Privacy Policy

SK Life Science, Inc. ("SKLSI") recognizes and respects the privacy rights of individuals with regards to their personal data. This Privacy Policy (“Policy”) explains what types of personal data SKLSI may collect from you and how we use it. It also explains the policies and practices that we have developed to safeguard personal data and to comply with applicable data protection laws. Please read this Policy carefully to understand what personal data we collect, how we collect it, how we use it, who we may disclose it to, and how you can manage your personal data.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

If you have any questions concerning SKLSI’s privacy practices or wish to access or correct personal data that SKLSI has collected from you, please contact us as described in Section 15 (“HOW TO CONTACT US”).

1. HOW WE MAY USE YOUR PERSONAL DATA

We may collect and use your personal data when you use SKLSI or third-party operated websites and other online resources. We may use your information to:

  • fulfill a request that you have made;
  • respond to a question or comment;
  • ask you to participate in brief surveys;
  • provide you with services for which you have signed up;
  • send you additional information about our products and services;
  • help us evaluate, in the aggregate, and modify existing products and services and to help us develop additional products and services that are likely to be of interest;
  • generate aggregate statistical studies and conduct research related to our products and services and the use of websites;
  • recognize you, as necessary, and allow you to log-on to certain pages and features for which you have registered;
  • comply with the law, respond to legal process, and exercise our legal rights; and
  • advertise and market related products and services to you unless you opt-out of receiving marketing communications.

We also may use your personal data for data analysis, to better understand how our products and services impact you and those you care for, to track and respond to concerns, for fraud prevention and to further develop and improve our products and services. In addition, we may use the information you provide to comply with our regulatory monitoring and reporting obligations including those related to adverse events, product complaints and patient safety.

For those visiting this site that provide personal data from within the European Economic Area ("EEA") or the United Kingdom ("UK"), please see Section 14 (“SUPPLEMENTAL EUROPEAN PRIVACY POLICY”) for additional information.

2. WHAT PERSONAL DATA WE MAY COLLECT ABOUT YOU

We may collect, use, store and transfer different categories of personal data about you which we have grouped together.

General Categories of Personal Information

Identity Data First name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender or government-issued identification, such as driving license, passport, or government ID number.
Contact Data Billing, delivery or email address, phone numbers, and other contact details.
Financial Data Bank account and other payment-related details, tax- related information, insurance information, and payroll data.
Transaction Data Details about payments to and from you and other details of products and services you have received from us.
Technical Data Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites or intranet.
Profile Data Username and password on our websites, our intranet, purchases, or orders made by you, your preferences, and feedback and survey responses.
Usage Data Information about how you use our websites, intranet, products, and services.
Marketing and Communications Data Your preferences in receiving marketing from us and our third parties, and your communication preferences.
Professional or Employment-related Data Employer and employment history.
Special Categories of Personal Data Details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data.

3. WHERE WE GET INFORMATION ABOUT YOU

Direct interactions

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, and e-mail or otherwise. This includes personal data you provide when you, for example:

  • contact us by email, phone or mail, either using the addresses or numbers posted on our websites or when you contact our employees directly;
  • apply for our products or services;
  • create an account on our websites;
  • subscribe to our services or publications;
  • request marketing to be sent to you;
  • enter a promotion or survey;
  • give us some feedback;
  • provide unsolicited information to us;
  • apply for employment or consulting opportunities with us or when you become an employee or a consultant; or
  • express interest in participating in our clinical trials or other studies and programs.

Automated interactions

As you interact with our websites or intranet, we may automatically collect Technical Data about your equipment, domain name, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. For additional information about how SKLSI uses cookies and similar technologies, see Section 6 (“COOKIES AND OTHER TRACKING MECHANISMS”).

