Privacy Policy

Thank you for visiting the website (the “Site”) An important part of our commitment to you is our respect for your privacy.

This Privacy Policy applies to Royalty Pharma Plc, as well as its subsidiaries, group undertakings and affiliated entities, including RP Management, LLC and undertakings advised or managed by it (together, “Royalty Pharma”, “we” or “us”) and explains how we collect, use and process your personal data in compliance with our legal obligations.

1. Overview

This Privacy Policy applies to the personal data of investors (or their representatives), directors, service providers (or their representatives) and website users whose personal data we may process.

2. what information do we collect and how do we use it?

Royalty Pharma may hold or control personal data and other information as part of its business, to meet legal and contractual obligations, to respond to requests and to develop and improve its business, operations or services.

The term “personal data” means information that may directly or indirectly identify a living individual, including names, addresses, telephone numbers, email addresses, internet protocol (“IP”) addresses, or other online identifiers.

We collect personal data in a number of ways. Most personal data we hold will be collected by service providers to Royalty Pharma, such as the depositary, transfer agent or administrator when you become an investor in Royalty Pharma or where you provide personal data on request from us. We may also receive and process personal data from service providers in connection with using databases to perform anti-money laundering checks; or from service providers in the context of marketing to investors. In addition, we may receive personal data when you contact us or the administrator, company secretary or other service provider directly, whether by email or other methods.

Investor data
What personal data do we collect?
We, or our service providers, collect and process your personal data, including your name and contact information, identity and nationality documentation, bank account details, tax identification numbers, social security or other unique identifier numbers you have provided, online identifiers or other similar identifiers, as well as any other information you have provided.

How do we use personal data?
If you are a current or former investor, your personal data may be used to:

  • allow Royalty Pharma to comply with legal and/or regulatory requirements, including our obligations under applicable anti-money laundering legislation; and compliance with applicable tax and regulatory reporting obligations;
  • maintaining your information on the shareholder register;
  • contact you in relation to your shareholding;
  • provide information regarding Royalty Pharma, including its performance, planned corporate actions or other matters, including to offer you shares; and
  • keep records of our communications with you.

If you are a prospective investor, your personal data may be used to:

  • allow Royalty Pharma to comply with legal and/or regulatory requirements, including to meet our obligations under applicable securities laws; and
  • keep records of our communications with you.

On what legal basis do we use personal data?
We may use investors’ personal data for the above purposes where we deem this to be necessary to comply with applicable law; in order to perform our contractual obligations; where the individuals have provided their consent; or where we consider it necessary in light of our legitimate interests and where we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned. Our legitimate and overriding interests which may necessitate the use of personal data may include protecting against fraud, including detecting fraud risks and managing risk exposure; verifying your identity and responding to your inquiries; and complying with industry standards and our policies.

Should you have concerns regarding our use of your data described above, please contact us. In certain circumstances you may be entitled to object. We have set out further information about your rights in this Policy.

Service provider data
What personal data do we collect?
We will generally only hold limited personal data of the individuals who are employees or other representatives of our service providers, including names and contact details, and records of correspondence and other communications.

How do we use personal data?
We may use personal data to:

  • maintain details, either ourselves or at another service provider in order to facilitate communication in the course of business relating to our agreements with service providers;
  • engage new service providers or to terminate unnecessary or unwanted arrangements; and
  • enable us to process invoices and otherwise comply with our obligations.

On what legal basis do we use personal data?
We may use such personal data provided for the above purposes where we deem this to be necessary to comply with applicable law; in order to perform our contractual obligations; where the individuals have provided their consent; or where we consider it necessary in light of our legitimate interests and where we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned. Our legitimate and overriding interests which may necessitate the use of personal data may include verifying your identity and responding to your inquiries; performing due diligence; and managing our supplier relationships.

Directors’ data
What personal data do we collect?
We will hold names and contact details, biographical information, identity and nationality documentation, bank account details, tax and social security identification numbers and other information they have provided. In some rare circumstances, Royalty Pharma may collect sensitive personal data, or so-called special categories of personal data, which include race or ethnicity, religious beliefs, sexual orientation and political opinions, trade union membership, health and sickness records.

