Allergan Medical Institute

Privacy Policy

GDPR HCP Privacy Notice

Effective Date: May 25, 2018

What is the scope of this Privacy Notice?

This EU General Data Protection Regulation (GDPR) Privacy Notice explains how Allergan plc, including our affiliated entities (referred to collectively as “Allergan,” “we,” “our,” or “us”) handles your Personal Data and can include Personal Data about others where you share their Personal Data with us. It details how we collect your Personal Data, why we collect it, and to whom we may share it. This Privacy Notice also discloses your Personal Data rights. It applies to all your Personal Data, including Personal Data stored electronically or in hard copy.

What Personal Data may we collect about you?

Allergan collects and processes your Personal Data, which can come directly from you, publicly available sources (for example, academic journals you may have published an article in), or thirdparties with whom we contract (for example IMS/IQvia). Personal Data includes all information that identifies you or can be used to identify you.

The types of your Personal Data we collect depends on the nature of your relationship with Allergan and applicable laws. The Personal Data we process about you, includes the data we collect directly from you either as part of your business relationship with us or through other interactions you may have with us.

Name;

Age and date of birth;

Data collected from Cookies;

Business contact information (address, telephone, email address);

Personal contact information (address, telephone, email address);

Training and qualifications;

Organizational or institutional affiliations;

Information about your professional accomplishments and activities (such as papers you may have published research you may have conducted);

Processing and reporting of adverse events

To communicate product safety information to you;

In addition, we may obtain Personal Data about you from publicly available sources and third parties, which may include the following categories of Personal Data:

How will we use your Personal Data?

Processing of your Personal Data includes where we may record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data.

We may process your Personal Data for the following purposes:

For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.

What is our legal basis for Processing your Personal Data?

The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:

Responding to your requests for information, products, or services;

Our company compliance and facility and network security purposes;

Authorizing, granting, administering, monitoring, and terminating access to or use of Allergan systems, faciliti records, property, and infrastructure;

Internal investigations of possible misconduct or failure to comply with our policies and procedures;

Auditing our programs and services for compliance purposes;

Legal proceedings and government investigations (such as pursuant to warrants, subpoenas, and court legal orders);

Where we have Legal obligations to process the personal data;

Communications regarding our studies;

Communications about market research and product developments;

Communications about product information;

Communications about publications, speaking engagement, seminars, and other educational events, focus groups, or other HCP engagement functions;

Communications about general health information (such as information on certain health conditions);

To whom and when will we disclose or share your Personal Data?

We will share or disclose your Personal Data with the following entities:

How do we transfer your Personal Data internationally?

We may transmit your Personal Data to our other global affiliates. Allergan affiliate names and contact details can be found at https://www.allergan.com/home. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.

EU-US and Swiss-US Privacy Shield Notice: Allergan and its affiliates in the United States may receive Personal Data from individuals in the European Economic Area (EEA) and Switzerland. We comply with the EU-US and Swiss-US Privacy Shield Principles (Privacy Shield Principles), with respect to the collection, use, and retention of Personal Data from the EEA and Switzerland. If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles will govern. For more information about the Privacy Shield Framework and to view our certification, go to https://www.privacyshield.gov/. The International Centre for Dispute Resolution (ICDR) acts as our third-party dispute resolution provider, as required by the Privacy Shield

Framework. If you have a complaint about our Privacy Shield compliance, you can contact us directly or contact the ICDR at https://www.adr.org/aaa/faces/services/fileacase. In certain circumstances it may be possible for you to invoke binding arbitration. We are subject to the investigatory and enforcement powers of the US Federal Trade Commission regarding our adherence to the Privacy Shield Principles.

We may transmit your Personal Data to our third parties with whom we contract to carry out services on our behalf to perform activities or functions related to the processing purposes regarding your Personal Data that are described above. Our third parties are contractually obligated to comply with applicable laws or regulations, including having a valid EU Personal Data cross-border transfer mechanism in place to receive the EU personal data, which can include an “adequacy” determination by the European Commission, EU-US and/or Swiss-US Privacy Shield certifications, and/or executing EU Standard Contractual Clauses with us.

For more information about our cross-border transfers of your Personal Data, please contact us using the information as described in the “how do you contact us” section below.

How do we protect your Personal Data?

We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.

How long do we retain your Personal Data?

Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. A detailed schedule of our retention practices can be found at https://www.allergan.com/home. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required by local law.

What are your rights?

You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.

To exercise any of these rights, please contact us as set forth in the “how do you contact us” section below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.

What if we revise this Privacy Notice?

From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.

How do you contact us if you have any questions or concerns?

Please contact Allergan’s EU Data Protection Officer (DPO) using the below information to:

Allergan’s EU DPO

Mailing Address:

Allergan Ltd, Marlow International Parkway, Marlow, Buckinghamshire, SL7 1YL, UK

Email Address:

IR-EUDPO@allergan.com

What remedies do you have available?

