We take your privacy very seriously at Biotech United. This Privacy Policy provides important information regarding our data practices, including how and why we collect, use, disclose, share, store, and retain your personal information. It also outlines your rights in relation to your personal information, and how you can contact us or relevant supervisory authorities if you have any concerns or requests.

As a company dedicated to connecting top talent with biotech and biopharma employers, we collect and manage personal information for the purpose of offering tailored hiring services. This privacy policy applies to all individuals who interact with Biotech United, whether as job seekers (talent), employers (clients), or other users.

We are subject to data protection laws that apply in regions where we operate:

• For users in the European Economic Area (EEA), we are governed by the EU General Data Protection Regulation (GDPR), which regulates how personal data is processed and provides individuals with specific rights.
• For users based in California, we adhere to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), which ensures enhanced privacy protections for residents of California.
• In both cases, we act as a "controller" of personal information under the GDPR, and as a "business" under the CCPA/CPRA.

1. Key Terms

Term	Definition
We, us, our	Biotech United LLC, including any of our group companies, subsidiaries, or affiliated entities involved in providing our platform services.
Our representative	John Gibson, jlgibson@gtlg.net, +1 770-851-8497
Our Data Protection Officer	John Gibson, jlgibson@gtlg.net, +1 770-851-8497
Personal information	Any information relating to an identified or identifiable individual.
Special category personal information	Sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic and biometric data; and data concerning health, sex life, or sexual orientation. Biotech United does not actively collect or process special category data unless explicitly provided for specific roles that require such information for hiring or employment purposes.
Sensitive Personal Information	Personal data that includes social security numbers, driver's license and passport numbers, financial account information, geolocation data, racial or ethnic origin, religious beliefs, or union membership. Biotech United does not process sensitive personal information unless necessary for compliance with applicable laws or to provide specific services within the hiring process.
Biometric Information	Biometric data includes physiological or behavioral characteristics, such as fingerprints, facial recognition, voiceprints, and other personal biological or behavioral data. Biotech United does not collect or process biometric data.

2. Personal Information We Collect About You

We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

Categories of Personal Information	Specific Types Collected
Identifiers	Name, email address, phone number, account name, user ID, etc.
Individual-related information	Resumes, work experience, bank account or payment info (processed by Stripe), etc.
Account log-in / financial account information	Bank account number, payment card details (processed by third parties like Stripe)
Characteristics of protected classifications	None collected or relevant for Biotech United.
Commercial Information	Records of job applications, roles applied for, hiring history, and skills assessments.
Biometric Information	Not applicable for Biotech United.
Internet or electronic network activity	Browsing history, usage patterns on the platform, job views, etc.
Geolocation Data	IP-based location for job match optimization (if relevant).
Audio, electronic, visual, or similar information	Not applicable unless video interviews are conducted.
Professional or employment-related information	Resumes, portfolios, employment history, skills, job preferences, and other professional documents uploaded by Users.
Education Information	Degrees, certifications, and educational background shared by Users.
Inferences	User profile based on preferences, job searches, and application history to personalize matches and recommendations.
Sensitive Personal Information	Voluntary diversity data (e.g., disability/veteran status) for hiring insights — optional only.
Health Information	Not collected unless directly relevant to job requirements or legal compliance (e.g., disability status for accommodations).
Sex Life or Sexual Orientation	Not collected unless required for specific job or legal purposes.

If you do not provide personal information required to provide our services to you, it may delay or prevent us from fulfilling your job placement, recruitment, or other platform-related services.

3. How Your Personal Information is Collected

We collect personal information from the following categories of sources:

• Directly from You: When you interact with our platform via website, mobile apps, emails, phone calls, or text messages.
• Third Parties with Your Consent: From third parties such as your bank or EOR providers for tax or employment-related data, with your explicit consent.
• Advertising Networks: Third-party advertising networks that collect personal data for advertising, user profiling, and tracking using cookies and similar technologies.
• Internet Service Providers: To monitor and optimize user experience and platform performance.
• Data Analytics Providers: Third-party analytics providers who gather insights on user behavior to improve platform functionality and performance.
• Government Entities: In certain cases, we may be required to collect or share data with government authorities to comply with legal or regulatory requirements.
• Operating Systems and Platforms: When you access our platform through mobile apps or other devices.
• Social Networks: If you connect your profile to a social network account (e.g., LinkedIn), we may collect information from that network in accordance with their privacy policies.
• Publicly Accessible Sources: Public records, job boards, or other databases when required for compliance or to enhance job matching.
• Cookies on Our Website: Our website uses cookies to collect data on user interactions, improve functionality, and personalize the user experience.
• IT and Security Systems: Monitoring of our website and platform to ensure security and performance, including logging of system activities, email servers, and user activity tracking for troubleshooting and optimization.

4. How and Why We Use Your Personal Information

Under data protection laws, we can only use your personal information if we have a valid reason for doing so. These reasons include: to comply with our legal and regulatory obligations; for the performance of our contract with you; for our legitimate interests or those of a third party; or where you have given consent.

