By visiting our website, you are accepting the practices described in this Privacy Policy.

    1. Overview

      Lonza Group Ltd. and its Affiliates (collectively and individually, the “Lonza Group”) are concerned about its users and protection of their private information. Accordingly, Lonza Group has created this Privacy Policy (the “Policy”) that applies to the services offered by Lonza Group, including this website (the “Services”).

      You can find more details of Lonza Group and our Affiliates here www.lonza.com/investor-relations

      The purpose of this Privacy Policy (“Privacy Policy”) is to provide you with information about how Lonza Group collects, uses, shares, and safeguards the personal information it gathers. It also describes options you have concerning your personal information. In general, our processing of personal information is designed to improve the purchasing experience of our customers, to provide relevant information about our products, services, and promotions, to assist with recruitment, and for you when you contact us with your feedback, questions, comments and/or concerns. Lonza Group strongly encourages each of its website users to take the time and become familiar with this Privacy Policy. By accessing or visiting the Website, you indicate your understanding that the collection, use, and sharing of your information is subject to the terms of this Privacy Policy and our Terms of Use.

      This Privacy Policy describes the privacy practices of Lonza Group. Except as otherwise provided, it applies to our interactions with our customers and visitors, including, but not limited to:

      • Use of our websites, including mobile websites and applications
      • Visits to our stores/locations or attendance at one of our events
      • Phone and email communications
      • Social media interactions on our websites and other third party websites like Facebook, YouTube, Pinterest, Google+, Instagram and Twitter
      • Viewing our online advertisements or emails through our authorized service providers

       

      If Lonza Group desires to use a user’s Personal Information (as defined below) in a manner beyond those set out in this Privacy Policy, Lonza Group will usually try to provide you with notice and, where required under applicable data protection law, ask for your consent or give you the opportunity to “opt-out” of such purposes by using the means offered for a specific Service or by sending an email to . Sometimes it may not be possible to give you notice – for example where we have data which might be identifiable to an individual but where we do not have the means to identify you (such as an IP address or geo-location data). In some cases we may rely on another lawful way of processing your data which does not involve consent – for example where the processing is necessary for compliance with a legal obligation to which we are subject or where processing is necessary in order to protect the vital interests of you or someone else. You can find a full list of the other lawful bases we may rely on under GDPR in GDPR Art. 6.

      On our webpage there may be links to webpages, tools or services owned or offered by third parties. Third party providers may provide some services such as credit card, registration, payment or settlement services and, if used, such services may be subject to such third party provider’s privacy policies. This Privacy Policy does not apply to such webpages, tools or services and Lonza Group expressly disclaims any responsibility for them or for Personal Information provided by a user through them. Third parties that Lonza works with include the following with a link to their privacy policies: GoogleFacebookAkamai TechnologiesAmazonBizibleBrightcoveMicrosoftVara ResearchjQueryAcquisioEQS GroupLinkedInShareThisMarketoTwitterMedalia.

    2. Personal Information

      As described below, Lonza Group may collect the following categories of personal information (“PI” or “Personal Information”). We may add to the categories of personal information we collect. In that case, we will update this policy.

      • Identifiers. Examples include real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, or other similar identifiers.
      • Other elements. Examples include name, signature, characteristics or description, address, telephone number, education, employment, employment history, bank account number, credit card number.
      • Characteristics of protected classifications under applicable law. Examples include race, religion, and age.
      • Commercial information. This includes services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
      • Education information. This includes information that is not publicly available Personal Information as defined under applicable law.
      • Internet or other electronic network activity. Examples include browsing history, search history, your interaction with an internet website, application, or advertisement.
      • Geolocation data. This might include location information while using one of our apps.
      • Audio, electronic, visual, thermal, olfactory, or similar information. Examples of this category including identifiable information obtained about you while speaking with our customer service representatives on the telephone.
      • Professional or employment-related information.
      • Consumer profile. This includes inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, and behaviors.

       

      Of the categories of PI noted above we may share the following:

      Categories of Personal Information DisclosedCategories of Third Parties to Whom Disclosed

      Identifiers

      Other elements

      Characteristics of protected classifications under California or federal law.

      Commercial information

      Education information.

      Internet or other electronic network activity.

      Geolocation data.

      Audio, electronic, visual, thermal, olfactory, or similar information.

      Biometric Information

      Professional or employment-related information

      Consumer profile.

