Privacy Policy

Last Updated: September 12, 2024

INTRODUCTION

GraphPad Software, LLC d.b.a “Dotmatics” and its subsidiaries listed on Schedule A (“Company,” “we,” “our,” or “us”) provide software-based solutions to serve the discovery, research, and development needs of organizations in the global life sciences community. Our customers are (a) enterprises such as universities, public and private research institutions, scientific organizations, medical and clinical research laboratories, commercial entities such as pharmaceutical and healthcare companies, and government agencies (“Enterprise Customers”) and (b) individual scientists, academics and similar research professionals with “single seat” licenses or free trials (together with Enterprise Customers, “Customers”). Individual end users (“End Users”) include both “single seat” licenses and those individuals who receive access to our products and services through enterprise licenses maintained by Enterprise Customers. In certain contexts, and as explained below, we may offer.

In the course of our standard operations, we collect and process information about individuals, often referred to as Personal Information (sometimes referred to as Personally Identifiable Information or Personal Data). This Privacy Policy describes how we collect, use, share or otherwise process that information and explains what rights you may have relating to that Personal Information.

TABLE OF CONTENTS

• Introduction

• About This Privacy Policy

• Personal Information We May Collect or Receive

• How We Collect Personal Information (Sources)

• How We Use Personal Information (Purpose for Collection)

• When And How We Disclose Personal Information

• Security of Personal Information

• Storage, Retention, and International Transfers of Personal Information

• Information About Children

• Your Rights and Choices

• California Privacy Rights

• European and UK Data Protection Rights

• Affiliates

• Changes to this Privacy Policy

• Contact Information

ABOUT THIS PRIVACY POLICY

What does this Privacy Policy cover?

This Privacy Policy describes how we collect, use, share or otherwise process Personal Information as well as the rights and choices individuals may have about such processing. Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or in some cases a particular household.

This Privacy Policy applies to this website and other websites and applications that display or link to this Privacy Policy, the Company’s in-person and virtual events, and our portfolio of commercial products, software, customer-hosted applications (either desktop or cloud-based but behind a Customer’s firewall), cloud-based applications, software-as-a-service (aka “SaaS”) offerings, data management platforms, and other related services (whether paid for or provided free of charge, together “Services”).

Please note that this Privacy Policy does not apply to information, including Personal Information, we process on behalf of our Customers, e.g., information and data Customers and their authorized End Users may import, upload, create, analyze, manage, store, share, or otherwise process using our Services (Customer Data). In that context we are processing Personal Information solely for the purpose of providing our Services to Customers, meaning that we are processing the information on behalf of, and at the direction of, our Customers pursuant to written agreements or contracts. The Customer controls what Personal Information they process using our Services, and how they do so. We are not responsible for the privacy practices of our Customers, which may differ from those explained in this Privacy Policy. For more information about Customer Data, please see Your Rights and Choices below.

Updates to this Privacy Policy

We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new Personal Information practices or adopt new privacy policies. (see Changes to this Privacy Policy). So that you are aware changes have been made, we will adjust the “Last Updated” date at the beginning of this document.

Terms of Use.

Please read this Policy carefully before using our Services or submitting Personal Information to us. This Policy is incorporated into and subject to each product’s Terms of Use. If there is a conflict among this Policy and a Customer’s specific Terms of Use, the terms from a Customer’s specific Terms of Use will prevail over any conflicting terms in this Policy. By visiting our website, using the features available through the website, or otherwise using our Services or submitting Personal Information to us, you acknowledge your understanding of this Privacy Policy and accept the practices described herein. You may wish to print or retain a digital copy of this Privacy Policy.

Additional Information for Residents of California

Residents of certain states such as California may have additional Personal Information rights and choices. For information about your privacy rights under California state law and other state laws, please refer to California Privacy Rights.

Questions?

If you have questions about our privacy practices, including practices that may not be addressed in this Privacy Policy, please fill out this form or email us at privacy@dotmatics.com or as otherwise set forth in the Contact Information section below.

PERSONAL INFORMATION WE MAY COLLECT OR RECEIVE

Depending on the circumstances, we may collect, obtain, or otherwise acquire the following categories of Personal Information:

• Identifiers (contact information) including your first and last name, postal address, email address, mobile telephone number, fax number, landline, date of birth, and account name or username.

• Professional Or Employment Related Information such as your company or organization, job title, work address, and work telephone number.

• Device Identifiers such as your MAC address, Internet Protocol (IP) address (the address of your computer on the Internet), or other online or device identifiers.

