Privacy On Pledge - Lupin Pharmaceuticals, Inc.

LUPIN’S PLEDGE ON PRIVACY (“PLEDGE”)

Effective Date: November 4, 2022

You care about the protection of your Personal Information – and so do we. At Lupin Pharmaceutical, Inc. (USA) (“Lupin”), we work to maintain the privacy and data security of all Personal Information we collect or receive from you, including when you use the Lupin, Inc. (US) website Lupin U.S. | Branded + Generic Pharmaceutical Company.

This Privacy Policy applies to Personal Information Lupin collects, uses or shares, including when you visit our Website. Please read this Privacy Policy carefully. Should you have any questions about this Privacy Policy or how we handle Personal Information, please contact us at ComplianceOffice@Lupin.com.

IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE SECTION 11 BELOW FOR ADDITIONAL TERMS THAT MAY APPLY TO YOU.

IF YOU PROVIDE PERSONAL INFORMATION WITH REGARD TO OUR PHARMACOVIGILANCE PROGRAM, PLEASE SEE OUR PHARMACOVILIGENCE PRIVACY STATEMENT WHICH DESCRIBES HOW WE COLLECT, USE AND SHARE THE PERSONAL INFORMATION YOU PROVIDE IN CONNECTION WITH THAT PROGRAM.

1. PERSONAL INFORMATION WE COLLECT

We may collect the following categories of your Personal Information. Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but does not include publicly available information. We have collected the following categories of Personal Information from consumers within the twelve (12) months preceding the effective date of this Privacy Policy:

Category of Personal Information	Do we Collect this type of data	Examples
Identifiers	Yes	Such as name, address, internet protocol address (“IP Address”), email address, phone number and government ID numbers
Customer Records	Yes	Such as your name, signature, government ID numbers, physical characteristics or description, address, telephone number, insurance policy number and other medical information that you provide if you report an adverse event or product complaint
Protected Classifications	Yes	In limited circumstances, we request information such as your age, sex, marital status, medical conditions, physical or mental disability, whether you are pregnant. or genetic information in connection with a report of an adverse event or product complaint.
Commercial Information	Yes	Records of products purchased or used by you.
Biometric Information	No	Fingerprints and voiceprints.
Internet Activity	Yes	Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
Geolocation Data	No	Your current physical location.
Sensory Data	Yes	Phone and video recordings.
Employment Information	Yes	Work History.
Education Information	Yes	Student records
Inferences	No	Profiles of an individual’s characteristics and preferences based upon the other categories of Personal Information listed above.

2. SOURCES OF PERSONAL INFORMATION

We collect Personal Information from the following sources:

Source 1: Information that you provide: We collect Personal Information and other data that you or others may provide on our Website or by phone. We may also collect Personal Information about you that you or others may provide when contacting us for medical information or products in certain circumstances. The following are examples of instances when we collect Personal Information you provide:

When You Request Information. When you request information by calling us, writing us or through our Website.

Drug Safety Information and Concerns. When you seek drug safety information or instructions regarding our products, seek help on how to use our products, if you have drug safety questions, report an adverse event or provide us with any comments or concerns about our products, as further described in our Pharmacovigilance Privacy Statement.

Marketing Communications. We may use your email and mailing address to send you promotional and other electronic and hardcopy communications. We may use third-party providers to deliver these communications to you. You may opt-out of marketing emails by using the unsubscribe link in the email. To opt-out of other marketing communications (e.g., postal marketing and telephone), please contact us as set forth in the “Contact Us” section below. Opting out of marketing communications does not opt you out of other, non-marketing communications from us.

Career Opportunities. When you submit a job application or related materials online for employment with Lupin, you will be redirected from our Website to the website of our third-party service provider, ICIMS, Inc. You may be required to create an account with that service provider. We encourage you to review the terms and privacy policy posted on that service provider’s website since this Privacy Policy does not govern your use of that website. If you send us your job application materials directly, we will only use and share those job application materials to evaluate your qualifications to work with Lupin. Your submission of an application or inquiry does not in any way require Lupin to review your information or consider you for employment.

Feedback. When you provide comments or feedback about our Website or our products (“Feedback”), we may collect Personal Information.

Source 2: Information from health care professionals, public or third-party sources: We may collect Personal Information from health care professionals, including their NPI, from and from the public or third-party sources to verify their professional credentials and identity. We may also collect Personal Information from your family members through our Pharmacovigilance program.

