Healthcare Professional Privacy Notice

This Privacy Notice applies to Healthcare Professionals.

Definitions
When are We acting as a Data Controller?
How can I contact Crescent Biopharma?
How does Crescent Biopharma collect my Personal Data?
What Personal and Special Category Data does Crescent Biopharma collect about me, and what is the purpose and lawful basis for processing?
How We keep you updated on Our products and services
How long does Crescent Biopharma keep my Personal Data?
What are my data rights and can I object to you processing my Personal Data?
Providing us with other people’s data
Automated decision making and profiling
How do We protect your Personal Data?
Will Crescent Biopharma share my Personal Data with other organisations?
Will my data be processed outside my home country?
How can I make a complaint?
Updates and changes to this Privacy Notice
Revision history
Appendix A: Personal and Special Category Data processed, purpose, lawful basis and condition for processing in the EU and UK

1. Definitions

Term	Meaning
Crescent Biopharma, Inc. / Crescent Biopharma / Crescent Bio / CBIO / Affiliates / We / Our / Us	Crescent Biopharma, Inc., with its registered office in the U.S. at 300 Fifth Avenue, Waltham, MA 02451.
Data Protection Legislation	Means the EU General Data Protection Regulation, the UK General Data Protection Regulation, the UK Data Protection Act 2018 (DPA 2018), the UK Data (Use and Access) Act 2025, the Privacy and Electronic Communications Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003. Where our activities involve individuals in the United States, the term also includes applicable U.S. federal and state privacy laws governing personal information, such as the California Consumer Privacy Act (CCPA/CPRA) and any other relevant state legislation, to the extent they apply to our processing. Where our activities involve individuals in Australia or South Korea (officially, the Republic of Korea), the term also includes the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, and the Personal Information Protection Act (PIPA) of the Republic of Korea, together with any regulations, guidance, or subordinate legislation issued under those laws to the extent they apply to our processing of personal data. For all other locations, the term also includes any data protection, privacy, or cybersecurity laws that apply to the personal data we process in those jurisdictions. This includes any replacement legislation coming into effect from time to time and any applicable local laws where the Data Subject are a resident, including, if relevant to the jurisdiction, Common Law (also referred to as case law or judge made law) as necessary to comply with the local law.
Data Controller	The natural or legal person, public authority, agency, or other body, which alone or jointly with others determines the purposes and means of the processing of Personal Data. In the context of this Privacy Notice, ‘Data Controller’ means Crescent Biopharma.
Data Processor	A natural or legal person, public authority, agency, or other body, which processes Personal Data on behalf of the Data Controller. In the context of this policy, ‘Data Processor’ means Our suppliers, vendors, or contractors that are delivering services under Our instruction.
Process/ Processing/ Data Processing	Means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data	Means any information relating to an identified or identifiable individual whose data we process.
Special Category Data	Categories of Personal Data that merit specific protection because of the additional risks to the individual’s fundamental rights and freedoms. These categories are closely linked with the freedom of thought, conscience, and religion, freedom of expression, freedom of assembly and association, the right to bodily integrity, the right to respect for private and family life, or freedom from discrimination. Special Category Data depends on your jurisdiction and may include information about any of the individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetic data, biometric data, health or health condition, whether related to physical or mental health, sex life, sexual orientation.
Website	Means the Crescent Biopharma website, https://www.crescentbiopharma.com.

2. When are We acting as a Data Controller?

This Privacy Notice provides you with information on how We manage your personal data in your interactions with Us, regardless of your location.

As a Healthcare Professional, We could be in possession of your information as a:

Principal Investigator, investigators and sub‑investigators (e.g., physicians, surgeons, psychiatrists)
Study nurses / research nurses
Pharmacists (including those preparing Investigational Medicinal Product (IMP))
Laboratory clinicians (e.g., pathologists, radiologists)
Allied health professionals (e.g., physiotherapists, dietitians)
General practitioners or treating physicians who provide medical oversight or referral information
Emergency department clinicians who treat adverse events
Clinical raters and assessors

This Privacy Notice details how We manage your information in all the above situations as a Data Controller unless otherwise stated. Unless otherwise stated, this Privacy Notice applies when We are acting as a Data Controller for your information.

In some cases, where We are collecting information for new or novel purposes, We will provide specific privacy information at the point that We collect your information.

You should read our General Privacy Notice on our website if you are a user or visitor to our website, investor, vendor, service provider or event delegate.

Where there is a conflict between local law and the provisions of this Privacy Notice, local law will prevail.