• Commercial Account Information such as the Services you have purchased, licenses purchased, types of Services of interest, product registration, and user configurations.

• Account Access Credentials, such as usernames, account numbers, access/security codes or passwords).

• Customer Service and Technical Support Information, such as the information you provide to us when you request and obtain customer support through an online form, chatbot, or online service desk portal, or when you send us an email or call our customer service line. This may include certain Personal Information generated by your use of our Services or Personal Information that you choose to share with us, including access credentials as necessary.

• Payment And Transaction Data such as your method of payment, financial account information, and payment card information (including payment card number, expiration date, delivery address and billing address).

• User Content And Other Digital Information that you choose to provide to us when you send us an email, submit or post a comment in an online community forum or publicly accessible blog, or otherwise communicate with us online (including the subject of your email, the content of your message, photographs and images, videos, and related content).

• Internet Or Other Network Activity Information such as technical information regarding your interaction with our websites and digital advertisements as well as our Services (Usage Information). Depending on the context we may also collect search history, information about your browsing activity, and log file information which includes, but may not be limited to, your browser type, webpages you visit, cookies tied to a specific browser, unique session ID, and other electronic network activity.

• Student Information, such as a copy of your student ID or other verification of academic status, but only if you (a) are a currently enrolled high school, undergraduate, graduate student, post-doctoral fellow or medical residents and (b) affirmatively opt to license a special student/education subscription or are included in your school’s license for a particular software Service. None of our Services are directed to, nor do we knowingly collect information from, anyone under 13 years of age. If you learn that your child provided us with information without your consent, please contact us at privacy@dotmatics.com.

• Inferences drawn from or created based on any of the information identified above.

• Human Resources/Recruiting Information such as name, contact details, and employment details, CV, resumé, or other details of employment history, qualifications, and experience in connection with an advertised job vacancy or a general inquiry regarding employment opportunities.

• Vendor Information, for individuals this information includes vendor name, address, Tax ID (which may be an individuals social security number), bank account information in order to set up a vendor in our finance and payment systems.

HOW WE COLLECT PERSONAL INFORMATION (SOURCES)

In most cases, we collect Personal Information directly from you (for example, through forms or correspondence). However, we may also obtain limited Personal Information about you from a device associated with you or your household, another company within our family of companies, a Customer (in many cases this is the organization that provides you with authorized End User access to our Services pursuant to an enterprise license or subscription), or an external third-party source.

Information You Provide to Us Voluntarily

We collect Personal Information you provide to us. This includes information you choose to provide when you:

• Submit a request for information about our Services, including product demonstrations, licensing options, and pricing information.

• Sign up for a free trial of one of our Services.

• Complete a purchase or other financial transaction with us, including the information we need to process payments and complete the transaction. Payments made online leverage our independent third-party payment service providers listed on our Trust Center. We do not receive information related to your financial or credit card account used to purchase our Services.

• · Register and create, update, or modify a user account for our Services.

• Download, install, register and/or activate software (and unregister software, cancel a subscription, or transfer a license).

• Register for, attend, or take part in our webinars, video conferences, programs, trainings, digital summits, or other events.

• Download content such as education and training materials, ebooks, white papers, case studies, videos, written tutorials, user guides, and other resources related to our Services.

• Participate in surveys, research or other similar data collection facilitated by us.

• Submit a service, maintenance, or technical support request, feature change request, or otherwise contact the Company’s service desk through telephone support, email, the Company’s online service desk portal, chatbot, or other mechanism. We may, in accordance with applicable law, document your communication with our support team or with other similar contact channels. For example, if you engage with our virtual chatbots, we may collect the information you provide during the chat, including transcripts of your conversation with the chatbot. In some cases, End Users who choose to access customer service and technical support may be required to create a dedicated online customer service account (customer service account).

• Subscribe to receive emails, SMS texts, or other marketing communications from us.

• Engage with us on social media platforms (LinkedIn, Facebook, X, YouTube, etc), or post a product review, rating, comment, or other user-generated content.

Information Collected Automatically: Cookies And Similar Technologies On Websites and Applications

As is true of most websites, we gather certain device information when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, frequency of visits to the websites, and the IP address of your or your device’s location. This information is used for the purposes set out in How We Use Personal Information of this Privacy Policy below.

Some of this information may be collected by our web server software, which generates log files — text files that record one line of data each time a browser request is made. Data also may be automatically collected using cookies and similar technologies. Cookies are small text files placed in your browser to store data that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well.