Third parties (or publicly available sources)

We may receive categories of personal data about you from various third parties and public sources as set out below:

  • Technical Data from analytics providers such as Google, advertising networks and search information providers.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from data brokers, aggregators, or recruitment agencies.
  • Identity and Contact Data from publicly available sources.
  • Special Categories of Data including Health Data from Clinical Research Organizations managing clinical trials on our behalf.

Note: SKLSI does not “sell” your Personal Information. For purposes of this disclosure, “sell” or “sold” means the disclosure of Personal Information for monetary or other valuable consideration.

4. HOW WE SHARE YOUR PERSONAL DATA

We may share your personal data with the parties set out below for the purposes set out in Section 1 ("HOW WE MAY USE YOUR PERSONAL DATA").

  • Internal Third Parties: other companies or departments in SKLSI that, without limitation, provide IT and system administration services and undertake leadership reporting.
  • External Third Parties: service providers who provide services on our behalf, including without limitation, IT and system administration services and data analytics.
  • Other Third Parties: third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
  • Professional advisers: advisors (e.g., lawyers, bankers, auditors, and insurers) who provide consultancy, banking, legal, insurance and accounting and payroll services.
  • Government Authorities: Revenue and Customs, IRS and FDA, regulators and other government agencies, regulators and authorities who require reporting of processing activities in certain circumstances.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. FOR WHAT PURPOSES DO WE PROCESS YOUR PERONAL DATA

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). We have established the following personal data control mechanisms:

  • Opting in. You will receive marketing communications from us if you have requested information from us or purchased products or services from us and, in each case, you have opted-in to receiving that marketing.
  • Third-party marketing. We will get your express opt-in consent before we share your personal data with any company outside SKLSI for marketing purposes.
  • Opting out. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or emailing us at dataprivacy@sklsi.com. Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty, product/service experience or other transactions.
  • Cookies. Most web browsers allow some control of most cookies through the browser settings. For additional information about how SKLSI uses cookies and similar technologies, see Section 6 (“COOKIES AND OTHER TRACKING MECHANISMS”).
  • Online Analytics. We may use third-party web analytics services (such as those of Google Analytics) on our websites to collect and analyze the information discussed above, and to engage in auditing, research or reporting. The information (including your IP address) collected by various analytics technologies described in Section 6, (“COOKIES AND OTHER TRACKING MECHANISMS”), will be disclosed to or collected directly by these service providers, who evaluate information, including by noting the third-party website from which you arrive, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

6. COOKIES AND OTHER TRACKING MECHANISMS

We may also collect data about your use of our websites through the use of web server logs, cookies, web beacons, and/or other tracking technologies. Web server logs are files where website activity is stored. Cookies are small data files that are automatically stored on your computer when you visit our websites. Cookies are used to track the pages of the websites you’ve visited and do not retain any information that will directly identify you such as your name, address or any financial information. We may use cookies to enable you to use certain website features, store your preferences, recognize you when you return to our websites, track your orders, and monitor and maintain information about your use of our websites.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Microsoft Edge; Google Chrome; Mozilla Firefox; or Apple Safari). If you choose to decline cookies, you may not be able to fully experience the features of our websites.

Web beacons are small strings of code that are placed in a web page or in an email message. They are sometimes called “clear GIFs” (Graphics Interchange Format) or “pixel tags”. Web beacons are most often used in conjunction with cookies to track activity on our websites. When you visit a particular web page, web beacons notify us of your visit. Since web beacons are used in combination with cookies if you disable cookies the web beacons will only detect an anonymous website visit. When used in an email, web beacons enable us to know whether you have received the email.

Please note that linked third-party websites may also use cookies. We cannot control the use of cookies by these third-party websites. For example, when you link from this site to a third-party website, that website may have the ability to recognize that you have come from our site by using cookies. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.

7. HOW WE PROTECT YOUR PERSONAL DATA

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. HOW WE RESPOND TO DO NOT TRACK SIGNALS

Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Websites linked to this Privacy Policy do not currently respond to these “do-not-track” signals.

