Bioscience Equity Partners, together with its affiliated entities (the “BEP Group,” “BEP,” the “Firm,” “we,” “our,” or “us”), respects the privacy of every individual whose personal data it processes. This Privacy Policy sets out how the Firm collects, uses, discloses, retains, transfers, and protects personal data in connection with its website (the “Website”), its institutional advisory and capital-formation activities, and its related communications and publications.

This Privacy Policy is issued in accordance with the data-protection laws applicable to the BEP Group, including, where relevant to processing carried out in connection with persons or activities in the European Economic Area or the United Kingdom, Regulation (EU) 2016/679 (the “EU GDPR”) and the UK General Data Protection Regulation (the “UK GDPR”), together with any other data-protection laws of mandatory application to the Firm’s activities.

1. DATA CONTROLLER

The data controller responsible for the processing of personal data described in this Privacy Policy is Bioscience Equity Partners, acting through the relevant member of the BEP Group that determines the purposes and means of the relevant processing activity. The BEP Group operates internationally through offices and affiliated entities in Dubai, London, New York, and the British Virgin Islands.

Contact

Enquiries concerning this Privacy Policy, the exercise of data-subject rights, or any other data-protection matter may be addressed in writing to the Firm by email at info@bioscienceequity.com, marked for the attention of the Data Protection Liaison.

2. PERSONAL DATA WE PROCESS

The Firm processes only the personal data necessary for the lawful conduct of its institutional activities. Categories of personal data we may collect include:

(a) Identity and contact data

Name, professional title, employer or sponsoring entity, business address, professional email address, business telephone numbers, and equivalent professional identifiers.

(b) Counterparty and mandate data

Information concerning founders, directors, officers, beneficial owners, and authorised representatives of issuers, sovereign and institutional investors, professional advisers, and other counterparties engaged in transactions advised on or arranged by BEP, including signatory information on confidentiality agreements, engagement letters, subscription agreements, and related transaction documentation.

(c) Compliance and onboarding data

Information required to perform know-your-customer (KYC), anti-money-laundering (AML), counter-financing-of-terrorism (CFT), sanctions, politically-exposed-persons (PEP), and beneficial-ownership checks consistent with applicable international standards, including identification documents, proof of address, source-of-funds and source-of-wealth information, and information obtained from regulated screening providers and public registers.

(d) Correspondence and meeting data

Records of professional correspondence (including emails and letters), meeting notes, attendance, and, where notified in advance and lawful, transcripts or summaries of recorded meetings produced through BEP’s institutional meeting and notes infrastructure.

(e) Publications and distribution data

Information necessary to distribute BEP’s institutional research publications, including The Lambda Quarterly, and other professional communications to recipients on the Firm’s institutional distribution list.

(f) Website and technical data

Limited technical data automatically collected when the Website is accessed, including internet protocol (IP) address, device and browser type, operating system, referring page, pages visited, and date and time of access. The Website does not use behavioural advertising or third-party marketing trackers. Where any non-essential cookies are deployed, they will be subject to a specific cookie notice and, where required by applicable law, prior consent.

BEP does not knowingly collect personal data from minors. The Website is not directed at children, and any service offered by BEP is exclusively addressed to professional and institutional counterparties.

3. SOURCES OF PERSONAL DATA

Personal data processed by the Firm is obtained from the following principal sources: (i) directly from the data subject in the course of professional correspondence, meetings, onboarding, or transaction execution; (ii) from the data subject’s employer, sponsoring entity, counterparty, or professional adviser; (iii) from public registers, regulated screening providers, and publicly available professional sources; and (iv) from authorised third parties engaged by BEP to support compliance, communications, and administrative functions.

4. PURPOSES AND LEGAL BASES OF PROCESSING

The Firm processes personal data only where a lawful basis exists. The principal purposes and legal bases on which we rely are as follows:

(a) Performance of professional mandates and pre-contractual steps

To assess prospective engagements, conduct due diligence, prepare offering documentation, execute confidentiality agreements and engagement letters, manage transaction processes, and perform contractual obligations to issuers, investors, and other counterparties. Legal basis: performance of a contract or steps taken at the request of the data subject prior to entering into a contract; legitimate interests of the Firm in conducting its institutional business.

(b) Regulatory compliance and risk management

To comply with applicable legal and regulatory obligations, including anti-money-laundering, counter-financing-of-terrorism, sanctions, tax-reporting, and record-keeping requirements; to manage operational and reputational risk; and to defend or pursue legal claims. Legal basis: compliance with legal obligations to which the Firm is subject; legitimate interests of the Firm and of relevant third parties in the prevention of financial crime and the integrity of capital markets.

(c) Institutional communications and publications

To distribute BEP’s institutional research, transaction updates, and professional communications to counterparties, investors, and professional contacts on the Firm’s distribution list, in their professional capacity. Legal basis: legitimate interests of the Firm in maintaining institutional relationships, balanced against the rights and freedoms of recipients, and a right to opt out of further communications at any time.

(d) Website operation and security

To operate, secure, and maintain the Website, to detect and prevent unauthorised access, fraudulent impersonation, and cyber threats, and to ensure the technical functioning of the Firm’s digital infrastructure. Legal basis: legitimate interests of the Firm in the integrity and security of its systems.

