NAVICA PRIVACY NOTICE SUMMARY

(U.S., March 2022)

Abbott provides the NAVICA Applications ("Apps") and NAVICA Web Portal for facilitating the sharing of information relating to Abbott COVID19 test results. The Apps and Web Portal allow for the sharing of information relating to COVID-19 test results performed using select Abbott rapid testing platforms. The system of Apps and Web Portal enable verification of authenticity of select Abbott test kit types, management of test results and ability to review the results of the most recent testing.

Abbott remains committed to protecting personal information. This Privacy Notice explains how we handle personal information and what we do to keep personal information secure when using the Apps and Web Portal. We understand there is a lot of information included in this Privacy Notice. We want to provide you with a short and easily accessible summary of how we handle, protect, retain, store and disclose your personal information. For more information, see About the Services and Security of Personal Information below.

THIS NOTICE APPLIES TO THE USE OF NAVICA IN THE U.S. ONLY.

THIS SUMMARY IS NOT COMPREHENSIVE. YOU WILL NEED TO READ THE RELEVANT SECTIONS OF THE PRIVACY NOTICE BELOW TO FULLY UNDERSTAND HOW WE PROCESS PERSONAL INFORMATION.

We collect and process personal information when setting up and using the Apps and Web Portal, which includes for the User (person being tested), first name, last name, email address, full address, phone number, date of birth, and the results of the applicable COVID19 test. This information will be made available to individuals authorized by the User, Abbott or the Business / Enterprise User (entity or organization authorized by a User to review COVID19 test result information through NAVICA) for purposes of reviewing test result information and providing notification of the results. If you contact Abbott’s customer services personnel, we will keep a separate record relating to your request for technical support. For more information, see Collection and Processing of Your Personal Information below.

We use personal information to: (1) provide Apps and Web Portal Users, as well as authorized Business / Enterprise Users with access to NAVICA; and (2) comply with legal obligations, including those related to safety, quality and improvement. For more information, see Abbott’s Own Use of Your Personal Information, Other Legal Requirements, Retention of Personal Information below.

We strictly limit who we share personal information with and will not sell the information to third parties for our commercial benefit. We do share personal information with our affiliated companies to help support and provide technical assistance for the Apps and Web Portal, for compliance purposes, or to perform troubleshooting/ diagnostics and broader analysis to detect systemic issues. Abbott may disclose information when requested by state and federal governmental authorities or related business or testing entities to assist in efforts to track COVID-19 infections. For more information, see Disclosure of Personal Information by Us below.

Where your location grants you certain rights in relation to your personal information, we will respond to such requests. For more information, see How Individual Users Can Access and Correct Personal Information and Your Rights below.

We store personal information on servers in the United States of America. For more information, see Data Storage.

If you have questions, comments, or complaints about Abbott’s privacy practices, please contact us by clicking on the “Contact Us” link in one of our websites or emailing us at privacy@abbott.com. For more information, see Contact Us below.

If we update this Privacy Notice with material changes, we will alert you via the Apps and Web Portal. For more information, see Changes to this Privacy Notice below.

NAVICA MOBILE APPLICATIONS PRIVACY NOTICE

(U.S., March 2022)

Abbott provides the NAVICA Applications (“Apps”) and NAVICA Web Portal (collectively, the “Services”). Throughout this Privacy Notice, references to “Abbott,” “we,” “us,” and “our,” mean the group of Abbott companies, headquartered in Abbott Park, Illinois, United States of America.

We recognize the importance of data protection and privacy and are committed to protecting personal information, including health-related information. This Privacy Notice describes how personal information relating to select Abbott rapid testing platforms, including health-related information, is collected and used by Abbott and authorized Users of the Services.

Please read this Privacy Notice carefully before registering to use the Services as it applies to the processing, transfer and storage of personal information, including health-related data by Abbott and certain affiliated companies as described below. It also applies to the processing of personal information by our affiliated companies and by our processors if required to resolve a customer service issue related to these Services.

By registering and using these Services, you accept this Privacy Notice and you:

THIS NOTICE APPLIES TO THE USE OF NAVICA IN THE U.S. ONLY. BY ACCEPTING OR AGREEING TO THIS PRIVACY NOTICE, YOU EXPLICITLY ACKNOWLEDGE THAT YOUR USE OF THESE SERVICES IS SUBJECT TO THIS PRIVACY NOTICE AND TO THE PROCESSING AND TRANSFER OF PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, AS DESCRIBED IN THIS PRIVACY NOTICE.

YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION TO ABBOTT.

About Us

Abbott is the manufacturer of the NAVICA System.