3. How can I contact Crescent Biopharma?

If you would like to exercise one of your rights as set out in this Privacy Notice, or you have a question, query, or complaint about this Privacy Notice or the way your Personal Data is processed, please contact Us using the contact details below.

We have appointed DPO Centre Europe as Our EU Representative and DPO Centre Limited as Our UK Representative for data protection matters. The contact details for Our EU and UK Representative can be found below.

For EU residents:
- Email: DPO-EUrep@crescentbiopharma.com
- Phone: +34 91 905 3074 (answered in English and Spanish)
For UK residents:
- Email: DPO-UKrep@crescentbiopharma.com
- Phone: +44 (0) 203 797 6340 (answered in English)

For residents in all other countries, please contact Us by email on dpo@crescentbiopharma.com.

4. How does Crescent Biopharma collect my Personal Data?

Where We are acting as a Data Controller, We may have obtained your Personal Data directly or indirectly through a number of channels.

We may have collected your information directly from you when you have:

Visited Our website
Completed a contact form
Contacted Us by phone
Signed up to receive marketing material
Responded to one of Our surveys
Met with or engaged with Us at an event, exhibition or conference
Visited Our office
Interacted with Us on social media platforms (such as LinkedIn)
Supported our clinical trials
Provided services or any other type of support to Us.
Invested in Our company
Generally engaged with Us or Our service providers.
Otherwise provided it to Us

In some circumstances, We may collect your information indirectly, such as from:

Publicly available sources when it is in Our legitimate interest to do so.
Third party event companies we work with.

5. What Personal and Special Category Data does Crescent Biopharma collect about me, and what is the purpose and lawful basis for processing?

The table below outlines the types of Personal Data We may collect during the recruitment process.

Personal data category	Examples of data items collected
Account information	Username, account ID, login details, passwords, user preferences, access logs.
Contact details	Name, nationality, postal address, telephone number, e-mail address.
Correspondence information	Copies of e‑mails, letters, meeting notes, site‑initiation visit forms, monitoring visit follow‑ups, any communications exchanged with Us or Our service providers.
Details for adverse event reporting	Information required to assess, report, and follow up on adverse events, including reporter name, role, contact details, relationship to the participant, and details of the event provided by the healthcare professional.
Employment history	Job titles, location of employment/workplace, employment history.
Financial disclose information	Any financial interests that you or your spouse and dependent children may have with Us or technologies adjacent to the clinical trial, the identities of your spouse and dependent children.
Financial information	Bank account details, financial information, salary and expenses details.
Other information	Any other personal data that you choose to share with Us.
Professional credentials	Training records, qualifications and professional memberships.
Research related data	Research interests and output.

We generally process Personal Data about the following activities, to:

Maintain business records, audit trails and regulatory compliance.
Ensure our IT systems, website, network and data remain secure.
Manage financial accounting and corporate reporting.
Defend or respond to complaints, legal claims or regulatory enquiries.
Support business operations, administration and service improvement.

If you are a EU or UK residents, please refer to Appendix A for the Personal and Special Category Data processed, purpose, lawful basis, and condition for processing.

The legal basis for processing your Personal Data is based on compliance with a Legal Obligation, Contract, Our Legitimate Interest, or your Consent that We will have requested/stated at the point the information was initially provided, therefore, We will not store, process, or transfer your data unless We have an appropriate lawful reason to do so.

We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, We will notify you and We will explain the legal basis which allows Us to do so.

Please note that We may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

If you fail to provide certain information when requested, we may not be able to perform the engagement we have entered into with you. We may also be prevented from complying with our legal obligations, such as to ensure the health and safety of Our workers, compliance with right to work laws, and any local tax requirements.

Information about criminal convictions

We carry out debarment and exclusion checks where We are required to confirm that you are not subject to professional, regulatory or other disqualifications arising from misconduct. Some debarment or exclusion registers We check include information that relates to criminal convictions or alleged offences, for example, where a regulatory decision records a criminal conviction or is derived from criminal court outcomes.

We process debarment information only where it is necessary and lawful to assess your suitability for a role involving a position of trust or to comply with legal and regulatory requirements that relate to how We conduct clinical trials. We handle all criminal conviction data in line with relevant data protection legislation and codes of practice.

Automated technologies and use of Artificial Intelligence

As part of our ongoing efforts to improve the efficiency, quality of our research and clinical trial activities, we may use Artificial Intelligence (AI) tools to support data analysis, communication, and system functionality. Some of these third-party software platforms, systems may process your Personal Data, such as Microsoft 365 suite of applications including Connected Experiences and Microsoft Copilot, an AI tool.

