PRIVACY POLICY

1. SCOPE OF THE PRIVACY POLICY

Astera Pharmaceuticals Ltd. (We) are committed to protecting your privacy. It is important that you understand how we look after your personal data so that we meet our legal obligations to you under the applicable data protection regime (the “Data Protection“), including, but not limited to, the General Data Protection Regulation (GDPR) This privacy policy outlines how We will use, store and share your personal data, and supplements any other fair processing or privacy notices provided to you.

This policy applies to any personal data that we collect about you when:

  • you visit our websites or apps, including: https://asterainfo.com/.
  • you voluntarily provide such personal data when registering with us.
  • you voluntarily submit personal data to us using the forms and requisitions including those which are on our websites or apps.
  • you submit personal data to us when you interact with us in the course of your official dealing with us, including in person, by email, by phone or through social media; or
  • third parties legally provide us with such personal data, as described in section 5.C below.

2. WHO ARE WE?

In this privacy policy, the terms “we“, “our“, and “us” are used to refer to Astera Pharmaceutical Limited, a Company registered under the Company’s Act having its registered office Near Sola Bridge, SG Highway, Thaltej, Ahmedabad – 380054.
We are a controller of your personal information which means that we are responsible for protecting it and We will use your personal data fairly, reasonably, lawfully and in a transparent manner in accordance with the applicable Data Protection Laws.

3. HOW WILL WE USE YOUR PERSONAL DATA?

We only process and handle your personal data, disclose and provided by you as described in this Privacy Policy or in other fair processing or privacy notices provided to you. We reserve the right to
conduct additional processing to the extent permitted or required by law and inform you accordingly.

4. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

The types of personal data we collect depends on the interactions you have with us, but mainly these may include:

  • name and contact data (including your name, postal address, telephone number, e-mail address andother similar contact data).
  • data in order to satisfy identification requirements under the applicable regulatory requirement when exercising any of your rights under Data Protection Laws (including your passport, Aadhaar Card, PAN Card, photo driving license or similar card which refers and identifies you);
  • financial data when receiving payments from us, making payments to us, or making or requesting donations/sponsorships.
  • demographic data (including data such as your age, gender and country of residence) when informingus of an adverse event, making a quality complaint or submitting a medical query to us, or when sending your CV or submitting a job application to us; health related and physical condition data, when informing us on an adverse event.
  • your academic and professional background data including any accreditations, recognitions, authentication or certification while sending your CV or submitting a job application to us or when your CV is provided to us for quality assurance purposes; and also includes any requisition form or information memorandum submitted by you in the course of dealing with us.
  • background and other checks: details revealed by background checks, as well as details revealed by criminal record checks and criminal conviction data as lawfully requested when submitting a job application to us and expressly authorized by applicable laws.
  • information about your physical visits or presence to our premises, including your name, contact details, images and other identity details taken when accessing our premise and /or in CCTV footage; including those which are captured, stored during any virtual interaction.
  • information about your calls to our customer service team, including a recording of such calls.
  • information about your participation in an Astera advisory board meeting, including a recording of the discussions taking place during the advisory board meeting.
  • information about your provision of consultancy services, occupation or other professional services, including a recording of the advice provided to us.
  • information about you obtained at a meeting with you, or at an event such as a conference, exhibition or official forums and platforms or gatherings, including those hosted by third parties or managed by third parties on our behalf, including the capture of your image in a photograph or video footage taken at our stand or elsewhere within the event for promotional purposes;
  • information about you in the context of any merger, consolidation, buy-out or acquisition transaction concerning our business;
  • website or app usage data (including how you and your device interacts with our websites or apps); and/or
  • where applicable, including for applicants in India:
    • immigration status details including details of your nationality and immigration and includingcopies of your passport, biometric residence permit and other immigration documents; and/or
    • other personal data required as part of immigration applications, including immigration history.

Each time you visit our websites or apps we may also collect information and personal data about your computer for system administration including, where available, your IP address, operating system and browser type. We do this to help us identify returning visitors, enable visitors to move more easily around our websites or apps, and to assist in building up an anonymous profile based on visitor’s browsing patterns across the sites. Please see our Cookie Policy for further information about what information may be automatically collected when you visit our websites or apps.

Special Categories of Personal Data

Data Protection Laws define certain personal data as ‘special categories of personal data’ such as personal data regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning your health (including mental and physical health), or data concerning your sex life or sexual orientation.

Exceptionally, we may sometimes ask you for some special category personal data or you may voluntarily give such personal data, such as health-related and racial data, when informing us of an adverse event, making a quality complaint or submitting a medical query to us, using our patient support apps, sending your CV or submitting your job application to us or otherwise participating in any of our recruitment processes for the purposes described in section 6 below, and only when this processing activity is expressly authorized by local laws.

