Data Privacy Notice

TABLE OF CONTENTS

1.Purpose

OBI Pharma, Inc. (OBI, us, we or our) respects the privacy of visitors to our website, https://www.obipharma.com/. The purpose of this Data Privacy Notice is to provide you with information on how we will use and protect the personally identifiable information you share with us. This Data Privacy Notice will be continuously assessed against new technologies, business practices and the needs of persons with whom we communicate. By using OBI’s website, you agree to the practices described in this Data Privacy Notice. If you have any concerns or would like to contact us about any aspect of this Data Privacy Notice, please get in touch with us at <info@obipharma.com>.

As the controller of the personal information as defined by the General Data Protection Regulation n°EU 2016/679 (GDPR), OBI has committed to comply with the GDPR. OBI wants to make sure that European Union (EU) data subjects understand what personal information is collected about them, how their personal information is used and how it is kept safe by OBI when they use OBI’s website.

OBI is located at: 6F, No. 508, Sec. 7, Zhongxiao E Rd
Nangang District, Taipei City, 115, Taiwan

2.Information We Gather

OBI will only collect personally identifiable information you voluntarily submit through the contact email addresses on our website. This information includes, but is not limited to, your first and last name, e-mail address, address, or telephone number. This information may also include health information, particularly medical condition, and medication you voluntarily submit through the website.

OBI will retain personal data only as long as necessary to fulfill the purpose for which such data was collected or as necessary for compliance with a legal obligation to which OBI is subject or in order to protect your vital interests or the vital interests of another person.

3.Uses of Information

We only use your personal information to help us improve our services and to inform you about additional products, services or developments that may be of interest to you and for which you have given us your consent. We do not share this information with outside parties without your explicit consent.

The information we collect will be used for the following purposes:

The reasons we process your personal information How we justify the processing
To respond to your requests or inquiries For GDPR data subjects: We consider that it is our legitimate interest to retain your information in order to respond to your requests or inquiries
For non-EU subjects to whom the GDPR does not apply:
We will ask your consent to process your data in order to respond to your requests and inquiries.
To share your personal information, including personal health information, with third parties in the context of clinical trial use requests We will ask your consent to share your personal information in connection with your request for clinical trial use.
To keep you informed about our clinical trial or other activities that we believe may be of interest to you We will ask for your consent to keep you informed about our clinical trial and other activities.
Improve the accessibility and user experience of our website We will ask for your consent for the cookies we collected before you use our website.

We do not sell, trade, or rent your personal information to others. However, we may release information when we believe, in good faith, that such release is reasonably necessary to (a) comply with law, (b) enforce or apply the terms of any of our user agreements, or (c) protect the rights, property or safety of OBI, our users or others. We will not share, sell, or transfer your personally identifiable data to any third-party without defining an appropriate legal basis and without providing you with required information about the data processing.

4.Location of Your Personal Data

OBI is headquartered in Taiwan and inquiries made through our website will be processed in Taiwan.

The personal data you provided will be accessible to our affiliates and may also be shared with third parties. Your personal data will only be transferred to these third parties to the extent necessary to achieve the purpose of the processing of your data as described in this notice. OBI will release the minimal amount of data that is necessary for these third parties to perform their contractual obligations, and OBI shall obtain assurances in writing that they will safeguard personal data and provide the same level of protection for personal data this privacy policy and applicable law require. OBI takes reasonable and appropriate steps to ensure that third-party agents process personal data in accordance with this Data Privacy Notice and to stop and remediate any unauthorized processing.

OBI is committed to ensuring the security of personal data in order to protect them from unauthorized access, unlawful processing or disclosure, or accidental loss, modification or destruction. To this end, OBI uses technical, administrative, and procedural measures in an attempt to safeguard your personal data. It includes the use of encryption practices to help ensure the integrity and privacy of the personal and health-related personal data you provide to us. Equally, all personal and/or health-related personal data is kept physically behind firewalls that prevent intruders from gaining access. Nevertheless, while we will make reasonable efforts to protect personal and/or health-related personal data, you should be aware that there is always some risk that an unauthorized third-party could intercept an internet transmission, and we do not guarantee that your personal data will be secure from accidental loss, unauthorized access, improper use, or disclosure.

