Personal Data Privacy - General

Syneos Health ("we" "us", or "Syneos Health"), operating through its affiliates/subsidiaries located throughout the world (collectively, the "Company") is strongly committed to protecting your privacy and has implemented the below to ensure all the personal data you provide is protected.

This Privacy Notice applies to all Personal Information gathered for and on behalf of Syneos Health through the various Syneos Health sites that link or refer to this Privacy Notice (such as any website operated by or on behalf of Syneos Health, social media pages and HTML-formatted e-mail messages) together with any and all offline sources including sales and marketing activities (collectively, the "Sources"). By using the Sources, you consent to the data collection and use practices described in this Privacy Notice. If you have questions about this Privacy Notice or the protection of your information, please contact us at [email protected].

The Sources may provide links to or the ability to connect with non-Syneos Health websites, social networks or applications ("Third-Party Sites"). Clicking on those links or enabling those connections may allow the third party to collect or share information about you. Those Third-Party Sites are beyond Syneos Health control. We encourage you to check the privacy policies and terms of use of any Third-Party Sites before providing your Personal Information to them.

Identification of Data Controller

The Company legal entity that is the data controller of your personal data is the Company entity located in your jurisdiction and with which you interacted to provide your personal information and/or another Syneos Health legal entity with which you interacted to provide your personal information (if you did not interact with a local legal entity). A current list of all Syneos Health entities globally can be found at https:/www.syneoshealth.com/our-office-locations. Each Company entity acting as a data controller can be contacted via the Company's Global Privacy and Data Protection Officer at [email protected] (additional contact details below).

Information We Collect

Through your interaction with and use of the Sources, Syneos Health may collect Personal Information, which is information that identifies an individual or relates to an identifiable individual. Personal Information may include, but is not limited to, your name, physical address, telephone number, e-mail address, company affiliation, and associated interests.

Syneos Health may also collect other information through your interaction with and use of the Sources, which does not reveal your specific identity or does not directly relate to an individual. This other information may include, but is not limited to, browser and device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical and aggregated information.

Statistical or aggregated information does not directly identify a specific person, but it may be derived from Personal Information. For example, we may aggregate Personal Information to calculate the percentage of users in a particular zip code.

In some instances, we may combine Personal Information with other information, such as combining a precise geographical location with your name. If we combine Personal Information with other information, we will treat the combined information as Personal Information.

How We Collect Information

Syneos Health collects information in a variety of ways that fit broadly into the following general categories:

  • Direct Interactions: From your use of and interaction with us through the Sources and other activities such as sales inquiries and transactions.
  • Publicly Available Data/Data from Third Parties: Other data you may have made publicly available, such as social media posts, or data provided by third-party sources, such as marketing opt-in lists or data aggregators.
  • Automated Interactions: From the use of technologies such as cookies and other tracking technologies.

Cookies: "Cookies" (which may be html files, Flash files or other technology) are text files that help store user preferences and activity. "Web beacons" (also known as image tags, gifs or web bugs) are small pieces of code used to collect advertising data, such as counting page views, promotion views or advertising responses. The Sources and/or third parties may use "cookies," "web beacons" and other similar tracking technologies (collectively, "Tracking Technologies") to collect information from you automatically as you use the Sources, browse Syneos Health websites and the web.

Other Tracking Technologies: We use Tracking Technologies to help tailor our content, understand website and internet usage, improve or customize the content, offerings or advertisements through the Sources, personalize your experience with respect to the Sources (for example, to recognize you by name when you return to a Syneos Health website), save your password in password-protected areas, save your online video player settings, help us offer you programs or services that may be of interest to you, deliver relevant advertising, maintain and administer the Sources and for other purposes described in the "Uses of Information."

