Customers, Vendors and Service Users Privacy Notice

Effective 04 September 2022

1.0 Introduction

Welcome to Allucent. This Privacy Notice contains important information about how we process the Personal Data of our customers, vendors and users of Allucent services, as well as why we collect, store, use, and share Personal Data, your rights regarding your Personal Data, and how to contact us should you have any requests regarding your Personal Data.

Allucent is committed to complying with all applicable international laws and regulations, including but not limited to, the European Union’s General Data Protection Regulation 2016/679 (GDPR), as well as those of all other countries where Allucent operates. Taking care of the Personal Data you share with us is very important for us.

For general information on how Allucent processes Personal Data, please see our Privacy Policy.

Controller:
Allucent, operating through all CATO SMS and Pharm-Olam affiliates

Data Protection Officer:
Natasa Spasic
Email: DPO@allucent.com Ph: +49 (0) 89 3750899 35

2.0 Scope

This Privacy Notice is for intended for customers, vendors, and users of Allucent services, such as visitors of our website or applications and job applicants, whose Personal Data is gathered for and on behalf of Allucent in various ways, including through the various Allucent sites that link or refer to it (such as websites or applications operated by or on behalf of Allucent and HTML-formatted e-mail messages) together with any and all offline sources including sales and marketing activities (collectively, the “Sources”).

Except where otherwise identified by us, our website, mobile applications and other services are not intended for individuals to use for personal or household purposes.

Exclusion to Privacy Notice Scope: This Privacy Notice does not apply to third-party websites to which our website or applications may link. The Sources may link to or provide the ability to connect with non- Allucent websites, social networks or applications (“Third-Party Sites”). Clicking on those links or enabling those connections may allow the third party to collect or share information about you. Those Third-Party Sites are beyond Allucent’s control and are subject to the terms of the Third-Party Sites’ privacy policies/notices, and not the terms of this Notice. We encourage you to check the privacy policies/notices and terms of use of any Third- Party Sites before providing your information to them. Allucent is not responsible for the privacy practices or content of Third-Party Sites.

3.0 Terms and Definitions

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.0 What Data Do We Process?

Personal Data we may collect from you could include:

  • Prospect Data: When you submit a form on the website or applications to request more information on Allucent services, download one of our guides, meet us at a conference, or otherwise reach out to us, the following types of data could be collected depending on form/application: your full name, social media handle, contact details, such as your job title, work address, phone number, or email address, and the company for which you work.
    • Account Data: When you access the Allucent website or applications, we collect details about your usage of our website or applications and device data automatically. We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit our website or applications, your device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, and other device identifiers. An IP address identifies the electronic device you use to access the website, which allows us to maintain communication with your device as you move through our website or applications and to customize content.
    • Cookies: Allucent uses some non-essential cookies through Third-Party Sites to gain useful knowledge about the use of our website or applications, as described below in more detail. Cookies are small amounts of data that are used on websites or applications and used to enhance the visitor experience and make it more efficient. In turn, this information provides insight on how to improve the website or applications to provide more relevant and useful information. Without the knowledge we gain from the systems that use these cookies we would not be able to provide the service we do.
    • Activity Data: Transaction history, such as details about the programs and activities in which you have participated, including conferences, ad boards, speakers programs, dinner series and other events; Usage information, such as information about how you use the services and interact with us; Survey data, such as your responses to our online and offline surveys; Communications that we exchange when you contact us;Online activity data, including browsing history, search history, clickstream data, and other information about your interactions with our services, websites, applications, social media pages, and email communications. We, our service providers and business partners, also collect this type of information over time and across third-party websites.
  • Third-party supplier (vendor) data: Organizations that desire to provide services to Allucent and its customers will be asked to complete a Vendor Business Assessment. Professional contact information will be captured within this document. The information consists of the main contact persons’ full names, titles, telephone numbers, and emailaddresses for various roles within that organization, e.g., Business Development, Contracting, Quality Assurance, Data Protection. This information is used by Allucent’s employees to communicate directly with the organization.
  • Employment, education and other background data when you inquire about employment with Allucent. This includes also sourced data from professional social media sites such as LinkedIn or Xing by Allucent’s internal recruiter. Examples of data that we may hold about you in our system are full name, career history, email address, phone number, link to your online LinkedIn (or/and Xing) profile or resume (if provided). We hold only the data necessary to decide if we can involve you as a candidate in our recruitment process to offer you an attractive career opportunity.
  • Information collected from other sources: To help us improve our services, we collect basic user account data about each visitor to our website or applications. This could include the business for which you work, as well as your company location, office address, company name, email, job title, full name, phone number, mobile phone number, salutation, and any LinkedIn, Twitter or other relevant social media information. In addition, we use the following service providers to help us find out more information about you or your organization:
  • Zymewire for business and personal information
  • Biopharm-Insight for business and personal information
  • Citeline for business and personal information
  • LinkedIn Sales Navigator for business and personal information