9. CHILDREN

While in some instances we may collect personal data about children with the consent of a parent or guardian, such as clinical activities or for patient support programs, we do not otherwise knowingly solicit data from, or market to, children. We do not knowingly collect personal data from children under the age of 13 on our websites. If we become aware that we have collected personal data from children under the age of 13 on our websites, we will take reasonable steps to delete it as soon as practicable. If a child provides us with this type of information on our websites, please contact us as described in Section 15 ("HOW TO CONTACT US").

10. LINKS TO OTHER SITES

As a convenience to visitors and users of our websites, SKLSI may offer links to other sites that we believe may offer useful information. The inclusion of a link on SKLSI websites does not imply our endorsement of the linked site or service. When you click on one of these links, you will be transferred from the website and be connected to the site of the organization or company that you selected. This Policy is no longer applicable when you leave our site by way of link. Each of these linked sites maintains its own independent privacy policies and procedures, which you should consult before providing any of your personal information. After choosing to move to a third-party’s website, you will receive a notification that you are leaving our website.

11. PRIVACY POLICY UPDATES

SKLSI may update this Policy from time to time. Please check this Policy periodically for changes. If we make any changes, the updated Policy will be posted with a revised effective date. We encourage you to periodically review this page for the latest information on our privacy practices.

12. CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits California residents who are individual customers of SKLSI products to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us using our contact information listed in Section 15 (“HOW TO CONTACT US”).

Be sure to include your name and address. You can include your email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by law.

If you reside in California, please read this section for additional disclosures about how we collect, use, and disclose information about you as well as your rights under the California Consumer Privacy Act (or “CCPA”) (California Civil Code Section 1798.100 et seq.).

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or device (“Personal Information").

Personal Information does not include:

  • Publicly available information from government records
  • De-identified or aggregated consumer information
  • Information excluded from the CCPA's scope, like:
    • Health or medical information collected by entities directly subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

    Categories of Personal Information That We Collect and Share

    We have collected and shared the following categories of Personal Information within the last twelve (12) months:

    • Identifiers such as first name, maiden name, last name, username or similar identifier, Internet Protocol address, email address, Social Security number, date of birth, and gender or other similar identifies.
    • Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) such as address, telephone number, passport number, driver’s license or state identification card number, bank account and payroll data.
    • Internet or other electronic network activities information such as browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or intranet, as well as information about how you use our website.
    • Education or employment information of the professionals which whom we engage, including current or past job history; level of education, institutions attended, level study and degrees attained, areas of specialty, and certifications.
    • Characteristics of protected classifications such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, veteran or military status, and genetic information (including familial genetic information).
    • Biometric information such as physiological, biological or behavioral characteristics that can be used along or in combination with each other to establish individual identity, including DNA, fingerprint, diagnostic or lab results, imagery of the face from which an identifier template can be extracted, and sleep, health, or exercise data that contain identifying information.
    • Commercial information related to services, treatment of care, such as insurance information, and marketing and communication data, including your preferences in receiving marketing and communications from us and our third parties.

    We may use or disclose the Personal Information we collect for one or more of the business purposes described in Section 1 above (“HOW WE MAY USE YOUR PERSONAL DATA”).

    Sources of Personal Information

    We obtain the Personal Information from the following categories of sources:

    • Directly from you, your caregiver or agent
    • Indirectly from you or your caregivers or agents (i.e., in the course of providing services)
    • Directly and indirectly from activity on our websites (e.g., from submissions through our websites or from website usage details collected automatically)
    • From third parties in connection with the provision of services

    No Sale of Personal Information

    SKLSI does not sell Personal Information.

