Privacy Policy

PRIVACY POLICY

Last update:

August 2025

Besins Healthcare (UK) Limited ("We")

We are committed to protecting your personal data and to respecting your privacy. We collect and further process personal data pursuant to applicable law, including the General Data Protection Regulation (including for the United Kingdom UK GDPR and Data Protection Act 2018).

This Privacy Policy explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data.

We have separate privacy policies for recruitment and for staff.

Which personal data may we collect and further process?

For most of the pages that make up our websites we may collect information such as:

• the server you are logged onto,
• the geographic location of the ISP you use,
• the type of browser you use,
• your date and time of access,
• website requesting access,
• transferred volume of data,
• your language settings,
• your IP address (“IT Information”).

In some cases, in order to contact us and/or in order to participate to a specific meeting or event organized by us, you may have to enter other personal data such as your first name, your surname, your phone number, your address and/or your e-mail (“Contact Details”).

If you are a healthcare professional (“HCP”), we also may process or request, in addition to Contact Details, data related to our professional interaction with you such as your professional biography or credentials, data related to your licences, specialties, role, clinical area, professional affiliations, publications, transfers of value information (see below) and other professional achievements (“Professional Details”).

If you are an HCP we may process or request information about marketing preferences, event attendance, and interactions with our sales or medical teams and if you choose to receive information from us by email, we will also collect personal data about your engagement with the email (this includes timing when you open our emails and click on any links contained within our emails) (“Engagement Data”).

We may process personal data of patients and carers in certain circumstances, for example, if a patient contacts us directly (“Patient Data”). In addition to Contact Details, this may include information about the patient's query or concern, use of our product, and health information.

We also process personal data related to business contacts including name, job role and business contact details. This applies in relation to suppliers, professional advisors, customers, distributors, regulators and other business partners (“Business Contact Data”).

Children and other sensitive personal data

We do not knowingly collect or use any personal data from children (we define “children” as minors younger than 18) on this website. We do not knowingly allow children to communicate with us or use any of our online services. If you are a parent and become aware that your child has provided us with information, please contact us using one of the methods specified below (see below “How can you contact us”), and we will work with you to address this issue.

Our websites should not be used by you to seek medical advice or report adverse events. If you have a question on our product, we strongly recommend that you contact your doctor. If you want to report an adverse event, please contact your doctor or go to:

• for the United Kingdom: https://yellowcard.mhra.gov.uk/
• for Ireland: https://www.hpra.ie/

What is the purpose of processing and our lawful bases?

We process your IT Information to measure user frequency and traffic on our websites, to improve and develop our products and services, and to personalise your experience when using our services. That will allow us to better understand how our websites are used and how they are useful to the public, and to improve them in accordance with such use. Where we collect this information through cookies, you can find more details on the specific purpose of each cookie in our Cookie Settings.Where we do not use cookies to collect IT Information, then we collect the information for our legitimate interests in understanding how our websites are used, and to improve our websites, as explained above. We may also process your personal data where this is necessary for our legitimate interests (for example, to manage and improve our business, or when using cookies that are strictly necessary for our websites to function). We also rely on your consent (for example, for use of non-essential cookies).

We process your Contact Details or Professional Details:

• For the processing of your specific request. This is for our legitimate interests in engaging with you.
• To disclose transfers of value. These disclosures are made publicly through the appropriate mechanisms such as Disclosure UK (administered by the ABPI) and, where applicable, to regulatory authorities. The goal is to ensure transparency and maintain trust in the healthcare sector, which we consider to be in our legitimate interests and the legitimate interests of the sector as a whole.

Engagement Data: If you are an HCP, then we may inform you of the latest healthcare, medical and promotional information around our products. We sometimes need your consent or permission to contact you in this way. Otherwise, contacting you for these purposes is for our legitimate interests in engaging with you. We also use Engagement Data for our legitimate interests in improving and developing our services and to better understand how our healthcare, medical and promotional information is received.

We are a pharmaceutical company that sells products through our distribution network to pharmacies, clinics, hospitals, healthcare professionals and other healthcare organisations. distribution network. We do not sell products directly to patients but may process Contact Details and Patient Data in certain circumstances, such as where we are given feedback, for medicines safety and when handling adverse event reports (pharmacovigilance) purposes or product complaints. Sometimes this will be to help us comply with our legal obligations (for example, where we need to disclose something to a regulator) and in other cases for our legitimate interests in getting feedback and improving our products.

From time to time, we may also process your personal data in order to improve our business and the quality of our products and services. For example, if you provide us with feedback via a survey.