5.0 Why Do We Use Your Data?

We use your Personal Data to provide you the services you may request, communicate with you, improve your experience on our website or applications, process your job application, and for other internal business purposes, as described in more detail below.

5.1 Service Delivery

  • To allow us to operate Allucent clinical trial management or related services for the pharmaceutical, medical device and biotech industries corresponding to human clinical research studies and the business operations in which we engage to that end.
  • To perform any necessary functions or purposes related to the performance of a contract or potential contract and/or the normal conduct of Allucent’s business, as outlined in any contractual agreements entered into between you and Allucent, if applicable.
  • To communicate with you about the services, including by sending you announcements, updates, security alerts, and support and administrative messages, including the support of any operational or technical queries you may raise.
  • To communicate with you about events, surveys, questionnaires or webinars in which you participate.
  • To understand your needs and interests and personalize your experience with our services and communications.

5.2 Research and Development

  • To improve our website, services, marketing and business through information we have collected through cookies, user relationships and experiences. As part of these activities, we may create aggregated, de-identified or other anonymous data from Personal Data we collect.
  • To deliver relevant website, blog and webinar content.

5.3 Marketing and Advertising

  • We use your marketing and communication preferences to make sure we don’t send you anything you have asked not to receive. We may send you Allucent-related marketing communications, including in person or electronically, as permitted by law. You will have the ability to opt out of our marketing and promotional communications as described in the Privacy Choices section below. We advertise online and offline, and our advertisements may be targeted based on your use of the sites or your activity elsewhere online and offline.

5.4 Appending our Databases

  • We may assign a unique identifier to the Personal Data we collect about you, or combine this data with other information about you, and use this information to supplement our existing databases of Personal Data, analytics, and insights for purposes consistent with this notice. We may also combine information about you that we collect with your Personal Data.

5.5 Compliance

  • To comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • To protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).
  • To audit our internal processes for compliance with legal and contractual requirements and internal policies.
  • To enforce the terms and conditions that govern our services.
  • To prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

6.0 The Legal Basis on Which We May Process Your Data

Allucent may process your Personal Data based on one or more of the following legal bases:

  • Legitimate Interest: These will be assessed in connection with the specific use of Personal Data. In such cases, Allucent shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
  • Performance of Contract: This means processing your data where it is necessary for the performance of a contract between us and you or to take steps at your request before entering into such a contract.
  • Consent: This means whenever processing is based on your consent, Allucent retains a record of such consent. Allucent provides you with options to give your permission and informs and ensures that your consent (whenever consent is used as the lawful ground for processing) can be withdrawn at any time. For example, if you give us your consent, we may publish your feedback about Allucent on our website or in marketing materials.
  • Legal Obligation: This may include complying with any legal obligation Allucent is subject to.

7.0 Cookies We Use

We use a handful of third-party services on the website that set cookies. Below are some of the key services we use:

  • Google Analytics: This tool allows us to verify the volume of traffic, and non- personally identifiable information about our visitors, such as average length visit across all visitors.
  • HubSpot: We store information to help remember your preferences. These are not shared with us, simply set to enable us to keep continuity between pages (for example if you choose the UK region site, we use cookies to ensure you keep seeing UK content).
  • Survey Monkey: Cookies from surveys created using this tool are used to collect information about how survey respondents interact with surveys. We use the information to analyze how users use the surveys and determine information such as the number of visitors to a webpage, how visitors came to the website, and the pages they visited.
  • iCapture: We store information to collect information about user interaction with the forms. This information allows us to develop forms to improve efficiency and user experience.
  • Vidyard: We store information to understand user engagement and to improve view experience.