How do we use personal data?
We may use personal data to:

  • comply with legal and/or regulatory requirements;
  • comply with our contractual obligations to them;
  • communicate with them regarding their directorships; and
  • keep records of our communications.

On what legal basis do we use personal data?
We may use such personal data for the above purposes where we deem this to be necessary to comply with applicable law; in order to perform our contractual obligations; or where we consider it necessary in light of our legitimate interests and where we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned. Where we process sensitive personal data, we will do so where the individuals have provided their explicit consent; where the processing is necessary for carrying out obligations and exercising rights in the field of employment and social security law; where it is necessary for the establishment, exercise or defense of legal claims; or where it is necessary for assessment of the working capacity of the individuals. Our legitimate and overriding interests which may necessitate the use of personal data may include contacting individuals regarding possible services they may provide to Royalty Pharma as directors and evaluating their interest in such roles.

Website users’ data
What personal data do we collect?
We will hold names and email addresses, as well as passwords, where provided to us. We may also collect the internet protocol (IP) addresses of visitors to our website.

How do we use personal data?
We may use personal data to:

  • provide information regarding Royalty Pharma, including its performance, planned corporate actions or other matters;
  • comply with legal and/or regulatory requirements;
  • communicate with website users; and
  • keep records of our communications.

On what legal basis do we use personal data?
We may use such personal data for the above purposes where we consider it necessary to comply with applicable law; where the individuals have provided their consent; or where we consider it necessary in light of our legitimate interests and where we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned. Our legitimate and overriding interests which may necessitate the use of personal data may include verifying your identity and responding to your inquiries; and operating, evaluating and improving our services.

In addition to the uses described above, in some circumstances, we may use personal data provided to us to establish, exercise or defend legal claims, including responding to a judicial process, law enforcement or governmental agency.

3. how do we share the information that we collect?

Royalty Pharma may share personal data within the group, and with advisers and other service providers to Royalty Pharma (including cloud-based storage providers), or their group companies, where we consider it necessary to comply with applicable law or where we consider it necessary in light of Royalty Pharma’s legitimate interests to carry on and grow its business or to protect our or the investors’ rights or property, and where we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.

In particular, we may disclose your personal data to service providers of Royalty Pharma where required for the administration of Royalty Pharma (as applicable) and to give effect to Royalty Pharma’s transactions, for example, the transfer agent, the depositary and the company secretary. Such service providers are required to protect the confidentiality of the personal data and to use the information only for purposes for which it is disclosed to them and are required to apply appropriate data protection standards.

We may disclose your personal data to tax or regulatory authorities or other governmental or public authorities in order to comply with applicable law; or where such disclosure is permitted under law; or to cooperate with regulators or law enforcement authorities; or where we consider it necessary in light of our legitimate interests and we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.

We may also disclose personal data about you to a third party at your request or direction or with your consent.

International transfers of data
We will transfer data outside of the European Economic Area (“EEA”) (i.e. the member states of the European Union, together with Norway, Iceland and Liechtenstein), chiefly to the US. Such transfers of personal data will comply with the applicable data protection laws, and we will ensure there are adequate safeguards to protect your data. We may transfer your data in the following circumstances:

  • we enter into the standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
  • in the case of a data transfer to the US, we confirm the transferee is an entity certified under the EU – US Privacy Shield; or
  • we transfer data to a country that has been formally recognized by the European Commission as providing an adequate level of data protection under its laws; or
  • where the transfer is necessary in order to perform our contractual obligations towards you;
  • where the transfer is necessary in order to perform our contractual obligations under a contract concluded in your interests between us and a third party; or
  • where you have explicitly consented to the data transfer.

4. how long do we keep your information?

We, and our service providers, will process your data throughout the course of our interactions and subsequently retain it afterwards. The precise length of time such data will be retained will depend on the nature of the data, applicable legal or regulatory rules that impose minimum retention periods, and our legitimate business needs. In addition, some data may be retained with a view to potential litigation or complaints (subject to applicable limitation periods).

