Privacy Policy

Effective Date: June 3, 2026

1. Introduction

Welcome. You have arrived at a website provided by OmniAb, Inc. (“OmniAb, Inc.,” “OmniAb,” “Company,” “we,” “our” or “us”). OmniAb is a biotechnology company that licenses proprietary discovery technology to pharmaceutical and biotechnology companies and academic institutions to support the discovery and development of next-generation therapeutics. All references to “you” or “your” in this Policy mean the person that registers for, accesses, or uses the Site or the Services. Our Services are not intended for those under the age of 18 – if you access our Services, you represent and warrant that you are at least 18 years of age.

We provide this Privacy Policy (“Policy”) to tell you what information we collect about you, how we obtain it, how we share it, and how you may limit the ways in which we use your Personal Information. If you have questions about this Policy after you review it, feel free to contact us at [email protected].

2. Scope

This Policy governs OmniAb’s website(s), their subdomains, and all subdomains or portals that link to this Policy (“Site”); our mobile application (“App”); or otherwise, when you provide Personal Information or interact with us online. This Policy also applies to Personal Information that we may collect from you via phone calls or other communications with our representatives or in any other instance when you contact us. We refer to all the above as our “Services.” For the purpose of this Policy, “Personal Information” (sometimes referred to as “Personal Data”) means any Personal Information relating to an identified or identifiable individual that is protected by applicable privacy laws. The definition of Personal Information does not include publicly available information from federal, state, or local government records.

Our Sites are primarily intended for business and professional audiences, including current and prospective partners, customers, investors, job applicants, researchers, healthcare and scientific stakeholders, and other individuals who interact with us in a professional capacity. Unless otherwise expressly stated, the Sites are not intended to provide consumer-facing services, healthcare or patient portals, or direct-to-consumer functionality.

By using our Sites or otherwise using our Services, you acknowledge this Policy and agree to our Terms of Service (“Terms”).

3. What Information We Collect

As a rule, we limit the Personal Information we collect to that which is reasonably necessary for us to provide our Services to you.

Data Sources

We collect Personal Information from the following sources:

  • You directly
  • Automatically from your Device/Browser, and via Cookies/Tracking Technologies
  • Third Parties (including Service Providers)

Information That You Provide to Us

As you interact with our Site or Services, we collect the following Personal Information via webforms or inputs/uploads on our Site, and through telephone calls, text messages, letters, emails and other communications with you. The types of information we collect from you may differ depending on your relationship with the Company and/or the Site.

  • Contact information such as your first and last name, email address, home or business address, and telephone number.
  • Social media handles, content and other data shared with us through third-party features that you use on our Site or Services (such as tools, widgets and plug-ins offered by social media services like X (Twitter) and LinkedIn) or posted on social media pages (such as our social media pages or other pages accessible to us); and
  • Other information that reasonably could be used to identify you personally.

If you contact us or submit information through our Sites or other channels regarding an inquiry, complaint, safety concern, or adverse event, we may collect and use the information you provide, together with follow-up information we request, for safety, quality, investigation, documentation, follow-up, legal, and regulatory compliance purposes. Please do not use the Sites to communicate emergency or urgent medical or health information.

Unless expressly requested by OmniAb through a designated secure process, please do not submit through the Sites any sensitive medical information, patient information, clinical trial subject data, biological sample data, export-controlled technical data, or third-party confidential information. If you nevertheless provide such information, OmniAb may process it to the extent necessary to protect our systems, assess the submission, comply with legal or regulatory obligations, and take appropriate administrative, legal, or technical action.

Your decision to provide us with information is voluntary, but if you choose not to provide requested information, you may not be able to take advantage of all of the Site’s features or our Services.

Information That Is Automatically Collected

Like many businesses, we and our service providers automatically collect and/or store certain information when you visit or interact with the Site or Services (“Usage Information”), including via cookies and other tracking technologies (see “Use of Cookies and Other Tracking Technologies” section below). This Usage Information may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site. Usage Information includes:

  • Your IP address, MAC address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier;
  • Your Device functionality (including browser, browser language, settings and behavior, operating system, hardware, mobile network information);
  • Your Device location or other location information, including the zip code, state or country from which you accessed the Services;
  • Your Device characteristics (such as device type (computer vs. mobile) and ID, operating system, hardware);
  • Cookies, tags, pixels and SDKs (see our Use of Cookies and Other Tracking Technologies section below);
  • Name and user identification or profile values of other third-party platforms or social media sites;
  • Referring and exit web pages and URLs;
  • The areas within the Site that you visit and your activities there, including remembering you and your preferences;
  • Certain other Device data, including the time of day you visit our Site or other information used to provide analytics or other usage information;
  • Information about your engagement with our emails; and
  • Statistical information about how unregistered and registered users, collectively, use the Site and Services.

If you have enabled location services on the Device on which you access our Site or App, we and our service providers may collect and store information about your location at the time you use those Location-Based Services (in addition to some automatically collected geolocation data). This information comes from a variety of sources depending on the device you use to access the Services; for example, a mobile phone may report its GPS location at the time Location-Based Services are used.

If you do not wish for us or our service providers to collect and use location information, you may disable the location features on your device. Consult your device settings for instructions. Please note that if you disable such features, your ability to access certain features, Services, or content may be limited or disabled.

Information Collected from Third Parties

The Site includes functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. The use of this functionality may involve the third-party site providing information to us or us providing information to the third party. Similarly, we might obtain information about the traffic and usage of the OmniAb Site from third parties. We might also provide links to make it easier to send a communication from the Site, or we may use third parties to make it easier to link to our social media pages. These third parties also use cookies and other tracking technologies to capture information about your interactions with OmniAb.

OmniAb does not have control over the information that is collected, used, and shared by these third parties. We encourage you to review the privacy statements of these third parties to understand their privacy practices.

Information We Infer

We derive information or draw inferences about you based on information we collect about you. For example, based on your browsing or purchases, we may infer your professional interests and affiliations, or your research or study focus areas.