      • Third parties as directed by you. We will share your PI with those third parties to whom you direct. For example, if you decide to send one of our products as a gift, we may include your name.
      • Our business partners. For example, we might share your PI with one of our business partners for purposes of collaborating on providing services to you, or to invite you to an event we are organizing. These business partners should also have their own privacy statements that set out the manner in which they will collect, use, and disclose PI. Where applicable, we encourage you to review each such business partner’s privacy statement before signing on with them.
      • Third parties who perform services on our behalf. For example, we share information with certain service providers, including marketing companies, professional service providers, debt collectors, information technology providers, and data storage companies. We might also authorize our service providers to collect PI on our behalf.
      • Governmental entities, legal service providers. We may share your PI in order to comply with the law and in the course of providing our products and services. We may also disclose information if a government agency or investigatory body.
      • Successors to all or portions of our business. If all or part of our business is sold, we may disclose PI in preparation for or as part of that transaction.

      We do not sell your PI and do not have actual knowledge that we have sold personal information of minors under age 16.

      If you apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. [If applicable, to data transfers from the EEA to elsewhere: We may transfer your details outside of your home country and to other companies or locations in our group]. We will ask you to sign up to additional privacy terms if you apply for a job with us. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data and we will expect the employee to sign up to additional privacy terms as part of their employment. If you apply to work with us through a third party, such as a recruitment consultant, please also check their privacy policy before proceeding. We do not encourage unsolicited approaches either directly or from third parties – please do not send personal data to us unless the data subject has read and agrees to this Privacy Policy. We may retain details of candidates who may be of interest to us, either now or in the future, for up to one year. If you would not like us to do that please let us know. Additionally, if your circumstances change – for example you no longer wish to be considered by us for employment – please let us know that too. We may use third parties to consider potential hires. We may also use technology platforms to help us with the recruitment process, including Workday – please refer to their Privacy Policy. We may also verify details in your application and make what we consider to be reasonable and necessary background checks about you. These background checks may require a 3rd party to contact you and obtain information.

    3. Collecting Personal Information

      When a user creates a Lonza Group account, issues a request for information form or when the user orders products or accesses any of the Services, the user will be required to provide certain Personal Information.

      Lonza Group collects Personal Information that users provide to us on our websites, which may include:

      • Contact information – such as name, job title, company name, department, email address, physical mailing address and telephone number, as well as any other contact information provided in a contact form, registration or application process, during tradeshows or other events, or in connection with customer information Services;
      • Professional information – such as your employment background, job description and related information, testimonials, references, as well as any other information provided during a registration or application process;
      • Transaction information – such as your contact information, the products you are interested in, your purchasing requirements, your financial information including credit card or other payment information, purchase history, shopping cart information and information provided to customer service personnel or through customer service tools of Lonza Group;
      • Responses to surveys – information you provide in responding to a survey on the website, via an app or email, on the telephone or otherwise, including responses provided through third party survey services used by Lonza Group;

       

      While Lonza Group takes what we consider to be appropriate measures to provide accuracy in the handling of Personal Information, Lonza Group relies on its users to maintain correct Personal Information and to update this information as appropriate.

      In addition, when a user accesses Lonza Group’s website, the servers automatically record information provided by the user’s browser. Generally, this information is automatically provided by a user whenever a user accesses any website. This information, recorded in a server log, may include a user’s particular information (including, without limitation, IP address, browser software, language, date/time of access and other information and/or cookies that will uniquely identify a user’s computer and the Internet browser the user is using). Lonza Group may also collect Personal Information about a user in connection with the user’s use of the Services by using cookies on its website(s) as provided for in Lonza Group’s Cookies Policy.

      Additionally, whenever you send an email to Lonza Group, Lonza Group may retain that email so that Lonza Group can investigate and respond to your concerns. We may also use publicly accessible information to verify information we have been provided and to manage and expand our business.