    Your California Privacy Rights

    The CCPA provides consumers (i.e., California residents) with specific rights (listed below and subsequently referred to as “California Privacy Rights”), subject to some limitations and verification of their identity, regarding their Personal Information:

    • Consumers have the right to request access to the specific pieces of Personal Information SKLSI has collected, disclosed or sold about them in the last 12 months, including the categories of information, sources and business purposes of collection, as well as the categories of third parties whom SKLSI has disclosed or shared the Personal Information. You may only make a request twice within a 12-month calendar year.
    • Consumers have the right to request deletion of their Personal Information (subject to certain exceptions).
    • Consumers have the right to opt-out of the sale of their Personal Information.
    • Consumers have the right to receive equal service and price and not be discriminated against for exercising their privacy rights under the CCPA.

    In order for SKLSI to process a request for you to exercise your California Privacy Rights, SKLSI will verify your identity by asking you to provide certain personal information. This information may include a description of your relationship with SKLSI, your first and last name, email address, telephone number and postal address or other personal information that will allow us to verify your identity. If we are successful in verifying your identity, SKLSI will do its best to respond to your request as soon as possible, and, in any event, no later than 45 days after receiving your request.

    If we cannot validate your identity, we will attempt to contact you to inform you of this issue.

    Please submit your requests by contacting us at this toll-free number: 1-833-490-0007 or by emailing us at dataprivacy@sklsi.com.

    You may designate an authorized agent to exercise your California Privacy Rights on your behalf in accordance with the CCPA. If you make a request through your authorized agent, we may require you to submit a written and signed statement that the agent is authorized to act on your behalf.

    We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    13. SUPPLEMENTAL PRIVACY POLICY FOR NEVADA RESIDENTS

    Section 603A of the Nevada Revised Statutes permits Nevada residents who are SKLSI "consumers" (as defined by Nevada law) to at any time, submit a request to an operator of a website in Nevada directing the operator not to make any sale of any covered information the operator has collected or will collect about the consumer. SKLSI does not currently "sell" or plan to sell covered information as defined in the Nevada law. If you are a Nevada resident, you may submit a verified request by contacting us by sending an email to dataprivacy@sklsi.com or calling (833)-490-0007 (toll free) to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. We will respond within the time required by law.

    14. SUPPLEMENTAL EUROPEAN PRIVACY POLICY

    European Union ("EU") Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “EU General Data Protection Regulation” or “EU GDPR”) and the United Kingdom GDPR ("UK GDPR") (collectively, the "GDPRs") require SKLSI as the data controller to provide additional and different information about its data processing practices to data subjects in the EEA or the UK. If you are a data subject within the EEA or the UK, this Supplemental European Privacy Policy applies to you in addition to the provisions above.

    How we use your personal data

    We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

    • Where we need to perform the contract, we are about to enter or have entered into with you.
    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • Where we need to comply with a legal or regulatory obligation.
    • Necessary for scientific research purposes.

    We may also use your personal data in the following situations, which are likely to be rare:

    • Where we need to protect your interests (or someone else's interests).
    • Where it is needed in the public interest or for official purposes.

    Generally, we do not rely on consent as a legal basis for processing your personal data. You have the right to withdraw consent to marketing at any time by contacting us using the contact information listed in Section 15 (“HOW TO CONTACT US”).

    We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

    Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need additional details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.

    Purpose/Activity

    Category of personal data

    Lawful basis for processing

    To engage you as a new vendor or other service provider or contractor

    • (a) Identity
    • (b) Contact
    • (a) Performance of a contract with you
    • (b) Necessary for our legitimate interests
    • to operate our business

    To process and deliver products or services including:

    • (a) Manage payments, fees and charges
    • (b) Collecting and recovering money owed to us
    • (a) Identity
    • (b) Contact
    • (c) Financial
    • (d) Transaction
    • (a) Performance of a contract with you
    • (b) Necessary for our legitimate interests
    • to operate our business
    • to keep accurate and updated business records, and
    • to recover debts due to us

    To manage our relationship with you which will include:

    • (a) Notifying you about changes to our terms or privacy policy
    • (b) Asking you to provide feedback or take a survey
    • (c) Responding to your requests
    • (d) Other communications as a contractor or an employee
    • (a) Identity
    • (b) Contact
    • (c) Profile
    • (d) Usage
    • (f) Financial
    • (g) Professional or Employment -Related
    • (a) Performance of a contract with you
    • (b) Necessary to comply with a legal obligation
    • (c) Necessary for our legitimate interests
    • to keep our records updated,
    • to study how customers and clients use our products/services; and,
    • to manage our employee relationships

    To enable you to complete a survey

    • (a) Identity
    • (b) Contact
    • (c) Profile
    • (d) Usage
    • (a) Performance of a contract with you
    • (b) Necessary for our legitimate interests
    • to study how customers use our products/services; and
    • to obtain feedback and grow our business.

    To administer and protect our business and our intranet and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    • (a) Identity
    • (b) Contact
    • (c) Profile
    • (d) Technical
    • (e) Usage
    • (a) Necessary for our legitimate interests
    • for running our business,
    • provision of administration and IT services, network security,
    • to prevent fraud, and
    • in the context of a business reorganization or group restructuring exercise.
    • (b) Necessary to comply with a legal obligation

    To conduct a research program (including conducting clinical trials)

    • (a) Identity
    • (b) Contact
    • (c) Financial
    • (d) Special Categories (Health Data)
    • (a) Necessary for our legitimate interests
    • to develop our products
    • to facilitate and manage clinical trials
    • to conduct and analyze the research study, and
    • to improve healthcare
    • (b) Necessary to comply with a legal obligation
    • to comply with safety and adverse event reporting requirements, and
    • to comply with clinical trial practice requirements
    • (c) Necessary for scientific research purposes

    Purpose/Activity

    To engage you as a new vendor or other service provider or contractor

    Category of personal data

    • (a) Identity
    • (b) Contact

    Lawful basis for processing

    • (a) Performance of a contract with you
    • (b) Necessary for our legitimate interests
    • to operate our business

    Purpose/Activity

    To process and deliver products or services including:

    • (a) Manage payments, fees and charges
    • (b) Collecting and recovering money owed to us

    Category of personal data

    • (a) Identity
    • (b) Contact
    • (c) Financial
    • (d) Transaction

    Lawful basis for processing

    • (a) Performance of a contract with you
    • (b) Necessary for our legitimate interests
    • to operate our business
    • to keep accurate and updated business records, and
    • to recover debts due to us

    Purpose/Activity

    To manage our relationship with you which will include:

    • (a) Notifying you about changes to our terms or privacy policy
    • (b) Asking you to provide feedback or take a survey
    • (c) Responding to your requests
    • (d) Other communications as a contractor or an employee

    Category of personal data

    • (a) Identity
    • (b) Contact
    • (c) Profile
    • (d) Usage
    • (f) Financial
    • (g) Professional or Employment -Related

    Lawful basis for processing

    • (a) Performance of a contract with you
    • (b) Necessary to comply with a legal obligation
    • (c) Necessary for our legitimate interests
    • to keep our records updated,
    • to study how customers and clients use our products/services; and,
    • to manage our employee relationships

    Purpose/Activity

    To enable you to complete a survey

    Category of personal data

    • (a) Identity
    • (b) Contact
    • (c) Profile
    • (d) Usage

    Lawful basis for processing

    • (a) Performance of a contract with you
    • (b) Necessary for our legitimate interests
    • to study how customers use our products/services; and
    • to obtain feedback and grow our business.

