LAMPIRE BIOLOGICAL LABORATORIES, INC.

Privacy Policy

Last Updated: December 1, 2025

Lampire Biological Laboratories, Inc. (“Lampire,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our websites (including www.lampire.com) and related subdomains (the “Site”), use our products, services, applications, portals, or platforms that link to this Privacy Policy (together with the Site, the “Services”), or otherwise interact with us. By using the Services, you agree to the practices described in this Privacy Policy; if you do not agree, please discontinue use. This Privacy Policy is intended to comply with applicable U.S. federal and state privacy laws and, where applicable, the EU/UK General Data Protection Regulation (“GDPR”).

1. SCOPE AND APPLICABILITY

1.1. Applicability. This Privacy Policy applies to Personal Information collected by Lampire:

  • through the Site;
  • through product inquiries, quotes, orders, and customer support;
  • via email, phone, or other communications; and
  • through cookies and analytics tools.

1.2. Scope. This Privacy Policy covers:

  • Visitors to our Site;
  • Existing and potential customers and suppliers and their employees;
  • Research partners, principal investigators, and study site personnel;
  • Job applicants and candidates; and
  • Individuals who communicate or otherwise engage with us.

1.3. When This Privacy Policy Does Not Apply. This Privacy Policy does not apply to:

  • Lampire employee information in an HR context;
  • Protected health information regulated by HIPAA;
  • De-identified or aggregated information, or
  • Information Lampire processes strictly as a processor/service provider on behalf of customers under separate agreements.

2. KEY DEFINITIONS

“Applicable Laws” means federal, state and international privacy, data protection and information security-related laws, rules and regulations applicable to the Services and to Personal Information.

“Personal Information” (or “Personal Data”) means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to, an identified or identifiable natural person or, where required by law, a household.

“Processing” means any operation performed on Personal Data, such as collection, use, storage, disclosure, analysis, and deletion.

“Sensitive Personal Data” (or “Sensitive Personal Information”) means Personal Data that is subject to heightened protection under applicable law, such as precise geolocation, government ID numbers, health or biometric data, racial or ethnic origin, and similar sensitive information under Applicable Laws.

Terms such as “controller,” “processor,” “service provider,” “sell,” “share,” and “targeted advertising” have the meanings given to them in the Applicable Laws.

3. CATEGORIES OF PERSONAL DATA WE COLLECT

The types of Personal Data we collect depend on how you interact with us. We may collect the following categories of Personal Data:

3.1. Identifiers and Contact Information

  • Name, job title, employer or affiliation
  • Business and personal postal address
  • Email address, phone number, fax number
  • Account login username and password (if you create an account or Site portal access)

3.2. Commercial and Transaction Information

  • Records of products and services quoted, purchased, or considered
  • Service and order history, invoices, and payment-related information (e.g., last four digits of a card, payment status; full payment card numbers are typically processed by our third-party payment processors, not by Lampire)
  • Contractual documentation and correspondence relating to projects, research collaborations, or supply arrangements

3.3. Internet, Device, and Technical Information

  • IP address, device identifiers, and other unique identifiers
  • Browser type and version, operating system, language preferences
  • Referring and exit pages, URLs, clickstream data
  • Date and time of visits and pages viewed, links clicked, and the time spent on pages
  • Information collected via cookies, web beacons, pixels, and similar technologies (see Section 5 – Cookies and Similar Technologies)

3.4. Professional, Academic, and Background Information

  • Employer name, role, department, research area, and professional qualifications
  • Curriculum vitae or résumé information if you apply for a role
  • Academic credentials, publications, and references (for applicants or research partners)
  • Information from professional networking sites (e.g., LinkedIn) where permitted

3.5. Research, Laboratory, and Project Information

  • Information relating to research protocols, study designs, and project documentation
  • Study site and investigator contact information
  • Sample identifiers and related metadata

3.6. Communications and Support Information

  • Records of your communications with us (including emails, online forms, customer service inquiries, and marketing opt-in/opt-out preferences)
  • Feedback, survey responses, and event/trade show interactions

3.7. Inferences and Preferences

  • Inferences drawn from other data we collect to create a profile reflecting your preferences, characteristics, or interests in our products and services
  • Marketing and communication preferences

3.8. Sensitive Personal Data

  • In the ordinary course of providing our Services, we do not intend to collect Sensitive Personal Data directly from visitors to our public Site. However, in some limited circumstances (for example, certain HR or research-related interactions), we may process Sensitive Personal Data in accordance with law, ethical guidelines, and any additional notices or consents provided at the time of collection.
  • We do not use or disclose Sensitive Personal Data for purposes other than those permitted by law, such as performing services or operations reasonably expected by an average consumer, ensuring security and integrity, or complying with legal obligations, absent any required explicit consent.