What we use your personal information for	Our reasons
To provide our platform and services (e.g., matching talent with biotech companies, creating profiles)	Performance of our contract with you, or steps at your request before entering a contract
To prevent and detect fraud against you or Biotech United	Legitimate interests — to minimize fraud that could harm both parties
Conducting identity verification and background checks	To comply with our legal and regulatory obligations
Gathering information for audits, regulatory inquiries, or investigations	To comply with our legal and regulatory obligations
Ensuring adherence to business policies (e.g., security and privacy protocols)	Legitimate interests — to maintain effective operations and service delivery
Operational improvements (e.g., system performance, training, quality control)	Legitimate interests — to enhance the quality of service we provide
Ensuring confidentiality of commercially sensitive information	Legitimate interests — to protect proprietary information, trade secrets, and client data
Statistical analysis to improve business performance	Legitimate interests — to optimize operations and provide better services
Preventing unauthorized access and modifications to our systems	Legitimate interests — to protect against cyber threats and ensure platform security
Updating customer records	Performance of our contract with you
Marketing our services to customers, prospective clients, and those who have shown interest	Legitimate interests — to grow our business and foster relationships with clients and talent
Conducting credit checks via external credit reference agencies (if applicable)	Legitimate interests — to ensure financial reliability of clients using premium services
External audits for compliance (e.g., quality or financial audits)	Legitimate interests — to demonstrate high operational standards
To ensure safe working practices and staff assessments	Legal and regulatory obligations and legitimate interests — to ensure a safe environment for employees and contractors

For EEA Data Subjects: The above table does not apply to special category personal information, which we will only process with your explicit consent.

5. EEA Data Subjects: Promotional Communications

We may use your personal information to send you updates (by email, text message, telephone, or post) about our products and services, including exclusive offers, promotions, or new developments related to talent acquisition and biotech industry services.

We have a legitimate interest in processing your personal information for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is required, we will request it separately and clearly.

We will always treat your personal information with the utmost respect and will never sell or share it with other organizations outside the Biotech United group for marketing purposes.

You have the right to opt-out of receiving promotional communications at any time by:

• Contacting us at your designated marketing opt-out contact
• Using the "unsubscribe" link in our emails or the "STOP" option in text messages

6. Who We Share Your Personal Information With

We routinely share personal information with:

• Our affiliates, including companies within the Biotech United group
• Service providers we use to deliver our services, such as talent acquisition tools, payment service providers, and communication platforms
• Other third parties that assist us in running our business, such as marketing agencies, website hosts, and data storage providers
• Third parties approved by you, including social media sites you choose to link your account to or third-party payment providers
• Credit reporting agencies (if applicable)
• Our insurers and brokers
• Our banks and financial institutions
• Employer of Record services

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect it. We impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.

We may also share personal information with external auditors (e.g., ISO or financial audits), law enforcement agencies, and regulatory bodies to comply with our legal and regulatory obligations.

In the event of a business transaction such as a merger, acquisition, or restructuring, we may need to share personal information with potential buyers or other relevant parties. The recipient of your information will be bound by confidentiality obligations.

7. Personal Information We Sold or Shared

In the preceding 12 months, we have sold or shared the following categories of personal information:

• Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers)
• Information that identifies, relates to, describes, or is capable of being associated with a particular individual, including name, signature, SSN, physical characteristics, address, telephone number, passport number, driver's license, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial, medical, or health insurance information
• Characteristics of protected classifications under California or federal law
• Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered)
• Biometric information
• Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer's interaction with a website, application, or advertisement)
• Geolocation data
• Audio, electronic, visual, thermal, olfactory, or similar information
• Professional or employment-related information
• Education information (as defined under FERPA)
• Inferences drawn from any of the above to create a profile about a consumer reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

8. Categories of Personal Information We Disclosed for a Business Purpose

In the preceding 12 months, we have not sold or shared any personal information for purposes other than those described in this Privacy Policy. If we do engage in such activities in the future, we will clearly communicate this and allow you to control your preferences. Categories disclosed for a business purpose include:

• Identifiers (e.g., real name, alias, postal address, unique personal identifier, IP address, email address, account name, driver's license number, passport number, or other similar identifiers)
• Information that identifies, relates to, or describes a particular individual, including name, signature, address, telephone number, education, employment history, bank account number, credit card number, or other financial, medical, or health insurance information
• Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered)
• Internet or other electronic network activity information
• Geolocation data
• Professional or employment-related information
• Education information (as defined under FERPA)
• Inferences drawn from the above to create a consumer profile

We do not sell personal information to third parties for direct marketing purposes. Any sharing of your personal information is strictly governed by this Privacy Policy, and all third parties are bound by appropriate confidentiality and data protection agreements.