About the Services

The NAVICA Applications (“Apps”) and NAVICA Web Portal (“Web Portal”) facilitate the sharing of information relating to select Abbott COVID19 test results. The system includes the following components:

For the NAVICA Apps, please keep “Notifications” “ON” to receive status updates and reminders. You must keep your mobile device connected to Wi-Fi or to cellular/mobile data.

Please Note: If you authorize a Business / Enterprise User or Testing Facility to use the NAVICA System to process data regarding tests, such collection, use, and sharing of personal data will be subject to the provisions of any privacy notice, policy, or terms of use of the Business / Enterprise User or Testing Facility.

Collection and Processing of Your Personal Information

The following categories of User personal information are processed for NAVICA App and Web Portal (including for dependents through legal guardian’s managed profile):

The following categories of User personal information are processed for NAVICA Administrator App:

The following categories of User personal information are processed for NAVICA Verifier App:

Abbott may need to access this personal information to support and maintain the Apps, Web Portal, and Services and to provide the Business / Enterprise User or Testing Facility with the Services.

Abbott’s Use of Your Personal Information

Abbott processes personal information, including testing information, for the following purposes:

Non-Personal Information Relating to NAVICA Web Portal

Non-personal information is information that does not identify a person individually. Non-personal information relating to a NAVICA Web Portal user is information collected from the user’s computer, such as the user’s Web browser, the date and time of the user’s Web site visit, the Web address from which the user accessed the portal, the number of visitors to the portal, the pages viewed, and the length of time on the Web portal.

Abbott’s Use of Non-Personal Information Relating to NAVICA Web Portal

Abbott uses non-personal information relating to a NAVICA Web Portal user to collect general information about portal visitors. Non-personal information is used by Abbott and is shared with third parties to:

Data Storage

We receive data input into the Apps and the NAVICA Web Portal (user ID and password) before it is securely transferred and stored in cloud servers, which are located in the United States of America. We have implemented appropriate security measures and controls to protect personal information. See also Security of Personal Information.

Other Uses / Legal Requirements

Abbott may use personal information where legally required and where legally required, we will de-identify, pseudonymise, aggregate and/or anonymize information to comply with our legal obligations as the manufacturer of the NAVICA System. Abbott may also use such information to assist in developing Abbott’s COVID-related products, such as rapid antigen testing. In such case, this information will be securely held by Abbott and will not be used to identify you individually by your name or email address outside of Abbott’s use of the NAVICA System, except where we are under a legal obligation to include this information. Where such use of personal information is subject to legal requirements, we do not require consent.

The legal requirements for which Abbott will use this information are:

We use the terms ‘de-identify’ and ‘pseudonymise’ interchangeably.

Retention of Personal Information

Personal information collected via the Services will be retained for purposes of the User and/or Business / Enterprise User’s COVID19 testing program as well as necessary to comply with applicable laws and regulations. Additional use of personal information by Abbott beyond the User or Business / Enterprise User’s review of COVID19 testing will be disclosed prior to Abbott’s further use of the personal information. Generally, personal account information and will be deleted after one (1) year of inactivity by the user. Test result information will be deleted one (1) year after date of creation in NAVICA. Deletion may be subject to other legal or regulatory requirements.

Disclosure of Personal Information by Us

We may share your personal information as follows:

Privacy Notice Applicability

Abbott operates multiple Web sites and Web portals for different purposes in countries where laws that differ from those in the United States may apply. This privacy notice applies only to the NAVICA Web Portal and NAVICA Apps.

Cookies

Cookies are small data files that are sent to your browser and placed on your computer’s hard drive when you visit a Web site/portal. You can set your browser to accept or decline cookies.

NAVICA Web Portal does not use cookies.

Security of Personal Information

Abbott has implemented appropriate security controls within the Services to protect personal information from accidental or unlawful destruction or accidental loss, alteration, disclosure, or access.

Information collected via the Services is encrypted before transmission to ensure that it will remain secure and confidential. The Services include various security measures to enhance the security of your profile and to prevent unauthorised access to, or disclosure of, personal information. Only those authorized by the User, Abbott or the Business / Enterprise User will have access to a User’s profile and only through unique IDs and passwords.

Please be aware that the Services may be unavailable during periods of routine maintenance.

Cross‐Border Transfers of Personal Information

Information collected via the Services will be transferred to and stored in the United States of America. The data protection laws of the USA may not offer protections for personal information equivalent to those of the European Union, the UK, Switzerland or your country of residence. By accepting this Notice, you explicitly consent to the transfer of your personal information to Abbott’s servers in the United States of America.

If you contact us directly and request technical support, your personal information (including health-related data) may be accessible by Abbott teams in the USA, and India for technical support purposes.