Data Analytics Providers and Advertising Networks

Our websites use first-party cookies, which are set by Dotmatics.com or one of our affiliate’s domains as well as third-party cookies which are set by a third party. In some cases, that is because we have hired the third party to provide services on our behalf, such as web hosting, site functionality, or site analytics. In other cases, we work with third parties such as LinkedIn, Google, and Facebook to conduct digital advertising campaigns for us. Because your browser connects to those third parties’ web servers to retrieve that content, those third parties can set or read their own cookies on your device and may collect information about your online activities across websites or online services.

We may also use cookies and similar technologies to understand how you engage with our communications, advertisements or content on third party platforms. For example, emails we send often contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format that enable a statistical analysis of the success or failure of online marketing campaigns. Via the pixel, we may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Similarly, we also analyze the data collected in the pixels contained in the newsletters in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. We do not pass any of the personal data stored on the pixel to third parties. Data subjects are at any time entitled to unsubscribe from the email update service by using the Unsubscribe link in each email, via the unsubscribe section of this Privacy Policy or by directly emailing privacy@dotmatics.com.

To learn more about our use of cookies and your choices to restrict cookies, please visit the Cookie Preferences link at the bottom of the web page for the specific Dotmatics product you are interested in.

Information Collected Automatically: Software and Services Usage Data

We log various End User actions as part of your use of our Services (“Usage Data”). Depending on the specific Service this information may include: (i) identifiers, such as user ID, organization ID, username, email address and user type; (ii) internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, language; and (iii) End User interactions such successful/unsuccessful logins, uploading data, editing data, generating output, viewing information, sharing data, turning on/off functionality, etc.

Information From Business Partners, Distributors, Resellers, Corporate Affiliates, Service Providers, and Customers

Sources of Personal Information may include:

• Business partners or event co-sponsors with which we jointly provide Services.

• Distributors and Resellers that market and sell our Services.

• Service Providers or vendors (sometimes referred to as Processors or Subprocessors) who operate our customer management database or support our business operations such as marketing, analytics, payment processing, customer and technical support, cloud computing services and storage, and customer support function. A list of our Service Providers is provided on our Trust Center.

• Affiliated companies. A list of our affiliates may be found here.

• Enterprise Customers who provide information about their individual End Users of our Services or otherwise provide us with information about Enterprise Customer employees (authorized representatives, account managers, system administrators, etc.), for example during contract negotiations, discussions concerning Enterprise Customer requirements, audits and inspections of use, or initiatives to customize or modify Services.

Social Media Platforms

You can engage with some of our content on or through third-party communities, forums, social media sites, and platforms such as LinkedIn, Facebook, X, and YouTube. When you link to or interact with our websites, content, or offerings through these platforms and networks you may allow us to receive certain information from your social media account (e.g., name, user ID, email address, location, your list of friends and their contact details, people you follow and/or who follow you, the posts or the 'likes' you make). For example, if you activate a social media plug-in, the social media platform automatically makes available the content to your browser, which then integrates it into our websites. We may also receive information from your interaction with our content (e.g., content viewed and information about advertisements you have been shown or have clicked on). Please note that these services are controlled and operated by third parties. By interacting with us through these third-party services, you may be providing these third parties with Personal Information. Any information collected by a third-party service is subject to that entity’s privacy policy.

A list of our social media pages and accounts may be found on Schedule B.

Third Party Data Suppliers

In some circumstances, we may also purchase or otherwise acquire Personal Information from third party data suppliers, data enrichment providers and aggregators, advertising networks, data analytics providers, business contact databases, and government entities. We may combine Personal Information received from these sources with other Personal Information we collect and process.

Publicly Available Sources, we may collect Personal Information from publicly available sources such as public posts online or public databases.

HOW WE USE PERSONAL INFORMATION (Purpose for Collection)

Our purposes for using Personal Information include:

Provide Our Services. We use Personal Information to provide and deliver our Services. Depending on the Services provided we may use information to:

• Fulfill our contract or agreement with you or your organization;

• Verify identity;

• Register End Users or other account holders;

• Onboard new Customers;

• Customize or modify Services; and

• Process subscription and software license renewals.

Process Financial Transactions. We use Personal Information to process financial transactions such as the purchase of a software license.

Measure, Support, and Improve Our Services: We use Personal Information to measure use of, analyze performance of, fix errors in, provide support for, resolve technical issues, improve, upgrade or enhance our Services.

