Primex Pharmaceuticals Privacy Policy

PRIMEX PHARMACEUTICALS PRIVACY POLICY

Primex Pharmaceuticals consisting of Primex Pharmaceuticals Oy and its affiliates Primex Pharmaceuticals AG and Giovanni Ogna e Figli S.r.l

(“Primex”, “we”, “us” or “our”)

Your privacy is important to Primex and accordingly, we protect the personal data you share with us. To protect your privacy, Primex follows applicable law and EU best practices for privacy and data protection.

This Privacy Policy contains information regarding the processing of your personal data and other information about you that Primex obtains from your use of Primex’s website or through other channels, and which Primex processes as a controller within the meaning of the General Data Protection Regulation (“GDPR”).

1 CONTACT PERSON IN MATTERS RELATED TO THE PROCESSING OF PERSONAL DATA

Tomaso Dameno – Head of Operations
Primex Pharmaceuticals
Reiffergässli, 6300, Zug, Switzerland
info@primexpharma.com
+41 41 720 2000

2 CATEGORIES OF PERSONAL DATA AND PROCESSING PURPOSES

2.1 Personal data of Primex’s website users

You may use our website without providing any personal data about you. In this case, we will collect only the following metadata that result from your use of Primex’s website: Referral page, data and time of access, data volume transmitted, status of transmission, type of web browser, IP-address, operating system and interface, language and version of browser software. Your IP-address is processed to enable your access to our website, and the other metadata mentioned above is processed for purposes of statistics about the website visitors and to help us analyse how the site is used.

On our website, you can report suspected Safety-Related Events. For information on the processing of personal data for Drug Safety related purposes, please refer to Primex’s Drug Safety Reporting Privacy Statement.

We process your personal data primarily for purposes of providing you with the opportunity to use our website and its functionalities. The processing of your personal information is based on your use of our website, and we process the personal data either based on an agreement entered into with you, on our legitimate interest, or in some cases, on the requirement for compliance with a legal obligation to which we are subject. In such case, our legitimate interest could be in particular improving the quality and services of our website by analysing the usage behaviour of the website users, or preventing and resolving possible misconduct.

The provision of your personal data as described in this Privacy Policy may partly be a contractual requirement and partly a statutory requirement. When you use our website, you may be required to provide us with certain personal information for purposes specified in this Privacy Policy. Not providing your personal data may result in disadvantages for you, e.g. you may not be able to use our website or certain functionalities of it.

2.2 Personal data of contact persons of Primex’s business partners

Categories of personal data processed in cases where the contact person is employed by Primex’s business partner includes the name, business contact details, name of the employer, title or position in the organization, content of communication (such as email or business related letters or phone calls). Where the business partner is an individual, the categories of personal data include, in addition to the foregoing, services or goods provided or offered, payment and invoice information, and information on the business relationship.

We process personal data of the contact persons of Primex’s business partners to the extent necessary in order to fulfil our contractual obligations towards the business partner, including invoice processing and communication related to the partnership. We also process personal data of the contact persons to the extent necessary in order to comply with legal obligations to which we are subject.

In addition, certain processing of the contact persons’ personal data is based on the legitimate interest of us or a third party. In such case, the legitimate interest could be in particular Primex group-wide information sharing, marketing and CRM administration activities, prevention of fraud or misuse of IT systems or money laundering, physical as well as IT and network security, as well as potential merger and acquisition activities.

The provision of personal data of the relevant contact person as described in this Privacy Policy is necessary for the conclusion and/or performance of the relevant agreement entered into between us and our business partner. If the relevant contact person does not provide us personal data, we may no longer be able to manage and administer the contractual relationship with the business partner in question, in which case we may have to terminate the relevant agreement.

2.3 Personal data of investors or their representatives

Categories of personal data of investors or their representatives include names, contact details, social security numbers / dates of birth / personal identity codes / tax identification numbers, nationalities, photos (in passports or other identity documents).

We process the personal data of investors or their representatives to the extent necessary in order to fulfil our contractual obligations towards the investor and communication related to the investment, as well as to comply with applicable laws (including Anti-Money Laundering Laws and Tax Compliance Laws). In particular, the personal data collected may be used for the purposes of preventing, revealing and investigating money-laundering and terrorist financing as well as for the purposes of bringing under the relevant authorities’ investigation money laundering, terrorist financing and/or criminal acts (by which the assets or benefit of crime have been received).

In addition, certain processing of the investor’s or their representative’s personal data is based on the legitimate interest of us or a third party. In such case, the legitimate interest could be e.g. managing the relationship with the investor, and marketing.

The provision of personal data of the investor or their representatives as described in this Privacy Policy is partly necessary for the conclusion and/or performance of the relevant agreement entered into between us and our business partner, and partly necessary due to mandatory requirements based on applicable legislation.

3 SOURCES OF PERSONAL DATA

3.1 Personal data of Primex’s website users

We collect certain metadata automatically when you use our website. We also collect certain personal data directly from you when you report for suspected Safety-Related Events through our website.

3.2 Personal data of contact persons of Primex’s business partners

Primex obtains the basic information of contact persons from the business partners or the contact persons directly. In addition, Primex obtains personal data of the business partners’ contact persons or information relating to them through communications between contact persons and Primex.