Source 3: Information collected from your computer or other electronic device: We collect information about your computer or other electronic device when you visit our Website. This information may include your Internet Protocol (IP) address, Internet Service Provider (ISP), domain name, browser type, operating system, location, website you visit before or after you visit this Website, pages you click on this Website, search requests, date and time of your requests, the amount of time spent on the Website and information provided by tracking technologies, such as cookies, single- pixel tags, local share objects (Flash), local storage, Etags and scripts.

We may use cookies in conjunction with third parties to serve advertisements to your computer or other electronic device. Please reference our Cookie Policy in Section 9 below for more information about cookies and how you can control the use of cookies when visiting our Website.

3. HOW WE USE PERSONAL INFORMATION

We may use all categories of Personal Information listed in Section 1 above for the following business purposes:

As Stated or Agreed to at the Point of Collection. We may use Personal Information for the purposes stated or agreed-to (or as is obvious) at the point of collection. For example, we use Personal Information to respond to your questions, requests, comments, or concerns. We may also use Personal Information as requested or consented to by you.

Administration. We use Personal Information for administrative purposes, such as facilitating transactions, to inform our business strategies, to understand the Website demographics and user preferences, for evaluating job applications and to manage profiles.

Website Management. We use Personal Information for website management, such as troubleshooting problems, improving the content and functionality of our Website, statistical and other analyses of the Website, and to customize the Website. We also may use Personal Information to audit our Website for compliance, authorized access and security.

Advertising/Marketing. We may use Personal Information to send you promotions, to perform targeted advertising, to notify you of new products, to notify you of new features of or information on our Website, to notify you of changes to our Terms of Use or this Privacy Policy or our Pharmacoviligence Privacy Statement, and for other similar communications.

To Protect Our Rights. We may use Personal Information to protect our legal rights or interests, or those of third parties, including to bring a legal action against you or anyone who may be causing harm to us, our Website, or to others. We may also use Personal Information to seek business, financial or legal advice, and to respond to other legal requests.

For Drug Safety and To Meet Our Regulatory Obligations. We use Personal Information for drug safety and to meet our regulatory obligations, including for pharmacovigilance. Please see our Pharmacovigilance Privacy Statement for more information about how we collect, use, and share such Personal Information.

4. DISCLOSURE OF PERSONAL INFORMATION

We do not sell, rent or lease Personal Information to any third party. We may share Personal Information with the following parties, in compliance with applicable laws:

Employees and Affiliates. We may share Personal Information with our employees and our parent, subsidiaries, divisions, and groups worldwide (“Affiliates”) who have a need to know the information for our business purposes.

Service Providers and Third-Parties. We may share Personal Information with our service providers and to third parties. For example, we may share Personal Information with service providers that host and manage our Website; provide targeted advertising and other marketing; improve the content and functionality of our Website; perform data analysis and statistical analysis; troubleshoot problems with our Website; provide public relations; provide email services; provide data processing; and support or provide the security of our Website.

Government Officials / Law Enforcement. We will cooperate with law enforcement and other governmental agencies, and may disclose Personal Information: (i) if we believe in good faith we are legally required to disclose that Personal Information, (ii) if we are advised to disclose Personal Information by our legal counsel, or (iii) when necessary to identify, contact or bring a legal action against someone who may cause or be causing harm to, or interfering with the legal rights of Lupin or any other party.

Professional Advisors. We may share Personal Information with our professional advisors, such as our attorneys, accountants, financial advisors and business advisors, in their capacity as advisors to Lupin.

Change in Ownership. In the event Lupin is the subject of a due diligence process concerning the sale of the company in whole or in part, through sale, merger or acquisition or in the event of a bankruptcy, receivership or a similar transaction, we may provide Personal Information to the prospective or subsequent owner(s). In these circumstances, Personal Information may be shared with actual or prospective purchasers or successors and may be transferred in the case that transaction is completed.

Other. We may share Personal Information with third parties or service providers when explicitly requested by or consented to by you, or for the purposes for which you disclosed the Personal Information to us as indicated at the time and point of the disclosure (or as was obvious at the time and point of disclosure).

5. USE AND DISCLOSURE OF NON-PERSONAL INFORMATION

Lupin may collect, use, share, transfer and otherwise process de-identified and aggregated information that it receives or creates for any purposes in its sole discretion, in compliance with applicable laws. Lupin is the sole and exclusive owner of such de-identified and aggregated information, including if Lupin de-identifies Personal Information so that it no longer considered Personal Information under applicable laws.