4. Use of Cookies and Other Tracking Technologies

We use cookies and other tools (“Tracking Technologies”) to recognize your browser or device, to understand how people use our Site, to make it work correctly, and to improve your experience. These Tracking Technologies store and collect Usage Information. Tracking Technologies may set, change, alter or modify settings or configurations on your Device. In jurisdictions that require prior consent, we only set non-essential cookies after you grant permission.

What are Cookies?

Cookies are small files that your browser stores on your Device. They help the website remember things like your preferences or whether you’ve logged in. Some cookies are placed by us (“first-party cookies”) and some are placed by our partners (“third-party cookies”) such as companies that provide analytics, video, or advertising. Third-party cookies we use may include Google (Analytics, YouTube), HubSpot or others.

Do Cookies Contain Personal Information?

Cookies and similar technologies do not always directly identify you, but many laws treat them as “Personal Information” or “Personal Data” when the information collected, alone or combined with other data, can be linked to you or your Device. For example, if you log in to an account, we may associate cookie data with your account.

Other Technologies We Use

In addition to cookies, we may use other Tracking Technologies, including:

  • HTML5 local or session storage: browser-based storage used to remember certain settings or behaviors;
  • Pixel tags, clear GIFs and web beacons: small images or snippets of code that load when you visit a page or open an email, telling us or partners that you have engaged with content;
  • Tags, scripts and containers (e.g., tag managers): snippets of code provided by analytics or marketing vendors to measure behavior or deliver functionality, or tools used to deploy and manage other tags (like Google Tag Manager);
  • Software Development Kits (SDKs): a set of tools or code provided by a third party that developers add into an app or website to enable certain features, such analytics, advertising, or login, and that may also collect information from users’ Devices.
  • Embedded Scripts: snippets of code that are designed to collect information about your interactions with the Site, such as the links you click on;
  • UTM parameters: short tags added to the end of a URL that help track where website traffic comes from—such as which email, ad, or social media post a visitor clicked before landing on a page.
  • Device Identifiers and probabilistic identifiers: Identifiers unique to your Device (e.g., mobile advertising IDs), or technology that creates an identifier by analyzing characteristics of your Device or browser.
  • Other data technologies may be used that collect comparable information for security and fraud detection purposes.

We may also engage third parties, such as Google Analytics, Meta, or HubSpot, to track and analyze non-personally and personally identifiable website data (and these networks may serve advertisements, if permitted). To do so, we may permit third parties to place cookies on devices of users of our Sites, where permitted by law, and subject to your right to opt out through the Sites. We use the data collected to help us administer and improve the quality of the Sites and to analyze the Site’s usage. Such third parties may combine the information that we provide about you with other information that they have collected. These third parties are required to use your information in accordance with this Privacy Policy. We will record all such disclosures and will use reasonable efforts to ensure that such third parties do not use your Personal Information for any purpose that is not expressly provided for herein.

We classify our cookies into the following categories:

  • Essential/Strictly Necessary Cookies. These cookies are needed for the Site to work (for example, keeping you logged in or letting the Site load properly). You cannot disable this type of cookie on our Site.
  • Functionality Cookies. Also known as “preference cookies,” these cookies allow the Sites to remember choices you have made in the past, like what language you prefer, or what your username and password are so you can automatically log in. Disabling these cookies can cause some parts of the Site to not work properly, so we discourage you from disabling these cookies.
  • Performance and Analytics Cookies. These cookies collect information about how you use a website, like which pages you visited and which links you clicked on. Their purpose is to improve website functions. In some jurisdictions, you may be able to turn these cookies off.
  • Targeting and Advertising Cookies. These are used by us or our partners to deliver more relevant advertising, measure our marketing, or prevent you from seeing the same ad too many times. These cookies can share that information with other organizations or advertisers. In some jurisdictions, you may be able to turn these cookies off.

Depending on your browser settings or your location, you may be able to:

  • Adjust your cookie preferences through our cookie banner;
  • Block or delete cookies in your browser;
  • Opt out of certain analytics or advertising tools; or
  • Change your Device settings to limit tracking.

If you block some cookies, certain features on our Site may not work as intended.

Advertising Tools We Use

We use Google (Analytics, YouTube), HubSpot and other companies’ tools to help us understand how people use our website and they may show ads that may be more relevant to you when you leave our Site. These tools may use cookies or other identifiers to measure how effective our marketing is, learn what content is useful to visitors, or show ads based on your activity on our Site or other sites.

5. Why We Collect Information

We use the information we collect about you in a variety of ways, including the following:

To Provide Our Services

We process certain Personal Information when you access or use our Services, including to:

  • operate, maintain and improve the Site and its Services;
  • enable you to access and use the Site;
  • send you notices, updates, security alerts and support and other messages;
  • provide and deliver the Services and features you request, and send you related information about our Services;
  • facilitate the functionality of our Site; and
  • customize experiences and personalization when you are on our Site.

To Communicate with You

We process certain information to communicate with you in relation to your accounts, our services, our marketing, and your requests, including to:

  • communicate with you about our Services and programs;
  • respond to your inquiries and requests for information;
  • post your comments or statements on our Site, where applicable;
  • send you personalized content;
  • communicate with you about our brands, products, events, or other promotional purposes; and
  • implement your communications preferences, such as sharing information with our business partners so that they may email you about their products, trials, and initiatives.

For Improvement of Our Site or Services

We want to ensure that our Site and Services are continually improving and expanding so that we meet and exceed your needs and expectations. To do so, we may process certain Personal Information, including to:

  • test, research, analyze, or develop offerings, products or Services;
  • maintain, improve, and analyze our Site or Services; and
  • detect, prevent, or investigate suspicious activity or fraud.

For Profiling

We may use Personal Information to create profiles that allows us to send communications that may be more appropriate for or interesting to you.

To Comply with Applicable Laws

We may be required to process certain Personal Information under certain laws and regulations, such as tax laws, as well as to:

  • maintain appropriate records for internal administrative purposes; and
  • comply with applicable legal and regulatory obligations, and respond to lawful governmental requests, as needed.