Auditing and Administrative Purposes, For certain Services we use Usage Data for reporting to Customers and administrators what actions have been performed within specific Services by the Customers. We also use this information for systems management, monitoring for traffic/load/malicious patterns related to application functionality and security, and to assess and manage usage and licensing compliance with the applicable terms of use of our Services.

To analyze activity on our websites, improve our public facing platforms and communications: We use Personal Information to understand how you use our websites, forums or training platforms and to improve or personalize your experience with those websites, training platforms and the communications we send.

Managing Event Registrations and Attendance: We use Personal Information to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you.

Communicate with You: We use Personal Information to communicate with Customers, End Users, and others in relation to our Services via different channels (e.g., by phone, email, chat) and to respond to your requests. This includes communications when we provide individuals with customer service and technical support. Communications include technical alerts, updates, security notifications, and administrative communications.

Marketing and Business Development: We use Personal Information to market and promote our Services including to:

• understand who may be interested in our Services;

• send marketing communications; and

• understand the effectiveness of our marketing campaigns and to improve them going forward.

Digital Advertising. We use Personal Information to target advertisements and messages to you via third party advertising platforms including search engines and social media/networking platforms such as LinkedIn or X. This may include Interest-Based Advertising as explained above.

To protect the rights, property, life, health, safety or security: We use your Personal Information, where required, to protect the rights, property, life, health, safety or security of our Company, our employees, our Customers and individual users (including you) or others.

For Our Own Business Purposes, We use Personal Information to support our business operations including to maintain internal business records and conduct internal reporting; perform accounting and similar financial functions; audit and manage projects related to our Services; perform IT security management and IT-related tasks, such as administration of our technologies and network; and to evaluate and improve our business processes.

Recruiting and hiring, We use Personal Information to support our recruiting and hiring processes.

Corporate Transactions, We may use your Personal Information in connection with transactions if there is a proposed or actual merger, purchase, sale acquisition, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which Personal Information processed by us pursuant to this Privacy Statement forms part of the assets transferred.

To comply with legal obligations: Where necessary, we use your Personal Information to comply with legal obligations such as tax reporting, regulatory requirements, court orders or subpoenas.

To help you exercise your rights and control over your Personal Information: Where you contact us to exercise your rights or to opt-out from certain forms of communication, we may need to further process your Personal Information to comply with your request (for example, if you request a copy of your Personal Information and you provide your ID to confirm your identity).

WHEN AND HOW WE DISCLOSE PERSONAL INFORMATION

We are careful to disclose your Personal Information in ways that respect your privacy and as described in this Privacy Policy. We do not disclose your Personal Information to others for money.

We may disclose or may have disclosed your Personal Information to:

Service Providers. We may allow access to your Personal Information by Service Providers that perform services for us, but only for the purpose of and to the extent necessary to perform those services. For example, Service Providers help us with technical maintenance, database management, market research, e-commerce, website analytics, advertising functionality, as well as credit/debit card or other payment processing, order fulfillment, and address verification. These Service Providers are contractually prohibited from using Personal Information for any secondary purposes. While we may seek to require Service Providers to follow appropriate privacy policies and will not authorize them to use your Personal Information except for the express purpose for which it is provided, we do not bear any responsibility for any actions or policies of third parties. Our Service Providers are listed on our Trust Center

Affiliated Entities. We may disclose your Personal Information to affiliated entities in Dotmatics corporate family and other related entities listed here for administrative or operational purposes such as for the purpose of providing services to our Customers, information security or as required by law. We may also disclose limited Personal Information to enable cross marketing and promotional campaigns between Affiliated Entities. Affiliates are bound by contractual obligations to process any Personal Information in compliance with data protection and consumer privacy laws that apply.

Third-Party Advertising Partners. Through some of our websites and applications, we may allow third-party advertising partners such as Google, Microsoft Advertising, LinkedIn, Facebook, and YouTube to set cookies and other tracking tools to automatically collect information regarding your online activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third-party services within their networks. This form of digital advertising may be referred to as “interest-based advertising,” “personalized advertising” or “cross-context behavioral advertising.”

Our third-party advertising partners include:

• Bing

• Confection

• Google (Google Ads, Google Lead Services, Google Tag Manager, Google AdWords, Doubleclick)

• HubSpot

• LinkedIn

• YouTube

• Facebook

• Microsoft Advertising

• X/Twitter

• 6Sense

• Pardot

• Vimeo

For additional information about our third-party advertising practices, to restrict the use of cookies, including cookies used to deliver targeted advertising, or to opt-out of receiving personalized advertisements from these partners, please see Manage Your Cookie Preferences or visit the Cookie Preferences link at the bottom of the web page for the specific Dotmatics product you are interested in.

