Holmed Group

Privacy Policy
Last Updated: 1. Why do we have this policy? Holmed Group and its affiliated Companies (collectively “HOLMED GROUP” “us”, “we” and “our”) understand the importance of safeguarding your personal data and appreciate your trust in us and in our capacity to do so safely and responsibly. This privacy policy explains what information we collect and describes procedures with respect to the collection, use, transfer, disclosure and protection of personal data collected. It provides the foundation for responsible engagement, interactions and use of information about people: 1) Respect for individual privacy expectations, 2) building and preserving trust, 3) preventing privacy harms, and 4) compliance with the letter and spirit of privacy and data protection laws. 2. Who needs to follow it? This Policy applies to all employees at Holmed Group. 3. What do you need to know/do? 3.1. How Data is Classified: ❖ Data is divided into four main categories, to help us in managing data security, compliance, and accessibility: ❖ Public data is information that can be freely accessed and distributed without any risk of harm to the organization or individuals. This typically includes information that is already in the public domain such as job posting. ❖ Internal data is information that is not sensitive but is intended for use within the organization such as internal policies. ❖ The unauthorized disclosure of internal data is not likely to cause significant harm; it is still managed with a basic level of security to maintain organizational privacy and efficiency. ❖ Confidential data is sensitive information causing harm if disclosed. Examples include trade secrets, customer information, a financial record. ❖ Access to confidential data is restricted within the organization for those who have a legitimate need to know, and it is protected with higher security measures, such as encryption and strict access controls. ❖ Restricted data is the most sensitive data and requires a high level of security. If disclosed, it could cause significant harm even legal issues. ❖ Examples of restricted data is personally identifiable information (PII), health records, or sensitive government data. To handle restricted data, the organization should implement strict compliance requirements and employ advanced security measures and strict access controls to safeguard this information. 3.2. Data Privacy Laws: At Holmed group, we follow the Data Privacy Laws’ requirements and ensure that the data notification and processing regulations are strictly abided by. ❖ Transparency and Lawfulness: Any Personal Data collected is processed in a lawful, fair and transparent manner. ❖ Purpose limitation: The Personal Data is collected for specified legitimate purposes and not further processed in an incompatible manner with those purposes. ❖ Data minimization: Personal Data collected are adequate, relevant and limited to the specific purposes for which they are processed. ❖ Accuracy: Personal Data collected is accurate and kept up to date. Inaccurate Personal Data should be immediately rectified or deleted. ❖ Storage limitation: Personal Data is kept for the purposes for which the personal data is processed for no longer than is necessary. ❖ Confidentiality and Security: Personal Data is processed in a manner that ensures its security including protection against unauthorized processing and against accidental loss or damage. This is applicable by using the necessary technical or organizational measures. ❖ Accountability: We are accountable for the proper processing of personal data and compliance with all the applicable rules and regulations. 3.3. What Data do we collect ❖ During our interaction with you, the data that we collect, and process is your personal data in case you are a job applicant, employee, third party, health care professional, health care organization, patient, researcher or other professionals. ❖ Personal Information is any information that will identify you as an individual or relates to you as an identifiable individual (“Personal Data”). ❖ Holmed Group respects the personal data that you share and ensures that it is protected and processed aligned with global data privacy regulations and Lebanese local Laws. 3.4. How we collect and process your Personal Information ❖ We collect your Personal Data from you directly, from your application, from a third party rendering us a service, and in many instances when you Browse or visit our website. ❖ We may collect your personal information such as name, business address, mail address, preferred method of contact. ❖ We may collect your sensitive information if you are an employee. ❖ We may collect your personal Data such as name, business address, mail address, government affiliation when we interact with you for a service or support as Health care professional or other. ❖ We may collect your personal and non-personal information, which includes your session durations, the content you accessed on our website, the frequency and scope of your use of the website and information about your computer and internet connection including the operating system you use and browser type when you are on Holmed Group platforms or website. ❖ We also may collect information about you through cookies and analytic tools for necessary, analytics purposes. 3.5. Why we collect your Personal Data ❖ We collect your Personal Data to respond to your specific request or enquiry and provide you with the services you wish to receive. The collection of such information will enable us to provide you with technical and professional assistance. ❖ We will collect your data as well so we can interact with you and provide you with information on our products, marketing updates and services. ❖ If you subscribe to our mailing list (when available), we will use your data in order to send you newsletters and updates as well as to update you on marketing and other events that we organize You can choose to unsubscribe from our mailing list at any time by clicking the "unsubscribe" link in the relevant communication or when you do not consent. Our legal basis for collecting your Personal Data is that processing is necessary to action your request prior to entering into a contract and/or our legitimate interest (e.g., to respond to your request). ❖ We may share this information with third party platforms, such as email platforms and/or hosting provider. ❖ As a candidate employee, we collect your Personal Data when we process job applications and assess you as a candidate. ❖ Our legal basis for collecting this information is that processing is necessary for the performance of a contract to which you will be a party or prior to entering into a contract, and legitimate interest (e.g. to assess your suitability as a candidate). ❖ We may share this information with third party platforms, such as recruitment software, email platforms and/or hosting providers. ❖ Your knowledge and consent are required for the collection, use or disclosure of Personal Data. Providing us with your Personal Data is always your choice, as you have the option of not providing your Personal Data when asked to. ❖ In case you share with us personal information regarding other individual, you acknowledge that you have the authority to do so and acknowledge that this data will be processed as per this operating procedure. 3.6. Why we use your Personal Data digitally We may use your Personal Data digitally for various purposes: 1) To interact with you professionally whether by sending you scientific information, inform you about therapeutic areas and others. 2) To interact with you professionally in the scope of service you are providing to our company. 3) To provide and maintain our website and keep it secure. 4) To allow you to participate in interactive features of our services. 5) To provide analysis or valuable information so that we can improve our services. 6) To provide customer care and support. 7) To provide you with news, special offers and general information about other goods, services and events which we offer. 8) To provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information). 3.7. What notice we will provide you ❖ Prior to collecting, using, or sharing Personal Information, we define and document the specific, legitimate business purposes for which it is needed, and we collect the minimum requested information taking into consideration full transparency and ensure that processing of this Personal Information will not result in a likely and/or severe risk of tangible or intangible harm to individuals. ❖ We ensure that you are informed of the purpose of the data collection, what data we are collecting, how long it will be retained and your right to access it and respond accordingly. 3.8. How we disclose your Personal Data or share it ❖ We are committed to maintaining your trust, and we want you to understand when and with whom we may share your Personal Data that we collect. We are committed to applying all security measures so that the data transfer will be protected from unauthorized access, and to store this data on our server within the country. ❖ We may share your Personal Data for the purposes set out in this Privacy Policy. ❖ We may also share aggregated or anonymized information in a form that does not directly identify you. Any third parties with whom we share personal data are contractually required to implement appropriate data protection and security measures to protect personal data and are not permitted to use personal data for any purpose other than the purpose for which they are provided with or given access to personal data. ❖ We may share the data through Links to other sites. Our website may contain links to other third-party sites that are not governed by this Privacy Policy. Although we endeavor to only link to sites with high privacy standards, our Privacy Policy will no longer apply once you leave our website. Additionally, we are not responsible for the privacy practices employed by thirdparty websites. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed. ❖ We may share the personal data with our corporate affiliates. We may also share Personal Data with our business partners, suppliers and local distributors with whom we collaborate to offer products or services. ❖ We may share the personal data in case of Disclosure of Data for Legal Requirements. Under certain circumstances, HOLMED GROUP may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). ❖ We may share the personal data with your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction. ❖ Our website may use a tool called “Google Analytics” to collect information about use of the website. Google Analytics collects information such as how often users visit this website, what pages they visit when they do so, and what other websites they used prior to coming to this website. We use the information we get from Google Analytics to maintain and improve the website. We do not combine the information collected through the use of Google Analytics with Personal Information we collect. 3.9. How We Transfer Personal Data ❖ We will generally take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. ❖ We have different transfer methods o Internal Transfers: Transfers within HOLMED GROUP are covered by an internal processing arrangement which ensures that your Personal Data receives an adequate and consistent level of protection to whomever it is transferred. o External Transfers: Where we transfer your Personal Data outside of Lebanon (for example to third parties who provide us with services). 3.10. How we provide Security for Personal Data ❖ Your Personal Data will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your Personal Data from any loss or unauthorized use, access or disclosure by different methods such as access on need basis, password protection, encryption. ❖ However, keep in mind that sending over the internet is not fully secure and hence no matter how we strive to protect your personal information, we cannot guarantee its absolute security, especially when it comes to pirating, or hacking or theft. 3.11. How long we will retain your personal Data ❖ We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations). 3.12. How you can access your personal information ❖ In all communications with us, please include the email address used and where it applies the website address, mobile application, or the specific program to which you provided Personal Information. ❖ Should you request change, deletion or correction of your data, you will be able to contact us through the recommended channel compliance@holmedgroup.com. We will ensure that your request is completed. 3.13. How we will respond to privacy incidence: ❖ We will promptly respond to and escalate all privacy-related questions, complaints, concerns and any potential privacy Incident or security incident. ❖ We expect that our employees, and others who work on behalf of our Group of companies, provide prompt notice if they have a reason to believe that a complaint or concern raised by an Individual regarding privacy or any privacy incidence happened by reaching us on: compliance@holmedgroup.com. 3.14. How to Speak UP: ❖ Holmed Group of companies operates with integrity; it is the responsibility of any employee to report any conduct that could put our reputation at risk. If you see or suspect a misconduct, unethical or illegal activity while interacting with Vendors and third parties, you must talk to your manager, another Company resource (e.g., Compliance, Human Resources) or, where permitted by law, Speak Up at: compliance@holmedgroup.com and your questions or concerns confidentially without fear of retaliation will be addressed. 3.15. When to revise and Update this Privacy Policy: ❖ The Privacy Policy may be updated from time to time, at our sole discretion, by posting a new privacy policy and by updating the date at the top of this Privacy Policy page. ❖ This policy will be revised every three years or whenever major changes occur.

HOLCOM Bldg. 460 Corniche Al Nahr, Beirut, Lebanon

info@holmedgroup.com

+961 1 595 100

+961 1 595 195

For any inquiries regarding the ABAC policy, code of conduct, or to submit a complaint, please send an email to:

compliance@holmedgroup.com