    4. Processing and Use of Personal Information

      Personal Information collected through this website is utilized by Lonza Group only as set forth in this Privacy Policy and in order to fulfill your requests for products and services, to contact you, to conduct research, and to provide Services to users, including, without limitation, delivering enhanced Services and demonstrating functionality of the Services. Lonza Group may also use Personal Information submitted to send you information on products and promotions, provided that you have subscribed to Lonza Group’s news updates on any of its website(s). In particular, Lonza Group as well as its service providers, consultants and agents may use your Personal Information for the following purposes:

      • To process applications of candidates for open positions at Lonza Group;
      • To provide the information, services or support you request and related after-sales services;
      • To identify you, and to contact you from time to time with product or service updates;
      • To send other messages that are useful to the service we provide;
      • To manage our relationship with you and to carry out any related administration;
      • To promote our services, events, conferences, or the services, events, conferences of our partners, including by email, telephone and via social media platforms;
      • To compare information for accuracy, and verify it with third parties;
      • To detect, investigate and prevent activity we think may be potentially illegal, unlawful or harmful and to enforce our Privacy Policy and/or our terms or any other purpose referenced herein or therein;
      • To carry out research, including market research, statistical research on website traffic, sales and other commercial information to assist us in improving the services we provide to you and tailor the website(s).

       

      In case a user explicitly consented that we use, in accordance with this Privacy Policy, Personal Information the user provided to us when registering on our website or when issuing a request for information form, such Personal Information may be associated with information we obtained by using certain cookies as provided for in the Cookies Policy in more detail. This applies to cookies we use in order to coordinate the site functionality, performance related cookies, cookies used for advertising purposes and our lead generation process or when the user checked a consent box on any of Lonza Group’s websites. In the event a user does not wish that we use its Personal Information in this way, the user may withdraw consent at any time with effect for the future by contacting Lonza Group as set out in Section 12 below.

      Lonza Group takes seriously the handling of a user’s Personal Information. Therefore, Lonza Group will only share a user’s Personal Information under limited scenarios. Those scenarios include sharing it: (i) in accordance with this Privacy Policy; (ii) with a user’s consent; (iii) within the Lonza Group of companies for the purposes set forth in this Privacy Policy; (v) with Lonza Group’s third party services providers, consultants or agents for the purposes set forth in this Privacy Policy; (vi) when required by law or public policy; (vii) in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests, or (viii) when it seeks to enforce its terms and conditions.

      You may have accessed our website(s) through a hyperlink from the website of one of our trading partners. If so, you consent to your personal details and purchase information, including behavioral patterns, being shared with that trading partner in accordance with our contractual relationship with them.

      Lonza Group may, from time-to-time, share with third parties information that contains non-Personal Information. If you have asked us to share data with third party websites (such as social media sites), their servers may not be secure. Note also that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may unlawfully intercept or access private transmissions or data.

      If any part of the Lonza Group is sold, or some of its assets transferred to a third party, your Personal Information, as a valuable asset, may also be transferred to the acquirer, even if they are not in the same line of business as us. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts. Potential purchasers and their advisors may have access to data as part of the sale process. However, use of your personal information will remain subject to this Privacy Policy. Similarly, your Personal Information may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.

      Please remember that when you share information publicly on a Lonza Group website, for example a comment on a blog post, it may be indexable by search engines, including Google, which may mean that the information is made public.

    5. Security and Data Retention

      Lonza Group takes what we consider to be reasonable technical and organizational measures to guard against unauthorized or unlawful processing of your Personal Information and against accidental loss or destruction of, or damage to your Personal Information. While no system is completely secure, we believe the measures implemented by the website reduce Lonza Group’s vulnerability to security problems to a level appropriate to the type of data involved. We have security measures in place which are designed to protect our user database and access to this database is restricted internally. In an effort to ensure the security and confidentiality of Personal Information that Lonza Group collects online, we use data networks protected by firewalls and passwords. In the course of handling your Personal Information, Lonza Group takes measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction.

      However, it remains your responsibility:

      • Where you have a user account for the Lonza Group website:
      • To log off or exit from the website when not using it;
      • To ensure no-one else uses the website while your device is logged on to the website (including by logging on to your device through a mobile, Wi-Fi or shared access connection you are using);
      • To keep your password or other access information secret. Your password and log in details are personal to you and should not be given to anyone else or used to provide shared access for example over a network. You should use a password which is unique to your use of the website – do not use the same password as you use for another website or email account; and,
      • To maintain good internet security. For example if your email account or Facebook account is compromised, this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised, it could be used to ask us to reset a password and gain access to your account with us. You should keep all of your account details secure. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.

       

      Lonza Group does not sell, rent or trade any of your Personal Information to third parties without your consent except as outlined in this Privacy Policy. Personal Information is not transferred to third parties unless provided for otherwise in this Privacy Policy. Lonza Group may store Personal Information with a third party in encrypted form on secure servers.