    Purpose/Activity

    To administer and protect our business and our intranet and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    Category of personal data

    • (a) Identity
    • (b) Contact
    • (c) Profile
    • (d) Technical
    • (e) Usage

    Lawful basis for processing

    • (a) Necessary for our legitimate interests
    • for running our business,
    • provision of administration and IT services, network security,
    • to prevent fraud, and
    • in the context of a business reorganization or group restructuring exercise.
    • (b) Necessary to comply with a legal obligation

    Purpose/Activity

    To conduct a research program (including conducting clinical trials)

    Category of personal data

    • (a) Identity
    • (b) Contact
    • (c) Financial
    • (d) Special Categories (Health Data)

    Lawful basis for processing

    • (a) Necessary for our legitimate interests
    • to develop our products
    • to facilitate and manage clinical trials
    • to conduct and analyze the research study, and
    • to improve healthcare
    • (b) Necessary to comply with a legal obligation
    • to comply with safety and adverse event reporting requirements, and
    • to comply with clinical trial practice requirements
    • (c) Necessary for scientific research purposes

    Clinical trials

    We undertake or plan to undertake studies within the Europe and we will use information from subjects’ medical records and other health data in order to improve healthcare. SKLSI contracts with service providers, such as Contract Research Organizations (“CROs”), or other service partners, typically as data processors, to collect the personal data of the subjects of the clinical trial and to manage the clinical trials that we sponsor. SKLSI processes key-coded or pseudonymized personal data of clinical trial subjects which means that we do not have direct or immediate access to their identifiable personal data (except, for example, to comply with legal requirements such as those related to our pharmacovigilance obligations).

    As a pharmaceutical organization we have a legitimate interest in using information relating to your health for research studies when you agree to take part in a research study by providing your informed consent to participate. Our exception to the general provision at Article 9(1) of the GDPRs not to process special categories of data is that processing is necessary for scientific research purposes in accordance with Article 89(1) of the GDPRs. This means that we will use your personal data when we act as the data controller for such studies, collected in the course of a research study, in the ways needed to conduct and analyze the research study. Your rights to access, change or move your personal data are limited, as we need to manage your personal data in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use only the minimum personal data needed for these purposes.

    In addition, the personal data of potential and actual site investigators, employees or contractors may also be collected directly by SKLSI or through a CRO that we work with and is typically used, for example, to verify the individual’s qualifications, satisfy documentation requirements for the purpose of the clinical trial, to verify financial disclosures, to avoid any conflict of interest, and to otherwise conduct and analyze the research study.

    Please see "How we use your personal data" in this section above for additional information regarding the collection and use of personal data.

    Change of purpose

    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    International transfers of personal data

    We are based outside the European Economic Area, so the processing of your personal data may involve a transfer of data outside the EEA or the UK.

    Whenever we transfer your personal data out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data (i.e., adequacy decisions made by the European Commission or other regulators, as applicable);
    • We will only transfer your data to countries pursuant to binding agreement to and compliance with standard contractual clauses or binding corporate rules, each as approved by the European Commission or other regulators, as applicable;
    • We will only transfer your data to countries pursuant to the consent of the individual to whom the personal data pertains; or
    • We will only transfer your data to countries as otherwise authorized by the EEA or UK or permitted by applicable EEA or UK requirements.

    How long we retain your personal data

    We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

    To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

    Your data protection rights

    Under certain circumstances, EEA or UK residents have the following data protection rights:

    • To access their personal data.
    • To correct their personal data.
    • To erase their personal data.
    • To object to the processing of their personal data.
    • To restrict the processing of their personal data.
    • To transfer their personal data.
    • To not be subject to a decision based solely on automated processing, including profiling.
    • To withdraw any consent that they have previously provided for the processing of their personal data.

    If you are an EEA or UK resident and you wish to exercise any of the rights set out above, please contact us using our contact information listed in Section 15 ("HOW TO CONTACT US”). You can also contact the Supervisory Authority in the country of your residence within the EEA at this link or within the UK at this link for advice or to make a complaint. Please be aware that your rights in relation to clinical research data may be limited.

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

    We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated on our efforts to respond.

    15. HOW TO CONTACT US

    SK Life Science, Inc.
    Privacy Office
    461 From Road
    Paramus, NJ 07652
    Email address: dataprivacy@sklsi.com
    Phone number: (833)-490-0007 (toll free)

    Effective Date: 06/2022 (v3)