Privacy Policy

TANNER PHARMA GLOBAL PRIVACY NOTICE

Effective 5/21/2021

Who we are and what we do

Tanner Pharma Group (collectively, “TPG”, “Tanner”, “we”, “us”, or “our”) is a global pharma services company that provides access to pharmaceuticals through separate legal entities. These entities include TannerLAC, Inc. (Tanner’s licensing, acquisitions and commercialization division), TannerGAP, Inc. (Tanner’s division  which provides global access to medicine via named patient supply), TannerCTS, Inc. (Tanner’s clinical trials sourcing division) and TannerMAP (which assists biopharmaceutical companies to supply patients and markets with medicines where said medicines are not registered or are not commercially accessible through TannerGAP, Inc., Tanner Pharma UK Limited, Tanner Pharma CH GmbH and Tanner Pharma IE Limited in accordance with appliable law). 
  
TPG is committed to protecting the privacy and security of your personal information and we will always
treat you and your data with the respect you deserve and in accordance with applicable law. TPG has
robust controls and technical safeguards in place that protect all personal information, in accordance
with all applicable data privacy regulations and laws.

The purpose of this Privacy Notice (“Notice”) is to help you understand our information collection,
usage, and disclosure practices by explaining:

What we do with your information and how we use your information

By providing your information to us, you agree to the processing set out in this Notice.
This Notice does not apply to, and TPG is not responsible for, any third-party websites which may be
accessible through links from this website. If you follow a link to any of these third-party websites, they
will have their own privacy policies and you will need to check these policies before you submit any
information to such third-party websites.

We will only use your information where we are permitted to do so by applicable law. In addition to
using your information to deliver the programs, services, products, or information you request, and for
the purposes described above, we may also use it:

• to provide customer support;
• to provide you with information about the Services, our other products, programs, or services, your
accounts, and notices;
• to deliver marketing communications that may be of interest to you;
• to personalize your experience and better tailor content to you;
• to facilitate social sharing functionality;
• to allow you to send messages to another person through the Services;
• to help us, our subsidiaries, affiliates, and business partners better understand our audiences,
evaluate user interest in the Services, improve the Services, and perform other market research
activities;
• for our business purposes, such as data analysis; audits; monitoring and prevention of fraud,
infringement, and other potential misuse of the Services; modifying the Services; determining the
effectiveness of our promotional campaigns; and operating and expanding our business activities;
and
• as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your
country of residence; (b) to comply with legal process; (c) to respond to requests from public and
government authorities, including public and government authorities outside your country of
residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of
our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may combine, aggregate, or anonymize any of the information we collect from you with information
we may collect from or about you from any other online or offline source. This information does not
personally identify you for any purpose, except if required to do otherwise under applicable law.

What information we collect about you

• Basic personal details such as your name and job title (when provided);
• Contact data such as your telephone number and postal or email address;
• Financial data such as payment related information or bank account details (when supplied);
• Information provided to us by or on behalf of our clients or generated by us in the course of
providing our services
• Recruitment related data such as your curriculum vitae, your education and employment history,
details of professional memberships and other information relevant to potential recruitment when
seeking a position with TPG.
• Identification and other background verification data (such as a copy of passports or utility bills or
evidence of beneficial ownership or the source of funds to comply with client due diligence, “know
your client” program, compliance with anti-money laundering laws and as collected as part of our
client acceptance and ongoing monitoring procedures) as needed for TPG’s business to be in
compliance with applicable law;
• Demographic data such as your address, preferences or interests;
• Website usage and other technical data such as details of your visits to our websites and/or
information collected through cookies and other tracking technologies;
• Any other information relating to you that you may provide.