BY USING THIS APP AND BY ACKNOWLEDGING THIS PRIVACY NOTICE, WE ARE INFORMING YOU OF THESE TRANSFERS OF YOUR PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA, AND INDIA AND TO THE ACCESS OF YOUR PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION, WHICH MAY BE REQUIRED IN EXCEPTIONAL CIRCUMSTANCES TO RESPOND TO ANY SUPPORT REQUESTS YOU OR RELATED THIRD PARTIES REQUEST. THESE COUNTRIES MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION FOR YOUR PERSONAL INFORMATION WHEN COMPARED WITH DATA PROTECTION OR PRIVACY LAWS OF OTHER COUNTRIES.

How Abbott Protects Children’s Privacy

Children may be tested using NAVICA. At any time, a parent/guardian may stop the collection of a child’s personal information, including health-related information, by contacting Abbott or the Business / Enterprise User involved in COVID19 testing and requesting that the account be deleted. This action will delete the account associated with the child, but Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

How Individual Users Can Access and Correct Personal Information and Your Rights

You can edit your personal information in the Apps and the web portal by accessing the “Account and Settings” to edit your profile.

Depending on your place of residence, you may have the right to: (a) access the personal information we hold about you; (b) request we correct any inaccurate personal information we hold about you; (c) delete any personal information we hold about you; (d) restrict the processing of personal information we hold about you; (e) object to the processing of personal information we hold about you; and/or (f) receive any personal information you have provided to us on the basis of your consent in a structured and commonly used machine-readable format or have such personal information transmitted to another company. Please note that Abbott is not required by law to adopt or maintain systems that are technically compatible with other companies. It may not be possible for Abbott to directly transmit personal information to another company.

To request the exercise of these rights, you may contact us using any of the methods set out in the section entitled Contact Us. For more information about Abbott’s privacy practices, you can also refer to the following website: U.S. – https://www.abbott.com/privacy-policy.html.

Deleting Your NAVICA Account

If you would like to delete your NAVICA account, you may do so by submitting your request at NAVICA Rights Request. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

Contact Us

If you have questions, concerns or complaints about your personal information in the NAVICA System or wish to exercise your data protection rights, please contact us by clicking on the “Contact Us” link in one of our websites or emailing us at privacy@abbott.com. Alternatively, you may write to us at:

Attn: Abbott ARDx Privacy Officer
100 Abbott Park Road
Dept. O36X. Bldg. APo6A
Abbott Park, IL 60064

For Users in Brazil: If you have questions, comments, or complaints about our privacy practices, or if you would like to exercise any of your rights set out in the How Individual Users can Access and Correct Personal Information and Your Rights section, please contact us by clicking on the “Contact Us” link in one of our websites or emailing our local DPO, Juliana Ruggiero, at privacybrasil@abbott.com. Alternatively, you may write to us at:

Attn: Juliana Ruggiero Privacy Officer
Laboratórios do Brasil Ltda.
Rua Michigan 735, São Paulo/SP
CEP: 04566-905

In all communications to us, please include the email address used to register for NAVICA and a detailed explanation of your request.

Changes to this Privacy Notice

This Privacy Notice is kept under regular review. If we make material changes to our privacy practices, an updated version of this Privacy Notice will reflect those changes. You will be alerted to updates to this Privacy Notice via the Apps and NAVICA Web Portal.

Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Notice.

U.S. AND COUNTRY SPECIFIC PROVISIONS

Argentina

The Public Information Access Agency, in its capacity as supervisory body of Act No. 25.326, has jurisdiction over all accusations and complaints made by those affected in their rights for infringements to regulations in force referred to the protection of personal information.

Australia

If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principle (“APPs”) or a privacy code that applies to us, or if you have any queries or concerns about our Privacy Notice or the way we handle your personal information, please contact us using the details above. We will take reasonable steps to investigate and respond to you.

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. See https://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office. We are not likely to disclose your personal information overseas, except as permitted by the Privacy Act 1988 (Cth), unless we otherwise advise you in writing. We may transfer your personal information to the United States. You consent to that disclosure and agree that by giving that consent, Australian Privacy Principle 8.1 no longer applies, and we are not required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.

California

California Civil Code Section 1798.83 permits residents of the State of California to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. Abbott is required to respond to a customer request only once during any calendar year. To make such a request you should send a letter to Abbott ARDx Privacy Officer, 100 Abbott Park Road, Dept. O36X. Bldg. APo6A, Abbott Park, IL 60064. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information sharing that is covered will be included in our response.