6. STATEMENT ON CHILDREN

Our Website is not directed at children and is designed for individuals who are 16 years of age or older. Where requests for information about a product are permitted by law, individuals requesting information about a product that is indicated for use in children must be 16 years or age or older.

We do not knowingly collect Personal Information from children under 13 years of age, or according to local law, without obtaining verifiable parental consent prior to collection. If you are a parent or guardian that has knowledge that we have collected Personal Information from your child under 13 years of age, please contact ComplianceOffice@Lupin.com to request removal and we will endeavor to verify the identity of any applicable child Personal Information and make commercially reasonable attempts to delete such Personal Information.

7. PROTECTION OF PERSONAL INFORMATION

Personal Information about you will be accessible to Lupin, including its Affiliates, and to individuals and organizations that use Personal Information solely for and at our direction. Lupin may transfer your Personal Information to one of its databases outside your country of domicile.

Uses and disclosures of Personal Information by service providers acting on our behalf are governed by agreements that require Personal Information to be protected appropriately. Personal Information will only be used and disclosed by us and those working on our behalf, in a manner consistent with this Privacy Policy, other applicable privacy statements or notices, data, with accessed controlled as needed and as explicitly permitted or required by applicable laws, rules and regulations.

8. SOCIAL MEDIA

We are active on YouTube and LinkedIn (“Social Media”). Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Website and our Social Media pages any comments or content that you post on our Social Media pages.

Our Website allows you to connect and share data with Social Media platforms. These features may require us to use cookies, plug-ins, and APIs provided by such Social Media platforms to facilitate those communications and features. Our Website may use advertising networks and services offered by Social Media platforms to deliver advertising content. Use of these services requires Social Media platforms to implement cookies or pixel tags to deliver ads to you while you access our website.

Your use of Social Media is governed by the privacy policies and terms of the providers that own and operate those websites and not by this Privacy Policy. We encourage you to review those policies and terms.

9. COOKIE POLICY

Lupin uses cookies to improve the experience for visitors to our Website. This Cookie Policy (“Policy”) supports Lupin’s Privacy Policy by providing more detail about the types of Cookies and similar technologies that our Website, web applications and other online services use and how you can control Cookies on your computer or mobile device.

Cookies & Other Tracking Technologies

What types of online tracking mechanisms do we use? We may use cookies, web beacons, pixel tags and other tracking technologies (collectively “Cookies”) on our Website.

What are cookies and web beacons / pixel tags? A Cookie is a small text file that our Website saves onto your computer or device when you use the Website that provides us certain information about your activities. Cookies allow the Website to remember your actions and preferences and recognize you or your browser. Web beacons / pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage.

Why do we collect Cookies? We use Cookies to:

make our Website function properly;
provide personalized experiences;
tailor our interactions with you;
help with our marketing efforts;
send you targeted advertising;
provide us with valuable data and statistics about the usage and effectiveness of our Website and to help us improve our Website; and
help us improve our products.

What type of information do Cookies collect? The Cookies on our Website may collect information such as:

IP addresses assigned to the computers and other devices you use;
your internet service provider;
device ID number;
approximate geographic location;
browser type;
the Website pages visited;
the website you access before and after visiting the Website, and
data related to how and when you use the

We may combine information from Cookies with Personal Information, including data obtained from third parties.

How long do Cookies last? A Cookie can either be a “session” Cookie or a “persistent” Cookie. Session Cookies exist only for so long as you are visiting the applicable Website and are typically deleted when you exit your web browser. Persistent Cookies exist for a set period of time, for example, up to several months or years. Each time you visit a website that has implemented a persistent Cookie, the persistent Cookie is renewed, and that Cookie will remain active until its predetermined expiration date. You can manually delete persistent Cookies through your browser settings.

Flash cookies differ from other browser cookies regarding the amount and types of data collected and how the data is stored. Your browser will not remove and cannot manage Flash cookies in the same way as other Cookies. To learn about managing your Flash cookie settings, visit the Flash player settings page on Adobe’s website.

