Pharmaron (including Pharmaron Beijing Co., Ltd. and any of those companies, partnerships and other legal persons which are directly or indirectly controlled by Pharmaron Beijing Co., Ltd.) (“Pharmaron”, “Company” or “we/us/our”) respects the relationships we have with you and strives to protect the privacy and security of personal information (“Personal Information”) that the Company processes in connection with the businesses it conducts and the services it provides to you. This Privacy Notice explains how Pharmaron, as the controller of your Personal Information, collects, stores, uses, refine, transmit, provide, discloses, deletes or otherwise processes your Personal Information when you access or use our website.

As an international company, Pharmaron has multiple legal entities in different jurisdictions that are responsible for the Personal Information they process, and we will process your Personal Information in accordance with these applicable laws and regulations.

1. Legal Grounds for Processing Personal Information

We collect and process Personal Information based on one or more of the following legal grounds as permitted by applicable laws of relevant jurisdictions where we operate (such as the Personal Information Protection Law of China, the EU GDPR, the UK GDPR, the applicable Maryland state and U.S. federal laws etc.):

• where this is necessary for our legitimate interests or those of a third party, and such interests are not overridden by your interests or fundamental rights or freedoms;
• to perform legal duties or legal obligations, for example, to respond to and comply with requests from governmental, regulatory, tax and law enforcement authorities;
• to conclude or perform a contract with you;
• to respond to public health emergencies, or to protect your life and health under emergency circumstances;
• processing, within the reasonable scope, of Personal Information for the public interest;
• if you are in a jurisdiction not subject to the EU GDPR or the UK GDPR, consent given by you to the processing of your Personal Information for one or more specific purposes, including with respect to the processing of sensitive Personal Information, provided that such consent can be withdrawn by you at any time. However, please note that the withdrawal of your consent does not affect the lawfulness of any processing that occurred before its withdrawal;
• processing, within the reasonable scope and in accordance with the applicable laws, of Personal Information that has been made public by you or through other lawful means; and/or
• other circumstances prescribed by laws and administrative regulations.

2. Processing of Personal Information

We process your Personal Information in various scenarios described in this section, including any of your interactions with us regarding the products and services we offer and the business we do.

Processing of Personal Information in Job Applications

We may process your Personal Information when you apply or are a candidate for employment at Pharmaron.

If you are	The types of Personal Information we process	Purposes of Processing
Job applicant	Name, address, gender, age, educational background, email address, phone number, employment history, ID number, certificate of no criminal record and education verification certificate, information concerning health (such as health and disability status), etc.	Understanding applicants’ background information; communicating with qualified candidates and conducting background checks

Processing of Personal Information in Business Communications

We may process your Personal Information to maintain our business communications.

If you are	The types of Personal Information we process	Purposes of Processing
Business contact	Name, address, email address, job title, phone number, bank account	Communicating about projects and providing regular updates; conducting marketing activities to promote our products and services, alongside our webinars, and requesting meetings at conferences and on-site; conducting surveys to continuously improve our services and support for clients

Where we process your Personal Information for the purposes of enabling us to take steps to enter into a contract with you, and subsequently to administer and perform our contractual obligations to you, if you fail to provide your Personal Information, this may prevent us from being able to enter into the contract with you or subsequently perform our obligations under an existing contract that is in place.

3. Disclosure, Sharing and Cross-Border Transfer of Personal Information

We may transfer your Personal Information to:

• Our affiliates or third-party service providers – in connection with your use of our service or our business relationship with you;
• third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to regulators, law enforcement and government authorities, to attorneys and consultants);
• third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

Pharmaron operates all over the world. Therefore, we may need to transfer personal information outside of the country where it is collected for the purposes, and in the manner, set out in this Privacy Notice, including to affiliated companies within the Pharmaron Group (e.g., Pharmaron Beijing Co., Ltd. in China), to enable these companies to provide services. To the extent that any personal information is sent outside of an individual’s country, it may be subject to different standards of data protection.

For any intra-group transfers, Pharmaron has reviewed its internal security standards to confirm that suitable protection for Personal Information exists within our working environments and IT infrastructure. Pharmaron has also implemented a group data sharing agreement incorporating specific contractual clause designed to protect the transfer and subsequent processing of Personal Information.

To the extent required by applicable laws, where your Personal Information is transferred to any third party overseas (as identified above) and the recipient is based in a jurisdiction that has not been deemed to provide adequate protection of Personal Information, we will put in place specific contractual protections approved by the relevant data protection regulator. For example, for any transfers of Personal Information from the UK to a jurisdiction outside the UK, we will use the specific contractual protections approved by the Information Commissioner’s Office.

For more information about how Pharmaron protects your Personal Information and the specific contractual safeguards in place, please contact us using the details provided below.

4. Cookies or Similar Technologies

Pharmaron’s website uses cookies to distinguish you from other users of the website. A cookie is a small file of letters and numbers that we store on your browser, the hard drive of your computer or your mobile device. Cookies contain information that is transferred to your computer’s hard drive or mobile device.

Cookies are subject to change regularly on a website with new content, internet changes and third-party changes.  A more detailed list of cookies found on the Pharmaron website can be found in our Addendum A.

5. Security Measures

Personal Information held by us will be kept confidential in accordance with applicable Pharmaron policies and procedures. We have in place organizational and technical security measures appropriate to the sensitivity and risk of the Personal Information we process. These measures will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Information, and include measures designed to keep Personal Information protected from loss, misuse and unauthorized access, disclosure, alteration and destruction.