      For the purpose of sending e-mailings to you provided that you have subscribed to Lonza Group’s news updates on the website, Lonza Group may give your name and email address to agencies appointed by Lonza Group. These agencies are not authorized to store and/or use your Personal Information for any other purposes than for the sending of e-mailings on behalf of Lonza Group.

      We will retain your Personal Information for as long as we think it necessary for processing purposes for which they were collected, processed and/or used and any other associated purposes (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). Therefore, if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. We restrict access to your Personal Information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your Personal Information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.

    6. Personal Information of Children

      Without a parent’s or guardian’s consent, no Personal Information should be submitted to our website by children. Lonza Group will not knowingly collect or use Personal Information from children under the age of sixteen (16) years.

    7. Your Rights

      If you have given permission, we may contact you by mail, telephone, SMS, text/picture/video message, fax, or email about products, services, promotions, special offers, events, webcasts, conferences and charitable causes that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time.

      In addition, to the extent permitted by the laws of your country, you may have the right to object to the processing of your Personal Information for direct marketing purposes. If your objection is not to direct marketing in general, but to direct marketing by a particular channel e.g. email or telephone, please specify the channel you are objecting to.

      Further, to the extent permitted by the laws of your country, you may also have the right to access, correct, delete, restrict, be forgotten, or object to processing of, or request data portability of the Personal Information collected about you subject to some conditions and exceptions.

      You can find out more about these rights in the EU by reading the General Data Protection Regulation. You can find out more about these rights in the UK (and about UK GDPR) by visiting the Information Commissioner’s website.

      If you wish to inquire about any of this please send an email to .

      You may also have the right to lodge a complaint with a data protection regulator.

    8. Cookies

      We use cookies on the websites as described in our Cookie Policy. You may choose to not accept cookies through our cookies consent mechanism or otherwise disable them by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Please refer to our Cookie Policy for the cookie names, sources, purposes and other related information.

    9. Export of Personal Data from the EEA, UK or Switzerland

      Personal information collected in the territory of the European Economic Area (EEA), UK or Switzerland may be accessed in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA), UK or Switzerland in which data protection laws may be of a lower standard. Certain countries outside the EEA have been approved by the European Commission and/or the UK as providing essentially equivalent protections to EEA/UK data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals, (see the full list for the EU here and the list for the UK here). We will transfer Personal Information out of the EEA only subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities. Similarly for transfer outside of the UK we will transfer Personal Information out of the UK only subject to approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

      All Lonza Group companies may be granted access to Personal Information collected by any of the Lonza Group companies for the purposes set forth in this Privacy Policy. If required for the provision of the Services and subject to the limited purposes set forth herein, Lonza Group may share your Personal Information with third party services provider, consultants or agents. Where Lonza Group companies or third party services provider, consultants or agents are located outside of the EEA/UK/Switzerland or an approved third country, any transfer of Personal Information will be subject to the conditions set forth above.

    10. Google Analytics – Statement

      Lonza Group websites uses Google Analytics, a web analytics service provided by Google, Inc. of Mountain View, California, United States (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the websites analyze how users use such sites. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Lonza Group also uses various Google services including Google Maps to give directions to our offices and YouTube to show videos. Google may aggregate data from our websites with other data that they hold about you. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information, please visit Google’s privacy page.

    11. Modifications to the Privacy Policy

      Lonza Group reserves the right to change its Privacy Policy at any time. Lonza Group encourages all users to bookmark this page and check it occasionally for updates. The current version of this Privacy Policy can always be found at the end of the document. Lonza Group will endeavor to maintain all prior versions of this Privacy Policy.

    12. Compliance

      Lonza Group will perform random self-audits in order to review its compliance with the Privacy Policy. Should you have any questions regarding this Privacy Policy and Lonza Group’s use and/or treatment of a user’s Personal Information contact Lonza Group at .

      Upon receipt of an inquiry or complaint, Lonza Group will contact the user regarding the inquiry or complaint and take what we consider to be appropriate measures to address the user’s concerns.

    13. Contact

      The Lonza Group company operating this website is the data controller of your Personal Information processed by us under this Privacy Policy. If you have any additional questions or concerns about this Privacy Policy, please feel free to contact us any time at .