To Support Safety, Quality, and Regulatory Compliance

We may process certain Personal Information as necessary to:

  • receive, review, investigate, document, and follow up on product complaints, medical inquiries, safety-related communications, and other quality or safety matters;
  • comply with applicable pharmacovigilance, quality, product safety, record retention, audit, legal, regulatory, sanctions, export control, and reporting obligations;
  • maintain internal compliance records and respond to inspections, investigations, inquiries, or lawful requests from regulators, governmental authorities, ethics bodies, or other oversight entities; and
  • protect the rights, safety, and property of OmniAb, its partners, healthcare professionals, patients, research participants, and others.

To Enforce our Terms, Agreements, or Policies

To maintain a safe, secure, and trusted environment for you when you use our Site and Services, we use your Personal Information to ensure our terms, policies, and agreements with you and any third parties are enforced.

To Evaluate Your Application for Employment

We use your Personal Information to evaluate your application for employment or administer employment benefits if have applied for employment with or are an employee of our Company.

With Your Consent

We process certain Personal Information to fulfill any other business or commercial purposes at your direction or with your consent.

6. When We Disclose Information

To the extent permitted by law, certain Personal Information about you may be disclosed in the following situations:

  • Service providers. We may disclose Personal Information to our affiliates and to third-party service providers who perform services on our behalf, such as email providers, cloud hosting, data storage, analytics, marketing support, communications delivery, IT services, and other operational functions. We require these service providers to enter into written agreements that limit their use of the information to the services they provide to us, prohibit them from using the information for their own purposes, and require them to safeguard the information and keep it confidential. These service providers may access Personal Information only as needed to perform their services.
  • Marketing and advertising. We may use and share your Personal Information with our affiliates, service providers, and trusted marketing partners to send you marketing communications, personalize the content you see, measure advertising performance, and offer products or services that may be of interest to you. We share only the information needed to support these activities, and these partners are required to protect your information and use it only for the purposes we specify. You can opt out of our marketing emails at any time by following the instructions in those messages or contacting us directly. Depending on your location, you may also have the right to opt out of certain types of data sharing used for targeted advertising.
  • Legal process. We may be required to share your Personal Information in order to comply with law, legal process, or government requests, including responding to a validly issued and enforceable subpoena, court order, summons, search warrant, regulatory inquiry or other legally enforceable demand. We may also disclose information as necessary in connection with actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us. When we do so, we limit the disclosure to what is reasonably necessary and take steps to seek confidential treatment or other protections to prevent the information from becoming public, unless we are legally prohibited from doing so.
  • We may be required to share Personal Information in the course of a review of our practices under the authorization of a state or federal agency, or a state or national licensing board, or as necessary to properly respond to an inquiry or complaint from such an agency, licensing board or organization.
  • Safety, quality, and regulatory compliance. We may disclose Personal Information to affiliates, service providers, partners, auditors, advisors, competent authorities, regulators, ethics committees, healthcare professionals, investigators, or other authorized third parties as reasonably necessary to investigate and respond to product complaints, medical inquiries, adverse events, safety signals, quality matters, or potential legal or regulatory issues, and to comply with applicable legal, regulatory, pharmacovigilance, quality, reporting, inspection, audit, and recordkeeping obligations.
  • Business Transfers and Corporate Transactions. We may use or share your Personal Information in conjunction with a prospective purchase, sale, or merger of all or part of our Company. This may include sharing information with potential or actual purchasers, investors, or other transaction partners and their advisors as part of due diligence or the transaction itself. Where appropriate, we will take steps to require those parties to protect the information and use it only for the purposes of evaluating or completing the transaction. If the transaction is completed, Personal Information may be transferred to the buyer or successor or affiliate as part of the transferred assets or ongoing business operations.

Finally, we may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your Personal Information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.

7. Children’s Privacy

Our Site is not intended for use by children under the age of 18. We do not request, or knowingly collect, any personally identifiable information from children under the age of 18. If you are the parent or guardian of a child under 18 who you believe has provided her or his information to us, please contact us using the information in the Contact Us section below to request the deletion of that information.

8. Automated Decision Making

We may use Automated Decision-Making Technology (“ADMT”) to support certain aspects of our Services. ADMT refers to systems, software or processes (including algorithms and artificial intelligence) that make a decision or facilitate human decision-making based on the automated processing of your Personal Information. We may use ADMT for security reasons, such as to detect fraudulent or illegal actions, or to protect consumer safety. When we do so, you cannot opt out of the use of the decision-making technology. Depending on how you interact with our Services, the use of ADMT may affect the security or monitoring applied to your activity, whether certain transactions require additional verification, your access to certain features, or automated responses or suggestions provided to you. We do not currently use ADMT on your Personal Information to make legal or other significant decisions.

9. Retention of Personal Information

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

All information you provide to us is stored on our secure servers or those of our third-party data storage providers.

We utilize the following criteria to determine the length of time for which we retain Personal Information:

  • How long we have had a relationship with you or provided our Services to you;
  • The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;
  • Whether we are required to retain the information, or the information is otherwise necessary, in order to: comply with legal obligations or contractual commitments: defend against potential legal claims: detect or prevent potential illegal activity or actions in violation of our policies and procedures; secure our systems and online environment; or protect health and safety;
  • The privacy impact on individuals of ongoing retention; and
  • The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle of information in light of the volume and complexity of the systems in our infrastructure.

10.Links

For your convenience, the Site and this Policy may contain links to other websites. OmniAb is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site should be deemed to imply that OmniAb endorses or has any affiliation with the links.

11.Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Site, and you provide us with your information at your own risk.

12.Your Choices About the Information We Collect

Updating Your Personal Information

We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us using the information in the Contact Us section below. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records).

Communications Preferences

You can opt out of receiving marketing emails from us at any time. You will still receive transactional messages from us. To manage your email preferences with us, please click on the Unsubscribe link in any email you receive from us or contact us using the information in the Contact Us section below. Your choice will not affect our ability to share information in the other ways described in this Policy.

