2. Changes to This Privacy Notice

As privacy laws and regulations change, and as Precision and its websites evolve, it may be necessary to revise or update our Privacy Notice without advance notice to you. Changes to this Privacy Notice will be reflected when we revise the “Last Updated” date at the end of this Privacy Notice. If we make changes that are material to the protection of your data, we will update this Privacy Notice before such changes take effect.

3. Purposes of Data Processing

“Personal data” means any information or set of information that identifies or could be used to identify you, either directly or indirectly. Personal data do not include information that is anonymized so that an individual cannot be identified. Personal data will be collected and handled by Precision for various purposes listed in the relevant following sections.

3.1 Website Visitors
3.2 Potential Employees and Contractors
3.3 Key and Digital Opinion Leaders (KOLs), Consultants, Experts, and Stakeholders in the Area of Life Sciences Industry and Precision Services (Industry Professionals)
3.4 Investigators, Clinical Site Study Team Members, and Other Healthcare Professionals (HCPs) in R&D Area
3.5 Study Participants and Patients Involved in Clinical Trials
3.6 Existing and Potential Clients, Vendors, and Suppliers, Client and Vendor Personnel, and Contract Signatories
3.7 Speak Up Program and Compliance Investigations

3.1 Website Visitors

Precision operates various websites, including in particular precisionmedicinegrp.com; precisionformedicine.com and precisionaq.com as well as websites of company affiliates  and subsidiaries (collectively, the “websites”): If you have been redirected here from any of the websites “Privacy Policy” links this notice applies to this website and processing of your personal data through this website.

In this section we inform you about the privacy implications of interacting with Precision websites. When you visit our websites, submit queries or data to contact requests via “Contact” forms, this notice applies to how Precision will process your personal data.

Personal data collected by the websites will include name, address, contact numbers, and email address but may also include other information you may choose to provide us with (eg, request to provide a service, where an employment opportunity is being processed, or where a health professional is interested in participating in a clinical trial).

You may voluntarily provide us with personal data

1. To receive additional information about Precision (ie, newsletters, press releases, marketing materials)
2. If you are interested in pursuing an employment opportunity with Precision, or if you are interested in providing clinical trial investigator services to Precision
3. To receive access to webcasts or to receive customized information (usually through the “Contact Us” form)

Precision also collects personal data about your computer hardware and software, including, but not limited to, your computer operating system, your Internet Protocol (IP) address, your Internet browser, and information regarding your interactions and navigation within the websites. Our web server automatically collects this category of personal data when you request to view pages within our websites.

All websites apply cookies. To find out more about cookies and how Precision uses them, including how you can opt out of nonessential cookies, please view the Precision Cookies Policy via https://www.precisionmedicinegrp.com.

3.1.1 Use of personal data collected:

We will not use or disclose your personal data in a manner inconsistent with applicable law or this Privacy Notice. We may use your personal data to

1. Respond to inquiries
2. Supply requested information regarding Precision’s services and products
3. Allow you to participate in registration-only features of the websites when you choose to do so
4. Ensure that content from the websites is presented in the most effective manner for you and your computer
5. Maintain and monitor the quality of the websites and provide general statistics regarding use of the websites

Such processing of your personal information is based

• On your consent, when you voluntarily subscribe or provide us with personal data, eg, to receive information from Precision
• On Precision’s legitimate interest to monitor the audience and quality of its websites

On some website pages or apps, you may register to receive access to webcasts, updates, or information on specific services. These data are collected to provide you with the service.

3.1.2 Opting out:

Any marketing communications sent by Precision will have an automatic opt-out link at the bottom of each communication. You may elect to remove yourself from further informational communications at any time by selecting and confirming that link.

3.1.3 Website and app security:

While we do all that we can to safeguard the security of your personal data, the transmission of data over the internet is not completely secure, and therefore you do this at your own risk. Once we receive your personal information, we will implement strict security procedures to prevent unauthorized access.

3.1.4 Retention period:

Precision has a legitimate interest to retain personal data, collected from all users of the websites, for up to 8 years.

3.2 Potential Employees and Contractors

This section describes how we handle and protect your personal data in connection with our recruiting and prospective employment or contractor engagement processes and programs as well as past employee and contractor data processing. We will process your personal data in accordance with this Privacy Notice, unless such processing conflicts with the requirements of specific national law, in which case, that applicable law will prevail.

3.2.1 Personal data collected:

Personal data collected for recruitment and selection for an employment or contractor role will include name, address, email address, contact details, marital status, gender, passport details, driver’s license, qualifications, employment history, and professional registration as well as, where applicable, health conditions, including reasonable adjustments and occupational health advice.

In special and legally justified circumstances, we may also process further data about you and conduct background checks, including criminal convictions, credit history, ethnicity, and philosophical beliefs.

3.2.2 Use of personal data collected:

We collect and use personal data for recruitment and selection purposes. This includes reviewing CVs and/or applications to make a decision to invite candidates for employment or for a contractor role or to conduct interviews or pre-engagement checks prior to offering a contract of employment.

Such processing is based on:

• Your consent; you voluntarily submit an application and/or CV to a job posting and would like to apply for the position
• Precision’s need to take action based on your request, to enter into an employment contract or contractor relationship with Precision or one of its affiliates
• Legitimate interests to monitor equality and diversity in our workforce

3.2.3 Data retention:

If you accept an employment or contractor offer, any relevant personal data collected during your pre-engagement period will become part of your employment records and/or contractor documentation and will be retained in accordance with specific country requirements. However, in any other event, we will retain your personal data for up to 12 months following the submission of an application.

3.2.4 Retention of personal information of past employees and contractors:

Once employment or contractor engagement has ended, Precision will retain records under a legal obligation. We will keep such information as pension records, basic staff records to allow for factual verification, name, email address, telephone number, address, date of birth, and national government identifiers. Employment and social security laws in countries of your engagement might require us to keep your data for longer periods, and we will retain this information following the pension regulator retention schedule.

3.3 Key and Digital Opinion Leaders (KOLs), Consultants, Experts, and Stakeholders in the Area of Life Sciences Industry and Precision Services (Industry Professionals)

This section describes how we use the personal data we may receive, either directly from you, or from third parties, including social media portals and websites, in connection with your qualifications and skills, professional publications, and expertise as well as comments made by you or others in social media relating to life sciences–related publications and your professional opinions.

3.3.1 Personal information collected:

If you are a life sciences industry professional with expertise in the area of Precision services, including, in particular, HEOR, pricing, market and patient access, patient journey, marketing, omnichannel, brand launch and brand adoption, medical communication, or advancing cell and gene therapies, we collect personal information about you from publicly available sources. Personal data we process about you include your full name, professional address, picture, professional contact details (email and/or phone), professional qualifications, registrations or licenses, publications, and your professional social media activity details in the areas of your professional expertise.

3.3.2 Use of personal information collected:

We collect and retain your information in order to:

• Consider you for professional engagement or for invitation to professional meetings, conferences, congresses, or panels or to offer you advisory, consultancy, or speaker roles either directly by Precision or by our clients
• Provide it to our clients as a searchable database of professionals in whom they might be interested in contacting or hiring related to trials they may undertake

Such processing of the personal data is based on Precision’s legitimate interests in providing pertinent information to our clients relating to the industry activities they wish to undertake and in identifying suitably qualified professionals or professionals with a public profile that will best further their business cause.

3.3.3 Data retention:

Data are kept up to date constantly, and feeds are received from organizations such as X (formerly Twitter) and Facebook, where relevant comments and opinions are made by you in your area of professional expertise. Older data are discarded.

3.4 Investigators, Clinical Site Study Team Members, and Other Healthcare Professionals (HCPs) in R&D Area

This section describes how we use the personal data we may receive, either directly from you, or from third parties, in connection with the clinical trials we manage on behalf of our Sponsor clients. This applies to you if you are an Investigator,  clinical trial team professional or staff member at one of trial sites, a healthcare professional, or other expert active in R&D area with whom Precision wishes to collaborate with or who already works with us.

3.4.1 Personal information collected:

If you are an Investigator, a trial study team professional or staff member, healthcare professional or an expert active in R&D area we process the following personal information about you:

• Contact details – including your name, address and email address, phone
• employment history
• Professional qualifications, education, professional registrations and certifications, professional registration history as well as
• study, research and R&D experience information and access to selected patient populations
• affiliation with investigator networks, research consortia, and site management organizations.

The information we process may also include documents confirming your qualifications, experience, education, registrations or licenses.

If you are a healthcare professional or an expert, we process your name and contact details.

3.4.2 Use of personal information collected:

We collect and retain your information based on the following legal basis:

• Legitimate Interest – we are processing your personal data based on our legitimate interests to
  • consider you for professional engagement, in the present and future, clinical trials, studies, R&D projects and research activities undertaken by our Sponsor clients
  • provide our Sponsor clients a searchable database of professionals with whom they might be interested in contacting and hiring for clinical trials, studies, R&D projects and research activities they may undertake
  • assess feasibility of clinical trials, studies, R&D projects and research activities being conducted, and whether there is enough research staff available with relevant expertise and interest in participation in specific study sites
• Legal obligation – we are processing your personal data to ensure the safe operations of clinical trials, studies, R&D projects and research activities by staff with the appropriate qualifications, including the substantial public interest in ensuring providing high standards of safe healthcare (provision of safe medications)

3.4.3 Data retention:

Once the trial is completed, the personal information will be collected and sent in a “trial master file” to the Sponsor of the trial, where it will be kept for 25 years in order to comply with clinical trial regulations.

If we directly employ you, we will retain your personal data for 7 years after you have left our employment.

For our Investigator database, we will retain your personal data for 2 years.

3.5 Study Participants and Patients Involved in Clinical Trials

3.5.1 Personal information collected:

Name, date of birth, address, bank details for expenses, contact details, ethnicity, physical and mental health, and trial participation number

3.5.2 Use of personal information collected:

For trial recruitment purposes, we use our Patient Recruitment Databases to match patients to clinical trials and research projects based on the individuals’ areas of medical interest.

Once you become part of a trial, we use your personal data to carry out our clinical trial functions on behalf of our Sponsor clients, including monitoring your safety and the quality of the research data.

Your personal data will only be sent to us for these purposes in a pseudonymized form, which means that any direct identifiers, such as name and contact details, are replaced with an identification number known only to your trial site.

We are also required to monitor and report to regulatory authorities when you may have become poorly or adversely affected by the medication you have been provided with as part of the trial. This is a legal obligation on our part, and we may need to provide all your personal data, including your name and address, for this purpose. It is part of the trial regulations and the laws of all countries where trials take place that this information is shared.

The processing of personal data described in this section is based on:

• Our contract with our Sponsor to manage and monitor conducting the clinical trials
• (Where we are jointly responsible for a trial; called “joint controller”) Our legitimate interests in managing and running a clinical trial to investigate and bring a product to market safely and effectively, as well as for the purposes of medical research where we have an approved protocol from the regulators in the country where the trial takes place
• A legal obligation under which we are required by law to report to regulatory authorities

3.5.3 Data retention:

Once the trial is completed, all your personal information will be collected and sent in a “trial master file” to the Sponsor of the trial, where it will be kept for 25 years in order to comply with clinical trial regulations.

Where we are controller and responsible for the trial master file, the same retention will apply.

3.6 Existing and Potential Clients, Vendors, and Suppliers, Client and Vendor Personnel, and Contract Signatories

3.6.1 Personal information collected:

Name, work email address, contact details such as telephone number and corporate address, and further details required to identify you as contract signatory (eg, date of birth, personal ID number, or passport number) as well as interaction history between you and Precision, your professional interest, and areas of interest within which we may provide you with relevant information about Precision services and products.

3.6.2 Use of personal information collected:

We collect personal information for the following purposes:

• To manage the relationship between ourselves and clients or potential clients and to ensure the efficient and proper collaboration between our organisations
• To manage the relationship between our suppliers and to ensure the efficient and proper collaboration between our organisations
• To prepare and execute a contract between you, your company, or entity you represent as signatory

Our processing of personal data in this section is based on our legitimate interests in running and operating our business

3.6.3 Data retention:

For the purpose of project management and financial records, Precision will retain personal information relating to their clients and employees of suppliers and organisations associated with client projects. The information retained will be name, work email address, address, and work telephone numbers. Under their contract, Precision will retain these records for up to 8 years, following the last payment or last supply under their contract.

Similarly, Precision will retain records of potential clients for sales, marketing of services, and invitation to events if given consent to do so. The data will be retained for up to 2 years from the last contact and include the potential client’s name, email address, telephone number, organisation, and job title.

3.7 Speak Up Program and Compliance Investigations

At Precision, we are committed to fairness, integrity, and respect for the law in every strand of our business activities. Precision encourages those who are aware of any actions that violate Precision Medicine Group Code of Business Conduct and Ethics, any Precision policy, law or regulation to speak up.

Precision has a Speak-Up Program where employees, contractors, vendors and all third parties can Speak up. When we receive a Speak Up report Precision will process personal data for the purposes of receiving and processing the report as well as conducting a compliance investigation in order to resolve the issue. We take all necessary steps to process personal data securely and in line with the laws and regulations applicable.

3.7.1 Use of personal information collected:

When we receive Speak Up report and conduct a compliance investigation, we will use personal data in the report and in the investigation documentation only to analyse the report, ethics, compliance and legal issues it concerns, review its factual correctness and in order to determine whether any allegations brough forward is substantiated.

We may consult experts, law firms, forensic investigators or other specialized third parties to process the report and support the investigation. In either case, anyone involved in the process will receive personal data only if and to the extent necessary to resolve the issue.

3.7.2 Data retention:

When facing a compliance investigation, we will retain its records for as long as necessary to ensure compliance with laws and regulations. We will keep Speak Up reports and compliance investigation information for minimum 7 years. After that period personal data will be deleted unless law requires Precision to retain such information longer.

4. Sharing Disclosure and Retention of Personal Data

4.1 How We Share and Disclose Information to Third Parties

Personal information will be shared within Precision, companies working as agents of Precision, and third parties only on a “need-to-know” basis to meet stated legitimate business purposes. Access to databases and folders containing personal information is restricted to appropriate staff. Precision does not trade or sell personal information. Under some circumstances, Precision may be required by law enforcement or judicial authorities to disclose certain personal information as part of investigations or for litigation purposes. Precision may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Precision’s assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding.

Companies working as agents of Precision are required to sign “processor” and/or confidentiality agreements, in which they will commit to processing only personal information consistent with contracted purposes and to apply appropriate organizational and technical security safeguards.

If disclosure of your personal information under the conditions above involves the transfer of your personal information to countries that were not recognized as providing an adequate level of protection of personal information pursuant to the rules applicable in your country, Precision will set up appropriate guarantees to secure your personal information in the context of such transfer, including but not limited to Standard Contractual Clauses.

Precision may disclose personal information, to the extent necessary, if required to do so to comply with legal obligations by law enforcement or regulatory and other governmental agencies or if required to do so by court order.

4.2 International Data Transfer Outside of the European Economic Area (EEA) and the United Kingdom

4.2.1 General principles of international data transfers:

There will be times where your personal data will be transferred to Precision companies, service providers, or our clients (Sponsors) located in countries outside the EEA and UK. Precision will ensure that appropriate safeguards are in place by using EU Standard Contractual Clauses or will rely upon another EU/UK-approved data transfer mechanism. This will also include measures to ensure personal data are transferred and reside securely, eg, using industry-standard encryption.

4.2.2 Transfers to the US under the UK-US/EU-US and Swiss-US Data Privacy Framework:

Precision Medicine Group, LLC, (Precision) complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF)—henceforth collectively referred to as “the DPF”—as set forth by the US Department of Commerce.

Precision has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. Precision has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF.

If there is any discrepancy between the terms in this privacy policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, when we transfer personal data to a third party, we retain responsibility for the processing of the personal information they receive as well as onward transfers of your personal data. We shall remain liable if the third party processes the personal information in a manner inconsistent with the DPF Principles, unless we have proved that we were not responsible for the event giving rise to any damage caused.

Dispute resolution

In compliance with the EU-US DPF and the UK Extension to the EU-US DPF and the Swiss-US DPF, Precision commits to resolve DPF Principles–related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF should first contact Precision’s Privacy team as indicated in section “Contact and Complaints” of this Notice.

Choice

If Personal data covered by this Privacy Notice is to be used by Precision for a new purpose that is materially different from the purpose for which it was originally collected or later authorized, or is to be disclosed to a third party in a manner not specified herein, Precision will provide you with an opportunity to choose whether to have your Personal data so used or disclosed.

Requests to opt out of such uses or disclosures of Personal data should be sent to Precision in a manner specified below in section “Contact and Complaints”.

Personal data that is considered “sensitive” or “special category” will not be used by Precision for a purpose other than the purpose for which it was originally collected or subsequently authorized by you unless Precision has received your affirmative, unambiguous and explicit consent. Such “sensitive” or “special category” Personal data includes information about your health, medical conditions or treatment, genetic or biometric data, racial or ethnic origin or trade union membership.

Investigatory powers

Precision is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Binding arbitration

Individuals may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information, please see Annex I of the framework: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Precision Affiliates covered by the DPF

The following Precision affiliates are covered by the DPF held by Precision:

• Project Farma LLC
• PRECISIONadvisors Group, Inc.
• PRECISIONeffect, Inc.
• PRECISIONheor, LLC
• PRECISIONscientia, Inc.
• PRECISIONvalue (Chicago), LLC
• PRECISIONvalue (Los Angeles), LLC
• PRECISIONvalue (New York), LLC
• PRECISIONVALUE NEW JERSEY, LLC
• PRECISIONvalue, LLC
• Stern Investor Relations, Inc.
• Precision for Medicine, Inc.
• Precision Medicine Group, LLC
• Precision for Medicine, LLC
• Precision Regulatory and Translational Sciences, Inc.
• PRECISIONxtract, Inc.
• PRECISIONvalue 230, LLC
• PRECISIONvalue (Indianapolis), LLC
• Precision for Medicine (TX), Inc.
• Precision Biospecimen Solutions, Inc.
• Precision AQ, LLC

4.3 Data Retention Period

Your personal information is retained by Precision for no longer than is needed for the performance of the respective purpose of its processing as described under this Privacy Notice. It may, however, be retained for a longer duration, as an archive, for proof management in the prevention of any claim.

5. Cookies Linking and Security

5.1 Cookies and Other Anonymous Web-Tracking Methods

Various methods can be used to provide tailored information to you from a website, including one called “cookies.” A cookie is a small data file that a website you visit may save on your computer or handheld device that usually includes an anonymous unique identifier. Precision uses cookies and web server logs to assist in the collection of site usage statistics. This information may include personal information including the date/time of visits, specific pages viewed, time spent browsing our websites, and the websites visited immediately before and after visiting our websites. Our websites will ask for your permission through a “cookie banner” to store cookie files on your computer/handheld device. Note also that most internet browsers allow you to erase cookies from your hard drive, block all cookies, or receive a warning before a cookie is stored. Refer to your browser’s help files to learn more about these functions.

In particular, Precision may use session ID cookies and persistent cookies. Session ID cookies may be used to personalize and improve your user experience while viewing our websites. Session ID cookies are deleted from your hard drive when you terminate your browser session. Persistent cookies may be utilized to collect nonpersonal information in the form of IP address, internet service provider (ISP), your browser type, platform type, web page navigation, and date/time stamp.

Your IP address is utilized so that we can send you data such as the web pages you have requested, and we may use your browser and platform type to ensure that the data we send to you are properly formatted and displayed. We may aggregate this information with data on the pages visited by other users to track page navigation, site usage, and overall user behaviours associated with our websites. These data aid in our understanding of how users are using our websites in terms of page navigation and most frequently requested site pages. Understanding this information enables us to provide you with improved site use and functionality.

5.2 Linking

Our websites may contain hyperlinks allowing you to access other websites owned by us and our affiliated companies. Our websites may also contain hyperlinks to websites owned by our third-party vendors, distributors, and providers (“linked websites”). We may provide hyperlinks to the linked websites to enable you to conveniently access websites that may be of interest to you. However, once you click on a hyperlink that transfers you from our websites to a linked website, Precision is not responsible for the privacy practices or the content of such linked website.

5.3 Security

We are committed to protecting the privacy and security of all the personal data we process. Precision endeavours to protect against the loss, misuse, and alteration of your personal data. We have ensured that technical and procedural measures are in place to protect all information that we receive. Our technical infrastructure uses industry-recognized commercial security products, including vulnerability monitoring and encryption of data at rest and in transit. It should be understood, however, that no method or procedures for securing transmission or storage of data can be claimed to be 100% secure. While we utilize commercially acceptable technology and take reasonable precautions to protect your information, we do not guarantee its absolute security.

6. Your Personal Data Rights

As per applicable data protection laws and regulations, including GDPR chapter 3, your rights regarding our processing of your personal information are outlined below. You may exercise these rights by contacting Precision at the following email address: privacy@precisionmedicinegrp.com. Please attach to your request a copy of a valid ID document or evidence of authority to act signed by the data subject; we will retain that copy only for the time necessary to verify your identity or authority.

6.1 Right of Access

You may request access to your personal information that is processed by Precision. In that case, we will provide you with a copy of all of your personal information we retain as of the date of your request, together with all mandatory information regarding the processing of this data, namely

• The categories of collected and processed personal information
• The purposes of its processing
• The categories of data recipients
• The data retention period
• Information regarding your rights as a data subject
• Your right to data portability

6.2 Right of Rectification

You have a right to request correction of your personal information if said personal information appears inaccurate, incomplete, or outdated.

6.3 Right to Erase Your Personal Data (Right to Be Forgotten)

You may request the erasure of your personal information from Precision’s and its processors’ servers and files in the following cases:

• Your personal information is no longer necessary for the purposes for which it has been collected and processed
• You have withdrawn your consent pursuant to the “Right to Withdraw Consent” section, and there is no other legal basis for the processing
• You have objected to the processing of your personal information pursuant to the “Right to Object to Processing” section
• The processing of your personal information is illicit
• Your personal information must be erased by Precision to comply with its legal obligations
• You were a minor at the time of collection of your personal information on the websites

If that personal information has been shared with third parties, Precision shall inform these third parties of your erasure request, to the extent that it is feasible.

6.4 Right to Object

For processing activities described under this Privacy Notice that are based on either

• Precision’s or a third party’s legitimate interest or
• Performance of a task carried out in the public interest or in the exercise of official authority vested in Precision,

you have a right to object to such processing on grounds relating to your particular situation.

6.5 Right to Limitation of Processing

You may request the limitation of the processing of your personal information in any of the following cases:

• You requested correction of your personal information pursuant to the “Right of Rectification” section above, for the duration necessary to check that personal information
• Processing is illicit and you prefer to limit it rather than erasing the concerning personal information
• You want Precision to retain your personal information for you to use it in the context of a judicial claim
• You have objected to the processing of your personal information by Precision pursuant to the “Right to Object” section above, for the period necessary for Precision to assess the grounds relating to your particular situation

Precision will accordingly cease to process the concerning personal information and retain it for the appropriate duration.

6.6 Right to Withdraw Consent

For those processing activities described under this Privacy Notice that are based on your consent, you have a right to withdraw that consent at any time, without justification.

6.7 Right to Data Portability

For those of the processing activities described under this Privacy Notice that are based on your consent or on their necessity for our performance of a contract to which you are a party, you also have a right to data portability.

This right differs from the right of access in that

• It covers only personal information Precision collected from you
• It allows you to obtain a copy of your personal information in a structured, machine-readable format

The right to data portability allows you to request transmission of such personal information to another data controller, at your own choice, to the extent that it is technically feasible.

6.8 Right to Lodge a Complaint with a Supervisory Authority

You also have a right to lodge a complaint relating to the processing of your personal information by Precision with the competent supervisory authority in your country.

6.9 Automated Decision-Making

You have a right not to be subject to automated decision-making and profiling and will be notified where this occurs.

7. Contact and Complaints

7.1 Contact Information

Questions or comments regarding this Notice should be submitted to Precision’s Privacy Office by mail to:

Precision Medicine Group, LLC
Attn: Privacy Office
2 Bethesda Metro Center, Suite 850
Bethesda, MD 20814

Precision’s Data Protection Officer (DPO) for European Union, European Economic Area, and United Kingdom is Amy Ford of Kaleidoscope Consultants Limited, East Side, Kings Cross, London, United Kingdom, N1C 4AX. Both Precision’s Privacy Office and the DPO can be contacted by e-mail here: privacy@precisionmedicinegrp.com

Precision has also appointed the European Union, European Economic Area, and United Kingdom Privacy Representative, who is available at:

krzysztof.mazurek@precisionmedicinegrp.com
+48798822463

Precision’s Data Protection Officer for the United States is Andy Seale
andy.seale@precisionmedicinegrp.com
1-603-5542336

7.2 Complaint Information

If you are unhappy with how we process your personal data, and after you have first made a complaint to us, you can complain to your local data protection regulator. Here is a list of countries and contact details of the relevant supervisory authorities: European Data Protection Board for Europe and Information Commissioner’s Office (ICO) for United Kingdom.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Precision commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF

Precision will retain personal information of complainants as a legitimate interest for 8 years, including their name, contact details, and any other relevant information given.

8. Your Rights Under the US Privacy Laws

This section describes how to exercise your rights under United States of America state level privacy legislation, including the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act, the Connecticut Data Privacy Act, the Colorado Privacy Act, or the Utah Consumer Privacy Act. We call those laws collectively the “US State Privacy Laws.”

Generally, Precision does not conduct consumer relevant business, does not target consumers with its service or product offerings, does not conduct consumer profiling and does not trade or sell personal data, which would be the requirement for most US State Privacy Laws to be applicable. However, if You believe any of the US State Privacy Laws applies to Your interaction with Precision this Section will help you understand more about those US State Privacy Laws and contact Precision with Your request.

The rights in this section apply only to residents of the states included in the US Privacy Laws. The residents of those states have in general the following rights:

Right to Know and Access. The right to know and access the following information

1. The categories of personal data we have collected about you
2. The categories of sources from which we collected the personal data
3. Our business or commercial purposes for collecting or sharing personal data
4. The categories of third parties to whom we share personal data
5. The specific pieces of personal data the business has collected about you

Data Portability. The right to receive your personal data in an electronic format that allows you to transmit your personal data to another entity without hindrance

Correction or Deletion. The right to ask us to correct or delete the personal data we have collected from you

Opt-Out of Sale or Sharing. The right to request to opt out of certain sharing of your personal information for cross-context behavioural advertising purposes or to opt out of the processing of your personal information for targeted advertising. To exercise these rights, you may submit a request outlined in “Exercising Access, Data Portability, Deletion, and Opt-out Rights.”

Right to Withdraw Consent. Where our processing of your personal data is based on consent, you have the right to withdraw consent at any time.

We reserve the right to deny requests in certain circumstances, such as where we have a reasonable belief that the request is fraudulent, where your identity cannot be confirmed, if applicable, where we must retain your information to comply with legal obligations, or others provided for under relevant US State Privacy Laws. Consumers in some states may also authorize an agent to make data subject requests on their behalf.

Exercising Access, Data Portability, Deletion, and Opt-Out Rights

To exercise the access, portability, deletion, or opt-out rights described above, please submit a verifiable consumer request to us by one of the following methods:

• Email: privacy@precisionmedicinegrp.com
• Mail:2 Bethesda Metro Center, Suite 850
  Bethesda, MD 20814

Only you or a person  whom you authorize to act on your behalf may make a verifiable  request related to your personal information. You may also make a verifiable c request on behalf of your child, if your child is a minor.

The verifiable  request must

• Provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of the person we collected personal information on
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable  request does not require you to create an account with us. We will only use personal information provided in a verifiable  request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavour to respond to a verifiable  request within 30 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, according to your preference. Any disclosures we provide will only cover the 12-month period preceding the verifiable  request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable  request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-discrimination

We will not discriminate against you for exercising any of your US State Privacy Laws rights. Unless permitted by the US State Privacy Laws, we will not

• Deny you goods or services
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services