    14. For California Residents

      This section of the Privacy Policy(«CA Policy») supplements and amends the information contained in our Privacy Policy with respect to California residents. This CA Policy applies solely to individuals, visitors, users, and others who are natural persons and residents of the State of California (“consumers” or “you”). THIS ADDENDUM TO THE PRIVACY POLICY DOES NOT APPLY TO USERS WHO ARE NOT NATURAL PERSONS AND NOT CALIFORNIA RESIDENTS.

      The CA Policy describes Lonza Group’s policies and practices regarding the personal information we collect, use, and disclose about you, including personal information you submit or we obtain when you access the Site and other sources. This CA Policy is adopted in part to comply with the California Consumer Privacy Act (“CCPA”).

      Any terms defined within the CCPA have the same meaning when utilized within this CA Policy. The other provisions of the Privacy Policy continue to apply except as modified in this CA Policy. Note, however, that personal information as used in this CA Policy does not include:

      • Publicly available information from government records.
      • De-identified or aggregated consumer information.
      • Information excluded from the CCPA’s scope, such as personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

       

      Consumer Rights. Pursuant to the CCPA, and as detailed below, consumers have various rights with respect to their PI.

        • Request to Delete. You have the right to request that we delete your PI from our records and direct any service providers to delete your PI from their records, subject to certain exceptions. Upon receipt of a confirmed verifiable consumer request (see below), and as required by the CCPA, we will delete and direct any service providers to delete your personal information from our records.

          Lonza Group is not required to comply with your request to delete your PI if it is necessary for us (or its service provider) to maintain your PI in order to:

          1. Complete the transaction for which the PI was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between Lonza Group and you.
          2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
          3. Debug to identify and repair errors that impair existing intended functionality.
          4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
          5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
          6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Lonza Group’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
          7. To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Lonza Group.
          8. Comply with a legal obligation.
          9. Otherwise use your PI, internally, in a lawful manner that is compatible with the context in which you provided the information.

          Upon receipt of a confirmed verifiable consumer request (see below), and as required by the CCPA, we will provide a response to such requests.

          If you are under the age of 18, and a registered user of any Site where this CA Policy is posted, California law permits you to request and obtain removal of content or information you have publicly posted. You may submit your request using the contact information in the Privacy Policy. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

        • Request to Know. You have the right to request that we disclose the following to you as it relates to the 12-month period preceding its receipt of your verifiable consumer request:
          1. The categories of PI we have collected about you.
          2. The categories of sources from which the PI was collected.
          3. The business or commercial purpose for collecting PI.
          4. The categories of PI we disclosed for a business purpose.
          5. The categories of third parties with whom we share PI.
          6. The specific pieces of PI we collected about you.

          Upon receipt of a verifiable consumer request (see below), and as required by the CCPA, we will provide a response to such requests.

        • Non-discrimination. We will not discriminate against you in violation of the CCPA for exercising any of your CCPA rights. For example, we generally will not provide you a different level or quality of goods or services if you exercise your rights under the CCPA.

        • Submitting Consumer Rights Requests. To submit any of the Consumer Rights requests as outlined above, please contact us at  . We reserve the right to only respond to verifiable consumer requests. A verifiable consumer request is one made by any individual who is:
          1. the consumer who is the subject of the request,
          2. a consumer on behalf of the consumer’s minor child, or
          3. by a natural person or person registered with the Secretary of State authorized to act on behalf of a consumer.

      If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the consumer. In general, we may ask you to provide identifying information that we already maintain about you or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive PI to verify your identity. We may not be able to respond to your request or provide you with PI if we cannot verify your identity or authority to make the request and confirm the PI relates to you. However, making a verifiable consumer request does not require you to create an account with us. Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond. PI collected from an individual to determine whether a request is a verifiable consumer request may not be used or disclosed for any other purpose except as required by law. We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

      If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. To the extent permitted by the CCPA, we will respond to no more than two requests during any 12-month period.

      You may authorize a natural person or a business registered with the California Secretary of State to act on your behalf with respect to the right under this CA Policy. When you submit a Request to Know or a Request to Delete, unless you have provided the authorized agent with a qualifying power of attorney, you must provide your authorized agent written permission (signed by you) to act on your behalf and verify the authorized agent’s identity with us. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

Questions. If you have questions about this CA Policy, please contact us as described above in the Privacy Policy.