Throughout our professional relationship, your personal data may be processed within the Microsoft 365 suite of applications. This may include processing by Microsoft Copilot AI as part of Microsoft Connected Experiences, in accordance with Microsoft’s privacy and security standards. For more information about how Microsoft may process your Personal Data, refer to Microsoft’s privacy statement which can be accessed on the below link:

https://www.microsoft.com/en-gb/privacy/privacystatement

If you have any questions or concerns about this Processing, please contact our Data Protection Officer on dpo@crescentbiopharma.com.

Our use of AI tools for processing your personal data is carried out on the basis of our Legitimate Interests to conduct clinical research. We balance our interests against your data protection rights and apply appropriate safeguards to protect your personal data.

7. How We keep you updated on Our products and services

We will send you relevant news about Our services in a number of ways, including by email, but only if We have a Legitimate Interest or your Consent to do so. Where We rely on Legitimate Interest, We have completed a Legitimate Interest Assessment for the processing activity, or, for data of UK residents acting in a business environment, We rely on the Corporate Subscriber exemption.

We make every effort to ensure that we only send such communications to those acting in a business capacity and do not send such materials to consumers via personal email addresses if it is clear they are not acting in such a capacity.

For individuals in California, We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light Law”) with third parties for their direct marketing purposes.

When We send you marketing by email, each email communication will have an option to object to the processing. If you wish to amend your marketing preferences, you can do so by following the link in the email you receive from Us and updating your preferences, or by contacting Us at dpo@crescentbiopharma.com.

8. How long does Crescent Biopharma keep my Personal Data?

The period for which We will retain Personal Data is outlined in our Data Retention Policy. Data retention will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. We may also retain your Personal Data for longer periods where We need to exercise, establish, or defend against legal claims, but we will never retain your information for longer than is necessary. When Personal Data is no longer required, We delete or anonymise data in line with Data Protection Legislation and appropriate industry guidance.

We consider the retention period to begin from the point at which We last contacted you or otherwise reviewed your record to determine whether it was still active, unless otherwise required by law.

9. What are my data rights and can I object to you processing my Personal Data?

It is important that the Personal Data we hold about you is accurate and current. Please keep Us informed if your Personal Data changes during or after your engagement with Us.

Where We are acting as a Data Controller, and under certain circumstances, by law you may have the right to:

Request access to your Personal Data (commonly known as a Data Subject Access Request (DSAR)). This enables you to receive a copy of the Personal Data We hold about you.
Request correction of the Personal Data that We hold about you.  This enables you to have any incomplete or inaccurate information We hold about you corrected.
Request erasure of your Personal Data.  This enables you to ask Us to delete or remove Personal Data where there is no good reason for Us continuing to process it.  You also have the right to ask Us to delete or remove your Personal Data where you have exercised your right to object to processing.
Object to processing of your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground.  You also have the right to object where We are processing your Personal Data for direct marketing purposes.
Request the restriction of processing of your Personal Data. This enables you to ask Us to suspend the processing of Personal Data about you.
Request the transfer of your Personal Data to another party.
Right to withdraw Consent. In the limited circumstances where We are processing your data on the basis of Consent you have provided Us, and We have no other legal justification or obligation to continue the processing, you have the right to withdraw your Consent for that specific processing at any time.

For your protection and to protect the privacy of others, in some circumstances, We may need to verify your identity before completing your request.

If you object to Us using your Personal Data or withdraw Consent for Us to use your Personal Data (when We are processing your Personal Data based on your Consent) after initially giving it to Us, We will respect your choice in line with applicable law.

If you would like to exercise any of these rights or would like to confirm the accuracy of your information, please contact dpo@crescentbiopharma.com.

10. Providing us with other people’s data

If you give us any Personal Data that does not relate to, you must ensure that you have the required legal basis to collect and share their Personal Data. You must also tell them what information you have given to Us and make sure they agree we can use it as set out in this Privacy Notice. You must also tell them how they can see what information We have about them, correct any mistakes or request copies of their Personal Data.

11. Automated decision making and profiling

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

12. How do We protect your Personal Data?

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, We limit access to your Personal Data to those employees, contractors, and trusted third parties who have a business need-to-know basis for the purpose of supporting Us to deliver Our services.