(e) Consent

Where required by applicable law, processing will be carried out on the basis of the data subject’s prior, informed consent, which may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

BEP does not engage in automated decision-making, including profiling, that produces legal effects concerning data subjects or similarly significantly affects them.

5. DISCLOSURE OF PERSONAL DATA

The Firm treats personal data as confidential and discloses it only as necessary for the purposes described in this Privacy Policy and in accordance with applicable law. Recipients of personal data may include:

(a) members of the BEP Group and the Firm’s affiliated venture capital fund, Antisoma Venture Capital Fund S.A., where strictly required for the performance of the relevant purpose and subject to the Firm’s internal information-barrier framework;

(b) institutional counterparties on a need-to-know basis in connection with a specific transaction, in each case under appropriate confidentiality undertakings;

(c) professional advisers retained by the Firm or its counterparties, including legal counsel, tax advisers, auditors, and compliance consultants;

(d) regulated service providers engaged by the Firm for compliance screening, banking, custody, secure communications, document management, and information-technology infrastructure;

(e) where required by law, by court order, or by a competent regulatory, tax, or law-enforcement authority, including authorities in the jurisdictions in which the Firm and its counterparties operate; and

(f) in connection with a corporate reorganisation, succession, or other lawful transfer of the Firm’s business, subject to equivalent confidentiality and data-protection obligations being imposed on the recipient.

BEP does not sell personal data and does not disclose personal data to third parties for their own marketing or advertising purposes.

6. INTERNATIONAL TRANSFERS

The BEP Group operates internationally. Personal data may be processed and stored in any of the jurisdictions in which the Firm, its counterparties, or its regulated service providers operate. Where personal data is transferred from a jurisdiction whose laws impose specific conditions on international transfers (including the European Economic Area and the United Kingdom), the Firm will rely on a lawful transfer mechanism recognised by the applicable law, including adequacy decisions, standard contractual clauses, derogations for the performance of a contract or for the establishment, exercise, or defence of legal claims, or other appropriate safeguards. Further information regarding the specific mechanism applicable to a transfer may be requested from the Firm at the contact details set out above.

7. RETENTION

The Firm retains personal data only for as long as necessary for the purposes for which it was collected, including for the duration of any relevant engagement, transaction process, or professional relationship, and thereafter for such period as is required to comply with applicable legal, regulatory, tax, accounting, and record-keeping obligations, and to establish, exercise, or defend legal claims. Retention periods are determined by reference to the nature of the data, the purpose of processing, the applicable statutory limitation periods, and the regulatory frameworks to which the Firm and its counterparties are subject.

On expiry of the applicable retention period, personal data is either securely deleted or anonymised in accordance with the Firm’s information-management policies.

8. SECURITY

The Firm maintains technical and organisational measures designed to safeguard personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include access controls, secure communications and document-management systems, encryption where appropriate, segregation of advisory and investment functions through internal information barriers, and confidentiality undertakings binding on personnel and service providers. Notwithstanding such measures, no system can be guaranteed to be entirely secure; transmission of information over the internet is undertaken at the sender’s own risk.

9. RIGHTS OF DATA SUBJECTS

Subject to and in accordance with applicable data-protection law, data subjects may have the following rights in respect of their personal data:

(a) the right to be informed about, and to obtain access to, the personal data that the Firm processes about them;

(b) the right to request the rectification of inaccurate personal data and the completion of incomplete personal data;

(c) the right to request the erasure of personal data in defined circumstances;

(d) the right to request the restriction of processing in defined circumstances;

(e) the right to object to processing carried out on the basis of legitimate interests;

(f) the right to data portability in respect of personal data provided by the data subject and processed by automated means on the basis of consent or contract;

(g) the right to withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal; and

(h) the right to lodge a complaint with a competent supervisory authority of the jurisdiction in which the data subject is habitually resident, works, or where the alleged infringement took place.

The exercise of these rights is subject to applicable legal exceptions, including confidentiality obligations owed to issuers, investors, and other counterparties, the protection of regulated communications, and the integrity of compliance, anti-money-laundering, and financial-crime processes. The Firm will respond to verified requests within the time limits prescribed by the applicable law.

10. COOKIES AND SIMILAR TECHNOLOGIES

The Website uses only the cookies and similar technologies strictly necessary for its operation and security. The Website does not deploy advertising cookies or behavioural-tracking technologies. Where, in the future, the Firm introduces any non-essential cookies, a dedicated cookie notice will be made available on the Website and, where required by applicable law, prior consent will be obtained.

11. THIRD-PARTY SITES AND COMMUNICATIONS

The Website may contain links to third-party websites or resources. The Firm is not responsible for the privacy practices or content of those sites, which are governed by their own policies. Visitors are encouraged to review those policies before submitting any personal data.

The Firm will never request, by email, telephone, social media, or any other channel, the transfer of funds, payment instructions, or the disclosure of credentials in connection with any unsolicited communication purporting to originate from the BEP Group. Suspected fraudulent or impersonating communications should be reported promptly to the Firm at the contact details set out above.

12. CHANGES TO THIS PRIVACY POLICY

The Firm may amend this Privacy Policy from time to time to reflect changes in the Firm’s activities, applicable law, or industry practice. The most recent version will at all times be available on the Website. Material changes will be communicated in such manner as the Firm considers appropriate having regard to the nature of the change.