4. HOW WE COLLECT PERSONAL DATA

We use Personal Data for the following business and commercial purposes:

4.1. To Provide and Improve the Services

  • Operating, maintaining, and securing the Site and our Services
  • Processing and fulfilling orders, projects, and service requests
  • Managing customer accounts, contracts, and relationships
  • Improving, testing, enhancing, and developing the Services and our offerings

4.2. To Communicate With You

  • Responding to your inquiries, requests, and feedback
  • Providing technical support, product information, and administrative messages
  • Sending service-related notices, including policy updates and security alerts

4.3. For Marketing and Business Development

  • Sending marketing communications about products, services, events, and promotions, subject to your preferences and applicable law
  • Personalizing content and communications based on your interests and interactions with us
  • Managing and measuring the effectiveness of our marketing campaigns

You can opt out of marketing communications at any time as described in Section 9 – Your Privacy Rights and Choices.

4.4. For Research and Analytics

  • Analyzing Site usage, trends, and user behavior to understand how our Services are used
  • Developing and improving our scientific, laboratory, and product offerings
  • Performing data analytics, including de-identifying or aggregating Personal Data for internal research and statistical purposes

4.5. For Security and Fraud Prevention

  • Detecting, investigating, and preventing fraud, abuse, security incidents, and other harmful or illegal activity
  • Monitoring and protecting the integrity and availability of our IT systems, networks, and data
  • Complying with Applicable Laws, regulations, and industry standards
  • Responding to lawful requests from public authorities, regulators, and courts
  • Enforcing our agreements and protecting our rights, privacy, safety, and property, or that of you or others

Where required by law, we may rely on your consent for specific purposes, such as certain types of marketing, cookies, or processing of Sensitive Personal Data. You may withdraw consent at any time, but this will not affect the lawfulness of processing before withdrawal.

5. COOKIES AND SIMILAR TECHNOLOGIES

5.1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. Other similar technologies include pixels, web beacons, tags, and local storage. We and our third-party partners may use these technologies to:

  • Recognize your device and browser
  • Remember your preferences and settings
  • Understand how you use the Site
  • Improve Site performance and user experience
  • Measure the effectiveness of our content and marketing

5.2. Types of Cookies We Use

  • Strictly Necessary Cookies: Required for the Site to function (e.g., security and session cookies). You cannot opt out of these through our cookie tools.
  • Performance and Analytics Cookies: Help us understand Site usage and improve performance (e.g., traffic analysis).
  • Functional Cookies: Enable enhanced functionality or personalization, such as remembering preferences.

5.3. Managing Cookies

Where required, we provide a cookie banner or preferences tool on the Site that allows you to manage certain cookie settings. In addition, most web browsers let you control cookies through their settings (e.g., blocking or deleting cookies). If you disable or reject certain cookies, some features of the Site may not function properly.

For more information on our use of cookies and how to manage them, please review our separate Cookie Notice if provided, or contact us using the details in Section 13.

6. HOW WE DISCLOSE PERSONAL DATA

We may disclose Personal Data to the following categories of recipients, for the purposes described above:

6.1. Within Lampire

To our affiliates, subsidiaries, and related entities, for purposes consistent with this Privacy Policy and our internal administrative, operational, and research needs.

6.2. Service Providers and Contractors

To third-party service providers and contractors who perform services on our behalf, such as:

  • Website hosting, maintenance, and analytics
  • IT and cybersecurity services
  • CRM and marketing platforms
  • Payment processors
  • Professional advisors (e.g., auditors, lawyers)

These third parties are contractually obligated to use the Personal Data only to perform services for us and to protect it as required by law.

6.3. Business Partners and Collaborators

To distributors, resellers, research collaborators, and other business partners in connection with joint projects, commercialization efforts, or events, where appropriate and permitted by law.

To law enforcement, regulators, public authorities, courts, or other third parties when we believe disclosure is necessary or appropriate:

  • To comply with applicable law, regulation, or legal process
  • To protect the rights, property, or safety of Lampire, our employees, users, or others
  • To detect, prevent, or address fraud, security, or technical issues

6.5. Business Transactions

In connection with a potential or actual merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or other business transaction involving Lampire or our affiliates, Personal Data may be transferred as part of or in contemplation of such transaction, subject to appropriate confidentiality safeguards.