Do Not Track Disclosure

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally-agreed upon standard for what a company should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here.

Opt-Out Preference Signals

Some browsers and browser extensions support opt-out preference signals such as the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. GPC is a web browser-level setting, maintained by either a browser or a browser extension, that a user or privacy-focused technology can set. In certain regions, when we detect such a signal, we will make reasonable efforts to respect your choices as required by applicable law.

Controlling Your Cookies

In some jurisdictions, you can opt-out of cookies by enabling an opt-out preference signal (“OOPS”) or Global Privacy Control (“GPC”) on your browser or opting-out of cookies in our Sites’ cookie preference centers. You may also make individual selections on your Device or browser. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below to learn how to modify your web browser’s settings on the most popular browsers:

Note that if you turn cookies off, you may be unable to access certain parts or benefit from the full functionality of the Sites. To learn more about cookies and similar technologies or to opt-out of targeted advertising cookies, visit resources from the Digital Advertising Alliance (“DAA”). We do not control these opt-out links or whether any organization chooses to participate in these opt-out programs.

Please note that even if you exercise the opt-out choices above, you may continue to receive advertisements, for example, ads based on the website you are viewing (e.g., contextually based ads), or ads that are not targeted at you and may be less relevant. Also, if your browser (like some Safari browsers) is configured to reject opt-out cookies when you opt out on the DAA website, your opt-out may not be effective. We always do our best to honor your choices, but because some choices are set at the browser or device level, you may have to make these choices multiple times if you use different browsers or different Devices.

Your Choices for Google Tools

Our Google Analytics Advertising tools may include remarketing, impression reporting, demographics and interest reporting, and cross-service integrations. Google offers several ways to control how your information is used for advertising.

  • Google Ads Settings – You can opt out of personalized ads from Google by adjusting your settings here.
  • Google Analytics Opt-Out Browser Add-On – You can block Google Analytics from accessing your online activity with a browser add-on here.
  • Direct-Level Advertising Settings – Many mobile devices allow you to limit the use of Advertising IDs (Android Ad ID or Apple IDFA). See your Device’s settings for more information.

With respect to these advertising features, OmniAb is the sole controller under all applicable data protection legislation. We will not identify users or facilitate the merging of Personal Information with additional information collected through any Google advertising product or feature unless we have your affirmative opt-in consent to that identification or merger.

13.Your California Privacy Rights

This section of the Policy applies solely to California residents. We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA or CPRA have the same meaning when used in this Section.

Notice at Collection of Personal Information We Collect and Purposes For Use

We will collect Personal Information for the business and commercial purposes outlined below. The categories of Personal Information we intend to collect and the purposes for which we use each category are set forth in the table below. We do not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without providing notice at or before the time the information is collected.

Under the CCPA, “sell” means to disclose, make available, or otherwise communicate Personal Information to a third party for monetary or other valuable consideration. This may include certain disclosures made in connection with advertising or marketing relationships, depending on how the recipient uses the information. “Share” means to disclose Personal Information to a third party for cross-context behavioral advertising. We disclose Personal Information to our service providers and contractors for business purposes (such as analytics, security, support, or website hosting), which is not considered a sale or sharing under the CCPA when the recipient is contractually restricted from using the information for its own purposes. Under the CCPA, a “third party” is an entity that is not a service provider or contractor and that is not controlled by or controlling the business.

We will retain each category of Personal Information for the period reasonably necessary to fulfill the purposes described below unless a longer retention period is required or permitted by law. Please see our “Retention of Personal Information” section above.

If we sell or share Personal Information or use or disclose Sensitive Personal Information (“SPI”), we indicate that in the table below.

Category of Personal InformationBusiness Purpose for Collection or UseSold/Shared?Retention Period
Identifiers: such as name, email, phone numberProvide services, communication, enforce agreements, personalization, advertising, analytics, improve services, comply with law, account management, processing transactions, security/fraud preventionYes/NoDuration of relationship with you and/or legal retention periods
Customer Records: such as account credentials or usernameProvide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud preventionYes/No7 years or life of investor relationship
Protected Classifications: such as age, race, marital status, gender, veteran’s statusFor employment; provide services, communication, personalization, improve services, profiling, comply with law, account management, security/fraud prevention; provide employment benefitsNo/NoDuring period of employment (if needed to administer benefits); during investor relationship if provided for special benefits or tax treatment
Commercial Information: such as transaction historyProvide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud preventionYes/NoDuration of relationship with you and/or legal retention periods
Internet or Network Activity: such as browsing history, information regarding interaction with a websiteImprove services, personalization, advertising, analytics, security/fraud preventionYes/Yes2 years or per cookie lifecycle
Geolocation Data: such as physical location and/or movementsIf provided via location services; improve services, personalization, advertising, analytics, security/fraud preventionNo/No2 years or per cookie lifecycle
Professional/Employment Information: such as current or past job history and evaluationsFor employment only; provide benefits, enforce agreements, comply with law, security/fraud preventionNo/NoDuring period of employment
Education Information: records maintained by an educational institution, such as school transcriptsFor employment only; provide benefits, enforce agreements, comply with law, security/fraud preventionNo/NoDuring period of employment
Inferences: information used to create a profile about you, such as preferences or likesImprove services, communication, personalization, profiling, advertising, analyticsYes/YesDuration of relationship with you and/or legal retention periods
Sensitive Personal Information: like social security number, precise geolocation (within 1850 sq ft), religious beliefs, contents of emailsFor employment or investors only; provide services, communication, enforce agreements, comply with law, account management, processing transactions, security/fraud preventionNo/NoDuring period of employment (if needed to administer benefits); during investor relationship for tax or other regulatory purposes

Notice of California Privacy Rights

In addition to the rights set forth in the “Your Choices About the Information We Collect” section above, California residents have the following additional privacy rights:

  • Right to Know (Categories): To know the categories of Personal Information we collect, the categories of sources from which it is collected, the purposes for which we use it, whether we sell or share it, and the categories of third parties to whom we disclose it.
  • Right to Know (Retention): To know the length of time we intend to retain each category of Personal Information, or the criteria used to determine such period;
  • Right to Know (Specific Pieces): To access the specific pieces of Personal Information we have collected about you;
  • Right to Delete: To request deletion of the Personal Information you have provided to us, subject to certain exceptions;
  • Right to Correct: To request that we correct inaccurate Personal Information that we maintain about you;
  • Right to Opt-Out of Sale of Personal Information: To direct us not to sell your Personal Information;
  • Right to Opt-Out of Sharing: To direct us not to share your Personal Information for cross-contextual behavioral advertising;
  • Right to Know About Sensitive Personal Information: To know whether we collect Sensitive Personal Information (“SPI”), the categories of SPI, the purposes for which we use the SPI, and whether the SPI is sold or shared;
  • Right to Limit the Use and Disclosure of Sensitive Personal Information: To request that we limit our use and disclosure of your SPI to the purposes permitted by the CCPA; and
  • Right to Non-Discrimination: Not to receive discriminatory treatment for exercising any of your CCPA privacy rights.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

Request to Know, Correct, or Delete

California residents have the right to request, under certain circumstances, that a business that collects Personal Information about them disclose the information listed below for the preceding 12 months:

  • The categories of Personal Information collected about you;
  • The categories of sources from which the Personal Information is collected;
  • The business or commercial purpose for collecting, disclosing, selling or sharing Personal Information;
  • The categories of third parties to whom the business discloses Personal Information for a business purpose;
  • The categories of Personal Information that we sold or shared;
  • The categories of third parties to whom we sold or shared Personal Information; and
  • The specific pieces of Personal Information collected, disclosed, or sold or shared about you.
  • Whether we collected Sensitive Personal Information about you and whether such information is sold or shared, subject to applicable exceptions.

You can also request that we correct or delete your Personal Information. There may be certain exceptions to our obligation to correct or delete your information such as if you have an existing account or transaction with us or if we have a legitimate business reason to keep your information.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

Personal Information Collected Within Last Twelve (12) Months

We have collected, used and disclosed the following categories of Personal Information from consumers within the last twelve (12) months:

Category of Personal InformationSources of InformationBusiness Purpose for Collection, Use or DisclosureCategories of Service Providers or other Third Parties To Whom Information is Provided for a Business PurposeCategories of Third Parties To Whom Information is Sold or Shared
Identifiers: such as name, email, phone numberYou, Automatically, Third PartiesProvide services, communication, enforce agreements, personalization, advertising, analytics, improve services, comply with law, account management, processing transactions, security/fraud preventionData processing and analytics vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendorsAnalytics and advertising vendors
Customer Records: such as billing information, account credentialsYou, Automatically, Third PartiesProvide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud preventionData processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendorsNone
Protected Classifications: such as age, race, marital status, gender, veteran’s statusYouProvide services, communication, personalization, comply with law, security/fraud prevention; provide employee benefitsEmployee benefits vendors or other service providers for employment servicesNone
Commercial Information: such as purchases, transaction historyYou, AutomaticallyProvide services, communication, enforce agreements, personalization, advertising, analytics, improve services, profiling, comply with law, account management, processing transactions, security/fraud preventionData processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendorsAnalytics and advertising vendors
Biometric Information: such as genetic or biological characteristicsN/ANot collectedNot collectedNot collected
Internet or Network Activity: such as browsing history, information regarding interaction with a websiteAutomatically, Third PartiesImprove services, personalization, advertising, analytics, security/fraud preventionData processing vendors, service providers such as website hosting, security vendors, or customer service vendorsAnalytics and advertising vendors
Geolocation Data: such as physical location and/or movementsAutomatically, if provided via DeviceImprove services, personalization, advertising, analytics, security/fraud preventionData processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendorsAnalytics and advertising vendors
Sensory Data: such as audio, visual, thermal or similar activityN/ANot collectedNot collectedNot collected
Professional/Employment Information: such as current or past job history and evaluationsYou, Third PartiesFor employment only; provide benefits, enforce agreements, comply with law, security/fraud preventionService providers such as job search websites or employee benefits providersNone
Education Information: records maintained by an educational institution, such as school transcriptsYou, Third PartiesFor employment only; provide benefits, enforce agreements, comply with law, security/fraud preventionService providers such as job search websites or employee benefits providersNone
Inferences: information used to create a profile about you, such as preferences or likesYou, Automatically, Third PartiesImprove services, communication, personalization, profiling, advertising, analyticsData processing vendors, payment processors, service providers such as website hosting, security vendors, or customer service vendorsAnalytics and advertising vendors
Sensitive Personal Information: like social security number, precise geolocation (within 1850 sq ft), religious beliefs, contents of emailsYouFor employment or investors only; comply with law, provide employee benefits, security/fraud preventionEmployee benefits; investor relationsNone

Information related to how long we retain each category of Personal Information is included in the Retention of Personal Information section above.

Do Not Sell My Personal Information

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. We do not sell Personal Information, but we recognize that some privacy laws define “Personal Information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale.” To opt out, you may use our cookie preference tools, or you may write to us to exercise this right.

Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use of each type of Sensitive Personal Information for each purpose with each type of third-party partner. Please note that we only keep your Sensitive Personal Information for a limited time, and only for the transaction for which it is required. Currently, we do not use Sensitive Personal Information for purposes that give rise to the right to limit its use under California law. Specifically, we do not provide your Sensitive Personal Information to any third parties other than those service providers that are necessary for us to provide our Services to you in the event of an employment or investor relationship.

Right Not to Be Discriminated Against

We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by California law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Notice of Financial Incentives

We do not offer financial incentives, price or service differences, or loyalty programs in exchange for the collection, sale, sharing, or retention of your Personal Information. If we offer such a program in the future, we will provide the required notice and obtain your opt-in consent where required by the CCPA.