We are not responsible for third-party Cookies. Cookies may either be “first-party” or “third-party” Cookies. A first-party Cookie allows your web browser to talk to the actual website that you are visiting (i.e. this Website). A third-party Cookie allows your web browser to talk to a third-party website, such as the source of an ad that appears on the Website you are visiting or a third-party analytics provider. We do not have control over third-party Cookies. Third-party Cookies are not governed by this Policy.

How do you manage Cookies or opt-out? Most browsers automatically accept cookies. You can disable this function by changing your browser settings but disabling cookies may impact your use and enjoyment of the Website. Not all features or functions of the Website may work properly if you disable Cookies. You cannot disable all Cookies, such as Cookies that are essential to the functioning of the Website.

Analytics. We may use Google Analytics to collect and process information about your use of the Website. Google sets cookies on your browser or device, and then your web browser will automatically send information to Google. Google uses this information to provide us with reports that we use to better understand and measure how users interact with our Website.

To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data when you use our partners’ sites or apps.” You may download the Google Analytics Opt-out Browser Add-on for each web browser you use, but this does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Website.

Maps. Our Website may contain maps provided by third parties and/or service providers for your convenience. Lupin and such other parties may collect data about how you interact with the maps. For example, Google may collect usage data on maps embedded on our Website. Even if you do not interact with the maps, Google may still collect certain information about your interactions with our Website if you are signed into your Google account when accessing our Portal. Please see Google’s privacy policy for more information.

Videos; Embedded Content. Our Website may contain videos and embedded content provided by YouTube, Vimeo and other third parties, including visible content and/or feeds scripts embedded in the Website code. YouTube, Vimeo and such third parties may collect data about how you interact with such content. Our use of YouTube content requires us to implement certain application programming interfaces (APIs) from YouTube, which allow for data collection, disclosure and use by YouTube pursuant to the Google Privacy Policy available here. In addition, if you are signed into your Vimeo account when you visit our Website, Vimeo may associate information collected when you visit our Website with your account. By watching the videos and interacting with such content, you agree to the collection and use of such data. You may revoke YouTube’s access to your data by visiting the Google security settings page available here. Please see Vimeo’s privacy policy to learn how Vimeo collects, uses and shares Personal Information.

Online Behavioral Advertising. We may use third parties and/or service providers to provide interest-based advertising services, such as Google Ads and Facebook Custom Audience. These services may serve advertisements on our behalf that are customized based on predictions about your interests generated from your visits to websites (including this Website) over time and across different websites. The data collected may be associated with your Personal Information. These advertisements may appear on our Website and on other websites and may be sent to you via email.

We use Google Ads to serve ads across various websites. Google uses Cookies to collect data about your visits to the Site to generate targeted advertisements to you on other websites that you visit. To opt-out of this type of advertising by Google, to customize your ad preferences, or to limit Google’s collection or use of such data, visit Google’s Safety Center and Google’s Ad Settings and follow Google’s personalized ad opt-out instructions. Opting out will not affect your use of the Site.

To change your preferences with respect to certain online ads or to obtain more information about ad networks and online behavioral advertising, visit National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads. Opting-out of targeted advertising does not opt you out of all ads, just those targeted to you.

10. ADDITIONAL TERMS APPLICABLE TO CALIFORNIA RESIDENTS ONLY – YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, California law provides you with additional rights regarding our use of your Personal Information.

This section provides additional terms that apply to residents of California. In the event of a conflict between this Section and the remainder of this Privacy Policy, this Section shall take precedence for California residents. In this section only, any capitalized terms not defined in this Privacy Policy have the meanings set forth in the California Consumer Privacy Act of 2018 and its implementing regulations, each as amended (the “CCPA”).

The Collection, Source, Purpose and Sharing of Your Personal Information. We collect the categories of Personal Information described in Section 1; the categories of sources from which your Personal Information is collected is described in Section 2; our purposes for collecting your Personal Information are described in Section 3; and the categories of third parties and service providers with whom we share your Personal Information are described in Section 4, all mentioned above.

In the twelve (12) months preceding the effective date of this Privacy Policy, we have disclosed the following categories of Personal Information of California consumers for a business purpose (refer Section 1 above).

Your California Privacy Rights.

California residents have certain rights under the CCPA, such as the right to request certain information or request deletion of their Personal Information. Subject to certain limitations such as (a) exceptions permitted by applicable law and (b) verification of your identity, California residents may exercise the following rights regarding their Personal Information:

Right to Access and Disclosure. You have the right to access any of the following which occurred in the prior 12-month period: (a) the categories of Personal Information we collected from you, (b) the categories of sources from which the Personal Information was collected, (c) the business or commercial purpose for collecting your Personal Information, (d) the categories of third parties with whom we shared your Personal Information, and (e) the specific pieces of Personal Information we collected from you.