Cookies that are already on your computer can be deleted. If you wish to delete your cookies, refer to your file management software’s instructions for the location of the cookie file or directory. Once the file or directory (allucent.com) has been located you can delete them. You can also access them through some types of browser.

More information about cookies can be found at AllAboutCookies.org.

7.1 If I do not allow cookies in my browser will the site still work?

You will be able to get the information you need from the site. However, there may be some features on the site that will not work. If you choose to not allow cookies, features that would not work include content tailored to your interests and based on your browsing behavior available through cookies.

7.2 How does declining cookies impact allucent.com?

If you choose to decline cookies we will not be able to count your website usage in the data that we gather to learn more about how the website is used. This data is used to improve the website and our services.

8.0 How Your Data is Shared

We share Personal Data with certain other parties, as described below.

  • Affiliates. We may share Personal Data with our subsidiaries and affiliates for purposes consistent with this notice. For Job Applicants: Data may be shared with internal recruiters, Human Resources Managers or Hiring Managers, who will be involved in the recruitment process – for recruitment proposes related to a career opportunity within our organisation.
  • Customers and Business Partners. We may share Personal Data, analytics and insights from our databases with our customers and other business partners who work with us in connection with providing our services to those customers.
  • Those who Work for Us. We contract with other companies and individuals to help us provide services including the Sources. For example, we may host some of our Sources on another company’s computers, hire technical consultants to maintain our sites, or work with companies to remove repetitive information from customer lists, analyze data, provide marketing assistance, and provide customer service. In addition, we may validate your identity and other information against available databases. In order to perform their services, these other companies may have limited access to some of the Personal Data we maintain about our users. Other companies may collect information on our behalf through their websites or applications. We require that such companies not use your information for any purpose other than fulfilling their responsibilities to us and comply with applicable laws.
  • Informational offers. We may send offers to selected groups of users. To accomplish this we may use third parties working on behalf of Allucent. We provide a variety of mechanisms for you to tell us you do not want to receive such promotional or informational offers. For example, where required by law, we may provide an opt-in box for customers to receive information that is sent by a third-party fulfillment house, and we make clear that, by opting in, you are submitting your data to a third party. You can elect not to receive promotional or informational material from us by following the instructions to opt-out as included in each of our programs we send to you.
  • Professional advisors. We may disclose Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Business transfers. If we transfer a business unit or an asset (such a the Allucent website) to another company, we may transfer the Personal Data we have collected to that party.
  • Legal requirements. We may be obligated to cooperate with various law enforcement inquiries and share or transfer your information to comply with a legal requirement, disclose any activities or information about you to law enforcement or other government officials as we, at our sole discretion, determine necessary or appropriate, in connection with an investigation of fraud, for the administration of justice, intellectual property infringements, or other activity that is illegal or may expose us or you to legal liability. We may release information if, in our judgment the release may be necessary to prevent the death or serious injury of an individual.

  8.1 For Visitors of the Website: Links to Third-Party Sites and Social Media Plug-ins

Allucent may use social media plug-ins (e.g., the Facebook “Like” button, “Share to Twitter” button) to enable you to easily share information with others. When you visit our website, the operator of the social plug-in can place a cookie on your computer or other electronic device that enables that operator to recognize individuals who have previously visited our website. If you are logged into the social media website while browsing on our website, the social media plug-in allows that social media website to receive information that you have visited our website and also allows the social media website to share information about your activities on our website with other users of their social media website. These sharing settings are managed by the social media website and governed by its privacy policy.

Our website may link to the following Third-Party Sites:

  • HubSpot, our CRM for sales prospecting, marketing and website
  • SalesForce, our group CRM for prospecting
  • Office 365 for email communications and internal communications
  • Zoom for video conferencing and webinars
  • Google Analytics for digital analytics
  • Twitter ads for advertising and marketing
  • Linkedin ads for advertising and marketing
  • Google ads for advertising and marketing
  • Facebook ads for advertising and marketing
 When using the services of any third party Allucent will ensure that the third party will provide suitable technical and organisational measures to protect your Personal Data, as required by the applicable law.