We assess the need to retain data and the appropriate retention period in light of the nature and of the personal data, the potential risk of harm that could arise from the unlawful or unauthorized disclosure or use of the data, the quantity of the data, the purposes for retention and whether it is possible to minimize the data processed, or to achieve the purposes for retention by other means. Data that is no longer required will be deleted.

The cookies used on the website do not track individuals and are necessary for the platform to run. The site complies with SEC guidance and the third-party vendor that manages the website does not own the personal data that may be collected on behalf of Royalty Pharma. The vendor’s internal data privacy policies prohibit it from using any personal data collected for any purpose, including the sale of this data.

Accuracy of data
Royalty Pharma’s seeks to maintain accurate, up to date data, and correct inaccurate information on a timely basis. Please also see below information about your right to rectification.

5. security

Royalty Pharma maintains physical, electronic, and procedural safeguarding arrangements to protect your personal data. Access to personal data is restricted on a need-to-know basis.

Royalty Pharma takes reasonable steps and uses security measures appropriate to the nature of the information in compliance with applicable laws to protect your personal data against unauthorized access and exfiltration, acquisition, theft, or disclosure. Given the nature of information security, there is no guarantee that such safeguards will always be successful.

6. your rights related to your personal data

You have certain legal rights with respect to your personal data. You can exercise these rights by contacting us using the information below. You may be asked to provide some proof of identification so that we can verify that it is you making the request.

Specifically, you have the following rights:

Access. You have the right to know we collect certain personal data about you and to ask us for copies of your personal data. Please use the contact details provided at the end of this Policy.

Rectification. You have the right to request that we correct your personal data you think is inaccurate or incomplete.

Objection to processing. You have the right to object to processing in some circumstances, including where we are using your personal data for our legitimate interests and for direct marketing purposes.

Erasure. You have the right to request that we erase the personal data we have collected about you in certain circumstances. The right to erasure is not absolute, and only applies if we no longer need your personal data to carry out the purpose that we collected it for; you have withdrawn your consent to our use of your personal data; you have objected to our use of your personal data and your interests outweigh our interests in using it; you believe we have processed your personal data unlawfully; or we have a legal obligation to erase your data.

We will consider any request to erase personal data for any of the above reasons and endeavor to comply with the request to the extent permitted by law, but we may not always be able to comply with your request. If we are unable to comply with your request, we will contact you in writing.

Restrict processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances, including if you have concerns regarding the accuracy of your personal data, where you have made an objection to our use of your personal data; if you believe we processed your personal data unlawfully, but you do not want us to delete it; or if you want us to keep your personal data in order to create, exercise or defend legal claims where we no longer need your personal data.

Data portability. You have the right to receive a copy of the personal data that we collect about you in a way that is accessible and in a machine-readable format where the processing is based on your consent, the performance of a contract with you, or carried out by automated means. You have the right to request that such personal data be transmitted directly from us to another data controller, where technically feasible.

Withdrawal of consent. You can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Complaints
If you wish to make a complaint regarding our handling of your personal data, you can contact us at the details set out below. You can also make a complaint to a data protection supervisory authority, including in the EEA member state of your residence, your place of work or another EEA member state you believe may be more appropriate.

The UK data protection authority is the Information Commissioner. You can contact the Information Commissioner at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; telephone: +44 (0)303 123 1113; email: casework@ico.org.uk.

Employees and vendors have the ability to report any concerns or suspicions of improper activity at the Company confidentially and without retaliation by submitting a tip through the Company’s whistleblower webpage at https://www.whistleblowerservices.com/RPRX; or call the Company’s whistleblower hotline at 1-877-225-0551.

7. changes to privacy policy

We may update our Privacy Policy from time to time by posting a new version of it on the website. We encourage you to check the website regularly for information about revisions to this Privacy Policy. If you object to the change to our Privacy Policy, then you must contact us by any of the methods set out below regarding your objection.

8. contact information

If you wish to request any information or have any questions regarding this Privacy Policy or its implementation, you may email us at compliance@royaltypharma.com

You may also write to us at:

Royalty Pharma
110 East 59th Street, Suite 3300
New York, NY 10022
United States of America
Attention: GDPR Compliance