These Tracking Technologies collect "click stream" data and information regarding your use of the Sources, such as your visits, use of our features and preferences, and may also collect your IP address or some other identifier unique to the device you use to access the Sources ("Identifier"). Your Identifier may be automatically assigned to the device you use to access the Sources. By using the Sources, whether as a registered user or otherwise, you acknowledge, understand and hereby agree that you are giving us your consent to track your activities and your use of the Sources through these Tracking Technologies.

Syneos Health's use of Automated Interactions may change over time as technology evolves. The descriptions above are designed to provide you with some detail about Syneos Health's current approach to information collected from Automated Interactions.

Use of Information

Operations

We use Personal Information and other information collected to (a) allow you to participate in the public areas and/or other features of the Syneos Health websites; (b) respond to your questions or other requests; (c) contact you regarding your use of the Sources, for informational purposes related to the Sources or, in our discretion, regarding changes to this Privacy Notice or related policies; (d) improve the Sources and for internal business purposes; (e) tailor your experience of the Sources and/or otherwise customize what you see when you use the Sources; (f) where applicable to conduct ongoing compliance screening against publicly available watch and sanctions lists and (g) otherwise to maintain, operate and administer the Sources and for other purposes disclosed at the time you provide the information. The legal bases for the processing of your personal data will depend on the reason you provided your personal information via the Sources: (i) the performance of a contract with you or in order to take steps at your request prior to entering into such contract, (ii) use of your Personal Data is necessary for us to comply with a legal obligation, (iii) our legitimate interests, which will be assessed in connection with the specific use of Personal Data, or (iv) your consent, which will be requested and given via the other Sources.

Disclosure to Third Parties

In addition to aggregate information (discussed previously), we may share some kinds of Personal Information with third parties, as described below.

  • Companies and people who work for us: We contract with other companies and individuals to help us provide services including the Sources. For example, we may host some of our Sources on another company's computers, hire technical consultants to maintain our sites, or work with companies to remove repetitive information from customer lists, analyze data, provide marketing assistance, and provide customer service. In addition, we may validate your identity and other information against available databases. In order to perform their jobs, these other companies may have limited access to some of the Personal Information we maintain about our users. Other companies may collect information on our behalf through their web sites. We require that such companies not use your information for any purpose other than fulfilling their responsibilities to us. We also require that such companies keep your Personal Information confidential and to comply with applicable laws. Syneos Health cannot, however, guarantee that any third party will maintain the privacy of your information.
  • Promotional and informational offers: Sometimes we send offers to selected groups of users. To accomplish this we may use third parties working on behalf of Syneos Health. We provide a variety of mechanisms for you to tell us you do not want to receive such promotional or informational offers. For example, we may provide an opt-in box for customers to receive information that is sent by a third-party fulfillment house, and we make clear that, by opting in, you are submitting your data to a third-party. You can elect not to receive promotional or informational material from us by following the instructions to opt-out as mentioned or included in each of our programs we send to you.
  • Business transfers: If we transfer a business unit or an asset (such as a Syneos Health website) to another company, we may transfer the Personal Information we have collected to the relevant third party.
  • Legal requirements: We may be obligated to cooperate with various law enforcement inquiries. Syneos Health reserves the right to share or transfer your information to comply with a legal requirement, disclose any activities or information about you to law enforcement or other government officials as we, at our sole discretion, determine necessary or appropriate, in connection with an investigation of fraud, for the administration of justice, intellectual property infringements, or other activity that is illegal or may expose us or you to legal liability. We may release information if, in our judgment the release may be necessary to prevent the death or serious injury of an individual.

Disclosure to Third Parties - EU Individuals Only

In addition, Syneos Health may engage service providers (so-called "processors"), such as outsourced service providers, which may receive access to your information. Syneos Health in all such cases will make sure that (i) it diligently chooses the relevant service provider, (ii) the service provider will only handle your information in accordance with our instructions, (iii) the service provider adopts adequate technical and organizational measures to protect your personal data, and (iv) the service provider does not retain your personal data upon completion of its services. Details of service providers and the countries in which they are based are available from the Company by contacting its Global Privacy and Data Protection Officer. To the extent that your personal data is shared with service providers, Company affiliates or other third parties processing personal data on the Company's behalf which are located outside your country of residence, the Company will also ensure an adequate level of data protection as required by your country's data protection laws.