We may disclose Personal Data to other parties when you consent to or direct such disclosure.

6.7. “Selling” or “Sharing” Personal Data; Targeted Advertising

To the extent that our use of certain advertising or analytics cookies or tools could be considered a “sale,” “sharing,” or use for “targeted advertising” under applicable U.S. state privacy laws, we will honor applicable opt-out rights, as described in Section 9 and our cookie tools where available.

7. INTERNATIONAL DATA TRANSFERS

Lampire is headquartered in the United States. If you are located outside the United States, your Personal Data may be transferred to, stored in, and processed in the United States or other jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where GDPR or similar laws apply, and we transfer Personal Data from the EEA, UK, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we may rely on appropriate safeguards, such as:

  • European Commission-approved Standard Contractual Clauses (SCCs);
  • UK International Data Transfer Addendum (IDTA), as applicable; and/or
  • Other lawful mechanisms permitted under applicable law.

You may contact us using the details in Section 13 for more information about our data transfer safeguards.

8. DATA RETENTION

We retain Personal Data for as long as reasonably necessary:

  • To provide the Services and fulfill the purposes described in this Privacy Policy;
  • To comply with our legal, regulatory, and contractual obligations; and
  • To resolve disputes, enforce our agreements, and protect our rights.

Retention periods may vary depending on the type of data, the nature of our relationship with you (including whether we have a separate agreement governing these issues), and applicable legal requirements (for example, regulatory requirements relating to laboratory, research, or financial records).

9. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your location and Applicable Law, you may have certain rights regarding your Personal Data. These may include:

9.1. Access and Portability

The right to request confirmation of whether we process your Personal Data and, if so, to access that data and obtain a copy in a portable and, where feasible, readily usable format.

9.2. Correction (Rectification)

The right to request that we correct inaccurate Personal Data about you.

9.3. Deletion

The right to request that we delete your Personal Data, subject to certain exceptions (for example, where we must retain the data to comply with legal obligations or for legitimate business purposes).

9.4. Restriction and Objection

Where GDPR or similar Applicable Laws apply, you may have the right to request that we restrict the processing of your Personal Data in certain circumstances, and to object to our processing of your Personal Data based on our legitimate interests, including profiling, and to direct marketing.

9.5. Opt-Out of Certain Processing

Where required by applicable U.S. state privacy laws, you may have the right to opt out of the “sale” or “sharing” of your Personal Data or its use for targeted advertising. You can exercise some of these rights (e.g., cookie-related opt-outs) through our Site’s cookie banner or preference tools where available.

9.6. Marketing Communications

You can opt out of receiving marketing emails from us at any time by using the “unsubscribe” link in our emails or by contacting us as described in Section 13. We may still send you non-promotional messages, such as those relating to your account or transactions.

9.7. How to Exercise Your Rights

To exercise your rights, please contact us using the details in Section 13 and include:

  • Your name and contact information;
  • The nature of your request; and
  • Sufficient information to enable us to verify your identity (and, where applicable, your authorized agent’s authority).

We will respond to your request within the timeframes required by applicable law. Some requests may be subject to limitations and exceptions under those laws.

9.8. Appeals (Certain U.S. States)

If we decline to take action on your request and you are in a jurisdiction that provides an appeal right (for example, certain U.S. states), you may appeal our decision by contacting us at the address in Section 13 and stating that you wish to appeal a prior decision. We will respond to your appeal within the time required by Applicable Law.

10. SECURITY

We use reasonable and appropriate technical, organizational, and administrative measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no data transmission over the internet or storage system can be guaranteed to be 100% secure. You are responsible for safeguarding any account credentials and for notifying us immediately if you suspect unauthorized access to your account or Personal Data.

11. CHILDREN’S PRIVACY

The Services are not intended for, and we do not knowingly collect Personal Data from, children under 16 years of age (or other age as defined by local law) without appropriate consent.

If we learn that we have collected Personal Data from a child under the relevant age without appropriate consent, we will take reasonable steps to delete such information as soon as practicable. If you believe we may have collected information from a child inappropriately, please contact us using the information in Section 13.

12. ADDITIONAL DISCLOSURES FOR EEA/UK/SWISS INDIVIDUALS

If you are located in the EEA, UK, or Switzerland, this section applies to you in addition to the rest of this Privacy Policy.