Examples of Our security measures include:

Limiting access to Our buildings to those that We believe are entitled to be there by use of passes.
Implementing access controls to Our information technology.
Personal Data stored in hard copy will be stored in locked filing cabinets in the office, and access to information will be limited on a need-to-know basis.
Ensuring there are appropriate procedures and technical security measures (including strict encryption, anonymisation, and archiving techniques) to safeguard your Personal Data across all Our systems, website, and offices.
When We work with trusted third parties, known as Data Processors, who help to deliver Our services or manage Our business, We carry out due diligence checks to review a third parties’ compliance with Data Protection Legislation before We work with them and ensure there are appropriate contracts in place before a Data Processor processes any Personal Data.
Regular training for staff on information security and data protection.
We have procedures in place to deal with any suspected data security breaches and will notify you and any applicable regulator of a suspected breach where We are required to do so.
Policies and procedures to cover data protection matters including security incidents, Personal Data breaches, and data subject right requests. We will notify you and any applicable regulator of a suspected breach where We are required to do so.

13. Will Crescent Biopharma share my Personal Data with other organisations?

We may disclose the Personal Data We hold about you to:

Any other member of Crescent Biopharma or business partners.
With companies affiliated with Us when this is necessary to deliver Our services.
Banks and other financial institutions.
Payment service providers.
For vendors and service providers, your employer or the corporate entity that you represent, solely for the purposes of providing the Services to you and/or your employer where We have a contract with your employer or the company you represent.
Third party companies in the event that We are involved in a corporate transaction, such as an actual or potential merger, joint venture, consolidation, or asset sale, or, if the ownership of our business, assets, or drug development rights is transferred to another entity, whether through merger, acquisition, sale, or licensing. We may share your Personal Data with the acquiring or licensing entity. This is to ensure continuity of research, regulatory obligations, and product development. The receiving entity will be required to process your Personal Data in accordance with applicable data protection laws and the purposes outlined in this Privacy Notice, or as otherwise communicated to you at the time of transfer. We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any Personal Data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by Us.
Our professional advisors, such as lawyers, accountants, auditors, financial services providers, and other professionals.
Our service providers as Data Processors on Our behalf, including IT hosting companies – We may engage other companies and individuals to perform functions on Our behalf. We use Data Processors who are third parties who provide elements of services for Us. We have Data Processor Agreements in place with Our Data Processors. This means that they cannot do anything with your Personal Data unless We have instructed them to do it. They will not share your Personal Data with any organisation apart from Us or further Sub-Processors who must comply with Our Data Processor Agreement. They will hold your Personal Data securely and retain it for the period We instruct. Further, they must process the Personal Data in accordance with this Privacy Notice and as permitted by applicable data protection laws. Examples include data storage and hosting, IT provision, network monitoring, and analytics on systems and services.
We share account and other Personal Data when We believe sharing is appropriate to comply with the law, enforce or apply Our agreements with third parties, or protect the rights, property, or safety of Our Staff Members or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction. However, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in a way that is contrary to the commitments made in this Privacy Notice.
Regulatory authorities as required by any such authority, including tax authorities.
Law enforcement agencies, courts, and other relevant tribunals.

14. Will my data be processed outside my home country?

Your data will be processed in the U.S as We are a U.S. based company. Our third-party Data Processors may be based outside your home country, in countries such as the US.

Where you are based in the EU or UK and we were required to transfer your Personal Data out of the EU or UK to countries not deemed by the European Commission or UK government/authorities to provide an adequate level of Personal Data protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the Data Protection Legislation, such as the specific contracts containing standard data protection clauses approved by the UK government or European Commission (as relevant) providing adequate protection of Personal Data. Where you are based in the UK, such transfers may also be carried out based on your explicit consent, where permitted under the UK GDPR. If you would like more information about how your Personal Data may be transferred, or a copy of this documentation, please contact Us at dpo@crescentbiopharma.com.

15. How can I make a complaint?

You have the right to make a complaint if you are unhappy about how your Personal Data is processed. However, We would appreciate the chance to deal with your complaint before you approach the Supervisory Authority, so please contact Us in the first instance at dpo@crescentbiopharma.com. Your satisfaction is extremely important to Us and We will always do Our very best to solve any problems you may have. If you remain dissatisfied, you may wish to contact the Supervisory Authority.

You have the right to complain about the use of your Personal Data to the local Supervisory Authority. Depending on your jurisdiction, it is possible that a different regulator or Supervisory Authority may govern the processing of Personal Data. Your government’s website should be able to point you in the right direction of the relevant regulatory body.

If you are located within the EEA, you can find the contact details for your local Supervisory Authority on the link below.

https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

In the UK, the Supervisory Authority is the Information Commissioner’s Office, they can be contacted by:

Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Email: icocasework@ico.org.uk
Online

16. Updates and changes to this Privacy Notice

We may change this Privacy Notice from time to time, for example, if the law changes. Any changes become effective when We publish an update to this Privacy Notice. Any changes will be effective immediately upon posting of the revised Privacy Policy and updating the “last modified” date. If there are significant changes, providing that we have your email address, We may contact you to notify you of the update.

