Dear Doctor / Health Care Professional

We take your privacy very seriously and we commit to respect it to the sector’s highest standards. For this reason, we wish to provide up-to-date information as to how A. Menarini Farmaceutica Internazionale S.r.l. (“AMFI”) with registered address at Via Dei Sette Santi 1 50131 Florence Italy (hereinafter the “Company”, or “we”) processes your personal data and ensures compliance with the applicable laws, including Regulation 2016/679/EU (the “Regulation”).

1. What we can do with your Data

The personal data you are conferring or you have previously conferred on occasion of previous contacts with us or which the Company has collected accessing public available sources or has received from third party providers may be processed by the Company in its capacity of Data Controller for the following purposes:

(A) “Scientific Information Activities”, namely those activities permitted by local regulations on the education related to medicinal products, or any other scientific research activity on health products in other non-medicinal categories; this activity is carried out based on the Company’s legitimate interest to maintain our business relationship with you and for purposes of scientific information, marketing purposes and market research

(B) “Customisation of our Scientific Information activities/services” by assessing your needs, preferences and professional interests; if you provide your consent to do so you may receive our contents - personalised based on the needs and preferences you show to us - also through electronic means of communication (e.g., sms, e-mail, etc.), where provided.

Furthermore, your data may also be processed without your consent in order to fulfil obligations stemming from laws and regulations, as well as to make statistics, enforce or defend a legal right judicially and to pursue legitimate interests (e.g. to share data among Menarini Group Companies).

2. What Data we collect

The personal data which we may process (“Data”) are the following:

(1) Professional/Academic Title; (2) Name; (3) Surname; (4) Date and place of birth; (5) year of graduation; (6) Gender; (7) Mailing address; (8) Correspondence and visit address (street, number, city, county, as well as email address and details of any other digital account); (9) visit times; (10) work phone number; (11) professional mobile phone number; (12) Work sector; (13) Additional academic and professional qualifications/specialisations; (14) job position (e.g. Consultant Cardiologist, Manchester Royal Infirmary; Head of Cardiology Unit, Leicester General Hospital); (15) conventions with the National Health System; (16) Data pertaining to the use and/or viewing, on your part, of our electronic/digital informational materials; (17) other information pertaining to your profession and preferences with regards to the services we offer. 2

3. How we process your Data.

Data is processed both in paper and electronically and entered into the Company system in line with the applicable laws –including the aspects pertaining to data security and confidentiality - and according to the principles of fair and lawful processing. Your Data shall be stored only as long as strictly necessary to fulfil the goals for which they were collected; in any case, the criterion used to determine the length of the storage period takes into due account the need to comply with any relevant legal requirement, the principle of data minimisation and the need to rationally manage the Company’s records. We may store your data even after the end of our activities towards you, but only for as long as necessary to fulfil contractual and legal obligations as well as to fulfil the purposes listed above. We update and maintain our databases so as to ensure your Data are always correct and accurate.

4. Who can access your Data

Data may be processed by staff belonging to the following categories: administrative staff, reps, product managers. Data may also be processed by all those other members of staff who may need to do so by reason of their job duties. In addition, Data may be communicated to the Company’s parent company A. Menarini IFR Srl, based in Florence (Italy), as well as to other companies of the Menarini Group and Menarini’s Partners for organisational, administrative, financial and accounting necessities. Based on the legal and regulatory provisions to which we are bound, we may communicate your Data to the National Regulatory Agency for Medicines, national and local Health Authorities, other health centres and universities, other public authorities, association bodies as well as other recipients to whom your Data shall be disclosed pursuant to laws or regulations. In addition, in relation to the above obligations and purposes, data may be communicated to other companies, such as suppliers, sub-suppliers, IT and “Cloud Computing” service providers, agencies and event organisation entities, professional service providers and companies that perform tax/administrative tasks on our behalf.

5. Your Rights to Access and Control your Data

You may at any time contact us at privacy_mea_region@menarini.com as well as to our address in order to exercise the rights afforded by applicable Privacy Laws, including: knowing whether or not any Data referring to you is being processed by us; access your Data; verify the Data’s content, origin, exactness, location (including, where applicable, the Third Countries where the data might be); obtain a copy of the Data; ask that the Data are supplemented, updated, amended; in the circumstances set forth by the law, ask that the processing of Data is restricted, that Data are deleted, anonymised, frozen; oppose to profiling operations and direct contact activities (including restricting contact methods to specific communication media), oppose to the processing of Data for legitimate reasons. Likewise, you may at any time withdraw consent (although this will not impair the lawfulness of the processing operations performed before your consent’s withdrawal) and/or notify the Menarini Group’s Data Protection Officer dpo@menarini.com any observations you may have on our use of your Data which you consider inappropriate and/or lodge a complaint with the national Data Protection Authority.