How we obtain the information about you

We may collect or receive your information in a number of different ways:

• Where you provide it to us directly, for example by corresponding with us by email, or via other
direct interactions with us such as completing a form on our website
• Where we monitor use of, or interactions with, our websites, any marketing we may send to you, or
other email communications sent from or received by TPG
• Third party sources, for example, where we collect information about you to assist with know your
client checks as part of our client acceptance procedures or where we receive information about
you from recruitment agencies for recruitment purposes;
• Using cookies: Cookies are small text files stored directly on your device. We use cookies to collect
information such as time spent on the Services, pages visited, the pages you view immediately
before and after you access the Services, the search terms you enter, and other anonymous traffic
data. Cookies allow us to recognize you and personalize your experience, to facilitate navigation,
and to display information more effectively. We also use cookies to gather statistical information
about the use of the Services in order to understand how they are used, improve them, and resolve
questions about them. If you do not want information collected through the use of cookies, most
browsers allow you to automatically decline cookies or to be given the choice of declining or
accepting cookies from a particular site.

Who we share your information with

TPG is a global company and as such any information that we collect, or you provide us may be shared
with and processed by any TPG entity among our global network.

We may also share your information with a variety of the following categories of third parties:
• to business partners who offer products or services jointly with us or with our subsidiaries or
affiliates;
• to identify you to any person to whom you send messages;
• to third parties that provide services to us, such as fulfilling requests for information, answering
calls, administering programs or projects, assisting in research and development, or delivering
advertisements or other communications;
• as required by law, such as to law enforcement, to health authorities to report possible adverse
events, during government inspections or audits, as ordered or directed by courts or other
governmental agencies, or in order to comply with a subpoena or other legal process;
• to permit a third-party business partner to deliver marketing communications or products that may
be of interest to you, subject to any choices you have expressed; and
• when we believe in good faith that disclosure is necessary to protect legal rights or the security or
integrity of the Services; protect your safety or the safety of others; investigate fraud, a breach of
contract, or a violation of law; or respond to a government request.

We may also process your information to comply with our regulatory requirements or in the course of
dialogue with our regulators as applicable, which may include disclosing your information to
government, regulatory or law enforcement agencies in connection with enquiries, proceedings or
investigations by such parties anywhere in the world or where compelled to do so. Where permitted, or
unless to do so would prejudice the prevention or detection of a crime, we will direct any such request
to you or notify you before responding.

Which countries we transfer your information to

As a global company, we cannot limit our processing of an individual’s information to the country in
which that individual is based. In the course of providing our services, we may need to transfer
information to locations outside the jurisdiction in which you provide it or where you are viewing our
website. If you are based in the European Economic Area (EEA), this will mean that your information
may be transferred to, accessible from, and/or stored at, a destination outside the EEA in which data
protection laws may not be as comprehensive as in the EEA.

Regardless of the location of our processing, we will impose the same data protection safeguards that
we deploy inside the EEA and implement appropriate measures to ensure that your information is
protected in accordance with applicable data protection laws. TPG has a data sharing agreement in
place signed by all TPG entities which includes EU standard contractual clauses. Similarly, where a third
party service provider processes the information of EEA residents on our behalf, we will ensure that
appropriate measures are in place to ensure an adequate level of protection for your information,
usually by including EU standard contractual clauses in our agreements with such third party service
providers.

Please contact us as directed below if you would like to see a copy of the specific safeguards applied to
the export of your information.

How long we keep your information

We will retain your information for as long as is necessary to fulfil the purpose for which this data was
collected and any other permitted linked purpose (for example, certain transaction details and
correspondence related to any legal services we provide may be retained until the time limit for claims
in respect of the transaction has expired or in order to comply with appliable legal and regulatory
requirements regarding the retention of such data). If your information is used for two purposes, we will
retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a
shorter period once that period expires. Our retention periods are also based on our business needs,
good industry practice and applicable legal requirements.

How we protect your information

We recognise that information security is an integral element of data privacy. While no data
transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion,
we implement a range of commercially reasonable physical, technical and procedural measures to help
protect information from unauthorised access, use, disclosure, alteration or destruction in accordance
with data protection law requirements. Information that you provide to us is stored on our secure
servers or our service providers’ secure servers and accessed and used subject to our security policies
and those agreed with our service providers.