We may process Business Contact Data to manage our relationship with others and for any for any of the purposes listed above, for example, when liaising with customers, suppliers or regulators.

Occasionally, we may need to process personal data in connection with a complaint, investigation or actual or possible legal claim.

Where we need to collect personal data by law or in order to perform a contract we have with you and you fail to provide that data when requested, we may not be able to meet our legal obligations or perform the contract we have entered or are trying to enter into with you.

Consent

Where we ask for your consent to process your personal data, you have the right to withdraw your consent at any time. For some IT Information, this can be done easily by changing your cookie preferences in the Cookie Settings. Otherwise you can also withdraw your consent by contacting us, please see below “How can you contact us”. If you are an HCP and chose to receive information on our products, withdrawing your consent can also be done by clicking on the corresponding icon on any e-mail that may be sent to you.

How long do we keep your data?

Unless otherwise required by law, we retain personal data for as long as reasonably necessary in relation to the purpose for which we use your personal data such as the appropriate limitation period for claims.

If you are an HCP and chose to receive information on our products, we will keep your Contact Details and Professional Details until (i) you decide to opt out or (ii) we decide not to send such kind of information anymore, whichever the sooner. Once we stop contacting you for these purposes, we may retain a record so that we do not inadvertently put you back on our mailing list.

Please also see our cookies policy.

With whom do we share your personal data and where do we get your personal data from?

We may share your personal data with any of the third parties mentioned above. Occasionally, we will collect personal data from publicly available sources (e.g., healthcare registers). We also share personal data with insurers, investigators, consultants, auditors and professional advisers (as appropriate). Anyone that we share personal data with may provide us with your personal data as well.

Your personal data can be accessed by a restricted number of our employees who are trained about the importance of privacy and how to handle and manage personal data appropriately and securely.

We share professional data with transparency platforms (e.g. Disclosure UK or other appropriate mechanism) when disclosing transfers of value.

We may share your personal data with our affiliated entities and/or with third parties, but only in the framework of the purposes described above. This includes IT and cloud storage providers, event management platforms, and logistics, distribution and supply chain providers.

These service providers will mostly be located in countries within the United Kingdom, European Union and/or third countries which ensure an adequate level of protection, including Switzerland. In the event of a transfer to countries which may offer a lower level of data protection, we ensure that your personal data is protected as required by UK data or other applicable data protection laws, for example, by entering into data transfer agreements based on the standard contractual clauses for international data transfers.

Automated interactions: As you interact with our websites, we will automatically collect IT Information. Some IT Information is obtained through cookies and similar technologies. A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. You can find the list of the cookies we use in our Cookie Policy - Cookie Settings Policy. This privacy policy should be read alongside our cookie policy, which contains further privacy related information. Not all IT Information is your personal data. In this privacy policy, a reference to cookies includes similar technologies such as tracking pixels.

What are your rights?

To the extent permitted by applicable law, you have the right to ask us:

• for copies of your personal data (“right of access”)
• to rectify information you think is inaccurate, and to complete information you think is incomplete (“right to rectification”)
• to erase your personal information in certain circumstances (“right to erasure”)
• to restrict the processing of your information in certain circumstances (“right to restriction of processing”)
• to object to the processing of your personal data (“right to object”)
• to receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization (“data portability”)

How can you contact us?

We work to high standards when it comes to processing your personal information. If you have questions, queries or concerns, or if you want to exercise one of the rights listed above, please contact us at dataprivacyUK@besins-healthcare.com and we will respond. Alternatively, you may send a letter to the following address:

Besins Healthcare (UK) Ltd.                            
The Compliance Lead                            
Lion Court                            
25 Procter Street                            
Holborn                            
London WC1V 6NY                            
United Kingdom

Complaints

You can lodge a complaint with the competent supervisory authority. The independent authority set up to uphold information rights in the public interest is the Information Commissioner’s Office (ICO) in the United Kingdom, and the Data Protection Commission in Ireland. If you want to lodge a complaint, please go to:

• for the United Kingdom: https://ico.org.uk/make-a-complaint/
• For Ireland: https://www.dataprotection.ie/en/contact/how-contact-us

How will you know whether we have updated this Privacy Policy?

If we change its privacy practices, an updated version of this Privacy Policy will reflect those changes and we will notify you of such changes by updating the effective date at the top of this Privacy Policy. Without prejudice to your rights under applicable law, we reserve the right to amend this Privacy Policy from time to time to reflect technological advancements, legal and regulatory changes and good business practices.