Third Party Marketing (“Shine The Light” law)

If you are a California resident with an established business relationship with us, you have the right under California Civil Code Section 1798.83 to request information regarding the disclosure of your Personal Information to third parties for their own direct marketing purposes in the preceding calendar year. You have the right to prevent disclosure of Personal Information, and we provide a cost-free option to exercise that right. We do not currently disclose Personal Information protected under this section to third parties for their own direct marketing purposes.

Exercising Your California Privacy Rights

You or your authorized agent may make a request to access, correct, delete, opt-out of the sale of your Personal Information, or limit the use of your Sensitive Personal Information by contacting us as follows:

If you use an authorized agent to submit your request, we may require proof of the written authorization you have given. We also may require you to confirm your identity and your residency to obtain the information, and you are only entitled to make this request twice in a 12-month period. For emails, please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident. We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

14.Your Privacy Rights under Other US State Laws

If you live in certain other U.S. states, such as Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have rights under applicable privacy laws. These rights are in addition to those rights set forth in the “Your Choices About the Information We Collect” section above.

Based on the applicable law in the state where you live, you may have the following rights with respect to your Personal Information:

  • To confirm whether or not a controller is processing your Personal Data and to access such Personal Data;
  • To know the categories of Personal Information we collect about you, the purposes for the collection, how long we retain your Personal Information, and whether that information is sold or shared or disclosed and to whom;
  • To correct inaccuracies in your Personal Data;
  • To delete your Personal Data;
  • To obtain a copy of your Personal Data that you previously provided to us in a portable, and if technically feasible, readily usable format, if processing is carried out by automated means;
  • To opt out of the processing of your Personal Data for purposes of (i) targeted advertising, (ii) the sale of Personal Data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer;
  • For Minnesota and Oregon residents: to request a list of the specific third parties to whom we have disclosed your personal data.
  • For Texas residents, to learn whether we sell your biometric data or other sensitive personal information to third parties. We do not collect or sell biometric or other sensitive personal information.
  • Not to discriminate against you because you have exercised any of these rights, including by:
    • denying you Services;
    • charging different prices or rates for our Services, including through the use of discounts or other benefits or imposing penalties;
    • providing you a different level or quality of Services; and/or
    • suggesting that you will receive a different price or rate for Services, or at a different level or quality of Services.

To exercise any of these rights, you may make a request to confirm, access, correct, delete, obtain a copy, or opt-out of the processing of your Personal Data for targeted advertising, sale, or profiling by contacting us using the information in the Contact Us section below. Please include your state of residence.

We may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request up to twice annually. For emails, please include “Privacy Rights” as the subject line. You must include your full name, email address, and attest to the state in which you are a resident.

We will process your request within 45 days or let you know if we need additional time or cannot process your request. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

Appeals of Our Decisions

In some states, you may appeal to us if we refuse to take action on your exercise of certain choices described above. If we decline to take action on any request you make, we will provide you with the information required by the applicable law where you live. This may include an explanation of why we declined your request, information on how to appeal our decision, and/or how to make a complaint to your state Attorney General. In order to appeal such a refusal, please contact us using the information in the Contact Us section below with the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information outlined in the email.

15.Your Rights Under the General Data Protection Regulation

This section of the Policy applies if you are a data subject who resides or is located in the European Economic Area (“EEA”). We adopt this section to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this section.

Under applicable law, we are considered the “data controller” of the Personal Information we handle under this Policy. In other words, we are responsible for deciding how to collect, use and disclose this information, subject to applicable law.

We have listed below the rights that you may be able to exercise in respect of the processing of your Personal Information, subject to applicable law. We take reasonable steps to ensure that the Personal Information that we process is limited to the Personal Information that is required in connection with the purposes set out in this Policy.

If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:

  • The right to access, update or delete the information we have collected from you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right of erasure. You have the right to request deletion of your Personal Information, with certain exceptions.
  • The right to object. You have the right to object to our processing of your Personal Information.
  • The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your Personal Information.
  • The right not to be subject to automated decision-making, including profiling, that produces legal or similarly significant effects.

Legal Basis for Processing Personal Information

We rely on the following legal bases for processing your Personal Information:

  • Contract: To conclude or perform a contract with you; for example:
    • To manage and fulfill orders, facilitate delivery, and to provide other Services;
    • To manage our accounts and records;
    • To handle your inquiries and requests;
    • When you apply for employment through our Site, processing of your contact details and data about your employment history and education (as needed to evaluate your job application, to conduct job interviews, and as is otherwise needed for recruitment) is necessary to respond to your request to process your application for employment. If you do not provide this data, we will not be able to process the application that you send through our Site.
  • Legitimate Interests: When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Information for activities where our interests are overridden by the impact on you unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below. Examples of legitimate interests include:
    • For IT security, logging, and access monitoring;
    • To detect, prevent, or investigate security breaches or fraud;
    • To prevent unauthorized access;
    • To respond to your customer service inquiries and requests for information;
    • To maintain, improve, and analyze our Site and Services we offer;
    • For our strictly necessary cookies;
    • To conduct marketing activities; and
    • To facilitate the functionality of our Site.
  • Legal Compliance: To comply with our legal obligations; for example:
    • For anti-money laundering (AML) or know-your-customer (KYC) checks;
    • For sanctions screening;
    • For fraud detection;
    • To maintain appropriate records for internal administrative purposes and as required by applicable law or agency regulations,
    • For required reporting, such as tax, accounting or financial reporting obligations;
    • To respond to legal process or defend ourselves in legal proceedings; and
    • To provide important notices required by law (such as regulatory disclosures or other safety information).
  • Consent: We rely on consent when we process your Personal Information for purposes that are not necessary for providing our Services, for fulfilling our legal or regulatory obligations, or for pursuing our legitimate business interests. These include:
    • Sending marketing communications, including newsletters, educational content and information about events or services that may be of interest to you;
    • Using non-essential cookies and tracking technologies, such as for analytics, advertising, cross-site tracking, retargeting and behavioral profiling;
    • Collecting optional information in surveys, webinars, beta programs, or promotional events;
    • Enabling certain personalization features that are not required for delivering our Services;
    • Sharing your Personal Information with third parties for their own marketing purposes (only when you have provided express consent).

