Data Privacy Framework Policy

Last updated: December 19, 2025

Eddingpharm (U. S. ) Inc. (“Eddingpharm”) understands the importance of privacy and is committed to protecting the privacy of Personal Information (defined below) that it obtains regarding business partners, healthcare professionals, participants in clinical trials, visitors to its websites, and others. We comply with all applicable laws and regulations when collecting and using Personal Information.

This Data Privacy Framework Policy describes Eddingpharm’s policies and procedures for using and safeguarding Personal Information, for managing our relationships with third parties who may have access to Personal Information, and for complying with applicable data protection laws. This Data Privacy Framework Policy also describes how individuals can contact us to update their Personal Information or express their preferences about how we Process (defined below) their Personal Information. This Data Privacy Framework Police is not intended to, and does not, describe our data processing activities.

In furtherance of its commitment to the protection of Personal Information, Eddingpharm complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as set forth by the U.S. Department of Commerce. Eddingpharm has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the Processing of Personal Information received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Eddingpharm has further certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms of this Data Privacy Framework Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the EU-U.S. DPF Principles or the Swiss-U.S. DPF Principles, as applicable, shall govern.

Definitions

“Framework”

means, collectively, the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce.

“Framework Principles”

means, collectively, the Framework principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability as well as applicable supplemental principles.

“Personal Information”

means data that (i) is transferred from the European Union, United Kingdom, or Switzerland to the United States in reliance on the Framework, (ii) is recorded in any form, (iii) is about an identified or identifiable individual, and (iv) can be linked to that individual.

“Process” or “Processing”

means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Sensitive Information”

means Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual or any other Personal Information received from a third party where the third party identifies and treats the information as sensitive.

How We Collect Personal Information

In the course of our certain business activities, Eddingpharm may collect Personal Information from our business partners and other commercial entities, healthcare professionals, participants in clinical trials, and others. Some of the ways in which we may receive Personal Information are as follows.

We may receive Personal Information about individuals who participate in our clinical trials.
We may receive Personal Information about healthcare professionals who serve as investigators in our clinical trials.
We may receive Personal Information about healthcare professionals who treat diseases that are the focus of our research.
We may receive Personal Information about individuals who are employees of another organization, such as our vendors and business partners.
We may receive Personal Information about patients who participate in disease awareness programs that we support.
We may receive Personal Information about visitors to our websites who choose to provide us with information, such as through the “Contact” page of our website.
If and when we collect Personal Information, we limit it to only that which is necessary for our legitimate business purposes or to fulfill our legal obligations. This information may include, for example, name, age, contact details, employment history, education history, occupation or business details (such as areas of specialization), and/or medical information.

Eddingpharm avoids collecting Sensitive Information. However, in some instances, such as in the context of clinical trials, Eddingpharm may need to collect Sensitive Information, including information regarding medical history, diagnoses, treatments, and medications.

How We Use and Share Personal Information

General Principles

Eddingpharm is committed to using reasonable commercial measures to ensure that its collection, use, disclosure, and maintenance of Personal Information complies with this Data Privacy Framework Policy, all applicable laws and regulations, the Framework, and the following principles. Personal Information will be:

Fairly and lawfully collected, used, disclosed, and maintained;
Processed only for the specified and lawful purposes for which it was collected;
Adequate, relevant, and not excessive for the purposes for which it was collected;
Accurate and, where necessary, kept up-to-date;
Not kept longer than necessary for the purposes for which it was collected;
Appropriately protected against unauthorized, inadvertent, or illegal access, use, or disclosure through administrative, physical, and technical safeguards;
Neither transferred to, nor accessed by, any person in a country or jurisdiction which has inadequate protections in place (as determined by Eddingpharm) without additional contractual or other safeguards.

Notice

In the event that Eddingpharm collects Personal Information from an individual, Eddingpharm will notify the individual, through this Data Privacy Framework Policy or otherwise, of the following: (i) the types of Personal Information that it collects about the individual, (ii) the purposes for which it collects and uses the Personal Information, (iii) the type or identity of third parties to which it discloses the Personal Information and the purposes for which it does so, and (iv) the location of this Data Privacy Framework Policy, which contains further information on the individual’s rights and how to contact Eddingpharm with any inquiries or complaints. Notice will be provided in clear and conspicuous language at the time the Personal Information is collected or as soon as reasonably practicable thereafter (and in any event before Eddingpharm uses the information for a purpose other than that for which it was originally collected or Processed or discloses it for the first time to a third party other than an agent).

