PRIVACY NOTICE - Voydeya Medication Reminder Tool

Updated: February 2024

WHO HAS DEVELOPED/COMMISSIONED THE APP

This application (the “App”) has been commissioned by Alexion AstraZeneca Rare Disease Unit, 121

Seaport Blvd Boston, MA 02210; (“we”, “us”, “our”) and is provided by our software developer,

MobileProgramming LLC ("MobileProgramming" the “Developer”), 345 E. 37th Street, Suite 202A,

New York, NY 10016. MobileProgramming hosts and manages the App.

PURPOSE OF THE APP

The main purpose of this App is to help patients manage their medication schedule. The App is also

designed to help us understand if patients meet their medication schedule.

DATA THE APP COLLECTS, WHY IT IS COLLECTED AND WHAT IT IS USED FOR

In order to use this App as intended, users will be asked to provide the following information about

themselves and their medication usage: name, email address, password, medication refill dates and

infusion dates to set reminders, and, to confirm whether reminders were met. In addition, online

identifier(s), location but only at country level, and, usage data (such as number of downloads/times

the App has been installed, total number of crashes, time in App and the number of times the App

has been deleted) will also be collected. This information will be available to MobileProgramming

for the purposes of identifying you, helping you access your account and for provision of and further

development/maintenance of this App. Use of this App is voluntary.

No information that can be used to identify you directly (such as your name, contact details, or

pseudonymized data) will be shared with us. We will only receive anonymized statistical data (non-

user specific information) about usage of the App such as time of reminders and whether or not

reminders were met. MobileProgramming will share this with us.

Apple store or Google Play may use anonymous statistical data (non-user specific information) with

MobileProgramming in the forms of things such as the total number of downloads/times the App

has been installed, the total number of crashes, time in App and the number of times the App has

been deleted.

CATEGORIES OF ENTITIES WITH WHOM WE MAY DISCLOSE YOUR INFORMATION

We grant access to your information only to the extent needed to perform business functions and

require entities that receive your information to protect the confidentiality and security of such

information.

We may disclose your information as follows:

• Vendors and business partners may receive the information we collect directly from you,

other people and organizations, public sources, and automatically. We may disclose your

information to vendors who work on our behalf to provide certain services, for example,

entities that provide us with research services, data storage, data analysis and processing,

distribution, patient support, IT and data security, and legal services. We also may disclose

your data to our business partners, for example, researchers with whom we collaborate,

companies with whom we co-develop a therapy, companies with whom we co-promote a

product or third-party companies managing our in-countries operations.

• Our affiliates and subsidiaries may receive the information we collect directly from you,

other people and organizations, public sources, and automatically. For business purposes,

we may disclose your personal data to for example, current and future companies within the

Alexion family of companies so we can improve our offerings.

• We may disclose all of the information we collect in connection with a business transfer or

sale, for example, as part of a sale, assignment, or transfer of a business or asset, or

acquisition of or merger with another entity.

• We also may disclose any of the information we collect in response to requests from

government or law enforcement agencies or where required or permitted by applicable

laws, court orders, or government regulations, for example, in response to a subpoena or

regulatory inquiry.

• We may disclose all of the information we collect to protect rights and interests, for

example, when needed for corporate audits, to investigate or respond to a complaint or

threat, or to exercise our legal rights.

• We may disclose any of the information we collect with your consent, for example, when

you agree that we can share your personal data with an HCP.

STORAGE OF DATA

All the information supplied through this App will be stored by MobileProgramming on secure

servers in The United States. This information may be transferred in accordance with any legal

obligations. If you uninstall the app, information you have submitted through the app will be

securely deleted unless MobileProgramming is required to store it in accordance with applicable

laws and the company’s data retention policy.

SECURITY OF YOUR DATA

We endeavour to ensure that MobileProgramming is required to keep your information confidential

and secure and process it for limited and specified purposes. We have implemented privacy and

security controls designed to help protect your data. Please note, however, that no security

measures are 100% effective, and we cannot guarantee absolute security of your data.

CONTACT DETAILS

To maintain your anonymity to us, you may contact MobileProgramming at optout@alexion.com

request access to the information held about you, to correct any mistakes or to request deletion of

your information or withdraw your consent to certain types of processing of your information. If

such a request places us (including our affiliates) or MobileProgramming in breach of obligations

under applicable laws, regulations or codes of practice, then your request may not be complied with

but you may still be able to request that your information is blocked for further processing. You may

also have a right to data portability to another entity under certain circumstances.