You have the right to withdraw your consent at any time without affecting the lawfulness of any processing that occurred before withdrawal.

International Transfers

Your Personal Information may be transferred to and processed in countries outside the EEA (like the United States) that may not have the same data protection laws. Where required, we use Standard Contractual Clauses (SCCs) approved by the European Commission; and additional safeguards, where necessary.

How to Exercise Your Rights Under the GDPR

If applicable, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request to us by using the contact details below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA to obtain the information. We will respond to your request within 30 days or let you know if we need additional time.

Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.

Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority- a list of authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us.

16.Your Rights Under the UK GDPR

This section applies only to individuals located in the United Kingdom at the time their Personal Information is collected or processed. It supplements, and should be read together with, the rest of this Policy.

We process Personal Information as a “controller” under the UK GDPR and the UK Data Protection Act 2018 based on the same legal bases described in the GDPR section above:

  • Contract
  • Legitimate Interests
  • Legal Obligation
  • Consent

Where UK law requires consent (particularly for marketing or non-essential cookies), we will request it separately and clearly.

Individuals in the UK have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Rights relating to automated decision-making.

If we share your Personal Data within OmniAb or with third parties located outside the United Kingdom, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your Personal Data, such as by entering into the UK International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s SCCs, adopted by the UK Government under section 119A of the Data Protection Act 2018, or another lawful transfer mechanism permitted under UK law.

You have the same data subject rights as those for the EU listed above, except that references to the “GDPR” should be read as references to the “UK GDPR” and complaints should be filed with the UK supervisory authority, the Information Commissioner’s Office at https://ico.org.uk/.

17.Your Rights Under the Swiss Federal Act on Data Protection

This section applies only to individuals located in Switzerland at the time their Personal Information is collected or processed. It supplements, and should be read together with, the rest of this Policy.

We process Personal Information in accordance with the Swiss Federal Act on Data Protection (“FADP”) and, where applicable, its implementing ordinance. We process Personal Information based on the same general grounds described in the GDPR section above, including as necessary to perform a contract, for our legitimate business interests, to comply with legal obligations, or with your consent where required.

Where Swiss law requires consent, including in certain circumstances involving more sensitive processing activities, we will request it separately and clearly.

Individuals in Switzerland may have the following rights, subject to applicable law and certain limitations:

  • Right to access their Personal Information
    Right to request correction of inaccurate Personal Information
    • Right to request deletion of Personal Information
    • Right to object to certain processing activities
    • Right to withdraw consent, where processing is based on consent
    • Right to seek information about cross-border disclosures and applicable safeguards

If we share your Personal Information within OmniAb or with third parties located outside Switzerland, we take steps to ensure that appropriate safeguards are in place to protect your Personal Information, such as by relying on an adequacy decision recognized under Swiss law, entering into appropriate contractual safeguards, or using another lawful transfer mechanism permitted under Swiss law. The Swiss Federal Data Protection and Information Commissioner (“FDPIC”) explains that cross-border transfers require an adequate level of protection or appropriate safeguards.

You may exercise your rights by contacting us using the contact details provided in this Policy. You also have the right to lodge a complaint with the Swiss supervisory authority, the Federal Data Protection and Information Commissioner. You may read more about your rights here.

18.Your Canadian Privacy Rights

Canadian laws provide specific privacy rights to our Canadian customers. If you are a resident of Canada, this section applies in addition to all other applicable rights and information contained in this Policy.

Where applicable, we follow applicable Canadian federal and provincial privacy laws (“Canadian Privacy Law”), including:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Alberta’s Personal Information Protection Act (Alberta PIPA)
  • British Columbia’s Personal Information Protection Act (BC PIPA)
  • Québec’s Act respecting the protection of Personal Information in the private sector (Québec Act).

Consent

In most cases, we rely on implied consent to collect, use, or disclose your Personal Information. In some circumstances, including those involving sensitive Personal Information, we obtain express consent. Where you have provided your consent to the collection, use, and transfer of your Personal Information (whether orally, in writing, or electronically), you may have the legal right to withdraw your consent under certain circumstances. In addition to the methods described above with respect to your privacy choices, you may withdraw your consent by submitting a request using the information in the “Contact Us” section below. Please note that if you withdraw your consent, We may not be able to provide you with a particular product or service. We will explain the impact to you at the time of your request to help you with your decision.

Use of Your Personal Information

We will not collect, use, or disclose Personal Information except for the purposes identified above (see the When We Disclose Information section above), unless we have received additional consent or the processing is authorized without consent. Where we engage service providers who utilize the Personal Information we provide to them, those relationships are governed by a written agreement regarding the confidentiality of your information.

Marketing Communications

By opting into receiving (“CEMs”) (as defined by Canada’s Anti-Spam Legislation (“CASL”)), you confirm that you consent to receiving CEMs from us and our third-party partners. You may withdraw your consent at any time by clicking the unsubscribe link in the CEM or emailing us as follows, depending on the applicable brand:

Canadian Access and Challenge Rights

Canadian Privacy Law provides the right to receive information about the existence, use, and disclosure of your Personal Information and be provided access to that information. You may also challenge the accuracy and completeness of your Personal Information and have it amended as appropriate. Depending on the nature of the challenged information, amendment may involve correction, deletion, or addition of information.

Exercising Your Canadian Privacy Rights

To submit a request for access to information not contained within your account, or to challenge the accuracy or completeness of your Personal Information, you may also submit a written request using the information in the “Contact Us” section below. When submitting a request, we also may require you to confirm your identity and your residency to obtain the information. For emails, please include “Canadian Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a Canadian resident, and provide your province of residence. We will begin processing your request once you have completed the verification process and will respond within the timeframe required by law.

If we cannot substantively respond to your request in a timely manner, we will notify you and state the reason for the delay. Under certain circumstances, we may not be able to fulfill your request, such as when doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort. However, we will respond to your request within a reasonable time, as required by law, and provide an explanation.