Parties To a Corporate Transaction. If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by our Services. In this event, you will be notified via email and/or a prominent notice on our websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

Other Third Parties. In addition, we may disclose Personal Information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, (iv) when disclosure of your Personal Information is otherwise required or permitted by law, or (v) with your consent.

Public Posts and User Generated Content. Please be aware that content and Personal Information that you choose to post or share in publicly accessible portions of our Services (product reviews, questions, message boards, blogs, comments, etc.) may be read, collected and used by any member of the public. Similarly, when you interact with our Services through social media or other platforms, depending on your privacy settings, this information or content and your username may become public on the Internet or within a community of users. We cannot prevent further use of this information once you share it in a publicly available forum. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you may disclose in this way.

Links to Services Owned or Operated by Other Entities

Our Services (for example, this website) may contain links to other websites, applications, platforms, and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy policies. If you wish to understand how they collect, use, share, or otherwise process your Personal Information, we encourage you to review their privacy policies.

SECURITY OF PERSONAL INFORMATION

We maintain administrative, technical, and physical safeguards that are intended to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. However, because no information system can be 100% secure, we cannot guarantee the absolute security of your information.

End Users are generally responsible for maintaining the confidentiality of their Account and password and for restricting access to their computers. End Users are responsible for all activities that occur under their Account or password. As a result, it is important for End Users to protect against unauthorized access to their passwords and to their computers.

For information about the security controls that relate to a specific Service or configurations or versions of a specific Service, please review the terms, agreements, documentation, and other information related to that specific Service including information posted on our Trust Center, our customer-facing, self-service home for documents and answers on security, privacy, and compliance matters related to specific Services.

STORAGE, RETENTION, AND INTERNATIONAL TRANSFERS OF INFORMATION

We keep the Personal Information we collect for as long as you use our Services or as long as is necessary to: (i) fulfil the purpose(s) for which we collected the Personal Information; (ii) provide and secure our Services; (iii) resolve disputes, establish legal defenses, enforce our agreements and comply with applicable laws; (iv) conduct audits; and (v) comply with our internal policy requirements. Different data retention policies may apply to backups that are maintained to ensure the security, integrity, and availability of data as well as comply with laws, standards or requirements depending on the context.

Customer Data may be maintained based on the data retention requirements of different Customers and pursuant to written agreements.

We operate throughout the world. Depending on the scope of your interactions with us and our Services, your Personal Information may be stored in or accessed from multiple countries, including the United States. Whenever we transfer Personal Information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Policy and as permitted by applicable data protection laws.

Services are hosted on servers located in the United States, United Kingdom, the European Economic Area, Japan, Singapore and South Korea. If you are an End User accessing the Service from the European Economic Area, Australia, Asia, or any other region with laws or regulations governing Personal Information collection, use, and disclosure, that differ from United States laws, you are transferring your Personal Information to the United States which may not have the same data protection laws as such other regions. By providing user information through the Service you are consenting to the transfer of your information to the United States for processing and maintenance in accordance with this Privacy Policy and the Terms of Use. If you wish to withdraw your consent, you can delete your account as described in Your Rights and Choices section of this Privacy Policy.

Some Services offer multiple alternative locations to process and/or store Customer Data. When a Service offers alternative locations to process/and or store data, the Customer may be able to choose their region during the setup process. If you are an End User accessing our Services through an Enterprise License maintained by a Customer, please direct your questions to the Customer.

INFORMATION ABOUT CHILDREN

As a business-to-business platform for commercial and academic research organizations, our Services, including this website, are not intended for children under 13 years of age. No one under age 13 may provide any Personal Information on this website or otherwise. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on this website, through any of its features, or create an account with us for any reason. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us.

YOUR RIGHTS AND CHOICES

Depending on applicable law, you may have some rights and choices with respect to the Personal Information we process. Those rights may be limited by local law requirements. You may exercise these rights by contacting us as specified below. We strive to provide all individuals regardless of jurisdiction with the ability to make meaningful choices about your Personal Information.

Questions About Customer Data

This Privacy Policy does not apply to Personal Information within Customer Data, which frequently includes data processed by Customers for scientific, drug discovery, or other life science research. We process such Personal Information as a Service Provider/Processor pursuant to written agreements that restrict our ability to access, view, or otherwise process Customer Data, including Personal Information a Customer may upload or store in our Services.