5.Your Rights as an EU Data Subject

GDPR provides EU data subjects with rights over their personal data. These rights include:

  • The right to be informed about the processing of your personal data.
  • The right of access to your personal data. You have the right to obtain confirmation as to whether or not your data are being processed. If yes, you have the right to access your data, to receive information related to the processing and also to receive a copy of the data undergoing processing.
  • You are entitled to have your personal data rectified if it is inaccurate or incomplete.
  • This right enables you to request the deletion or removal of your personal data in certain circumstances.
  • The right to restrict processing of your personal data.
  • The right to portability of your data in a re-usable format, such as spreadsheets. This right enables you to reuse your personal data for your own purposes across different services.
  • The right to object to processing for certain purposes.
  • Withdraw consent. The right to withdraw your consent at any time and without justification when you have given your consent for the data processing. The withdrawal of your consent does not affect the lawfulness on the processing of your personal data based on your consent before the withdrawal.

6.Protection of Children’s Information

OBI’s dedication to protect your privacy also extends to children, and our website is not designed or intended to attract children 15 years old or younger, based on the country you are in. We do not knowingly collect personal information from any person we actually know is defined to be a child in a given country. If you have questions or concerns about the Internet and privacy for children, we encourage you to visit https://www.consumer.ftc.gov/topics/protecting-kids-online.

7.For EU Data Subjects- Our Data Protection Representative and Data Protection Officer

The data protection representative of OBI in the Europe is MyData-TRUST S.A., located at Blvd Initialis, 7, Bureau 3, BE 7000, Mons, Belgium.

If you are an EU data subject and have any questions about this notice or how we process your personal data, please contact our Data Protection Officer at OBI <obi.dpo@mydata-trust.info>. You also have the right to raise a complaint about how your personal data is handled to the National Data Protection Authority located in the Member State in which you have your main residence or located in the Member State the alleged violation took place. To obtain contact details of all Member States Data Protection Authorities, we encourage you to visit https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

8.External Links

As a convenience to our visitors, OBI’s website provides links to a number of sites (FDA, EMA, clinicaltrials.gov, etc.) that we believe may offer useful information. The policies and procedures we described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security and data collection and distribution policies.

9.Changes to the Data Privacy Notice

Personal data privacy is a new and evolving area, and OBI is evolving to meet these demands. Mistakes are possible and miscommunications are possible. If you have any comments or questions regarding this Data Privacy Notice, please contact us by submitting an online form using the email address: <info@obipharma.com>. We will address any issue to the best of our abilities.

10.European Economic Area

Provisions of this Data Privacy Notice that apply to EU data subjects shall also apply to European Economic Area data subjects.

11.Cookies Policy

Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows website to recognize you and make your next visit easier and the website more useful to you. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

12.What Are Your Rights and Choices Regarding Cookies

If you would like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. As a European data subject, under GDPR, you have certain individual rights. You can learn more about these rights in the GDPR Guide: https://www.termsfeed.com/blog/gdpr/#Individual_Rights_Under_the_GDPR.

You can learn more about cookies and the following third-party websites:

Network Advertising Initiative: http://www.networkadvertising.org

13.Log Files and Aggregate Information

We may track the total number of visitors to our website, the number of visitors to each page of our website, IP addresses and the domain names of our users’ internet service providers, and we may analyze these data for trends and statistics in the aggregate, but such information will be in aggregate form only and it will not contain personally identifiable data. Such aggregate information is not linked to any personally identifiable information that can identify any individual person.

14.Publication Date

This Data Privacy Notice is published online on October 23, 2024.