Additional information about how to exercise your rights under Canadian Privacy Law can be found here:

Office of the Privacy Commissioner of Canada
Website
Phone: 1-800-282-1376

Office of the Information and Privacy Commissioner of Alberta
Website
Phone: 1-888-878-4044
Edmonton office: (780) 422-6860
Calgary office: (403) 297-2728

Office of the Information and Privacy Commissioner of British Columbia
Website
Vancouver: (604) 660-2421
Elsewhere in BC: (800) 663-7867

Commission d’acces a’ l’ information du Quebec
Website
Phone: 1-888-528-7741

19.Your Rights Under Japan’s Act on the Protection of Personal Information

This section applies only to individuals in Japan whose Personal Information is collected or processed in connection with our Sites or services. It supplements, and should be read together with, the rest of this Policy.

We process Personal Information in accordance with Japan’s Act on the Protection of Personal Information (“APPI”). We use Personal Information only to the extent permitted under applicable law and for the purposes described in this Policy.

Where required under Japanese law, we will specify or notify you of the purpose of use of your Personal Information and obtain your consent separately and clearly, including where required for certain disclosures to third parties or cross-border transfers.

Individuals in Japan may have the following rights, subject to applicable law and certain limitations:

  • Right to request notice of the purpose of use of Personal Information we hold
    • Right to request disclosure of retained personal data
    • Right to request correction, addition, or deletion of retained personal data
    • Right to request suspension of use or deletion of retained personal data
    • Right to request suspension of provision of retained personal data to third parties
    • Right to withdraw consent, where processing is based on consent

If we share your Personal Information within OmniAb or with third parties located outside Japan, we will do so in accordance with APPI, including by obtaining consent where required or relying on another lawful mechanism recognized under Japanese law. The APPI and PPC materials provide for disclosure, correction, suspension-of-use rights, and rules governing overseas transfers.

You may exercise your rights by contacting us using the contact details provided in this Policy. You may also have the right to raise concerns with Japan’s Personal Information Protection Commission. You may read more about these rights here.

20.Australia Privacy Rights

As applicable, this Policy is subject to and does not limit the rights and/or exceptions available to us under the Australian Privacy Principles of the Privacy Act 1988 (Cth) (the “Privacy Act”).

We disclose Personal Information, for some of the purposes described above, to organizations located in Australia and in other countries, including Japan, Switzerland, European Union member states, the United States, United Kingdom, and China. We or our service providers may also make Personal Information held in Australia or the other countries listed above remotely available for processing by service provider personnel located in other countries, such as Japan, Switzerland, European Union member states, the United States, United Kingdom, and China. We take reasonable steps to ensure that overseas recipients of your Personal Information do not breach the privacy obligations relating to your Personal Information, and only use it for the purpose for which it was disclosed.

Your Rights

You have the following rights:

  • Access, including confirming whether we are processing Personal Information concerning you.
  • Correction, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information.
  • Complaints, including if you believe that we have breached the Australian Privacy Principles in the course of handling your Personal Information.

At your request, we will provide a copy of any Personal Information we hold about you, unless an exception under the Privacy Act applies. We may charge reasonable fees for retrieving this information, in which case we will obtain your prior consent.

When your Personal Information is no longer required, we take reasonable steps to destroy or permanently de-identify the information.

We will promptly acknowledge and investigate any complaint about the way we manage Personal Information.

We will take reasonable steps to remedy any issues resulting from our failure to comply with privacy obligations. If our response to you does not satisfactorily address your concerns, you may have the right to make a complaint to a competent regulator (e.g., Office of the Australian Information Commissioner at www.oaic.gov.au).

21.Your Rights Under China’s Personal Information Protection Law

This section applies only to individuals in the People’s Republic of China, to the extent China’s Personal Information Protection Law (“PIPL”) applies to our processing of their Personal Information. It supplements, and should be read together with, the rest of this Policy.

We process Personal Information in accordance with PIPL and other applicable Chinese data protection laws and regulations. We process Personal Information only for lawful and legitimate purposes and only to the extent necessary for the purposes described in this Policy.

Where required under Chinese law, we will obtain your separate consent for specific processing activities, including where required for the processing of sensitive personal information, cross-border transfers, public disclosure, or other processing activities that require separate consent under applicable law.

Individuals in China may have the following rights, subject to applicable law and certain limitations:

  • Right to know and decide about the processing of their Personal Information
    Right to restrict or refuse the processing of their Personal Information
    • Right to access and copy their Personal Information
    • Right to request correction or supplementation of their Personal Information
    • Right to request deletion of their Personal Information
    • Right to withdraw consent, where processing is based on consent
    • Right to request an explanation of the rules governing the processing of their Personal Information
    • Right to request transfer of their Personal Information to another processor, where the conditions under applicable law are met
    • Rights relating to automated decision-making, including the right to request an explanation and to refuse decisions made solely through automated decision-making where such decisions have a significant impact on their rights and interests

If we provide your Personal Information outside China, we will do so in accordance with applicable Chinese law and will take steps to implement required safeguards, which may include separate consent, personal information protection impact assessments, standard contractual arrangements, certification, or other lawful transfer mechanisms permitted under applicable law. The text of PIPL includes individual rights, rules for sensitive personal information, cross-border transfer requirements, and protections relating to automated decision-making.

You may exercise your rights by contacting us using the contact details provided in this Policy. If you believe that your Personal Information has been handled in violation of applicable law, you may also have the right to raise concerns with the relevant Chinese regulatory authorities. You may review more information about these rights here.

22.Changes to This Privacy Policy

We may change this Privacy Policy at any time. We will post all changes to this Policy on this page and will indicate at the top of the page the modified policy’s effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy policy. If required by the applicable law, we will notify you of the changes.

By continuing to use the Site or Services or providing us with information following such a replacement Policy being uploaded, you agree that you will be bound by the Privacy Policy as changed.

23.Contact Us

If you have any questions or suggestions regarding this Policy, please contact us as follows:

OmniAb, Inc.
5980 Horton Street

Suite 600

Emeryville, CA 94608

Email: [email protected]

Contact number: 510-250-7800