We may use Personal Information in connection with our research and development activities, clinical trials, pharmacovigilance, and other legitimate business purposes and to comply with applicable laws. With respect to Personal Information that we may collect from patients participating in clinical trials, we may use this for research purposes and to support the clinical development of our product candidates, and to comply with applicable laws and regulations. With respect to Personal Information that we may collect from healthcare professionals, researchers and staff participating in our research and development activities, we may use this to administer our research and development activities and to comply with applicable laws and regulations. With respect to Personal Information that we may collect from vendors, business partners, patients, or members of the general public, we may use this to conduct our business, for marketing purposes, to conduct market research, and to participate in community activities.

We may transfer Personal Information to business partners, subcontractors, regulatory authorities, law enforcement agencies, and other third parties in furtherance of the foregoing activities or as otherwise required by applicable law. For example, Eddingpharm may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or other law enforcement requirements.

Choice

We offer individuals the opportunity to choose (opt-out) whether their Personal Information is (i) to be disclosed to a third party, other than to an agent performing tasks on our behalf and pursuant to our instructions, or (ii) to be used for a purpose that is materially different than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Information, we obtain affirmative, express consent (opt-in) from the subject of the information before disclosing their Sensitive Information to a third party or using their Sensitive Information for a purpose other than that for which it was originally collected or subsequently authorized with the individual’s consent. An individual who wishes to limit the use or disclosure of their Personal Information should contact Eddingpharm at the email or mailing address below.

Onward Transfers

Prior to disclosing Personal Information to a third party, other than to an agent performing tasks on our behalf and pursuant to our instructions, Eddingpharm will notify the relevant individual of the disclosure and allow the individual the choice to opt-out of the disclosure. We will ensure that any third party to which Personal Information is disclosed has agreed to use such Personal Information for only limited and specified purposes, provides the same level of protection as required by the Framework, and otherwise makes the commitments required by the Framework.

Eddingpharm’s accountability for Personal Information that it may receive in reliance on the Framework and subsequently transfers to a third party is described in the Framework Principles. For Personal Information that Eddingpharm may receive in reliance on the Framework and subsequently transfers to a third party for Processing, Eddingpharm remains responsible and liable if the third party Processes the Personal Information in a manner inconsistent with the Framework Principles, unless Eddingpharm proves that it is not responsible for the event giving rise to the damage.

Data Security

Eddingpharm takes reasonable and appropriate measures to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the Processing and the nature of the Personal Information. We have put in place appropriate administrative, physical, and technical safeguards in furtherance of this commitment.

Data Integrity and Purpose Limitation

We only Process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We retain Personal Information in a form that identifies or could identify the individual for only as long as required by its intended purpose or for scientific research or statistical analysis.

Access

We allow individuals to access their Personal Information and to correct, amend, or delete Personal Information that is inaccurate or has been Processed in violation of the Framework, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where the rights of persons other than the individual would be violated. An individual who wishes to receive access to, or to correct, amend, or delete, their Personal Information should contact Eddingpharm at the email or mailing address below.

Recourse, Enforcement, and Liability

We use a self-assessment approach to assure compliance with the Framework and this Data Privacy Framework Policy and periodically verify that this Data Privacy Framework Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with the Framework.

We encourage individuals who have an inquiry or complaint regarding Eddingpharm’s Processing or transfer of their Personal Information to contact Eddingpharm at the email or mailing address below. We will investigate and attempt to resolve any inquiries or complaints regarding our use and disclosure of Personal Information in accordance with the Framework.

Eddingpharm is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and other United States regulatory bodies.

Contact Information

If you have questions regarding this Data Privacy Framework Policy or Eddingpharm’s Processing or transfer of your Personal Information or would like to exercise any of your rights described above, please contact us by mail or e-mail at the following addresses:

Eddingpharm (U. S. ) Inc.
220 Davidson Ave,
Suite 300A, Somerset, NJ 08873
USA

Email: distribution.us@eddingpharm.com

Changes to This Policy

This Data Privacy Framework Policy may be amended by Eddingpharm from time to time in a manner that is consistent with the requirements of the Framework. When this Data Privacy Framework Policy is amended, the “Effective Date” date at the top of this document will be updated accordingly.