We will only process your Personal Data when we have a valid legal basis, including:

  • Performance of a Contract: When necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (for example, to provide and improve our Services, manage relationships, and ensure network security).
  • Compliance with Legal Obligations: When necessary to comply with applicable laws and regulations.
  • Consent: Where you have given us consent (for example, for certain marketing or cookie uses). You may withdraw consent at any time as described in this Privacy Policy. We will clearly indicate when we rely on consent and how you can withdraw it.

12.2. Data Subject Rights

In addition to the rights described in Section 9, you may have the right:

  • To lodge a complaint with a supervisory authority, in particular in the EEA/UK member state where you live, work, or where an alleged infringement occurred. A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the UK, see: https://ico.org.uk.
  • To request the transfer of your Personal Data to another controller where technically feasible.

To exercise your rights, please contact us as set out in Section 13.

12.3. Controller

For purposes of GDPR and similar laws, Lampire Biological Laboratories, Inc. is generally the “controller” of Personal Data collected through the Services, except where we act as a processor or service provider on behalf of our customers.

13. CONTACT US

If you have any questions about this Privacy Policy, our privacy practices, or if you would like to exercise your rights, please contact us at:

Lampire Biological Laboratories, Inc.

Attn: Privacy / Data Protection

3599 Farm School Road.

Ottsville, PA 18942

United States of America

Email: privacy@lampire.com

Phone: [TBD; possibly main number with dedicated extension]

Website Contact Form: [CONTACT FORM URL]

If you are in the EEA, UK, or Switzerland, you may also contact your local data protection authority as described in Section 12.2 if you have concerns about our handling of your Personal Data.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the Policy, we will revise the “Last Updated” date at the top and, where required by law, provide additional notice (such as by posting a prominent notice on the Site).

Your continued use of the Services after any changes become effective means that you acknowledge the updated Privacy Policy.

15. STATE-SPECIFIC DISCLOSURES (UNITED STATES)

Certain U.S. state privacy laws (including, where applicable, those of California, Colorado, Connecticut, Utah, Virginia, and others) require additional disclosures. To the extent those laws apply, this section supplements the other parts of this Privacy Policy.

15.1. Categories of Personal Data Collected

In the preceding 12 months, we have collected the categories of Personal Data listed in Section 3 of this Privacy Policy. We collect these categories for the business and commercial purposes described in Section 4.

15.2. Categories of Sources

We obtain these categories of Personal Data from the sources described in Section 3.

15.3. Categories of Personal Data Disclosed for a Business Purpose

In the preceding 12 months, we have disclosed the categories of Personal Data described in Section 3 to the categories of recipients described in Section 6 for one or more business purposes (such as service provision, security, analytics, and legal compliance).

15.4. “Sale” or “Sharing” of Personal Data; Targeted Advertising

We do not sell Personal Data for money. To the extent our use of certain analytics or advertising cookies on the Site is considered a “sale,” “sharing,” or use for “targeted advertising” under applicable state laws, you may have the right to opt out of such practices. You can do so by:

  • Adjusting your cookie preferences via our Site’s cookie banner or settings (where available); or
  • Contacting us as described in Section 13 and specifying that you wish to exercise your opt-out rights regarding “sale,” “sharing,” or targeted advertising.

We do not have actual knowledge that we “sell” or “share” Personal Data of consumers under 16 years of age.

15.5. Sensitive Personal Information

We do not use or disclose Sensitive Personal Information for purposes that would require a right to limit such use or disclosure under applicable state laws, other than as permitted by law and as reasonably necessary to provide requested services, maintain security and integrity, or comply with legal obligations.

15.6. Non-Discrimination

We will not unlawfully discriminate against you for exercising any of your privacy rights under applicable law. Subject to local law, we may offer different levels of Services or promotions that are reasonably related to the value of the Personal Data you provide.

15.7. Authorized Agents (Where Applicable)

If you are permitted under state law to use an authorized agent to exercise your rights, we may require the agent to provide proof of authorization and may also require you to verify your identity directly with us as allowed by law.

16. DO NOT TRACK

Some browsers offer a “Do Not Track” (DNT) signal. Our Services currently do not respond to DNT signals. We will continue to monitor developments around DNT and may update our practices if standards are established and adopted.

17. THIRD-PARTY WEBSITES AND SERVICES

The Services may contain links to third-party websites, plug-ins, or services that are not operated or controlled by Lampire. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites or services you visit or use.

Privacy Policy