Suitability for employment will be evaluated based on you meeting with the criteria fixed by us. Please note that you are not required to provide special category data when submitting a job application to us. If you do so voluntarily and the processing of such data is expressly authorized by applicable laws, we will use it for: (a) statistical reporting requirements; and/or (b) in case of disability, for any required work place adjustments and/or to comply with applicable laws.

Criminal Conviction Data

Exceptionally, we may sometimes ask you for some criminal conviction data, when submitting your requisition, enquiry including job application to us, when submitting immigration applications, or otherwise participating in any of our recruitment processes, for the purposes described in section 6 below, and only when this processing activity is expressly authorized by applicable laws.

5. WHERE DO WE GET THIS INFORMATION FROM?

We collect some of your information directly from you, either through information that you give to us or information that we collect during your interaction with us, visits to our websites or apps or
through your communications with us, physical as well as virtual. We also obtain some information from other third parties, including the ones described in sub-section C below.


Please note that we may combine personal data we receive from other sources with personal data you give to us and personal data we collect about you.


A. When do you give us information about you?

You may share personal data about yourself and your circumstances by:

  • filling in forms including those which are on our websites, registering to use our websites, and continuing to use our websites; exercising one of your rights under Data Protection Laws.
  • reporting an adverse event, making a quality complaint or submitting a medical query to us
  • providing your business card to us;
  • providing or taking services to us;
  • signing in at reception on one of our identified premises;
  • submitting a job application or sending your CV to us;
  • making payments to us or receiving payments from us;
  • making or requesting donations/sponsorships or grants;
  • giving us information about yourself in any communications with us either by telephone, email, post,through our websites/apps or otherwise;
  • negotiating, entering into and maintaining a commercial agreement with us; and/or
  • eventually purchasing or supplying a product directly from us.

You are not obliged to provide your personal data to us. However, if you do not provide your personal data to us, we may not be able to provide services to you, respond to your queries, allow you onto our premises, process your job application or otherwise contact you.

B. When do we collect information about you?

We may collect personal data about you:

  • when you visit our websites or apps, including details of your visits, such as Internet Protocol (IP) address used to connect your computer to the internet, MAC addresses, traffic data, location data, your login information, time-zone setting browser type and version, browser plug-in types and versions, operating system and platform, weblogs, cookies and other communication data, and the resources that you access. For more information please see our Cookie Policy; when you visit our premises, including your image in CCTV footage;
  • when calling our customer service team, including a recording ofsuch calls; when you participate in any meeting, forum, gathering, workshops, seminars taking place during the advisory board meeting
  • when you provide any professional or consultancy servicesincluding a recording of the advice provided to us; and/or
  • when attending an eventsuch as a meeting, forum, gathering, workshops, seminars, including events hosted by third parties or managed by third parties on our behalf.

C. From which third parties do we receive information about you?

We may receive personal data about you from other third parties, including from:

  • your work colleagues, when giving to us your contact details for business purposes;
  • A third party when reporting an adverse event, making a quality complaint or submitting a medical query to us on your behalf;
  • your authorized representative (such as your proxy, parent or legal guardian);
  • providers of contact information, which provide legal contacts databases;
  • government agencies, which provide publicly accessible information;
  • Statutory or other official bodies (including Visas and Immigration offices
  • recruitment agencies/organizations;
  • our external salesforce;
  • third party due diligence providers;
  • CCTV systems providers;
  • your current company, within the context of a M&A transaction or when providing a service to us;and/or
  • your previous employer, or similar, where we request references if you are applying for a job with us and we have your freely given consent to do so.

6. WHY DO WE NEED YOUR PERSONAL DATA?

We may use the personal data we collect for the following purposes:

  • to communicate with you regarding any requests or queries you may submit;
  • to monitor, track and respond to medical/health queries, quality complaints and adverse events;
  • to negotiate, enter into and manage commercial agreements with you or the organization that yourepresent, including ordinary business transactions and M&A transactions;
  • to meet contractual, legal, regulatory and compliance requirements;
  • to ensure that you, your organization, our employees or us comply with applicable laws, our code of conduct and our related internal policies;
  • to ensure that you are the authorized representative (such as a proxy, parent or legal guardian) of a third party when you are interacting with us on his/her behalf;
  • to administer our websites, patientsupport apps and to provide customer services;
  • to handle complaints, train our employees and to improve our quality and service standards;
  • to enable you to visit our premises, including for the purposes of site security, the protection ofproduct and business confidentiality, environmental and health and safety;
  • to establish, exercise or defend legal claims;
  • to process your job application;
  • to promote Astera’s presence or participation in an event;
  • to make a payment to you and/or receive a payment from you;
  • to analyze the use of our websites or apps;
  • for applicants in India:
    • checking you are legally entitled to work in the India;
    • submitting immigration applications on your behalf or assisting you with applications andapplying for and issuing certificates of sponsorship;
    • complying with our obligations as a Tier 2 sponsor, including in relation to retaining records of the recruitment process and details of applicants who applied for the role;
    • carrying out background checks;
    • complying with our legal or regulatory requirements; and/or
  • other purposes that we have communicated to you.