If you have any questions regarding Abbott’s compliance with the California Consumer Privacy Act (CCPA) and your rights under CCPA, please visit https://www.abbott.com/privacy-policy/dsar.html.

Brazil

In case of updates to this Privacy Notice that require new collection of consent, you will be notified through the contacts you have provided us.

Consent: To process personal information concerning your health, you must provide Abbott affirmative consent to use the Apps. You may withdraw your consent at any time by contacting us at privacy@abbott.com.

Legal basis for the processing of your personal information: Abbott processes your information based on the following legal basis as set out in the Lei Geral de Proteção de Dados (LGPD):

Your rights: If you would like to exercise any of your rights set out in the section titled How Individual Users can Access and Correct Personal Information and Your Rights and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”, or other right as applicable, in the subject line of the email.) We will do our best to respond to all reasonable requests in a timely manner, or at the very least, in accordance with any applicable legal requirements. You have the right to lodge a complaint with your local data protection authority if you are unhappy with any aspect of Abbott’s processing of your personal information.

Chile, Colombia, Panama, Trinidad & Tobago

Your consent is required for Abbott to process your personal information generally. By accepting the terms of this Privacy Notice, you are deemed to have consented to the processing of your personal information as described herein. If you would like to delete your NAVICA account, you may do so by contacting your Abbott at privacy@abbott.com. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

European Economic Area, Switzerland and UK

Legal basis for the processing of your personal information: Abbott processes your personal information, including your health-related personal information, as a controller on the following legal bases as set out in the GDPR:

"GDPR" refers to the General Data Protection Regulation (2016/679) as to EU Member State implementing legislation, and for the UK, it refers to the UK Data Protection Act 2018, each as may be amended from time to time. Where we have included a country in the above title that is outside the European Union, it is because such country’s data protection or privacy law contains substantially equivalent protections to the GDPR.

Data transfers: Information collected via the Services will be transferred to and stored in the United States of America. If you request technical support, your personal information (including Abbott test results) will be accessible by our support services in the USA.

Data Protection Officer: The contact details of our European data protection officer along with other contact information are available at www.eu-dpo@abbott.com.

Your rights: If you would like to exercise any of your rights set out in the section entitled How Individual Users Can Access and Correct Personal Information and Your Rights and are contacting us by email, please title your email subject line accordingly (for example, “Correction Request” or “Access Request”, or other right as applicable, in the subject line of the email). We will endeavor to respond to reasonable requests in a timely manner and in accordance with applicable legal requirements. You have the right to raise a complaint with your local data protection authority if you have concerns with Abbott’s processing of your personal information.

Japan

Your consent is required for Abbott to handle your “special care-required personal data” (referred to in this Privacy Notice as your health-related information) and to transfer your personal information, including health-related information, to any third party outside of Japan (except for transfers to the EU, for which an adequacy decision has been issued by the Japanese government). By accepting this Privacy Notice, you are deemed to have consented to the processing of your personal information, including health-related information, as described herein. You may withdraw your consent any time by contacting us at privacy@abbott.com. If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

Mexico

Abbott Laboratories de México, S.A. de C.V. residing at Calzada de Tlalpan 3092, Colonia Ex-Hacienda Coapa, Alcaldía Coyoacán, Ciudad de Mexico, 04980, Mexico is responsible for the treatment of personal data that is collected in accordance with the Federal Law on Protection of Personal Data in Possession of individuals. You can find more information about how we process your personal information for customer support purposes in the privacy policies relevant to your country of residence which can be accessed at https://www.diabetescare.abbott/worldwide-locations.html.

Singapore

By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to all of the contents herein. For users under the age of 14, consent must be given by their guardian. If you would like to delete your NAVICA System account, you may do so by contacting us at privacy@abbott.com. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

South Korea

By accepting or agreeing to this Privacy Notice, you are deemed to have been informed of and have explicitly consented to all of the contents herein. For users under the age of 14, consent must be given by their guardian. If you would like to delete your NAVICA account, you may do so by contacting Abbott at privacy@abbott.com. Please be aware that if you delete your account, we will retain aggregated and de-identified information and may need to retain certain personal information as required by law.

This Privacy Notice sets out information on the collection, use, provision to third parties, outsourcing of the processing, and cross-border transfer of your personal information, including health-related information by Abbott Laboratories, in connection with the provision of the Apps. All of the following categories of processing of personal information, including health-related information, are necessary for the provision of the Apps. Therefore, you will be unable to use the Apps if you choose not to consent to such processing.

You may provide your consent collectively to all of the following consent categories by accepting or agreeing to this Privacy Notice:

If you withdraw your consent, Abbott will retain aggregated and de-identified information and may need to retain certain personal information as required by law.