Right to Request Deletion. You have a right to request that we delete Personal Information we collected from you. We will comply with such requests, and direct our service providers to do the same, subject to certain exceptions permitted by applicable law.

How to Exercise Your Rights of Disclosures and Deletion. To exercise your California rights described in this Section, you may submit your request to us by contacting us at any of the following:

Phone: +1 844- 815- 3731

Email: ComplianceOffice@lupin.com

Verifiable Consumer Request. In order to verify your request to exercise your rights under the CCPA, you must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information. You must describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to your request.

When we receive your request to exercise your rights under the CCPA: (a) we will acknowledge receipt of your request; (b) we will try to match the information you provide in making the request with information we already maintain; (c) if required to verify your identity, we may ask you to provide additional information, including Personal Information; (d) we will consider various factors when determining how to verify your identity, such as the sensitivity and value of the data, the risk of harm, and the likelihood of fraud.

We will only use the Personal Information we collect during the verification process for the purpose of verifying your identity. If you maintain an account with us, we may use that account to respond to your request and/or verify your identity. If we are unable to verify your identity as required by applicable laws and regulations, we will decline to comply with your request, and let you know why.

When We Will Respond. We will try to respond to your request to exercise your California privacy rights within 45 days. If we require additional time, we will inform you of the reason and extension period. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. For data portability requests, we will select a format to provide you with that Personal Information. We may charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.

Non-Discrimination. California residents have the right to not receive discriminatory treatment for exercising any of their rights under the CCPA.

Who May Exercise Your Rights? You may only make a request to exercise your rights on behalf of yourself. You also have a right to submit requests to exercise your rights under the CCPA through an authorized agent. If you choose to use an authorized agent, you must (a) provide signed permission to that authorized agent to submit requests on your behalf, (b) verify your identity directly with Lupin, and (c) directly confirm with Lupin that you granted permission to the authorized agent to submit the request on your behalf. For clarity, you are required to verify the identity of both yourself and the authorized agent.

We may deny a request from an authorized agent if we do not have proof that they are authorized by you to act on your behalf.

Furthermore, a parent or legal guardian may make a request on behalf of his or her child.

California’s “Do-Not-Track” Requirement. We currently do not respond to “do not track” requests.

Shine the Light. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to ComplianceOffice@Lupin.com or write to us at: 5801 Pelican Bay Boulevard, Suite 500, Naples, Florida 34108.

11. SECURITY AND CONFIDENTIALITY

We use commercially reasonable administrative, technical, and physical safeguards to help secure Personal Information against loss, misuse, and alteration. If a breach of your Personal Information occurs, we will notify you if required under applicable law.

YOU UNDERSTAND THAT NO DATA TRANSMISSION OVER THE INTERNET OR DEVICE CAN BE GUARANTEED TO BE 100% SECURE. WHILE WE STRIVE TO PROTECT PERSONAL INFORMATION, WE DO NOT GUARANTEE THE SECURITY OF PERSONAL INFORMATION AND YOU PROVIDE PERSONAL INFORMATION AT YOUR OWN RISK.

12. RECORD RETENTION

We generally retain Personal Information for only as long as reasonably needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business, such as applicable rules on statute of limitations or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period.

13. ACCESS FROM OUTSIDE THE UNITED STATES

If you access our Website from outside the United States, please be aware that Personal Information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of Personal Information in the United States to be equivalent to that required by other jurisdictions.

14. LINKS TO OTHER SITES

This Privacy Policy applies only to our Website. Our Website may link to, or be linked to, websites not owned or controlled by us. We are not responsible for third parties’ privacy policies or practices. This Privacy Policy does not apply to any third-party website or to any data that you provide to third parties or to any data that you provide to third parties. You should read the privacy policy for each website that you visit.

15. CONTACT

We seek to constantly improve how we manage the collection and use of Personal Information. If you have questions regarding this Privacy Policy or how we treat your Personal Information, please contact us at:

Attn: Compliance & Ethics Office Americas and EMEA

Address: Lupin Pharmaceutical, Inc., 111 S Calvert St, Baltimore, MD 21202