However, we cannot guarantee that such measures are 100% effective at preventing theft, loss, unauthorized access, use or disclosure and we make no representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard your Personal Information. Pharmaron urges you to exercise caution when transmitting Personal Information over the internet and to store your passwords in a safe place.

6. Your Rights

We strive to maintain Personal Information that is accurate, complete and current. You may contact us using the contact details in the “Contact Information” section below to update your information.

In addition, we respect your rights in relation to your Personal Information in accordance with the applicable laws:

• The right to information and access: the right to ask us for information about or access to your Personal Information.
• The right to object: the right to object to our processing (using) your Personal Information. This effectively means that you can stop or prevent us from using your Personal Information. However, it only applies in certain circumstances, and we may not need to stop the processing of the Personal Information if we can give legitimate reasons to continue using this.
• The right to rectification: the right to ask us to rectify Personal Information you think is inaccurate, as well as the right to ask us to complete Personal Information you think is incomplete.
• The right to restriction of processing: the right to ask us to restrict the processing of your Personal Information in certain circumstances.
• The right to complain: In the first instance, we would welcome the opportunity to address any complaints you may have about how we use your Personal Information, and ask that any complaints are directed to us at the contact details set out below. You may also lodge a complaint with the local data protection authority where you reside.
• The right to erasure: the right to request that Pharmaron erases or deletes your Personal Information in certain circumstances.
• The right to data portability: the right to request that Pharmaron transfers the data that we have collected to another organization, or directly to you, under certain circumstances.
• Automated individual decision-making: the right to ask us not to subject you to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We currently do not engage in such profiling and will notify you prior to doing so.

The exercise of these rights is subject to certain exemptions and limitations required or permitted by law and a reasonable fee may be charged if permitted under applicable laws. If you exercise any of these rights, we will check your entitlement and respond within the timeframe permitted under applicable law.

7. Children

Our services are not targeted to children, and we do not knowingly collect personal information from children under the age of 14 or equivalent minimum age in the relevant jurisdiction without parental consent. If we discover that a child under such age has provided us with personal information, we will delete such information from our systems. If you are a parent and you believe we have collected your child’s information, please contact us as set forth below in the “Contact Information” section.

8. Personal Information Retention and Deletion

Our retention periods for Personal Information are based on business needs and legal requirements. We keep Personal Information for no longer than necessary in relation to the purposes for which we collect and use the Personal Information. After the relevant purposes are realized, we will either (a) delete or irreversibly anonymize the Personal Information, or (b) stop all processing activities in connection with the Personal Information (except for storing the same and necessary security measures), if we are legally required to keep those data for a longer period of time.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. Marketing

Contact form, registration and downloadable content

• You may contact us via our website to enquire about a service, register for an event or webinar or to download content (e.g., posters, publications, presentations, videos and other materials). During this process, we will ask you for your contact details. We may also collect data of your contact details each time you download content. We use this data to notify the responsible department of your potential request for follow-up. This data will also be used to keep you informed about our research, new services or our events or other information that we believe is relevant to you. You can object to or opt-out of the use of this data for marketing purposes at any time by sending us an email or by using the unsubscribe link on any marketing emails. We will not use your data for such purposes after you unsubscribe.

Newsletters

• On our website you have the option to subscribe to our newsletters. By subscribing to the newsletter, you agree to receive email communication in the form of newsletters. You can unsubscribe from the newsletter at any time. To do so, use the unsubscribe link at the end of each email. Your email address will then be removed from any mailing lists immediately and you will not receive further newsletters.

Report Delivery Portal

• Some clients opt into receiving reports through a secure portal when their study concludes. This portal requires the clients to create an account by entering in their contact information to gain portal access. This is a secure database stored by AWS that will not receive any communication outside of report delivery. If you are no longer a client, we keep your reports accessible to you in the portal indefinitely unless you contact us asking to be removed. If you would like your data removed from this portal, you can contact us at orders.uslabs@pharmaron.com.

Data collected from tradeshows

• If we scan your badge or you give us your business card at a trade show or networking event, we may choose to process your contact details, which includes uploading into our CRM database and following up with an email, and/or adding you to our newsletter mailing list, if we think there is value in you receiving our marketing updates. You can object to or opt-out of the use of this data for marketing purposes at any time by sending us an email or by using the unsubscribe link on any marketing emails. We will not use your data for these purposes after you unsubscribe.

Data collected through Third Party Platforms

• We use a third-party platform to conduct webinars which involves managing registrations and hosting the data of individuals who have selected to join the webinar series. We may also use a third-party platform for managing registrations for symposiums and other events. If you submit your contact information via a third-party platform such as Zoom or Eventbrite, we may choose to upload these details into our CRM database and follow up with an email and/or add you to our newsletter mailing list, if we think there is value in you receiving our marketing updates. You can object to or opt-out of the use of this data for marketing purposes at any time by sending us an email or by using the unsubscribe link on any marketing emails. We will not use your data for these purposes after you unsubscribe.
• Information regarding Zoom can be found in the Zoom privacy policy and information regarding Eventbrite can be found in the Eventbrite privacy policy.

Data stored in CRM and Marketing Database

• We use Salesforce and Pardot for our sales and marketing activities and reporting. This information is partly stored on servers of our software partners Pardot and Salesforce. All information we collect is subject to our privacy policies. Information regarding Salesforce can be found in the privacy policy of Salesforce (link) and information regarding Pardot can be found here (link)

10. Contact Information

To submit questions, requests or a complaint regarding this Privacy Notice or Pharmaron’s privacy practices or to exercise your rights in relation to the Personal Information with us or any overseas recipient(s) with whom we share Personal Information, please write to the Pharmaron privacy team at the following address: