Privacy Policy

Image

1. OBJECTIVE

This privacy policy/ document, is intended to inform you on the types of information that is collected and recorded by APCER Life Sciences and how we collect, define, and use personal data that you provide, when using our websites and social media platforms or when relying on our services.

We use Your Personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy is intended to inform you about the types of personal data that APCER Life Sciences (“APCER”, “we”, “us”) collects or receives, how we collect it, and how we use, share, store, retain and protect it when you use our websites and social media platforms, communicate with us as a prospective or existing client/service provider/partner, apply for employment opportunities, or where applicable, when APCER processes personal data in the course of delivering services to its clients (including regulated safety/pharmacovigilance activities).

This Privacy Policy will primarily help you understand:

  • The nature of information we collect (or receive) from you
  • The sources from where your information is collected (Including the cases where personal data is not directly collected from you)
  • The purposes for which your information is processed and the lawful grounds for such processing
  • The manner in which your information is collected, stored, used and processed
  • The rights that can be exercised by you and how you can contact us.

2. SCOPE

This Policy applies to all individuals whose personal data is processed by APCER, including (as applicable) website visitors, clients and prospective clients (and their representatives), service provider(s) (and their representatives), job applicants, webinar/event participants, and any other individuals who provide personal data to APCER or whose personal data APCER may receive in the course of delivering services.

When APCER processes personal data on behalf of its clients as a service provider (i.e., acting as a data processor), such processing is performed in accordance with contractual obligations and documented client instructions, in addition to applicable law.

3. BASIC TERMS

Sr. No. Terms Definition
1. Personal Data Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
2. Data Subject/ Data Principal (India) A data subject is the individual whose personal information is being collected stored or processed.
3. IP Address An Internet Protocol address (IP address) is a logical numeric address that is assigned to every single computer, printer, switch, router or any other device that is part of a TCP/IP-based network.
4. Data Controller/ Data Fiduciary (India) A data controller is a person, company, or other body that determines the purpose and means of personal data processing (this can be determined alone, or jointly with another person/company/body).
5. Machine Readable Format Data in a structured format that can be processed by a computer system, such as CSV, JSON, or XML (or other commonly used structured formats, as applicable).
6. Data Processor Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
7. Personal Data Breach A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

4. ABBREVIATIONS

Abbreviation Meaningful Form
DPO Data Protection Officer
TCP/IP Transmission Control Protocol / Internet Protocol
ICO Information Commissioners Office

5. ROLES & RESPONSIBILITIES

  • Data Controller / Data Fiduciary (as applicable) : APCER Life Sciences Limited, 4th Floor, 22 Eastcheap, London, EC3M 1EU, United Kingdom
  • APCER group entities include APCER Life Sciences, Inc., US; APCER Life Sciences Limited, UK; APCER Life Sciences Limited, Hong Kong; and APCER Life Sciences India Limited. Depending on the context and geography, the relevant APCER entity may act as controller/data fiduciary (for its own processing) or as processor/service provider (when processing on behalf of clients). Data Protection Officer (DPO) Contact Details: We envisage protecting and safeguarding your personal data and in lieu of the same, our nominated representative is Dr. Vineet Kacker. Dr. Vineet Kacker can be reached at DPO@apcerls.com.
  • Grievance Officer (India – DPDP): For individuals in India (or where India DPDP applies), the DPO also serves as APCER’s Grievance Officer. Grievances/complaints and rights requests may be submitted to DPO@apcerls.com.
  • EU Representative: APCER has appointed Dr. Frank Laschewski to act as our EU representative based out of Germany. If you are based in the EU and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries about your rights or general privacy matters, please email our representative at eurepresentative@apcerls.com.
  • EU Representative Contact Details: Promenade 7 (Kornelius-Center), 52076 Aachen, Germany
  • Supervisory Authority Details: Information Commissioner’s Office (“ICO”). Email address: casework@ico.org.uk

6. INTRODUCTION

APCER Life Sciences is committed to improving health in partnership with its clients. We bring together safety, medical, regulatory, and technology resources to support the safest and most effective therapies.

APCER group entities include APCER Life Sciences, Inc., US; APCER Life Sciences Limited, UK; APCER Life Sciences Limited, Hong Kong; and APCER Life Sciences India Limited (collectively “APCER”, “we”, “us”, “the Companies”).

This policy (together with our Website User Agreement and any other documents referred to on it) sets out the basis on which personal data we collect from you, or that you provide to us, will be processed by us.

Our Privacy & Data Protection Program (Assurance Overview)

APCER maintains a structured privacy and data protection program designed to align with applicable data protection laws and client expectations. Our program includes:

  • Governance and accountability through a designated DPO contact channel;
  • Privacy-by-design practices for new or changed processing activities;
  • Data lifecycle controls such as purpose limitation, data minimisation, retention and secure disposal;
  • Technical and organisational security measures to help protect personal data;
  • Third-party/service provider governance through confidentiality and data protection obligations; and
  • Incident response processes to manage personal data breaches in accordance with applicable legal requirements.

APCER undertakes to adopt appropriate measures to prevent misuse of personal data. We process personal data only where there is a lawful basis (such as consent where required, contractual necessity, legal obligation, or other lawful grounds, as applicable).

7. Data Collection

We may collect and process the following data:

7.1 Personal Data

Personal data means any information that relates to an identified or identifiable individual. We may collect personal data that you provide directly (e.g., via website forms, registrations, inquiries, recruitment/job applications, or customer support). Examples may include name, postal address, email address, phone number, nationality/country and other information submitted through our forms or communications.

Where personal data is collected through online forms, registrations, subscriptions, or inquiries, APCER may obtain consent through an electronic acknowledgement or consent checkbox mechanism prior to submission of the information.

We may also receive business contact information in the course of business-to-business engagements (e.g., client/service provider points of contact) and may receive personal data in the course of delivering services to clients, subject to contractual and legal requirements.

7.2 IP Addresses

If you access our website, we may collect information about your device and connection, including where available your IP address, operating system and browser type, for system administration, security, and analytics. This information is typically used in an aggregated or statistical manner to understand website performance and usage patterns and to help provide a better browsing experience.

7.3 Cookies

We may obtain information about your use of our website through cookies or similar technologies stored on your browser or device. Cookies help us to operate the site, improve functionality, and deliver a better user experience. Some cookies are essential for the site to operate.

Where required by applicable law, non-essential cookies (such as analytics or marketing cookies) will be used based on your preferences (for example, through a cookie banner or settings). You can manage cookie preferences through browser settings and, where available, through our cookie preference tools.

For more information, please refer to our cookie policy.

For more details on how we use cookies, please visit our cookie policy available at: Cookie Policy - APCER Life Sciences (apcerls.com)

7.4 Third-Party Applications / Plugins

APCER may use third-party applications, plugins, analytics technologies, and tracking mechanisms on its website for purposes such as marketing, optimisation, and analytics. Depending on the tool, these third parties may collect or receive technical information (e.g., IP address, session identifiers, device/browser information, and website interaction data).

APCER remains committed to transparency regarding the use of such tools and the categories of information involved. For additional details on third-party tools integrated with the APCER website (including tool names, purposes, and categories of data potentially collected),

For additional transparency regarding the third-party tools, applications, plugins, cookies, analytics technologies, and tracking mechanisms integrated with the APCER website, including the categories of personal data and technical information that may potentially be collected or processed by such tools, please refer to “Third Party Applications/ Plugins in APCER Website” document available here: Third Party Applications/ Plugins in APCER Website

The list of tools and associated data categories may be updated periodically based on changes to website integrations, business requirements, technology updates, regulatory requirements, or vendor services.

The processing of personal data by the third-party applications/plugins does not fall under the scope of this privacy policy. To understand and learn more about how the third-party applications/ plugins process your personal data please refer to the list of third-party applications/ plugins and their respective privacy policies. s

7.5 Links to Other Websites

Our website may contain links to other websites that are not governed by this Privacy Policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. While we aim to link only to reputable sources, we are not responsible for the content, security, or privacy practices of third-party sites.

8. USING THE DATA

We use the personal data we collect or receive for a range of business purposes. Depending on the context and jurisdiction, APCER processes personal data based on one or more lawful grounds, which may include contractual necessity (e.g., to deliver services or manage business relationships), compliance with legal and regulatory obligations (e.g., pharmacovigilance and safety reporting obligations), legitimate interests (where permitted, e.g., for security and fraud prevention), and consent (where required for specific activities such as certain cookies or marketing communications).

We may use personal data:

  • To respond to your inquiries and fulfil your requests, such as to send you newsletters or marketing mailers or communication where permitted and processing job applications
  • To send administrative information to you, such as information regarding the services and changes to our terms and conditions, and policies.
  • To facilitate social sharing functionality were used
  • To operate, maintain and improve the services, including analytics and performance monitoring.
  • To deliver services and to carry out our obligations arising from contracts and business relationships.
  • To process reports on adverse events and perform pharmacovigilance/safety activities, including to meet statutory and regulatory obligations.
  • To carry out our obligations arising from any contracts we have entered into relating to your personal data.
  • As we believe to be necessary or appropriate:
    • under applicable law, including laws outside your state or country of residence.
    • to comply with legal process and to prevent, detect, or suppress abuse, fraud, or criminal activity.
    • to respond to requests from public and government authorities and self-regulatory organizations, including public and government authorities and self-regulatory organizations outside your state or country of residence.
    • to enforce our terms and conditions.
    • to protect our operations, assets, or interests or those of any of our affiliates.
    • to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and
    • to allow us to pursue available remedies or limit the damages that we may sustain.

9. CONSENT (WHERE REQUIRED) AND ACKNOWLEDGEMENT WITHDRAWAL:

This Privacy Policy describes APCER’s privacy practices. Consent is only relied upon where required by applicable law for specific processing activities (for example, certain non-essential cookies/analytics technologies and certain marketing communications). Where consent is required, APCER will obtain it through appropriate mechanisms such as consent checkboxes, cookie banners, preference settings, or other lawful means at or before the time of collection.

In many cases, APCER processes personal data based on other lawful grounds such as contractual necessity (e.g., providing services or managing business relationships) and legal/regulatory obligations (e.g., pharmacovigilance and safety reporting obligations), as applicable.

Pharmacovigilance / regulated safety processing: While providing services to its customers/clients or in meeting statutory and regulatory obligations as a PV service provider, APCER may process personal information of reporters and patients. Such personal data is processed strictly in compliance with applicable data protection regulations and solely for health and safety–related purposes, as mandated under relevant regulatory requirements.

Withdrawal of consent: Where personal data is processed based on consent, you may withdraw your consent at any time by contacting APCER at DPO@apcerls.com. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. Withdrawal of consent will apply only to processing that is based on consent and will not affect processing that is required or permitted under other lawful grounds (e.g., legal/regulatory obligations).

10. RETENTION AND STORAGE

APCER will retain personal data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law or contract. APCER applies retention and disposal practices designed to ensure that personal data is not retained longer than necessary.

High-level retention (illustrative; may vary by purpose and legal requirements):

  • Website inquiries and business communications: retained for a reasonable period to address the inquiry and maintain records.
  • Recruitment/applicant data: retained as required for recruitment administration and applicable legal requirements.
  • Client/vendor contractual records: retained for the contract term and as required for legal, audit, or regulatory purposes.
  • Pharmacovigilance/safety data: retained in accordance with applicable regulatory retention requirements.

Data will be deleted/destroyed/archived post the retention period in accordance with APCER’s data destruction mechanisms, applicable laws, best practices, sectoral guidelines, and contractual arrangements.

For more details on retention, please contact our DPO at DPO@apcerls.com.

11. DATA SUBJECT RIGHTS

Depending on applicable law and the nature of our relationship with you, you may request:

  • Access to and information about your personal data processed by APCER;
  • Correction of inaccurate or incomplete personal data;
  • Erasure of personal data, where applicable;
  • Withdrawal of consent where processing is based on consent; and
  • Grievance redressal / complaint handling.

Where required under certain laws, additional rights may apply (e.g., objection to certain processing or data portability). Where such rights are not applicable under a specific law or context, APCER will communicate that to you.

  • How to submit a request: To raise a request under this section or for clarification regarding your rights, please email DPO@apcerls.com.
  • Identity verification: For your protection, we may need to verify your identity before acting on your request.
  • Timelines: We endeavour to respond within timelines required by applicable law. Requests may take additional time depending on complexity and legal requirements.

Objecting to Legitimate Interest/Direct Marketing: Any data subject whose personal data has been collected may object to personal data processed pursuant to APCER’s legitimate interest. In such case, APCER will no longer process their personal data unless APCER demonstrates appropriate overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defence of legal claims. Natural persons also may object at any time to processing of their personal data for direct marketing purposes. In such case, their personal data shall no longer be used for that purpose. In cases of direct marketing, natural persons will be able to fulfil such rights directly via an ‘Unsubscribe’ link or similar mechanism (e.g.: device settings for push notifications)

Use of Services by Minors: APCER’s services are not directed towards minors. If you believe that personal data of a minor has been collected without appropriate oversight of a parent/guardian, please contact our DPO at DPO@apcerls.com.

Where processing of a minor’s personal data is required under applicable law, APCER will take appropriate steps to obtain verifiable consent of the parent/guardian and implement appropriate safeguards, as required.

12. SECURITY OF PERSONAL DATA

APCER implements technical and organisational measures designed to protect personal data from unauthorised access, disclosure, alteration, loss, misuse, or unlawful processing. These measures may include appropriate access controls, confidentiality obligations, security monitoring, and other safeguards suitable to the nature of the data and processing.

Please note that no method of transmission over the internet or method of electronic storage is completely secure; however, APCER endeavours to protect personal data using reasonable and appropriate security safeguards.

13. DISCLOSURE

We may disclose your information to any of our employees, officers, insurers, professional advisers, agents, partners, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy and for the purpose of providing services to you.

Your Personal data may be disclosed or transferred to the following entities. With the exception of our corporate affiliates and service providers, these entities are not controlled by us and Personal data disclosed to them is subject to the applicable entity’s privacy policy and security practices. Therefore, we encourage you to review the privacy policies of any entity whose products or services you purchase using the Services.

We may disclose your personal data to and for the following:

  • We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006
  • We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Companies, our customers, or others.
  • To our third-party service providers who provide services such as website hosting and webinars. The information we provide to third parties service providers is subject to confidentiality obligations and is intended to be used solely for the purpose(s) permitted thereby.
  • To identify you to anyone to whom you send messages through the Services. You may also choose to disclose your Personal data on chat, social media, blogs, and other services to which you are able to post information and materials. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public. We urge you to be very careful when deciding to disclose any information on the Services.
  • To a third party, in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings.
  • As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process and to prevent, detect, or suppress abuse, fraud, or criminal activity; (c) to respond to requests from public and government authorities and self-regulatory organizations, including public and government authorities and self-regulatory organizations outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, assets, or interests or those of any of our affiliates; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Client service delivery (Processor context): Where APCER processes personal data on behalf of a client as a data processor/service provider, APCER discloses and shares such personal data only as permitted by the client contract and documented instructions, and as required by applicable law.

14. CROSS BORDER DATA TRANSFER

The personal data that we collect or receive may be transferred to, stored in, and processed in countries other than the country in which you reside. This may include processing by APCER personnel and by our related companies, affiliates, and service providers located in those countries.

Where we transfer personal data internationally, we will implement appropriate safeguards and ensure such transfers take place in accordance with applicable data protection laws and any required transfer mechanisms.

15. OTHER IMPORTANT INFORMATION

Corporate restructuring:

In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity by use of appropriate technical and physical safeguards. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Privacy Policy. This Privacy Policy shall be binding upon APCER and its legal successors in interest.

Personal data breach handling:

APCER maintains incident management procedures to respond to security incidents and personal data breaches. Where required by applicable law, APCER will notify affected individuals and/or relevant authorities.

Updates to this Privacy Policy:

We may update this Privacy Policy periodically based on changes to our practices, technology, legal requirements, or services. Any updates will be posted with a revised “Last updated” date.

Questions and queries:

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to DPO@apcerls.com.

Jurisdiction-Specific Disclosures

APCER provides services globally and our websites and services may be accessed by individuals located in many countries. This Privacy Policy is intended to be global in nature. However, certain privacy laws in specific jurisdictions impose additional notice content, rights, representative/complaint mechanisms, or consent requirements. The disclosures below apply only to the extent the relevant law applies to APCER’s processing of your personal data, which may depend on factors such as your location, the APCER entity providing services, the nature of the interaction (e.g., website, recruitment, client service delivery), and the purpose of processing.

The jurisdiction-specific disclosures below are not exhaustive. If you are located in a jurisdiction not listed here and you have questions or wish to exercise your rights, please contact us at DPO@apcerls.com and we will address your request in accordance with applicable law.

A) United Kingdom / European Union / European Economic Area (UK/EU/EEA)

If you are located in the UK or EU/EEA (or where UK/EU data protection laws apply), additional information and rights may apply under those laws. You may contact our Data Protection Officer (DPO) at DPO@apcerls.com. If you are based in the EU and wish to exercise applicable rights or have queries relating to EU GDPR matters, you may also contact APCER’s EU representative at eurepresentative@apcerls.coms. Where applicable, you may also have the right to lodge a complaint with your local supervisory authority; for the UK, this policy references the Information Commissioner’s Office (ICO).

B) India – Digital Personal Data Protection Act, 2023 (DPDP)

Where APCER collects or processes digital personal data of individuals located in India (or where India’s DPDP Act applies), APCER is committed to processing such data in accordance with applicable DPDP Act requirements and rules, as applicable, including providing notices/consent mechanisms where required, implementing reasonable security safeguards, applying retention limitation, enabling rights requests, and managing personal data breaches in accordance with applicable legal requirements. Grievance redressal (India): For concerns, complaints, or requests relating to personal data processed under applicable Indian data protection laws, individuals may contact APCER at DPO@apcerls.com. The Data Protection Officer (DPO) serves as APCER’s Grievance Officer for India.

C) United States

If you are located in the United States (or where applicable US privacy laws apply), privacy rights and notice requirements may vary by state and the nature of processing. APCER will support applicable rights requests through its established process. For questions or requests, please contact DPO@apcerls.com.

D) Hong Kong

If you are located in Hong Kong (or where Hong Kong privacy laws apply), APCER will address applicable privacy requests consistent with relevant legal requirements and APCER’s established processes. For questions or requests, please contact DPO@apcerls.com.

Image
Image

Services

Technology

Company

Careers

Let's work together for better health

Insights