Ethics and Compliance Helpline Privacy Notice

Effective March 5, 2020

Ethics and Compliance Helpline Privacy Notice

Effective March 5, 2020

AbbVie Inc. and its affiliated companies (collectively, "AbbVie" or “we”), have implemented a Code of Business Conduct reflecting AbbVie’s commitment to honesty, fairness and integrity. To ensure compliance with the Code of Business Conduct and to assist AbbVie in addressing its governance, internal audit and legal obligations, AbbVie has implemented the non-mandatory Ethics and Compliance Helpline (the “Helpline”) to allow employees, vendors, suppliers, business partners and those of its subsidiaries, (“Reporters”) to report violations or concerns in particular related to anti-bribery, auditing, accounting, financial matters, and/or anti-trust and competition law issues.

This Helpline Privacy Notice (“Privacy Notice”) explains how AbbVie handles personal data that it collects and receives from Reporters through Helpline websites and phone interactions that refer to this Privacy Notice. 

1. Use of the Helpline

Use of the Helpline is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager, or to a representative of the human resources, legal or the office of ethics and compliance, depending on the nature of the possible violation. If you feel that you are unable to do so, you may use the Helpline to make your report.

The Helpline is an online reporting system that allows you to report suspected violations of law or company policies, as well as other concerns you may have, to AbbVie. In certain countries, AbbVie may only accept reports through the Helpline that relate to financial, accounting, auditing, bribery, competition law, discrimination and harassment and environment, health, hygiene, and safety matters. If your concern pertains to a matter that, under local law, may not be accepted by AbbVie through the Helpline, you will need to contact your supervisor or local management or a representative of the human resources, legal or the office of ethics and compliance to report the matter.

Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is true. You will not be subject to retaliation from AbbVie for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information may be subject to sanctions. 

2. Personal data collected through the Helpline

The Helpline captures the following personal data that you provide, or someone else may provide, when a report is made: (i) your name and contact details (unless you report anonymously) and whether you are employed by AbbVie; (ii) the name and other personal data of the persons named in the report if provided (i.e.: description of functions and contact details); and (iii) a description of the alleged misconduct as well as a description of the circumstances of the incident, this description must be factual and have a direct and immediate link to the incident. 

Note that depending upon the laws of the country in which you are residing, the report may not be made anonymously; however, your personal data will be used and disclosed only as described in this Privacy Notice.

3. Purposes for using personal data and data retention

Your personal data will be used and disclosed for the purpose of processing and investigating the report provided to the Helpline, for the administration and monitoring of the Helpline, and for conducting internal investigations regarding compliance with law and AbbVie policies and procedures.

AbbVie may need to disclose your personal data in order to comply with a legal obligation or demand. In such instances, we will take measures to protect your personal data to the extent possible. We also reserve the right to use personal data to investigate and prosecute users who violate our rules or who engage in behavior that is illegal or harmful to others or to others’ property.

AbbVie will not process personal data for any purpose incompatible with the purposes outlined in this section, unless it is required or authorized by law or as authorized by you. When processing personal data for these purposes, AbbVie’s legal basis is its legitimate interests in protecting its employees, property and data and to ensure compliance with applicable law and its internal policies.  

AbbVie will not keep personal data longer than necessary to investigate the report provided to the Helpline, or otherwise as necessary to address AbbVie’s legitimate compliance concerns. Personal data which is provided by the Reporter but doesn’t fall into the purposes of the Helpline is deleted or anonymised without delay.

4. Accessing and transferring personal data

Personal data may be accessed, processed and used by relevant personnel of AbbVie, including human resources, finance, internal audit, legal, the office of ethics and compliance, management, AbbVie external advisors (e.g. legal advisors; audit firms).

AbbVie has relationships with vendors that help AbbVie operate and administer the Helpline, and for whom it may be necessary to have access to your personal data in the course of providing services to AbbVie. AbbVie will not authorize Helpline vendors to use your personal data for any purpose that is not related to AbbVie’s business operations, and AbbVie requires its vendors to handle your Personal Data collected through the Helpline in accordance with appropriate contractual privacy and security provisions and this Privacy Notice.

Personal Data may be transferred to AbbVie Inc., in the United States, or other AbbVie affiliates, territories that may not provide a level of protection to personal data equivalent to that provided by your home country. Personal data transfers to AbbVie Inc. and among AbbVie affiliates are governed by the AbbVie Inter-affiliate Data Transfer Agreement, which are based on the EU model contract for data transfers to controllers and covers all personal data transfers between AbbVie affiliates worldwide to ensure the adequate protection of your personal data. A copy can be obtained by sending an email to privacyoffice@abbvie.com. Any transfers of personal data from the EU to third parties outside the EU will be done in compliance with the international data transfer restrictions that apply under EU data protection laws, including, where appropriate, through the use of EU model contracts for data transfers to processors.

Personal data provided in a report may also be disclosed to the police and/or other enforcement,  regulatory or judicial authorities.

5. Accessing information concerning the report

AbbVie will promptly notify any person who is the subject of a report to the Helpline except where notice needs to be delayed to ensure the integrity of the investigation and preservation of relevant information.

With some exceptions, the subject of the report may access information concerning the report (with the exception of the identity of the Reporter) and request correction of personal data that is inaccurate or incomplete in accordance with applicable law. Similarly, with some exceptions, Reporters may also access information about the report and request corrections of their personal data in accordance with applicable law. 

6. Privacy rights

You may contact AbbVie at any time if you have questions about this Privacy Notice or the personal data we collect about you.  Please submit your inquiry at https://www.abbvie.com/privacy-inquiry.html. We will respond to all reasonable requests in a timely manner and may need to further confirm your identity in order to process certain requests. You can also reach out to AbbVie’s Privacy Office and Data Protection Officer by sending an email to privacyoffice@abbvie.com or sending a letter to: 1 North Waukegan Road, North Chicago, IL 60064 (attention: Privacy Office).

Under applicable data protection law, you may be entitled to request access to and/or rectify, block, or delete your personal data, transmission to another controller or object to any use of personal data. When AbbVie’s legal basis is to ensure compliance with applicable law and its internal policies, you don’t have the right to object to any use of personal data. If AbbVie will not be able to provide the requested information or make the change you request, you will be provided with reasons for such decision. Under local law you are also entitled to lodge a complaint with your local data protection authority. Please submit your privacy inquiries here.

7. Security Measures

AbbVie has implemented appropriate technical and organizational security measures to safeguard personal data. However, there is always some risk that an unauthorized third party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. 

8. Changes to this Privacy Notice

Abbvie will only use Personal Data in the manner described in the Privacy Notice in effect when the information was collected. However, unless required by law, we reserve the right to change the terms of this Privacy Notice at any time. Any changes to this Privacy Notice will be reflected on this page with a new effective date. AbbVie encourages you to review this Privacy Notice regularly for any changes. Any Personal Data collected will be handled in accordance with the currently-posted Privacy Notice.

9. Special Country Regulations

In particular in the European Union, reports may be limited in topics, generally to concerns about accounting, auditing, bribery, competition law, discrimination and harassment and environment, health, hygiene, and safety matters. Further, some countries restrict reports such that only employees in key or management functions may be the subject of a report.

Any issues or concerns relating to topics not permitted by law to be reported via the Helpline should be reported directly to your Manager or Supervisor or a representative of the Human Resources, Legal or Corporate Compliance Departments as appropriate for the subject matter of the possible violation. In some countries, anonymous reports may not be permitted under the law except under extremely restrictive circumstances.