We have no control over what types of data our Customers upload, process, or store in connection with the Customer’s use of our Services. This depends solely on the Customers’ policies and uses of our Services.

To the extent we may process Personal Information as a Service Provider/Processor on behalf of and at the direction of our Customer, we are not able to address or respond to requests with respect to such Personal Information. If you are seeking to understand how one of our Customers processes Personal Information using our Services – or if you wish to exercise your rights in relation to any Personal Information a Customer may process using our Services – the relevant Customer’s privacy statement is the best place to start to understand those details, or to learn how to contact them. If you contact us about Personal Information within Customer Data and can identify the Customer with whom you have interacted, we will use our best efforts to notify the relevant Customer of your inquiry.

You Choose What Information You Provide

Individuals who visit our websites and review our Services have choices when it comes to the Services you use and the data you share. When we ask you to provide Personal Information (for example to create an Account) you can decline. Some of our Services require some Personal Information to provide you with the Service. If you choose not to provide data required to provide you with a Service, you cannot use that Service. That may include licensing software, registering for an End User account, downloading educational materials or other content for our Services, or contacting one of our customer or technical support services.

If you access our Services as an authorized End User through an Enterprise Customer who maintains an enterprise or group license for our Services, the Enterprise Customer may require you to provide additional Personal Information when using our Services pursuant to the Enterprise Customer’s own policies and procedures. Many Enterprise Customers engaged in research for example, have rigorous rules regarding data integrity, provenance, account access, sharing, and deletion which may involve additional data collection and auditing.

Accessing, Modifying or Deleting Your Information

You may access, review, edit, or modify some of your Account information by logging into your Account. Account information may include:

• Identifiers (contact information) including your first and last name, postal address, email address, mobile telephone number, fax number, landline, account name or username.

• Professional information such as your company or organization, job title, work address, and work telephone number.

• Commercial information such as the Services you have purchased, licenses purchased, types of Services of interest, product registration, user configurations, and usage information.

• Account access credentials, such as usernames, account numbers, access/security codes, IP address or passwords.

• Customer service and technical support records.

• Contact preference: consents or preferences that you give us, such as how you would like us to contact you or what services interest you.

You may request a copy of or the deletion of the Personal Information you provided by contacting customer service for the Service you licensed. If you are accessing our Services as an authorized End User through an Enterprise Customer that has purchased and enterprise or group license to the Services, the organization may implement their own rules regarding your Account Information.

Marketing Choices

Email Opt-Out

You can opt-out from receiving marketing communications by email by following the instructions within the emails you receive from us or by contacting us at privacy@dotmatics.com Please note that your opt-out request is specific to the corporate entity you are interacting with as well as the particular type of email communication you receive from us. For example, if you opt-out from a newsletter email, you will no longer receive newsletter email communications, but you may still receive email marketing communications from us. Further, if you opt-out from all email communications, we may still send you administrative, transactional or operational emails. Examples of transactional or operational emails include registration confirmation, password resets, profile updates or other account related messages.

Interest-Based Advertising (Cross-Context Behavioral Advertising)

As explained above, we use third-party advertising companies such as Google, Microsoft Advertising, Facebook, Twitter, LinkedIn, YouTube) to serve digital ads on our behalf. We may allow these third parties to collect information on our websites for purposes of delivering targeted advertisements to you based in part on your visits to and interaction with our websites.

You can manage of the use of cookies for advertising by using the preference tool at the Cookie Preferences link at the bottom of the web page for the specific Dotmatics product you are interested in.

External Opt-Out Tools: Some third-party organizations provide ways of opting out of personalized advertising delivered by participating companies. For information about how to opt-out, you can visit these organizations’ websites: Network Advertising Initiative’s opt-out tools, the Digital Advertising Initiative’s Browser Check tool, YourAdChoices, and the European Interactive Digital Advertising Alliance Your Ad Choices.

Do Not Track: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls described above.

Manage Your Cookie Preferences

With respect to cookies, you can always customize your settings at any time. For a detailed explanation regarding the use of cookies on our Services and your choices to restrict the use of certain cookies, please visit the Cookie Preferences link at the bottom of the web page for the specific Dotmatics product you are interested in.

You can also decide to restrict cookies using browser settings and other online tools. By default, most web browsers are designed to accept cookies, however you can usually set your browser to reject or remove browser cookies. Please note that this could impact the functionality and availability of certain features on our websites.