What are your rights in relation to your information

In accordance with EU or other applicable data protection laws, you may have the right to require us to:
• provide you with further details on the use we make of your information
• provide you with a copy of information that we hold about you;
• update any inaccuracies in the information we hold;
• delete any information that we no longer have a lawful ground to use;
• where processing is based on consent, to withdraw your consent so that we stop that particular
processing;
• object to any processing based on the grounds of legitimate interests unless our reasons for
undertaking that processing outweigh any prejudice to your data protection rights; and
• restrict how we use your information whilst a complaint is being investigated.

You may also ask us not to process your information for marketing purposes. You can exercise your right
to prevent such processing at any time by using an unsubscribe facility or contacting us at
DataPrivacy@tannerpharma.com

We are also required to take reasonable steps to ensure that your information remains accurate. Please
let us know of any changes to the information that you have provided to us by contacting us at
DataPrivacy@tannerpharma.com

While it is our policy to respect the rights of individuals, please be aware that your exercise of these
rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection
of crime), our interests and some of these rights may be limited (for example the right to withdraw
consent) where we are required or permitted by law to continue processing your information to defend
our legal rights or meet our legal and regulatory obligations.

If you contact us to exercise any of these rights, we will check your entitlement and respond in most
cases within thirty (30) business days of receipt of your request to exercise any of these rights.

If you are not satisfied with our use of your information or our response to any exercise of these rights,
you have the right to complain to the relevant Supervisory Authority (data protection regulator).

Who is the data controller of your information

As indicated above, TPG is made up of a number of different entities. Depending on where you are
located and the location from which legal or other services are provided, the data controller of your
information processed by us under this Notice will be different.

How we use cookies and similar technologies

When you visit our websites we may send a cookie to your computer. This is a small data file stored by
your computer to help improve functionality or tailor information to provide visitors with more relevant
pages. For details of the cookies employed by us, please see our Cookie Policy, which forms part of this
Notice. We may also analyse website traffic to identify what visitors find most interesting so we can
tailor our websites accordingly.

How you can contact us

If you have any questions about this Notice or how we process your information, please contact us by
sending an email to DataPrivacy@tannerpharma.com or by writing to:

Data Protection Officer
1808 Associates Lane, Suite A
Charlotte NC 28217

COMPLAINTS AND JURISDICTION SPECIFIC PROVISIONS

Complaints about Tanner Pharma Group’s handling of your personal information may also be made to
the appropriate Privacy Commissioner:

Residents of the European Economic Area (EEA) and Switzerland. The entity responsible for the
collection and processing of Personal Data for residents of the EEA and Switzerland is Alte
Steinhauserstrasse 21, CH-6330, Cham, Switzerland. To exercise your rights, the Data Protection Officer
may be contacted via DataPrivacy@tannerpharma.com. You may direct your questions or concerns to
The Federal Data Protection and Information Commissioner (FDPIC)
Email: info@edoeb.admin.ch
Phone: +41 (0)58 462 43 95)

Residents of the UK. The entity responsible for the collection and processing of Personal Data for
residents of the UK is 2 Adelaide Street, St Albans, Hertfordshire, AL35BH. If you are a resident of the
UK, you may direct your questions or concerns to the UK: Information Commissioner’s Office (ICO), the
UK supervisory authority for data protection issues (Email: casework@ico.org.uk); (Phone: 0303 123
1113)

Residents of the United States. The entity responsible for the collection and processing of Personal Data
for residents of the United States is 1808 Associates Lane, Suite A, Charlotte, NC 28217, United States. If
you are a resident of the United States, you may direct your questions or concerns to the appropriate
Privacy Commissioner within your State and/or Office of Civil Rights for HIPAA Rights (1-866-627-7748
TDD: 1-800-537-7697)

How we may update this Privacy Notice

We may change the content of our website and how we use cookies without notice and consequently
our Notice and Cookie Policy may change from time to time in the future. We therefore encourage you
to review them when you visit the website to stay informed of how we are using your information.

Tanner Pharma Group uses cookies on its website. By continuing to access this website you are agreeing to Tanner Pharma Group’s Data Privacy Policy. For more information, click here.