EU Data Protection Notice

APC Ltd and its affiliates, including VLE (collectively referred to as "APC", "we", "us") takes its data protection and privacy responsibilities seriously. This privacy notice explains how we collect, use and share personal information in the course of our business activities, including:

What personal data do we process and for which purposes?
When and to whom do we disclose your information?
How we protect your personal data?
How do we deal with information of persons under the age of 16?
How long do we store personal data?
Is personal data subject to automated decisions?
What are your rights and how can you exercise them?

We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice.

If we make significant changes to this privacy notice, we will seek to inform you by notice on our website or email ("Notice of Change").

You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third party site. When you share your personal data on a public social media platform, we suggest you also familiarize yourself with the privacy policy of that specific platform as these platforms are not owned and managed by APC.

1. What personal data do we process and for which purposes?

In this section you can find out more about

Types of personal data we collect
When we collect personal information
Use of personal data and basis of processing

1.1. Types of personal data we collect

Identifiers, such as name, employer, telephone number and email address
Inferences drawn from any of the personal data listed above to create a profile or summary about, for example, an individual’s likely professional interests. This may include your personal information in form of comments, messages, blogs, photos and videos.

1.2. When we collect information

We collect this personal data directly from you, as well as from public databases, publications, professional organizations, social media platforms, people with whom you are connected on social media platforms, companies and other third parties.

We collect information directly from you if you:

Use one of our website(s) or online services
Register with one of our website(s) or online services: Most of our services do not require any form of registration, allowing you to visit our site without telling us who you are. However, some services may require you to voluntarily provide us with personal data, which may include information such as your name, email address or telephone number.
Purchase one of our services
Work with us as a business partner

We also collect personal data from third parties if you:

Make information publicly available on public social media platforms (including blogs, forums etc.), related to APC, APC products and services, and more in general about drug development and manufacturing.

You can read more about how we use your personal data in our Cookies Policy, available here.

1.3. Use of personal data and basis of processing

The table below details how we will use the personal data (“Purposes”) and the context for which we use your personal data (“Legal Basis”):

Where use is for a legitimate purpose of APC
Legal Basis	We may obtain, collect and process your personal data where we have a legitimate interest to do so as controller.
Purposes	We may use this personal data to meet our business purposes and objectives, for example for day to day operating, managing, and maintaining our business; To evaluate your use of our products and services with a view to developing, improving and extending our range of products and services; advertising and marketing our products and services; conducting research, analytics, and data analysis and website usage analytics; maintaining our facilities and infrastructure; undertaking quality and safety assurance measures; conducting risk and security controls and monitoring. To take advice external legal and other advisors. when we believe in good faith that the use of personal data is necessary to protect legal rights, the security or integrity of this website; to the extent reasonably necessary for the development of or to proceed with the negotiation or completion of a corporate or commercial transaction. for internal budgeting purposes, maintaining financial records, undertaking internal financial reporting and making payments to contractors and other third parties and performing accounting, audit, and other internal functions, such as internal investigations; for protecting your safety or the safety of others; detecting and preventing fraud; performing identity verification; and complying with the law, legal process, and internal policies; maintaining records; and exercising and defending legal claims. In respect of information gathered from third parties, we may use this information to: have a better understanding of how certain key audiences like process scientists and engineers react to our products and services, have a better understanding of our reputation as well as other market trends; and identify key-stakeholders, in particular bloggers and social media influencers, and to initiate contact with them.
IMPORTANT	Before we process your personal data to pursue our legitimate interests for the above purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
Where necessary for the performance of a contract with APC
Legal Basis	It is necessary to process your personal data to enter into and perform our contract of with you.
Purposes	We may use this personal data if we need to enforce our terms and conditions.
For compliance with APC legal obligations
Legal Basis	It is necessary to process your personal data in order to comply with legal obligations imposed under applicable EU Member Sate or European Union law.
Purposes	We obtain, collect and process your personal data: where APC is ordered to disclose information by a court with appropriate jurisdiction [or required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence]. as part of any criminal or other legal investigation or proceeding in your country or in other countries.
To defend, establish or be a party in legal claims
Legal Basis	It might be necessary to process your personal data in order for us to establish, investigate, exercise or defend legal claim to which you are a party.
Purposes	We obtain, collect and process your personal data: To file legal proceedings; To investigate, establish, exercise or defend a legal claim; and To settle legal claims.

We will only use your personal data for the purposes for which we collect it (as outlined in above), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for any other reasonable purposes in connection with our relationship with you, the Purpose and Legal Basis for any further processing will be notified in advance from time to time.

If you would like to find out more about the legal basis for which we process personal data, please email us at [email protected].

2. When and to whom do we disclose your information?

In this section you can find out more about how we share personal information:

within APC
with third parties that help us provide our products and services;
our regulators; and
transfers of personal data.

We disclosed the following personal data to our affiliates and third parties, such as our service providers, for our operational business purposes:

Identifiers, such as name and employer
Inferences drawn from any of the identifiers listed above to create a profile or summary about, for example, an individual’s professional interests.

2.1. Within APC

We may share your personal data with other APC subsidiaries and affiliates worldwide.

2.2. Third parties that help us provide our products and services

We also may transfer personal data to third parties who act on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed, such as services delivery, evaluating the usefulness of this website, marketing, advertising, data management, or technical support.

These third parties have contracted with us to only use personal data for the agreed-upon purpose, and not to sell personal data to third parties, and not to disclose it to third parties except as may be permitted by us, as required by law, or as stated in this notice.

We may disclose your personal data to a third party in the event that the business or a part of it and the customer data connected with it is sold, assigned or transferred, in which case we would require the buyer, assignee or transferee to treat personal data in accordance with this notice.

2.3. Our regulators

Also, we may disclose your personal data to a third party if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence.

2.4. Transfers of personal data

APC operates on a global basis. Accordingly, your personal data may also be processed, accessed, or stored in countries outside Ireland and the European Economic Area (“EEA”), including to the US. Such countries may offer a different level of protection of personal data. If we transfer your personal data to external companies in other jurisdictions, we will take appropriate steps ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.. To this end,:

The internal transfer of data is governed by Binding Corporate Rules, so called “BCR”. BCR are a system of privacy principles, rules and tools intended to ensure the protection of personal data. This collection of rules represents today’s best practice to meet the EEA’s data protection requirements for the transfer of personal data within a group of companies. To be legally effective, the BCR has been approved by EEA Data Protection Agencies. BCR regulate the mechanism of transfer of data inside APC.
Many of the countries will be within the EEA or will be ones which the European Commission has approved and will have data protection laws which are the same as or broadly equivalent to those in the European Union.However, some transfers may be to countries which do not have equivalent protections, and where such transfers occur, it is our policy that: a) such transfers do not occur without our prior written authority; and b) that an appropriate transfer agreement such as the Standard Contractual Clauses or other approved transfer mechanisms approved by the European Commission and supervisory authorities (such as the Data Protection Commission) is put in place to protect your personal data.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above. If you would like more information, please email us at [email protected].