Privacy Notice

Gilead Vanguard Technology LLC ("Gilead Vanguard", "we", "us" or "our") is a New York limited liability company. This Privacy Notice explains how we collect, use, disclose and safeguard personal information when you visit our website at gileadtechnologies.com, contact our team or use the products and services we deliver (collectively, the "Services").

This notice applies to personal information we process as a data controller. Where we process personal information on behalf of a customer in the course of an engagement — for example, information generated by systems we install and operate at a customer site — that customer is the controller of that information and their own privacy notice governs the processing.

We collect the following categories of personal information:

• Contact information you submit through our website forms: name, business email, company, phone number (if provided) and the contents of your enquiry.
• Communications: records of email, telephone and meeting exchanges with our team.
• Technical information automatically generated when you visit our website: IP address, browser type and version, device and operating-system identifiers, referring URL, pages viewed and time spent.
• Cookies and similar technologies used to operate the site, remember preferences and measure aggregate usage. See "Cookies" below.
• Recruitment information voluntarily submitted by candidates who apply for roles.

We collect personal information directly from you when you submit it through our website or correspond with us. We also receive technical information automatically from your device when you interact with our website. We do not purchase personal information from data brokers.

We use personal information for the following purposes:

• To respond to your enquiry, prepare proposals and deliver the Services you have requested.
• To operate, secure, maintain and improve our website and services.
• To send service-related communications such as confirmations, updates and security notices.
• To send marketing communications where you have opted in. You can unsubscribe from these at any time using the link in each message or by contacting us.
• To comply with legal, regulatory, tax and accounting obligations.
• To detect, investigate and prevent fraud, abuse, security incidents and other harmful activity, and to enforce our terms.

Where the EU or UK General Data Protection Regulation applies, we rely on one or more of the following legal bases: performance of a contract with you or your organisation; compliance with a legal obligation; our legitimate interests in operating, securing and growing our business in a way that does not override your rights; and, where required, your consent (which you may withdraw at any time).

We do not sell personal information for monetary consideration. We share personal information only as described below and only with parties bound to appropriate confidentiality and data-protection obligations:

• Service providers and subprocessors that host our website, deliver emails on our behalf, provide analytics, or assist with customer support, payments and accounting.
• Professional advisers such as auditors, accountants, insurers and lawyers, under duties of confidentiality.
• Government, regulatory or law-enforcement authorities where required by law, court order or to protect rights, property or safety.
• Acquirers or successors in connection with a merger, acquisition, financing or sale of all or part of our business.

Some sharing of information with advertising or analytics partners may be considered a "sale" or "sharing" under California law even though no money changes hands. See "Your Rights" for the choices available to California residents.

Gilead Vanguard is established in the United States and some of our service providers operate in jurisdictions outside the EEA and UK. Where personal information is transferred from the EEA, UK or another regulated jurisdiction to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or equivalent mechanisms permitted under applicable law.

We retain personal information only for as long as needed for the purposes set out in this notice, to satisfy legal, regulatory, tax or accounting requirements, or to resolve disputes and enforce our agreements. Enquiry records are typically retained for up to 24 months after our last interaction unless a longer retention period is required.

We use reasonable administrative, technical and physical safeguards designed to protect personal information from unauthorised access, disclosure, alteration or destruction. These include encryption in transit, restricted access, logging of administrative actions and use of reputable cloud providers. No method of transmission or storage is completely secure; we cannot guarantee absolute security, but we work to reduce risk in line with the principles described on our Security page.

Depending on where you live, you may have the right to request access to the personal information we hold about you; to correct or update it; to delete it; to restrict or object to certain processing; to request portability; and to withdraw consent where processing is based on consent. EEA and UK residents may lodge a complaint with their local supervisory authority.

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), including the right to know what personal information we collect and how we use it, to delete it, to correct it, to opt out of any "sale" or "sharing" of personal information, and to limit the use of sensitive personal information. We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, please contact legal@gileadtechnologies.com. We may need to verify your identity before responding, and we will respond within the timeframes required by applicable law. You may also designate an authorised agent to submit a request on your behalf.

Our website does not respond to "Do Not Track" browser signals at this time, because no common industry standard for those signals has been finalised. We will update this notice if that changes.

Our website uses a small number of cookies and similar technologies to operate the site, remember preferences and measure aggregate usage. You can control cookies through your browser settings; disabling certain cookies may affect site functionality.

Our Services are intended for use by businesses and adults and are not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

We may update this Privacy Notice from time to time to reflect changes in our practices or for legal, regulatory or operational reasons. We will indicate the effective date at the top of this page. Material changes will be communicated through the Services or by another reasonable means.

Questions or requests relating to this Privacy Notice may be sent to legal@gileadtechnologies.com or by post to Gilead Vanguard Technology LLC, 167 Madison Ave, Ste 205, #590, New York, NY 10016, United States.