17. Revision history

No.	Detail/Changes	Last modified
v1.0	First version of the Healthcare Professional Privacy Notice.	May 8, 2026

Appendix A: Personal and Special Category Data processed, purpose, lawful basis and condition for processing in the EU and UK

What activity is being carried out with the data?	What personal data is processed? (Personal data category)	What special category data is processed?	What is the EU/UK GDPR lawful basis for processing personal data?	What is the EU/UK GDPR condition for processing special category data?	If processing special category data and the GDPR Articles 9 (b), (h), (i) or (j) apply, what is the UK Data Protection Act 2018 condition for processing special category data?	If processing special category data and the GDPR Article 9 (g) applies, what is the UK Data Protection Act 2018 condition for processing special category data?
Clinical research outreach: Where you are an HCP involved in scientific fields relevant to Crescent’s clinical research, to contact you to explore the possibility of engaging and collaborating with you further through Crescent’s clinical research.	Contact details.	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Clinical research: Where you are involved in the planning, delivery, or oversight of Our clinical trials, to collect information from you and process your information, including using AI technologies to conduct a clinical trial.	Contact details; Financial information; Employment history; Professional credentials; Research related data.	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Adverse event reporting: Where you are involved in the delivery, or oversight of Our clinical trials, to collect information from you and process your information in relation to any adverse events that you report relating during the conduct of the clinical trial.	Contact details; Details for adverse event reporting.	No special category data processed.	6 (1) (c) Legal obligation	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Marketing approval: Where you are involved in the delivery of and have oversight of the clinical trial to support applications for and to comply with the conditions of any marketing approval granted in respect of any study drug and to assist with any term variations of marketing approvals.	Contact details.	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Legal obligations: For the purposes of complying with legal, regulatory and other requirements, including, but not limited to completing financial disclosures where required, complying with local employment, social security and occupational health laws and regulations, carrying out debarment checks, record keeping and reporting obligations, data subject right requests, and, complying with government inspections and other requests from government or other public authorities.	Contact details; Financial information; Employment history; Financial disclosure information; Professional credentials.	No special category data processed.	6 (1) (c) Legal obligation 6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Vital interest: Monitor your health in order to safeguard and protect you, or to act in your vital interest, or the vital interest of a third party.	Contact details; Employment history; Financial disclosure information; Professional credentials; Research related data.	Health data	6 (1) (d) Vital interests	9 (2) (c) Vital interests	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Event attendance: Where you attend an event attended or hosted by Us as a specialist or expert to discuss the clinical trial at an event or where you may participate in interviews, panel discussions, to act as an ambassador or as speaker on a specialist topic of a study we Sponsor.	Contact details.	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Identifying Healthcare Professionals from public sources: We may collect Personal Data about you from publicly accessible sources, both public or private registries, and third-party databases. This may include your professional contact details, employment details, and other relevant background information. We may use this personal data to categorise you by area of specialisation, assess whether you and / or your institution is eligible to participate in clinical studies, and personalise our communications with you.	Contact details; Employment details.	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Communication: Customer service enquiries, reply to suggestions, issues, questions or complaints you have contacted Us about. Communicating with you and facilitating your communication with others.	Contact details; Correspondence information; Complaint details.	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Finances: Taking payment from you or giving you a refund and associated financial accounting.	Contact details; Financial information.	No special category data processed.	6 (1) (b) Contract 6 (1) (c) Legal obligation	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Legal claims: To respond to and defend against legal claims, where you have provided us with information which may give rise to legal claims.	Account information; Contact details; Correspondence information; Details for adverse event reporting; Employment history; Financial disclose information; Financial information; Professional credentials; Research related data; Other information.	No special category data processed.	6 (1) (c) Legal obligation 6 (1) (f) Legitimate Interest	9 (2) (f) Legal claims	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
IT Administration: To ensure that Our IT network and infrastructure is safe and secure.	Account information; Contact details; Correspondence information; Details for adverse event reporting; Employment history; Financial disclose information; Financial information; Professional credentials; Research related data; Other information	No special category data processed.	6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.
Marketing: Contacting you about news stories, and information relevant to our products and services.	Contact details.	No special category data processed.	6 (1) (a) Consent 6 (1) (f) Legitimate Interest	Not applicable as special category data will not be processed	Not applicable as Articles 9 (b), (h), (i) or (j) do not apply.	Not applicable as Article 9 (g) does not apply.