You may stop or restrict the placement of cookies or similar technology on your device or remove them by adjusting your preferences as your browser or device permits. On most web browsers, you will find a “help” section on the toolbar. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

• Mozilla Firefox Support

• Google Chrome Support

• Apple Safari User Guide

• Microsoft Edge Support

Please note that if you reject cookies or turn cookies off, you may be unable to access certain parts of our websites and you may not be able to benefit from the full functionality of the Services. Cookie-based opt-outs are not effective on mobile applications.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your Personal Information.

• Right to Know. You have the right to request what Personal Information we have collected about you, including the categories of Personal Information; the categories of sources from which the Personal Information was collected; the business or commercial purpose for collecting, selling, or sharing Personal Information; the categories of third parties to whom we disclose Personal Information; and the specific pieces of Personal Information that we have collected about you.

• Right to Delete or Correct. You have the right to request the deletion or correction of your Personal Information that is collected or maintained by us, subject to certain exceptions.

• Right to Opt-Out of Sales or Sharing. You have the right to opt-out of the sale or sharing of your Personal Information by us. You may access our Notice of Right to Opt-Out by clicking here.

• Right to Non-Discrimination. We may not discriminate against you because you have exercised any of the privacy rights described above.

• Right to Limit Use or Disclosure of Sensitive Personal Information. We do not collect, use, disclose, or retain your Sensitive Personal Information beyond what is necessary to provide your request services.

To exercise your rights to know, delete, or correct as described in this section, please submit a request through one of the options identified at the end of this Privacy Policy. Please describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Please note that we may be required to take additional steps to verify your identity before providing you with access to Personal Information, deleting Personal Information or modifying Personal Information.

Please be aware that making any such request pursuant to California law does not ensure complete or comprehensive removal or deletion of Personal Information or content you may have posted, and there may be circumstances in which the law does not require or allow us to fulfill your request. For example, we retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes. In addition, we may still use aggregated and de-identified data that does not identify you or any individual.

Personal Information Sales or Sharing Opt-Out

You have a right to opt-out of the sale or sharing of your Personal Information. While we do not sell customer data in exchange for monetary consideration, we allow our third-party advertising partners to collect device and browsing information on our websites for purposes of delivering targeted advertisement. You may opt out of the disclosure of this information for advertising purposes here.

We do not have knowledge that we sell or share the Personal Information of individuals under age 13.

You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Information provided in an opt-out request to review and comply with the request.

Under California Law, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. To designate an authorized agent, please contact us as set forth below.

Please note that the effectiveness of your opt-out request may be limited by our ability to associate the cookies and/or pixels that we may collect from your web session with your identity, browser, device, and/or browsing session. As a result, your opt-out request will be more effective for future visits to our website if you:

• Utilize the same device that was used to exercise the opt-out request;

• Have not cleared cookies from your web browser;

• Are not using a private or "do not track" mode in your web browser; and

• Provide the same Personal Information that you provided previously

Personal Data Notice

See the sections of this Policy entitled (i) "PERSONAL INFORMATION WE MAY COLLECT OR RECEIVE” for more information about the types of Personal Information we collect; (ii) “HOW WE COLLECT PERSONAL INFORMATION (SOURCES)” for more information about the sources from which we obtain Personal Information; and (iii) “WHEN AND HOW WE DISCLOSE PERSONAL INFORMATION” for more information about the circumstances in which we disclose Personal Information and the parties to whom we share such Personal Information. This includes types of Personal Information that may be considered “sensitive” under the CCPA. We do not sell your Personal Information to others for money.

EUROPEAN AND U.K. DATA PROTECTION RIGHTS

If you are located in the European Economic Area (“EEA”) or U.K., please read the following:

This section incorporates the general provisions of the Policy, where applicable. If any provision in the Policy is inconsistent with this section (for ease of reference, “EU Policy”), the terms of this EU Policy shall apply to the processing of Personal Data subject to this EU Policy. Terms used in this EU Policy shall have the meaning ascribed to them by the applicable data protection law, including the definition of Personal Data.

• We act as both a data Processor and a data Controller under the GDPR. When Customers use our services to process Personal Data in the content they upload to our Services, we act as a data processor.. When we collect Personal Data and determine the purposes and means of processing that Personal Data– for example, when we store account information (e.g. email addresses provided during the account registration) for account registration, administration, Services access, or contact information for an account to provide assistance through customer support activities – we act as a data controller. This Privacy Policy explains and applies to how we process Personal Data as a controller.