9.0 Cross-Border Transfers

Allucent operates on a global basis and Personal Data may be transferred, accessed and stored globally as necessary for the uses stated in this Notice. These transfers may involve territories that may not provide a level of protection to Personal Data equivalent to that provided by your home country. For these purposes, appropriate safeguards will be in place,

such as standard contractual clauses issued by the European Commission or equivalent, where required.

10.0 Protection of Personal Data

Allucent maintains the accuracy, integrity, confidentiality and relevance of Personal Data based on the processing purpose.
Allucent uses appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security, including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure. We may store your data on internal servers or on third-party servers.

11.0 Retention and Deletion

Allucent will retain your Personal Data for as long as your account is active; as needed to provide you products or services; as needed for the purposes outlined in this Privacy Notice or at the time of collection; as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, or to the extent permitted by law. Allucent does not retain Personal Data after it no longer serves the purposes for which it was collected or subsequently authorized. At the end of the retention period, Allucent will delete your Personal Data in a manner designed to ensure that it cannot be reconstructed or read.

12.0 Privacy Choices

You may have an opportunity to elect to receive recurring informational/promotional e-mail from us. Our e-mail correspondence will include instructions on how to update certain Personal Data and how to unsubscribe from our e-mails. Please follow the instructions in the e-mails to opt-out of an e-mail. We will unsubscribe you from that newsletter or other programs within 30 business days. You can contact us at info@allucent.com in order to change your preferences with respect to marketing contacts.

In addition, some of our business partners that collect information about your activity on or through the Sources may be members of organizations or programs that provide you with choices regarding the use of your browsing behavior or mobile application usage for purposes of targeted advertising.

13.0 Your Rights

In certain jurisdictions you may be entitled to certain rights in and to your Personal Data, subject to certain conditions and exceptions contained in applicable law. These rights may include the following:

  • Request us to confirm whether your Personal Data is processed by us, and if we do, access and obtain a copy of your data on request;
  • Require us to change incorrect or incomplete data;
  • Require us to delete or stop processing your data, if applicable, for example where the data is no longer necessary for the purposes of processing;
  • Object to the processing of your data where Allucent relies on its legitimate interests as the legal ground for processing;
  • Ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data;
  • Receive the personal data you provided to us and have the right to transmit that data to another company in a structured, commonly used and machine-readable format;
  • Request us not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (we currently do not engage in such processing and will notify you prior to doing so);
  • In the event we are processing data with your consent, you have the right to withdraw consent at any time. In certain jurisdictions, when we process Personal Data based on your consent or your explicit consent, you have the right to withdraw your consent in whole or in part at any time. Where applicable, once we have received notification that you have withdrawn your consent, we will no longer Process the Personal Data for the purpose(s) to which you originally consented unless there are compelling legitimate grounds that override your interests, rights and freedoms (for example, to comply with a legal obligation), or for the establishment, exercise, or defense of legal claims. If we processed Personal Data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your Personal Data for such purposes. The withdrawal of your consent does not affect the lawfulness of such processing that occurred before its withdrawal. Should you withdraw consent to future processing of your Personal Data, we may not be able to contact or interact with you as originally planned when you first provided your consent;
  • In certain jurisdictions, such as the European Union, you can raise a complaint to the relevant supervisory authority for your region if you believe that Allucent has not complied with your data protection rights.

Some of the abovementioned rights may be limited depending on the legal basis used for processing and the applicable laws. If you would like to exercise any of these rights, please contact Allucent’s Data Protection Officer via DPO@allucent.com. To protect your privacy and the security of your Personal Data, we will take reasonable steps to verify your identity before complying with such rights requests.

14.0 Changes to this Privacy Notice

Allucent reserves the right to update this Privacy Notice at any time, and any changes will be reflected on this page with a new effective date. We encourage you to review this Privacy Notice regularly for any changes. Any Personal Data collected upon your continued use of our website will be handled in accordance with the currently posted Privacy Notice.