UPDATES

We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make

material changes to this Privacy Notice, we will notify you by posting an updated Privacy Notice in

the App and listing the effective date of such updates.

SUPPLEMENTAL APPLICATION PRIVACY NOTICE for California, Colorado, Connecticut, Utah, and

Virginia Consumers

Updated: February 2023

This Supplemental Application Privacy Notice (“Supplemental Notice”) applies only to information

collected about California, Colorado, Virginia, Utah, and Connecticut consumers. It provides

information required under the California Consumer Privacy Act of 2018 and California Privacy Rights

Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Virginia

Consumer Data Protection Act of 2021 (the “VCDPA”), the Utah Consumer Privacy Act of 2022 (the

“UCPA”), and the Connecticut Data Privacy Act of 2022 (“CDPA”). We also provide a brief paragraph

regarding information collected about Nevada consumers under the heading “Privacy Notice for

Nevada Residents” at the end of this Supplemental Notice. The other portions of this Supplemental

Notice do not apply to Nevada consumers.

This Supplemental Notice describes Alexion and Alexion’s group companies’ (“we” “us” “our”)

practices regarding the collection, use, and disclosure or Personal Information and provides

instructions for submitting data subject requests. The Notice also describes Alexion’s processing of

Personal Information in the United States.

Definitions

Sales and Sharing of Personal Information

Your Privacy Rights and Choices

Your Targeted Advertising and Opt-Out Choices

Updates to this Supplemental Notice

DEFINITIONS

For purposes of this Supplemental Notice, “Personal Information” ( or “PI”) means information that

identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably

be linked, directly or indirectly, with a particular consumer or household. Personal Information

includes “personal data” as that term is defined in the CPA, VCDPA, UCPA, and CDPA. Personal

Information also includes “Sensitive Personal Information,” as defined below, except where

otherwise noted.

“Sensitive Personal Information” means Personal Information that reveals a consumer’s social

security, driver’s license, state identification card, or passport number; account log-in, financial

account number, debit card number, or credit card number in combination with any required

security or access code, password, or credentials allowing access to an account; precise geolocation;

racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages;

and genetic data. Sensitive Personal Information also includes processing of biometric information

for the purpose of uniquely identifying a consumer and Personal Information collected and analyzed

concerning a consumer’s health, sex life, or sexual orientation. Sensitive Personal Information also

includes “sensitive data” as that term is defined in the CPA, VCDPA, UCPA, and CDPA.

“Third Party” has the meanings afforded to it in the CCPA, CPA, VCDPA, UCPA, and CDPA.

“Vendor” means a service provider, contractor, or processor as those terms are defined in the CPRA,

CPA, VCDPA, UCPA, and CDPA.

To the extent other terms used in this Supplemental Notice are defined terms under the CCPA, CPA,

VCDPA, UCPA, or CDPA they shall have the meanings afforded to them in those statutes, whether or

not capitalized herein. As there are some variations between such definitions in each of the four

statutes, the definitions applicable to you are those provided in the statute for the state in which

you are a consumer. For example, if you are a Virginia consumer, terms used in this Supplemental

Notice that are defined terms in the VCDPA shall have the meanings afforded to them in the VCDPA

as this Supplemental Notice applies to you.

SALES AND SHARING OF PERSONAL INFORMATION

The CCPA defines “sale” broadly as “disclosing or making available Personal Information to a third

party in exchange for monetary or other valuable consideration,” and “sharing” as “disclosing or

making available personal information to a third party for purposes of cross-context behavioural

advertising.” While we do not disclose personal information to third parties in exchange for

monetary consideration, we may be considered to be “selling” or “sharing” certain categories of

Personal Information to third parties through our use of ad companies, analytics providers, and

social networks (through third party tags on our Apps) to improve and measure our ad campaigns

and reach users with more relevant ads and content.

The categories of Personal Information that we may have “sold” or “shared” in the prior twelve (12)

months include:

• identifiers;

• internet or other electronic network activity information;

• geolocation information; and

• inferences.

The categories of third parties under the CCPA to whom we have disclosed this information are:

• data analytics providers;

• advertising networks;

• marketing partners; and

• social media networks.

You have the right to opt out of such “sharing” as described under the section entitled Your Privacy

Rights and Choices below.

