Privacy Statement

In pursuing our mission to improve the human condition by providing leading products, services and systems to researchers, Thermo Fisher Scientific Inc. and its affiliates collect and process personally identifiable information (also known as personal data) in a variety of circumstances. This Privacy Information Center is intended to explain how we collect, use, process, and disclose your personally identifiable information across all of our business activities. In all cases, we are committed to protecting the privacy of individuals in accordance with global privacy laws. Privacy statements begin with a description of the activities and individuals to which that statement applies. Statements may vary by country, region, or Thermo Fisher Scientific business group. Please make sure that you read these descriptions carefully so that you can view the disclosures that apply to you based on how you interact with us and where you are located.

Thermo Fisher’s Privacy Standards

Across all of our business activities, members of the Thermo Fisher Scientific Corporate Group recognize and seek to base our privacy practices on accepted principles utilized by various regulatory and industry groups. In summary, these principles are as follows:

Privacy standards may vary by country, region, or Thermo Fisher Scientific business group, depending on applicable law and regulations.

Thermo Fisher Scientific Inc. Online Privacy Statement

Scope: This Online Privacy Statement is relevant to any user or visitor of Patheon, by Thermo Fisher Scientific Inc.’s website (www.patheon.com) or any subdomains of the website, such as www.go.patheon.com (“Online Services”) where these services directly link to this Online Privacy Statement. Users or visitors located in the European Economic Area should also view the Supplemental European Online Privacy Statement below. This Online Privacy Statement does not cover any other data collection or processing, including, without limitation, through other Thermo Fisher Scientific Inc. products or services that do not display a direct link to this Online Privacy Statement, or through third-party websites.

Last Updated: 25 May 2018 In this Online Privacy Statement, Patheon, by Thermo Fisher Scientific Inc. (for the purposes of this Online Privacy Statement, “we”, “us” or “our”) provides information about how it receives, collects, uses and transfers information about any user or visitor (for the purposes of this Online Privacy Statement, “you”) of our Online Services where these Online Services directly link to this Online Privacy Statement. If you are located in the European Economic Area, please refer to the Supplemental European Online Privacy Statement below. Information You Actively Submit. If you make enquiries about our services, request access to our website content (including whitepapers, brochures etc), or otherwise submit data using the Online Services, we collect information about you and the company or other entity you represent (e.g., your name, organization, address, email address, phone number, fax number). You may also provide information specific to your interaction with the Online Services or submit a resume to apply for employment. In such instances, you will know what personal data is collected by us, because you will have actively submitted it. Information Passively Submitted. We automatically collect information during your use and navigation of the Online Services, including the URL of the website you came from, the browser software you use, your Internet Protocol (IP) address, IP ports, date/time of access, data transferred, pages visited, amount of time you spend on the Online Services and information about actions and transactions conducted on the Online Services. If you use our mobile applications, then we also collect technical information about your device (including device operating system version and device hardware), unique device identifiers (including device IP address), and, if you activate the relevant feature on your device, geolocation data. This data is generated and collected automatically, as part of the standard operation of the Online Services. We also use “cookies” to enhance and customize your experience of the Online Services. A cookie is a small text file that may be stored on your computer or device used to access the Online Services. You may set your browser software to reject cookies, but doing so may prevent us from offering conveniences or features on the Online Services. To reject cookies, refer to information about your specific browser software. We also use eTags, which are opaque identifiers assigned by a web server to specific versions of a resource found at a URL. If the resource at that URL changes, a new and different eTag is assigned. This allows us to track which pages you visit while on the Online Services. In addition, we use electronic images known as web beacons (also called pixel tags or clear GIFs) to track users who have visited the Online Services. Web beacons allow us to deliver content and marketing communications tailored to your interests. We strive to provide a customized, personalized experience to website visitors. Our websites do not currently respond to ‘do not track’ signals in web browsers. Use of Information. We use personal data that we collect about you through the Online Services to:

To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, we may engage in the following activities:

We also perform statistical analyses of the users of our Online Services to improve the content, design and navigation of the Online Services. In these cases, we use aggregate or statistical data that cannot reasonably be used to identify you. Sharing and Transfers of Information. We will not disclose your personal data to third parties, except in the following circumstances and in accordance with applicable law:

Service providers acting on our behalf shall be obliged to adhere to confidentiality requirements no less protective than those described in this Online Privacy Statement and will only receive access to your personal data as necessary to perform their functions. Uses and disclosures of personal data by third-party individuals and organizations acting on our behalf are governed by agreements that require personal data to be protected appropriately. In these cases, personal data about you will only be used and disclosed by us and individuals and organizations working on our behalf, in a manner consistent with this policy, other applicable privacy notices, and as explicitly permitted or required by applicable laws, rules and regulations. Our third-party service providers are located in the United States and other jurisdictions. Retention. We generally retain personal data for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain personal data for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Access. You may access, correct, and/or update your information by accessing your accounts or profiles on the Online Services. Alternately, you may at any time request access to information that we hold about you by contacting dataprivacy@thermofisher.com; you may also request corrections, updates, or deletion of your information. We will make reasonable efforts to respond promptly to such requests in accordance with applicable laws. Information Security. We take commercially reasonable technical, physical, and organizational steps to safeguard any information you provide through the Online Services, and to protect it from unauthorized access, loss, misuse, or alteration. Although we take reasonable security precautions, no computer system or transmission of information can ever be completely secure or error-free, and you should not expect that your information will remain private under all circumstances. In addition, it is your responsibility to safeguard any passwords, ID numbers, or similar individual information associated with your use of the Online Services. Changes to this Online Privacy Statement. We reserve the right to change this Online Privacy Statement from time to time. We will alert you when changes have been made by indicating the date this Online Privacy Statement was last updated as the date the Online Privacy Statement became effective. It is recommended that you periodically revisit this Online Privacy Statement to learn of any changes. Questions and Comments. If you have questions or comments about this Online Privacy Statement or about how any information you submit through the Online Services is used, please contact dataprivacy@thermofisher.com.

Thermo Fisher Scientific Inc. Supplemental European Online Privacy Statement

Scope: This Online Privacy Statement is relevant to any user or visitor of Patheon, by Thermo Fisher Scientific Inc.’s website ( www.patheon.com) or any subdomains of the website, such as www.go.patheon.com (“ Online Services”) where these services directly link to this Online Privacy Statement. Users or visitors located in the European Economic Area should also view the Supplemental European Online Privacy Statement below. This Online Privacy Statement does not cover any other data collection or processing, including, without limitation, through other Thermo Fisher Scientific Inc. products or services that do not display a direct link to this Online Privacy Statement, or through third-party websites.

Last Updated: 25 May 2018 European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“ EU GDPR”), requires Patheon, by Thermo Fisher Scientific Inc. as the data controller to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“ EEA”). If you are accessing the Online Services from a member state of the EEA, this Supplemental European Online Privacy Statement applies to you in addition to the Online Privacy Statement. Cookies. With respect to web cookies and similar technologies, we seek consent from users of the Online Services in the EEA based on a separate Cookies process. Our statement on Cookies can be accessed here. Legal Bases for the Processing. We rely on the following legal bases to process your personal data, as appropriate:

The specific legal bases on which we rely for each of the purposes for which we process your personal data are set forth below:

Processing PurposeLegal Basis
Upon request provide information to you or the organization for which you work; Enable you to use online social media resources we may offer from time to time; Provide quote and business proposals for our services; and Discharge our contractual obligations to you.Contract Performance Legal Basis based on our Terms of Service, Terms of Sale or other applicable contract.
Provide requested services and information; and Respond appropriately to your inquiries.If your request or inquiry relates to a service you have contracted for, Contract Performance Legal Basis based on our Terms of Service or other applicable contract.If we are legally obligated to respond to your request or inquiry, Legal Obligation Legal Basis.In all other cases, Legitimate Interest Legal Basis as part of our commitment to provide you with good customer service.
Comply with any legal obligations that apply to us.Legal Obligations Legal Basis per applicable laws.
Send you marketing emails to a designated email address.Consent Legal Basis.
Customize your experience on the Online Services by creating web user profiles; Review and analyze your interactions with us and any information about you obtained from public resources such as company, university or publications websites to complete our customer profile of you and better understand which Thermo Fisher products and services may be of interest to you; and Display online advertisements to you regarding products and services that we believe are relevant to you based on your activities on the Online Services.If the processing of your personal data is necessary for us to provide you with a good user experience or enhance the content and relevance of our marketing communications to you, Legitimate Interest Legal Basis based on these legitimate interests.In all other cases, we will obtain your consent and rely on the Consent Legal Basis.

Wherever we rely on the Consent Legal Basis, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal. Disclosures to Thermo Fisher group entities. In accordance with applicable law, we may disclose your personal data to our affiliates who act as data controllers for the purposes of improving their and our products, services and business practices. Personal Data Transfers outside of the EEA. Some recipients located outside of the EEA may be located in countries for which the European Commission has issued adequacy decisions ( https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (see Article 45 of the EU GDPR). Some recipients are located in countries for which the European Commission has not issued an adequacy decision in respect of the level of data protection there, including the U.S. (where the recipient is not Privacy Shield certified). By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by applicable law. You can ask for a copy of such appropriate data transfer agreements by contacting us as set out at the bottom of this notice. Data Retention. We generally retain personal data for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain personal data for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Profiling. We do not engage in automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. We may engage in profiling activities for marketing-related purposes. In particular, we may use automated means to process personal data collected via the Online Services and obtained from public resources such as company, university and publications websites to help us identify products and services that we believe you may be interested in, and help us deliver relevant advertisements to you. Data Subject Rights. Under the conditions set out under applicable law (i.e., the GDPR), you have the following rights:

Your Choices. You are not required to provide any personal data to visit Patheon, by Thermo Fisher Scientific Inc.’s website (www.patheon.com), but if you do not provide any personal data to visit Patheon, by Thermo Fisher Scientific Inc.’s website, you cannot use the Online Services. You can use the Online Services without consenting to cookies that are not strictly necessary or direct marketing emails; the only consequence is that the Online Services will be less tailored to you. Contact Us. For more information or to exercise your rights as described herein, please contact dataprivacy@thermofisher.com.

Thermo Fisher Scientific Group European Business Contacts Privacy Statement

Scope: This Privacy Statement is relevant to any individual located in the European Economic Area who shares their business contact information and other personal data with members of the Thermo Fisher Scientific corporate group for business purposes.

Last Updated: 25 May 2018 If you are in the European Economic Area and share your business contact information and other personal data with Patheon, by Thermo Fisher Scientific Inc. or any of its affiliates (“Thermo Fisher” or “we”), this Privacy Statement is issued to you by Thermo Fisher. Data Categories Collected. We may collect and process your contact information (e.g., name, email address, phone number and business address) and information about your business and its interactions with Thermo Fisher. We may collect personal data about you (namely, position, specialty and publications) from public resources such as company, university and publications websites. Processing Purposes. We may process your personal data to:

Legal Bases for the Processing. We rely on the following legal bases to process your personal data, as appropriate:

The specific legal bases on which we rely for each of the purposes for which we process your personal data are set forth below:

Processing PurposeLegal Basis
Authenticate your identity.Legitimate Interest Legal Basis to ensure that our actions are appropriate based on the person with whom we are speaking.
Assess and seek to address your comments, questions and requests.If your request or inquiry relates to a service you have ordered, registered for or otherwise contracted for, Contract Performance Legal Basis based on our Terms of Service or other applicable contract.If we are legally obligated to respond to your request or inquiry, Legal Obligation Legal Basis.In all other cases, Legitimate Interest Legal Basis as part of our commitment to provide you with good customer service.
Ask for your consent to provide you with marketing communications that are relevant to you.Legitimate Interest Legal Basis to determine whether we can inform you of relevant business opportunities.
Enter into a sale or service contract with you or your business; Perform our contractual obligations to you under any applicable contract; and Provide any requested technical services and support of products.Contract Performance Legal Basis.
Comply with any legal obligations that apply to us.Legal Obligation Legal Basis.
Review and analyze your interactions with us and any information about you obtained from public resources such as company, university or publications websites to complete our customer profile of you and better understand which Thermo Fisher products and services may be of interest to you.If the processing of your personal data is necessary for us to enhance the content and relevance of our marketing communications to you, Legitimate Interest Legal Basis based on these legitimate interests.In all other cases, we will obtain your consent and rely on the Consent Legal Basis.
Provide you with relevant marketing communications if you consent to receiving such communications.Consent Legal Basis.

Wherever we rely on the Consent Legal Basis, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal. Recipients. We may disclose the personal data you provide as necessary to our affiliates, divisions and groups worldwide and service providers, who act on our behalf and instructions to fulfill product orders, deliver services, and provide IT support. Personal Data Transfers outside of the EEA. Some recipients located outside of the EEA are located in countries for which the European Commission has issued adequacy decisions ( https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en ). In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (see Article 45 of the EU GDPR). Some recipients are located in countries for which the European Commission has not issued an adequacy decision in respect of the level of data protection there, including the U.S. (where the recipient is not Privacy Shield certified). By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by applicable law. You can ask for a copy of such appropriate data transfer agreements by contacting us as set out at the bottom of this notice. Data Retention. We generally retain personal data for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain personal data for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Data Subject Rights. Under the conditions set out under applicable law (i.e., the GDPR), you have the following rights:

Your Choices. Having a business relationship with us and receiving our marketing communications are voluntary. Please note that we cannot effectively do business with you or provide you with our marketing communications without processing some personal data about you such as your contact information. Profiling. We do not engage in automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. We may engage in profiling activities for marketing-related purposes. In particular, we may use automated means to process personal data collected directly from you or obtained from public resources such as company, university and publications websites to help us identify products and services that we believe you may be interested in, and help us deliver relevant advertisements to you. Contact Us. For more information or to exercise your rights as described herein, please contact dataprivacy@thermofisher.com.