3.3 Personal data of investors or their representatives

Primex obtains basic information of the investors or their representatives directly from them. In addition, Primex obtains personal data of the investors or their representatives or information relating to them through communications between the investors or their representatives and Primex.

4 TRANSFERS OR DISCLOSURES OF YOUR PERSONAL DATA

4.1 Why we transfer or disclose your personal data

We use partners in business activities requiring the processing of personal data, and for the purposes of data processing defined in this Privacy Policy. We also occasionally hire other companies to provide certain limited services on our behalf, including e.g. marketing activities. We will only provide these partners and companies the information they need to deliver the services agreed, and they are prohibited from using that information for any other purpose.

We will disclose your personal information, without notice, only if required to do so by law or if we in in good faith believe that such action is necessary to (a) conform to the provisions of the law or comply with legal process served on Primex; (b) protect and defend the rights or property of Primex; or, (c) act in urgent circumstances to protect personal safety of the public.

In case we sell our business or part of it or otherwise reorganize our business, personal data processed by us as a controller may be disclosed to buyers and their advisors in accordance with applicable legislation.

4.2 International transfers of personal data

We use partners in business activities requiring the processing of personal data, and for the purposes of data processing defined in this Privacy Policy and, in this context, we or our partners may, in accordance with applicable legislation, process personal data anywhere in the world and thus transfer the personal data also outside EU or EEA area. In regard transfers of personal data to countries where the local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission or a competent supervisory authority.

To learn more about the appropriate safeguards we use, please send us an email at the email address set out above.

5 HOW DO WE SECURE YOUR PERSONAL DATA?

We have taken appropriate technical and organizational measures to protect the security of your personal data and to ensure that your choices for its intended use are honoured. We protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction by appropriate technical measures such as firewalls.

We do not share your personal data outside Primex, its subsidiaries, affiliates or other partners, except under conditions and for purposes explained in this Privacy Policy, or unless otherwise required under mandatory applicable law. Within Primex, its subsidiaries, affiliates and other partners, personal data is stored in password-controlled servers with limited access granted only to such persons whose work requires the processing or personal data and thus are granted access to the personal data.

6 HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

The retention time of the collected personal data is subject to the legal basis and processing purpose for which the data were collected. All collected personal data will be retained at least for the period for which the legal basis for processing of personal data applies.

Where the personal data is collected on the basis of an obligation based on applicable law, the retention time of personal data may also be subject to explicit statutory requirement.

Primex may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should Primex need the personal data to establish, exercise or defend a legal claim, on a need to know basis only.

7 WHAT RIGHTS DO YOU HAVE?

“The data subject” refers to natural persons whose personal data is processed by Primex, i.e. Primex’s website users, business partners’ contact persons and investors or their representatives.

The data subjects have the right to access the data processed by Primex as a controller and to get incorrect personal data related to them rectified. If you wish to use your right of access or rectification, please proceed as follows.

The request on the use of the right of access or rectification must be in written or in electronic form and be signed, and addressed to the contact person mentioned in this Privacy Policy (or, in the event of requests related to the personal data collected for Drug Safety, Medical Information and/or Product Quality purposes, the contact person mentioned on Drug Safety Reporting Privacy Policy. The request shall contain the basic information needed for finding the requested data. After receiving and processing the request, we will send you a copy of the personal data to the data subject by mail or electronically. We reserve the right not to complete the request of the data subject if the request is manifestly unfounded or vexatious. Should the data subject request for multiple copies or should the data subject submit more than one request per year, we may charge the data subject a reasonable fee based on administrative costs for the execution of the request.

You as a data subject also have the right at any time to request us to erase personal data concerning you and processed by us and we are obliged to erase the data if there is no longer a legitimate basis for processing the data. Please note that certain data processed within the pharmaceutical industry are subject to statutory retention requirements, and regardless of a request of erasure, such data we cannot erase until the end of the statutory retention period.

You as a data subject also have the right to object the processing of your personal data if the data has been processed on the basis of legitimate interest, and we are obliged to stop processing such personal data unless we can demonstrate compelling legitimate grounds for further processing of such personal data.

In addition, you as a data subject have the right to file a complaint with the competent supervisory authority regarding our processing of personal data.

8 IN CONCLUSION

We reserve the right to update and modify this privacy policy. Unless otherwise provided by mandatory applicable legislation, we may not personally post changes to this Privacy Policy to the data subjects in person, and therefore we prompt you to check this policy from time to time for possible changes.

If for some reason you believe that we have not adhered to the foregoing, please notify us by email at info@primexpharma.com, and we will do our best to determine and correct the problem promptly.

USE OF COOKIES ON PRIMEX WEBSITE

We use cookies on our website to collect statistics about our website visitors and to help us analyse how the site is used. Cookies are text files placed on your computer that allow your computer to be recognised by our website. The cookies on our website may be used by and placed on your computer by us or by a third party service provider, such as Google Analytics and Snoobi.

You may refuse to accept cookies from our website and delete existing cookies by selecting the appropriate settings on your browser. If you wish to do so, please refer to your browser’s user guide to find out how to control cookies by adjusting your browser’s preferences.

Primex Pharmaceuticals Privacy Policy (Final version 12 June 2019)