Special Categories of Personal Data

We will use your special category personal data described in section 4 above for the purposes of advising or otherwise communicating with you regarding any queries or reports you may submit and/or
monitoring, tracking and responding to medical/health queries, quality complaints, adverse event reports, to comply with our legal, regulatory or compliance obligations and /or managing your job application. The legal basis of this processing is described in section 7 below.

For applicants in India, we will also use data about your race or national or ethnic origin as well as data relating to your immigration history, passport and biometric residence permit and other immigration documentation when carrying out right to work checks (including checks using the Employer Checking Service), retaining immigration documents, applying for and assigning certificates of sponsorship, and submitting immigration applications.

Criminal Conviction Data

We will only collect criminal conviction data to the extent permitted under the applicable law. and where it is appropriate to do so given the nature of the role.

7. WHICH IS THE LEGAL BASIS FOR USING YOUR DATA?

A. Necessary for the entry into or performance of a contract

When you enter into a transaction with us, a contract between you and us will have been formed. In order for us to negotiate, enter into and fulfil our obligations under such contract (e.g. to allow
you to place an order for goods or services), we may need to collect, process and share (as further detailed below) your personal information. Please contact astera@intaspharma.com for further information.

B. Legitimate business interests

We may use your personal data (excluding special categories of personal data) as set out in this privacy policy where necessary for the legitimate interests of our business to enable us to:

  • provide your organization with products and services as requested by your organization;
  • respond to your claims or queries.
  • carry out research to understand our customers and how they use our products and services;
  • develop and improve our products and services provided to you or your organization and to our other customers
  • assess potential transactions with your organization;
  • enforce or apply the rights of your organization or our rights under any contract between yourorganization and us;
  • monitor staff performance, train staff and improve our processes;
  • ensure health and safety at our premises and that any related processes are effective;
  • ensure that you, your organization, our employees or us comply with applicable laws, our code of conduct and our related internal policies;
  • ensure the security of our premises and that any related processes are effective;
  • ensure high standards of quality and safety of our products;
  • support processes and procedures to assist with the prevention and detection of crime or other unlawful activity;
  • establish, exercise or defend legal claims; and/or
  • showcase our participation in certain events to pharma industry third parties via other events, socialmedia or our websites.

As indicated below, we may also pass your personal data to members of our company group (to see a full list of such group companies, please click here) and other third parties where necessary for our legitimate business interests.

We are required to carry out a balancing test of our legitimate business interests in using your personal dataoutlined above against your interests and rights under the Data Protection Laws. As a
result of our balancingtest, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that this is necessary for our legitimate business interests.

Legitimate interest: We have a legitimate interest in processing your information as:

  • you or your organization benefits from the provision of our products and services;
  • we record customer services calls to monitor staff performance, train staff, and improve ourprocesses;
  • we need to assess potential transactions with your organization;
  • your organization and us will both benefitfrom the ability to enforce or apply rights under any contract between us;
  • we are required to ensure health and safety at our premises and have a legitimate interest in ensuring any processes are effective;
  • we need to ensure that you, your organization, our employees or us comply with applicable laws, ourcode of conduct and our related internal policies;
  • we need to ensure the security of our premises and have a legitimate interest in ensuring any processes are effective;
  • we are required to ensure high standards of quality and safety of our products,
  • we have in place procedures to assist with the prevention and detection of crime or other unlawful activity;
  • we would be unable to provide our goods and/or services to your organization without processingyour information;
  • it is not otherwise possible for us to establish, exercise or defend legal claims;
  • to be able to showcase our participation in certain events to pharma industry third parties via otherevents, social media or our websites; and/or
  • it is not otherwise possible for us to respond to your claims or queries.

Necessity: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary to achieve the purposes outlined in this privacy policy.

Impact of processing: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as such processing of your personal data does not unreasonably intrude on your privacy.

C. Consent

We may use your personal data as set out in this privacy policy where you have given your consent to us.

Notwithstanding the foregoing, please note that in accordance with applicable law we may, on occasion, send you marketing messages by email and post about us, our products, and services and our events and offers without your consent , where you or your organization have purchased similar goods or services from us and you have not unsubscribed.