Rights. Individuals located in the EEA and U.K. may have the following rights, subject to limitations:

• Access or request a copy of your Personal Data

• Correct any inaccuracies relating to your Personal Data

• Restrict the processing of your Personal Data

• Object to the processing of your Personal Data, including where the data is used for marketing purposes

• Request the erasure of your Personal Data

• Receive your Personal Data in a commonly-used machine readable format and have that data transmitted to a data controller of your choosing.

• Withdraw your consent to the processing of your Personal Data where processing is based on consent

• Right not to be subject to automated decisions where the decision produces a legal effect or similarly significant effect

• Lodge a complaint with the appropriate authority in your jurisdiction.

To exercise a right, please use the contact information at the end of this Privacy Policy. If you are located in the EEA and believe we are not processing your Personal Data in accordance with applicable law, you have the right to lodge a complaint with your local Supervisory Authority.

You can find the contact information for your local Supervisory Authority here: https://ec.europa.eu/justice/data-protection/authorities/index_en.htm. If you are located in the United Kingdom, you have the right to lodge a complaint with the UK’s supervisory authority.

Legal Basis For The Processing

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. These legitimate interests are to provide Customers and End Users with access to the Services; to send them information they have requested; to ensure the security of our Services by trying to prevent unauthorized or malicious activities; or to enforce compliance with our terms of use, contracts and other policies. In some cases, we may also have a legal obligation to collect Personal Data from you.

Transfers of Personal Data

We operate as a global business. If your Personal Data is transferred (including digital access) out of the EEA, UK or Switzerland, your Personal Data may be transferred to from the United States or other countries worldwide. If your Personal Data is transferred to a country or organization that is not subject to an adequacy decision by the European Commission or (where relevant) the UK Secretary of State, we will put in place suitable safeguards to ensure that any transfer is carried out in compliance with applicable data protection rules. To ensure an adequate level of protection for your Personal Data, we will use a data transfer agreement with the recipient based on Standard Contractual Clauses approved by the European Commission, the UK Secretary of State, or the UK Information Commissioner’s Office (as applicable) under the UK GDPR and the EU GDPR (as applicable).

CHANGES TO THIS PRIVACY POLICY

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes. We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Information.

CONTACT INFORMATION

If you have any questions or comments about this Privacy Policy or anything related to privacy, please contact us:

• Via email: privacy@dotmatics.com

• Via web form

• Via telephone: +1 312 205 8910

You may also write to us at:

Dotmatics

ATTN: Chief Security & Trust Officer

225 Franklin Avenue

26th Floor

Boston, Massachusetts

02110

USA

For EEA Residents - please contact our EU Representative at:

Statistical Solutions Ltd

ATTN: Chief Security & Trust Officer

Cork Airport Business Park,

4500 Avenue 4000,

Rathmacullig West,

Ireland

privacy@dotmatics.com

For UK Residents - please contact our UK Representative:

Dotmatics Ltd.

ATTN: Chief Security & Trust Officer

The Old Monastery

Windhill

Bishops Stortford

Hertfordshire

CM23 2ND

United Kingdom

SCHEDULE A

SUBSIDIARIES

Dotmatics, LLC

LabArchives, LLC

LabArchives UK, Ltd.

Protein Metrics, LLC

Protein Metrics, SA

SoftGenetics, LLC

GSL Biotech, LLC

Omiq, LLC

De Novo Software, LLC

M-Star Simulations, LLC

Biomatters Unlimited

Cytapex Bioinformatics, Inc.

Dotmatics Limited

Dotmatics Australia Pty Limited

Dotmatics, KK

MDF Co., Ltd

SCHEDULE B

GraphPad

• LinkedIn

• Twitter “X”

• YouTube

• Facebook

• G2

• Capterra

SoftGenetics

• Linkedin

• Twitter “X”

• YouTube

M-Star

• LinkedIn

• Twitter “X”

• YouTube

• G2

• Capterra

SnapGene

• Twitter “X”

• LinkedIn

• YouTube

• Facebook

Geneious

• Twitter “X”

• LinkedIn

• YouTube

• Facebook

OMIQ

• LinkedIn

• YouTube

EasyPanel

• LinkedIn

Cytapex

• LinkedIn

Dotmatics

• LinkedIn

• Twitter “X”

• Facebook

• YouTube

Protein Metrics

• LinkedIn

• Twitter “X”

• YouTube

LabArchives

• Facebook

• YouTube

• Twitter “X”

• LinkedIn

• Instagram

FCS Express

• Facebook

• LinkedIn

• YouTube