We do not knowingly share or sell the Personal Information of consumers under 16 years of age or

share such information for purposes of targeted advertising.

Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits

California residents to annually request certain information regarding our disclosure of Personal

Information to other entities for their direct marketing purposes in the preceding calendar year. We

do not distribute your Personal Information to other entities for their own direct marketing

purposes.

YOUR PRIVACY RIGHTS AND CHOICES

California, Colorado, Connecticut, Utah, and Virginia consumers have certain rights with respect to

their Personal Information. Those rights vary by state. If you are a resident of the above-mentioned

states, you may exercise the rights applicable to you by submitting a request to MobileProgramming

at optout@alexion.com . Please note that the rights described below may be subject to limitations

under applicable laws and regulations.

Verification of Request: To make your request, you must provide us with your first and last name,

email address, city and state of residence, and which of the right(s) described below you are

intending to exercise. We will verify your request by comparing the information that you provide as

part of your request with the information (if any) that we have about you in identifiable form.

Data Subject Rights: You may be entitled, in accordance with applicable law, to request:

• Access to the specific pieces of Personal Information we have about you or more

information about our data processing practices.

• Deletion of your Personal Information.

• Correction of any inaccurate Personal Information we maintain about you.

• Opt-Out of Processing Personal Information for Purposes of Targeted Advertising by

emailing optout@alexion.com

Right to Opt-Out for the Purposes of Profiling: you may have the right to opt-out of processing of

Personal Information for purposes of profiling in furtherance of decisions that produce legal or

similarly significant effects.

Appeals: To appeal our decision on your data subject requests, you may contact us at

optout@alexion.com

. Please enclose a copy of, or otherwise specifically reference, the decision you

want to appeal. We will respond to your appeal in accordance with applicable law.

Non-Discrimination: We will not discriminate against you for exercising your data subject rights,

although some of the functionality and features available on the Service may change or no longer be

available to you. Any difference in the Services are related to the value provided.

Use of an Authorized Agent: You may designate an authorized agent to make a request on your

behalf by drafting, signing, and authenticating a letter that makes clear (i) the identity of your agent

and (ii) the purposes for which you are appointing the agent. If you are an authorized agent, you

must provide us with the information described above about the consumer on whose behalf you are

acting as an agent, as well as your own first and last name and email address, and a letter that has

been signed and notarized by the consumer appointing you as an agent. We may require that you

verify your identity to us or confirm with us that you provided your agent with permission to submit

the request. In some instances, we may decline to honour your request if an exception applies under

applicable law. We will respond to your request consistent with applicable law.

YOUR TARGETED ADVERTISING AND OPT-OUT CHOICES

Alexion uses cookies and similar technologies to provide more relevant and personalized ads based

on our users’ interests and browsing habits. We respect our users’ privacy, and desire to opt-out of

our use of their Personal Information for certain advertising purposes. To opt-out of our use of

Personal Information for purposes of targeted advertising, please use the resources and options

described above. In addition, you may use the “Other Opt-Out Resources” described below.

Other Opt-Out Resources: Using the resources below does not mean you will no longer receive any

advertising through our App. You may continue to receive ads, for example, based on the particular

subject matter of the App (i.e., context-based ads). In addition to the above options, we provide the

following resources for users to opt-out of targeted advertising.

• Industry Solutions for Opting Out of Interest-Based Advertising: User of the App may follow

the steps provided by initiatives that educate users on how to set tracking preferences for

most online advertising tools. These resources include the Network Advertising Initiative

(https://thenai.org/about-online-advertising/

) and the Digital Advertising Alliance

(https://digitaladvertisingalliance.org/)). You can use the Digital Advertising Alliance’s

AdChoices opt-out tool (https://youradchoices.com/control) to opt out of the use of your

Personal Information by many third-party ad networks for targeted advertising purpose. The

Digital Advertising Alliance also offers an application called AppChoices

(

https://youradchoices.com/appchoices) that helps users to control interest-based

advertising on mobile apps.

Note: These opt-out options are limited to the device you use to opt-out. If you use another device,

or if you change devices, you will need to opt-out on each device. If you block or clear cookies, it

may remove the opt out setting, requiring you to opt-out again.

UPDATES TO THIS SUPPLEMENTAL NOTICE

We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we

make material changes to this Supplemental Notice, we will notify you by posting an updated

Supplemental Notice in the App and listing the effective date of such updates.