Sharing of Non-identifiable Information

Information we collect that is not Personal Information or Personal Information that has been converted to information which cannot be used to identify you is not limited in any way by this Privacy Notice and can be used and disclosed by us in any manner and for any purpose.

Protection of Information

The security of your Personal Information is very important to Syneos Health. We use commercially reasonable physical, electronic and administrative safeguards that are designed to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. However, regardless of our efforts and the device you use to access the Sources, it is possible that third parties may unlawfully intercept or access transmissions or private communications over an unsecured transmission. In the event that your Personal Information is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, Syneos Health will notify you by e-mail, fax or U.S. mail. Syneos Health will give you notice promptly, consistent with the reasonable needs of law enforcement and/or Syneos Health to determine the scope of the breach and to investigate and restore the integrity of the data system.

Your Privacy Choices

Personal Information Opt-Out

You may elect not to have your personal information either (a) disclosed to a third party, or (b) used for any purpose materially different from the third parties or purpose(s) stated within this Privacy Notice. In the event you wish to restrict your personal information from any such disclosure or use, please contact us at [email protected] to review your request.

Informational/Promotional Email Opt-out

You may have an opportunity to elect to receive recurring informational/promotional e-mail from us. Our email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails. Please follow the instructions in the emails to opt-out of an email. We will unsubscribe you from that newsletter or other programs within thirty business days.

You can always contact us at [email protected] in order to change your preferences with respect to marketing contacts.

Children's Policy

We are committed to protecting the privacy of children. For that reason, we do not knowingly collect or maintain personally identifiable information from any person we actually know is under the age of 13. No part of the Sources are structured to attract anyone under age 13.

Changes to This Privacy Notice

We may update this Privacy Notice occasionally. When we post changes to this Privacy Notice, we will also revise the "Last Updated" date at the end of this Privacy Notice. If there are material changes to this Privacy Notice, we will notify you by email or by means of a notice on our home page. We encourage you to review this Privacy Notice periodically to be informed of how we are using your information and to be aware of any changes to the Privacy Notice. Your continued use of the Sources after the posting of any amended Privacy Notice shall constitute your agreement to be bound by any such changes. Any changes to this Privacy Notice are effective immediately after being posted by us.

Notice for California Users

Under California's "Shine the Light" law, California residents have the right to request in writing from businesses with whom they have an established business relationship (1) a list of the categories of Personal Information, such as name, address, e-mail address, and the type of services provided to that customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes, and (2) the names and addresses of all such third parties. To request the above information, please email us at [email protected] or write to us at:

Syneos Health
Attn: Global Privacy and Data Protection Officer
3201 Beechleaf Ct
Raleigh, NC 27604

We will respond to such written requests within 30 days following receipt at the mailing address above. We reserve the right not to respond to requests submitted other than to the address specified above or otherwise exempted by law. Please note that we are required only to respond to each customer once per calendar year.

Your Rights as a Data Subject

If you are a resident of the EU or another country that specifically provides these specific rights for data subjects, you can ask us to confirm whether your personal data is processed by us and for access to your personal data it processes. You may also request us to: correct, amend, block or delete your personal data; verify their content, origin and/or accuracy; ask for a restriction on processing; or object to their processing, in all cases except where the rights of other persons would be violated, where any other legal exemptions to subject access requests may apply, where your request is not legitimate or applicable, or where it is required to conduct company business to the extent allowed by applicable data protection laws. To protect your privacy and the security of your information, we will take reasonable steps to verify your identity before updating or removing your information.

