inter-company data transfer agreement, which is based on EU data transfer agreement requirements as well as regional requirements where EU standards are not sufficient, and covers personal data transfers among AbbVie Inc. and its affiliates worldwide to ensure the adequate protection of personal data. Copies of these agreements can be obtained by sending an email to privacyoffice@abbvie.com.
Transfers to vendors, suppliers, and business partners
Personal data may also be transferred and processed by our vendors, suppliers, and business partners in other countries. Any international transfer of personal data to third parties, including outside the EEA and other countries with cross border transfer restrictions, will be conducted in compliance with the international data-transfer restrictions and requirements that apply under data protection laws, including, where appropriate, using appropriate data transfer agreements for personal data transfers to data processors or data controllers.
Accessing our sites globally
This site is owned and operated by AbbVie in the United States. If you are visiting this site from a country other than the United States, your communication with us will result in the transfer of personal data across international borders. We will only process your personal data with your consent, to perform a contract between you and us, to comply with legal obligations, or where we have a legitimate interest. These legitimate interests include administrative activities and complying with your requests.
Changes to our Privacy Notice
We will use personal data only in the manner described in the Privacy Notice in effect when the personal data was collected. However, and subject to any applicable consent requirements, we reserve the right to change the terms of this Privacy Notice at any time. Changes to this Privacy Notice will be promptly posted to this page and accompanied by a new effective date at the top of this page. We encourage you to review this Privacy Notice regularly for any changes. Any personal data collected upon your continued use of AbbVie Relationships will be handled in accordance with the currently posted Privacy Notice.