For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or Allergan’s lead data protection supervisory authority:

Data Protection Commissioner:

datenschutz sued GmbH,

Mailing Address:

Wörthstrasse 15, D- 97082 Würzbug

Phone Number:

+49 931 30 49 76 0

Email Address:

office@datenschutz-sued.de

GDPR Website Privacy Statement

Effective Date: May 25, 2018

What is the scope of this Privacy Statement?

This Privacy Statement applies to websites, mobile applications, and digital services that link to or post this Privacy Statement. This Privacy Statement is intended to let you know what Personal Data Allergan plc, including our affiliated entities (referred to collectively as “Allergan,” “we,” “our,” or

“us”) may collect about you, how we collect your Personal Data, for what purposes we use your Personal Data, to whom we may disclose your Personal Data, and what rights you may have to limit our use of your Personal Data. In this Privacy Statement, we will collectively refer to the websites, applications, and digital services that may link to or post this Privacy Statement as “websites.”

What Personal Data may we collect about you?

Through our websites linking to this Privacy Statement, we will collect and process Personal Data that does not directly identify you by name (such as IP Address) or include your contact information, but which may be used to identify that a specific computer or device has accessed our website and which if combined with certain other information could be used to identify you. We receive this Personal Data through your interactions with our websites.

The Personal Data we process about you through our websites linking to this Privacy Statement may include the following categories of Personal Data:

Demographic data;

Online identifiers;

IP address;

Where we collect directly identifiable Personal Data about you, the following privacy notices will provide you with additional information around what we may collect, how we will collect it, for what purposes we may collect it, to whom we may disclose it, and what rights you may have to limit our use of it. Please view on the privacy notices that are applicable to your interactions with us: https://www.allergan.com/gdpr.

How will we use your Personal Data?

Processing of your Personal Data includes where we may record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data.

We may process your Personal Data for the following purposes:

Our company compliance and facility and network security purposes;

Authorizing, granting, administering, monitoring, and terminating access to or use of Allergan systems, faciliti records, property, and infrastructure;

Tracking your interactions with us;

Auditing our programs and services for compliance purposes;

For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.

What is our legal basis for Processing your Personal Data?

The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:

To whom and when will we disclose or share your Personal Data?

We will share or disclose your Personal Data with the following entities:

How do we transfer your Personal Data internationally?

We may transmit your Personal Data to our other global affiliates. Allergan affiliate names and contact details can be found at https://www.allergan.com/home. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.

EU-US and Swiss-US Privacy Shield Notice: Allergan and its affiliates in the United States may receive Personal Data from individuals in the European Economic Area (EEA) and Switzerland. We comply with the EU-US and Swiss-US Privacy Shield Principles (Privacy Shield Principles), with respect to the collection, use, and retention of Personal Data from the EEA and Switzerland. If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles will govern. For more information about the Privacy Shield Framework and to view our certification, go to https://www.privacyshield.gov/. The International Centre for Dispute Resolution (ICDR) acts as our third-party dispute resolution provider, as required by the Privacy Shield

Framework. If you have a complaint about our Privacy Shield compliance, you can contact us directly or contact the ICDR at https://www.adr.org/aaa/faces/services/fileacase. In certain circumstances it may be possible for you to invoke binding arbitration. We are subject to the investigatory and enforcement powers of the US Federal Trade Commission regarding our adherence to the Privacy Shield Principles.

We may transmit your Personal Data to our third parties with whom we contract to carry out services on our behalf to perform activities or functions related to the processing purposes regarding your Personal Data that are described above. Our third parties are contractually obligated to comply with applicable laws or regulations, including having a valid EU Personal Data cross-border transfer mechanism in place to receive the EU personal data, which can include an “adequacy” determination by the European Commission, EU-US and/or Swiss-US Privacy Shield certifications, and/or executing EU Standard Contractual Clauses with us.

For more information about our cross-border transfers of your Personal Data, please contact us using the information as described in the “how do you contact us” section below.

How do we protect your Personal Data?

We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.

How long do we retain your Personal Data?

Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. A detailed schedule of our retention practices can be found at https://www.allergan.com/home. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required by local law.

What are your rights?

You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.

To exercise any of these rights, please contact us as set forth in the “how do you contact us” section below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.

What if we revise this Privacy Notice?

From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.

How do you contact us if you have any questions or concerns?

Please contact Allergan’s EU Data Protection Officer (DPO) using the below information to:

Allergan’s EU DPO

Mailing Address:

Allergan Ltd, Marlow International Parkway, Marlow, Buckinghamshire, SL7 1YL, UK

Email Address:

IR-EUDPO@allergan.com

What remedies do you have available?

For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or Allergan’s lead data protection supervisory authority:

Data Protection Commissioner:

datenschutz sued GmbH,

Mailing Address:

Wörthstrasse 15, D- 97082 Würzbug

Phone Number:

+49 931 30 49 76 0

Email Address:

office@datenschutz-sued.de