9. California Consumers: Your Rights Under the CCPA/CPRA

Under the CCPA, as amended by the CPRA, and other applicable privacy laws, you have the following rights, exercisable free of charge:

Disclosure of Personal Information We Collect About You

You have the right to know and request disclosure of:

• The categories of personal information we have collected about you, including sensitive personal information
• The categories of sources from which the personal information is collected
• The categories of third parties to whom we disclose personal information
• The specific pieces of personal information we have collected about you

Please note we are not required to retain personal information collected for a single one-time transaction, re-identify data not maintained as personal information, or provide personal information to you more than twice in a 12-month period.

Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose

You have the right to know the categories of personal information about you that we sold or shared and the categories of third parties involved, as well as the categories disclosed for a business purpose.

You have the right to opt-out of the sale or sharing of your personal information. To opt-out, visit our homepage and click on the "Do Not Sell or Share My Personal Information" link at www.biotechunited.com.

Right to Limit Use of Sensitive Personal Information

You have the right to limit the use and disclosure of your sensitive personal information to necessary purposes. To do so, visit our homepage and click on the "Limit the Use of My Sensitive Personal Information" link.

Right to Deletion

Upon receipt of a verifiable request, we will delete your personal information from our records and direct third parties to delete it, unless doing so is impossible or requires disproportionate effort. We may retain your personal information where necessary to complete a transaction, fulfill a contract, ensure security, debug errors, comply with legal obligations, or undertake authorized research.

Right of Correction

If we maintain inaccurate personal information, you have the right to request correction. Upon receipt of a verifiable request, we will use commercially reasonable efforts to correct it.

Protection Against Retaliation

You have the right not to be retaliated against for exercising your rights under the CCPA/CPRA. We cannot deny goods or services, charge different prices, or provide a different level or quality of goods or services in response to your exercise of these rights.

10. EEA Data Subjects: Your Rights Under the EU GDPR

• Right to Be Informed: The right to know about the collection and use of your personal information.
• Right to Access: The right to be provided with a copy of your personal information.
• Right to Rectification: The right to require us to correct any mistakes in your personal information.
• Right to be Forgotten: The right to require us to delete your personal information in certain situations.
• Right to Restriction of Processing: The right to require us to restrict processing of your personal information in certain circumstances.
• Right to Data Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format and/or transmit that data to a third party in certain situations.
• Right to Object: The right to object at any time to processing of your personal information for direct marketing (including profiling), or in certain other situations such as processing carried out for our legitimate interests.
• Right Not to be Subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.

For further information on each of these rights, see the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the EU GDPR.

11. How to Exercise Your Rights

To exercise any of your rights as described in this Privacy Policy, please visit: https://www.biotechunited.com/contact.

Please note that you may only make a CCPA/CPRA-related data access or data portability disclosure request twice within a 12-month period. When contacting us directly, you will need to provide:

• Enough information to identify you (e.g., full name, address, and customer or matter reference number)
• Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill)
• A description of what right you want to exercise and the information to which your request relates

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. Any personal information collected to verify your identity will be used solely for the purposes of verification.

12. EEA Data Subjects: Where Your Personal Information is Held

Information may be held at our offices and those of our group companies, third-party agencies, service providers, representatives, and agents as described above. Some of these third parties may be based outside the EEA. For more information on how we safeguard your personal information when this occurs, see Section 13 below.

13. EEA Data Subjects: Transferring Your Personal Information Out of the EEA

To deliver services to you, it is sometimes necessary for us to share your personal information outside the EEA, including with our offices outside the EEA, service providers located outside the EEA, or where there is an international dimension to the services we are providing. These transfers are subject to special rules under European and UK data protection law.

Non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. Our standard practice is to use standard data protection contract clauses approved by the European Commission. If you would like further information, please contact our Data Protection Officer (see "How to Contact Us" below).

14. Keeping Your Personal Information Secure

We have appropriate security measures in place to prevent your personal information from being accidentally lost, accessed, or used in an unauthorized way. We limit access to your personal information to those with a genuine business need, and those processing your information will do so in an authorized manner and are subject to a duty of confidentiality.

We continually test our systems and are ISO 27001 certified, meaning we follow industry-leading standards for information security. We also have procedures in place to deal with any suspected data security breach. If a breach occurs, we will notify you and any applicable regulator as required by law.

For additional advice on protecting your information and devices against fraud, identity theft, and viruses, we recommend visiting www.getsafeonline.org, supported by HM Government and leading businesses.

15. EEA Data Subjects: How to File a GDPR Complaint

We hope that we or our Data Protection Officer can resolve any query or concern you raise about our use of your information. The GDPR also gives you the right to lodge a complaint with a supervisory authority in the EU/EEA state where you work, normally live, or where any alleged infringement of data protection laws occurred.

16. Changes to This Privacy Notice

This privacy notice was last updated on May 17, 2026. We may change this privacy notice from time to time — when we do, we will inform you via email.

17. How to Contact Us

General Contact	Data Protection Officer
support@biotechunited.com	john.gibson@biotechunited.com

18. Do You Need Extra Help?

If you would like this notice in another format (for example: audio, large print, or braille) please contact us using the details in Section 17 above.