For individuals located in the EU: Under the EU General Data Protection Regulation, you can also ask us to provide you your personal data for transmission to, or to directly transmit to, another data controller. If the sole legal basis for the processing of your personal data is your consent, you have the right to withdraw consent at any time, but such withdrawal will not affect the lawfulness of the processing based on your consent prior to the withdrawal. Should you withdraw consent to future processing of your personal data, we may not be able to contact or interact with you as originally planned when you first provided your consent.

Should you have questions about the information about you that the Company holds and all communications, queries and subject access requests that are related to data protection issues, please contact Syneos Health Global Privacy and Data Protection Officer as follows:

Global Privacy and Data Protection Officer
Syneos Health
3201 Beechleaf Court
Suite 600
Raleigh, NC 27604-1547
USA

or e-mailed to [email protected] for action or response on our behalf.

Retention and Deletion

Syneos Health will retain your Personal Information for as long as your account is active; as needed to provide you products or services; as needed for the purposes outlined in this Privacy Notice or at the time of collection; as necessary to comply with our legal obligations (e.g., to honor opt-outs), resolve disputes and enforce our agreements; or to the extent permitted by law.

At the end of the retention period, Syneos Health will delete your Personal Information in a manner designed to ensure that it cannot be reconstructed or read.

Cross Border Transfers and Privacy Shield

Syneos Health is a global corporation with operations in over 75 countries, and has developed global data practices designed to assure your Personal Information is appropriately protected. Please note that your Personal Information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this Privacy Notice. By using the Sources, you consent to the transfer of information to countries outside of your country of residence, which may have different data protection rules than those of your country.

Privacy Shield

INC Research, LLC complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. INC Research, LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the certification, please visit https://www.privacyshield.gov/.

Related to its participation in the Privacy Shield Framework with both the EU and Switzerland, INC Research, LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission ("FTC"). In addition, INC Research, LLC is committed to cooperate with the EU Data Protection Authority ("DPA") and the Swiss Federal Data Protection and Information Commissioner ("FDPIC"). If you have a complaint about the collection or use of your Personal Information and would like to seek an independent recourse mechanism; in the EU, you may contact your local DPA and in Switzerland you may contact the FDPIC. A listing of each EU country's DPA may be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The FDPIC's website may be found here: https://www.edoeb.admin.ch/?lang=en. You may also seek the possibility, under certain circumstances, for binding arbitration to resolve your complaint.

When data is stored or processed by Syneos Health legal entities that have not certified participation with the EU-U.S. and Swiss-US Privacy Shield programs, Syneos Health uses alternative means of meeting the adequacy requirements of the applicable data protection laws, such as executing model clauses.

How Your Dispute or Complaint May Be Resolved

Any questions, concerns or complaints regarding the use of your personal data should be directed to Syneos Health Global Privacy and Data Protection Officer using the contact information presented below. If you are located in the EU, have a complaint about the collection or use of your personal data and would like to seek an independent recourse mechanism, you may contact your local Data Protection Authority (DPA). A listing of each EU country's DPA may be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Sensitive Information

We ask that you not send us, and you not share any sensitive Personal Information (e.g., racial or ethnic origin, political opinions, financial background, religious or similar beliefs, sexual life, trade union membership or affiliations, individual medical records and history, physical, mental or physiological health condition or genetic or biometric information, ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions which are treated outside pending proceedings).

Specific Privacy Notice Terms

In addition to the terms set out in this Privacy Notice, Syneos Health has additional privacy notices that are tailored for the different ways your Personal Information is collected by different Syneos Health lines of business:

  • Service terms with our contracts with clients address customer data to which we may be provided access in order to perform services.
  • Privacy Notice for employment applicants/candidates address information we may collect in connection with Syneos Health's employment recruiting efforts.

Questions & Concerns

If you have any questions or concerns about this Privacy Notice or Syneos Health's collection and use of your Personal Information, you can contact our Global Privacy and Data Protection Officer at: [email protected]

or

ATTN: Global Privacy and Data Protection Officer
3201 Beechleaf Ct
Raleigh, NC 27604