You have the right to withdraw your consent to processing of this nature at any time using the details at thebeginning of this privacy policy.

D. Compliance with a legal obligation

We may also use your personal data as set out in this privacy policy when such processing is necessary for complying with a legal obligation to which we are subject, such as our pharmacovigilance and tax obligations, and responding to subject access requests or notifying personal data breachesto the supervisory authorities. Please contact astera@intaspharma.com for further information on which law imposes us a legal obligation to use your personal data.

Special Categories of Personal Data and Criminal Conviction Data

We may also use your special category personal data and criminal conviction data for the purposes described in section 6 above when processing is necessary for complying with a legal obligation to which we are subject, such as our pharmacovigilance and employment obligations, or where otherwise allowed by applicable Law.

8. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

A. Group Companies

We may share your information with our Group Companies and other members of our group of companies (located in India or elsewhere around the world and listed in the link below) but only for the purposesspecified in this privacy policy and only when it is necessary to perform a contract with you or your organization, to comply with a legal obligation or it is necessary in our legitimate interests. To see a full list of such companies, please click here. In particular:

  • for internal reporting purposes;
  • compliance purposes;
  • within the context of an M&A transaction;
  • for the provision of intra-group quality assurance services;
  • for the provision of intra-group financial services;
  • for the provision of intra-group legal services;
  • for the provision of intra-group recruiting services;
  • for the provision of intra-group IT services.
  • For the provision of intra-group other services

B. Third-party services providers

We (and the members of our group of companies) may also disclose your personal data to carefully selected third-party service providers who provide services such as:

  • data security, website hosting, cloud hosting, storage solutions, software as a service (SaaS) and other IT services;
  • pharmacovigilance and medical queries handling services;
  • legal, regulatory, tax and recruitmentservices;
  • translation, legalization and notarization services;
  • customer relationship management (CRM) services;
  • external salesforce services; and
  • access control and security services.

We will only share your information with these suppliers where this is necessary for them to provide us withthe services we need. We do not share your information with third parties for marketing purposes.

Please contact astera@intaspharma.com for further information

C. Legal and regulatory requirements

We may also disclose your personal data as required by applicable law, including laws outside your country of residence, to comply with a court order or to comply with other legal or regulatory
requirements, for example, to the relevant agencies responsible for the supervision and safety monitoring of medicines, data protection supervisory authorities or tax authorities.

D. Transfers outside of the Country of your residence

The information which we collect about you may be transferred outside the Country of your residence as detailed in sections A, B and C above.

We and the members of our group of companies adopt appropriate security measures to prevent unauthorized and unlawful use of personal data. Furthermore, such transfers are usually supported by contractual commitments between such group entities and/or third parties to ensure that the relevant technical and organizational and other safeguards required by the applicable Laws have been put in place.

For further information on transfers outside of the Country of your residence and/or specific safeguard methods adopted, please contact astera@intaspharma.com.

9. HOW LONG DO WE KEEP IT FOR?

We will keep your personal data for as long as required:

  • to prove compliance with applicable laws or as required by applicable laws, regulations, government agencies and other public authorities
  • to maintain your account;
  • to determine whether to enter into a commercial relationship with you or an organization and tomaintain such relationship;
  • to maintain a business relationship with you or your organization;
  • for the provision of services to us or by us;
  • to answer your queries;
  • to allow us to bring or defend legal proceedings;

10. SECURITY OF YOUR PERSONAL DATA

When handling your personal data, we take appropriate measures reasonably designed to protect your information from unauthorized access, loss, misuse, disclosure, alteration or destruction. Unfortunately, thetransmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites or apps; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

11. SOLE TRADERS, PARTNERSHIPS AND BUSINESSES

Where we provide products and/orservices to or for a sole trader, partnership or business that you represent or by whom you are employed /contracted and this involves the collection and use of
your personal data by us, this will be done in accordance with the relevant parts of this privacy policy.

12. THIRD PARTY AND SOCIAL MEDIA WEBSITES AND APPS

Our websites and apps may, from time to time, contain links to and from the websites and/or apps of third parties. If you follow a link to any of these websites or apps, please note that these websites and apps havetheir own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites and apps.

13. MERGER, SALE, OR OTHER ASSET TRANSFERS

If we are involved in a reorganization, acquisition, asset sale, merger, financing, transition of services to another provider, due diligence, bankruptcy or receivership, your information may be
disclosed and transferred in connection with and as part of such a transaction as permitted by law and/or contract.

14. CHANGES TO THIS PRIVACY POLICY

We will take reasonable measures to communicate and update any changes on privacy policies on this page.

This policy is updated in June 2024.