    1. For PRC Residents

This section of the Privacy Policy(«PRC Policy») supplements and amends the information contained in our Privacy Policy with respect to PRC residents. This PRC Policy applies solely to individuals, visitors, users, and others who are natural persons and residents of the People’s Republic of China (“consumers” or “you”). THIS ADDENDUM TO THE PRIVACY POLICY DOES NOT APPLY TO USERS WHO ARE NOT NATURAL PERSONS AND NOT PRC RESIDENTS.

The PRC Policy describes Lonza Group’s policies and practices regarding the personal information we collect, use, and disclose about you, including personal information you submit or we obtain when you access the Site and other sources. This PRC Policy is adopted in part to comply with the Personal Information Protection Law of PRC (“PIPL”).

Any terms defined within the PIPL have the same meaning when utilized within this PRC Policy. The other provisions of the Privacy Policy continue to apply except as modified in this PRC Policy. Note, however, that personal information as used in this PRC Policy does not include de-identified information:

Consumer Rights. Unless otherwise regulated in other laws and regulations, pursuant to Chapter 4 of the PIPL, consumers have below rights with respect to their PI.

      • Right to Know and decision
      • Request to Review, Copy his/her PI, except as described in Art. 18 and 35 of the PIPL
      • Request to Rectify. You have the right to request we rectify your PI where you found it is not accurate.
      • Request to Know. You have the right to request us to explain our data processing rules.
      • Request to Delete. You have the right to request that we delete your PI from our records and direct any service providers to delete your PI from their records, subject to certain exceptions. Upon receipt of a confirmed verifiable consumer request (see below), and as required by the PIPL, we will delete and direct any service providers to delete your personal information from our records.

        Lonza Group may not be able to comply with your request to delete your PI under the circumstances as described below, under which Lonza Group shall stop all data processing except data storage and necessary data protection actions:

        1. Within the archive term required by relevant laws or administrative regulations.
        2. Technically impossible to delete such PI.

Upon receipt of a confirmed verifiable consumer request (see below), and as required by the PIPL, we will provide a response to such requests.

Submitting Consumer Rights Requests. To submit any of the Consumer Rights requests as outlined above, please contact us at . We reserve the right to only respond to verifiable consumer requests. A verifiable consumer request is one made by any individual who is:

      1. the consumer who is the subject of the request,
      2. a consumer on behalf of the consumer’s minor child, or
      3. by a natural person authorized to act on behalf of a consumer.

If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the consumer. In general, we may ask you to provide identifying information that we already maintain about you or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive PI to verify your identity. We may not be able to respond to your request or provide you with PI if we not verify your identity or authority to make the request and confirm the PI relates to you. However, making a verifiable consumer request does not require you to create an account with us. Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond. PI collected from an individual to determine whether a request is a verifiable consumer request may not be used or disclosed for any other purpose except as required by law. We will endeavour to respond to a verifiable consumer request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your verifiable consumer request. The response we provide will also explain the reasons we not comply with a request, if applicable. To the extent permitted by the PIPL, we will respond to no more than two requests during any 12-month period.

You may authorize a natural person to act on your behalf with respect to the right under this Policy. When you submit a Request to Know, Request to Rectify or a Request to Delete, unless you have provided the authorized agent with a qualifying power of attorney, you must provide your authorized agent written permission (signed by you) to act on your behalf and verify the authorized agent’s identity with us. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

Exemption of individual consent. According to Section13 of the PIPL, individual consent is not required under below circumstances:

      1. where it is necessary for the conclusion or performance of a contract to which the individual concerned is a party, or for the implementation of human resources management in accordance with the labor rules and regulations formulated in accordance with the law and the collective contract concluded in accordance with the law;
      2. where it is necessary for the performance of statutory duties or statutory obligations;
      3. where it is necessary for the response to a public health emergency or for the protection of the life, health and property safety of a natural person;
      4. where such acts as news reporting and supervision by public opinions are carried out for the public interest, and the processing of personal information is within a reasonable scope;
      5. where it is necessary to process the personal information disclosed by the individual concerned or other personal information that has been legally disclosed within a reasonable scope in accordance with the provisions of this Law; and
      6. other circumstances prescribed by laws and administrative regulations

Export of Personal Data from PRC. Personal information collected in the territory of the PRC may be accessed in, transferred to, and/or stored at, a destination outside the PRC in which data protection laws may be of a higher or lower standard. We shall, in the territory of PRC, perform the standard no lower than such required by laws of PRC.

Questions. If you have questions about this PRC Policy, please contact us as described above in the Privacy Policy.

Last update: June 19, 2023