Privacy policy

 

Contents

• 1. Our privacy obligations
• 2. What is personal information?
• 3. The types of personal information we collect and hold
• 4. Information we collect and hold about employees
• 5. How we collect personal information
• 6. Purposes for handling personal information
• 7. When we disclose personal information
• 8. Overseas disclosures of personal information
• 9. How we hold personal information
• 10. Direct marketing
• 11. Our website
• 12. Accessing or correcting your personal information
• 13. Contact us
• 14. Changes to our privacy policy

• Schedule 1.- Additional information to EU/UK citizens
• 1. Who is responsible for your personal data
• 2. Categories of Personal Data
• 3. Sources of personal data
• 4. Purposes of processing and legal bases
• 5. Legitimate interests
• 6. Who we share personal data with
• 7. International transfers of personal data
• 8. How long we keep personal data
• 9. Whether you are required to provide personal data
• 10. Your rights under the GDPR and UK GDPR
• 11. Complaints
• 12. Contact details
• 13. Changes to this Schedule

• Schedule 2.- Additional information to USA Residents
• 1. Categories of Personal Data
• 2. Sources of personal data
• 3. Purposes of processing
• 4. Who we share personal data with
• 5. Sales, sharing, and targeted advertising
• 6. How long we keep personal data
• 7. Your rights regarding your personal data
• 7.1. Right to appeal
• 8. Contact details
• 9. Changes to this Schedule

1. Our privacy obligations

ALS Limited and its related entities (“the ALS Group”, “we” or “us”) are committed to protecting the privacy of the personal information we hold. This Policy explains how we handle personal information and how to contact us if you have any queries or wish to make a complaint about personal information that we hold about you.

ALS Limited is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), which regulate how we handle personal information. However, across the ALS Group we operate a global business, and additional local laws may apply to how we handle personal information. For example, this Policy also explains how we process ‘personal data’ about people based in the European Economic Area (EEA), as required under the EU General Data Protection Regulation (GDPR).

2. What is personal information?

‘Personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

‘Sensitive information’ is a type of personal information that has specific protection under the APPs and other applicable legislations. Sensitive information includes information about an individual’s race or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation or practice, membership of a union or professional or trade association, or criminal record. Health information, and biometric data (such as finger scans, or images used by facial recognition systems), are also protected as sensitive information.

3. The types of personal information we collect and hold

We collect and hold a range of personal information in carrying out our business and functions across the ALS Group. The kinds of personal information we collect and hold about you will depend upon the nature of our relationship with you and the circumstances of collection, including whether we collect the information from you as a customer, supplier, contractor, job applicant or some other capacity.

We collect the following types of personal information as part of our routine activities:

• General information, such as name, gender, and date of birth.
• Contact information, such as a home or postal address, email address, telephone number, and mobile phone number.
• Work details, such as a job title, associated company, business interests, academic qualifications and experience, professional associations and memberships.
• Communication details, such as records of interactions, and any information provided to us when you contact or visit us.
• Photographic images, video and CCTV footage.
• Financial details, such as bank account details.
• Opinions, for example about the efficacy of a product, or views collected as part of consumer testing.
• Behaviour and preferences, such as preferences in respect of products that we test or trial.
• Service and communication preferences.
• Information we generate ourselves, such as records we create from our interactions with you, inferred information or profiles based on those interactions or online behaviour, or publicly available information.

We also collect personal information about our staff, contractors and suppliers, as well as the contact details of individuals who work for contractors and suppliers, and other types of professional associates and personal contacts.

We may also collect and hold sensitive information. For example, if you participate in a clinical, pharmaceutical, or efficacy trial, test or study, we may collect sensitive information about you, such as health information, racial or ethnic origin and sexual orientation, for the purposes of entering, conducting and managing such clinical, pharmaceutical, or efficacy trials or studies, and the outcomes of those trials and studies. We may also collect information about an individual’s membership of a professional or trade association or criminal record in connection with our recruitment activities. We will only collect sensitive information about you with your consent (unless we are otherwise required or authorised by or under law to do so).

If you provide us with personal information about another person, please make sure that you tell them about this Privacy Policy and obtain the proper consent, if needed.

4. Information we collect and hold about employees

The handling of personal information of our employees is governed by our internal policies and procedures, which are made available to ALS employees upon commencing their employment with us.

If you are or become an employee in Australia, the handling of your personal information may be exempt from the APPs if it is directly related to your current or former employment relationship with us.

5. How we collect personal information

Information that you specifically give us

We collect personal information in a variety of ways, including when you:

• Call or write to us.
• Visit one of our sites or offices.
• Apply as a volunteer and/or participate in a trial, test, study or other evaluative process.
• Enquire about our services or we provide service to you.
• Offer to, or provide, services to us.
• Interact with our websites.
• Enquire as to, or apply, for a job with us.
• Work for us, with us, or on our behalf.

At times, you may provide personal information to us without us directly asking for it, for example when you engage with us on social media or proactively contact us.

Information that we collect from others

We may collect personal information from third party sources, including:

• Our service providers.
• Government bodies.
• Credit agencies.
• Publicly available records or sources of information.
• Referees, where you have applied for a job with us.

Information that we generate ourselves

We may analyse the personal information we hold about you to generate insights or make inferences that are relevant to our services, functions or activities.

If we collect personal information from you, we may combine or link it with other personal information we hold about you.

6. Purposes for handling personal information

We collect, hold, use and disclose personal information for a range of purposes, including the following:

• To provide our products and services.
• To manage our relationship with you.
• To facilitate your involvement in a trial, test, study or other evaluative process and include you in our volunteer database, including to determine eligibility to participate, monitor safety, arrange any payment to you and communicate with you.
• To analyse the results and outcomes of trials, tests, studies or other evaluative processes.
• To report on the outcomes of trials, tests, studies or other evaluative processes.
• For quality assurance and protocol review and oversight of trials, tests, studies and other evaluative processes we conduct.
• To process payments made to us.
• To provide technical or other support.
• For our administrative, fraud, security and risk management, and internal record keeping and audit purpose.
• To answer enquiries about our services, or to respond to a complaint or feedback.
• To manage an employment or business relationships. For job applicants, this includes assessing candidate suitability against role requirements and verifying identity and work eligibility.
• For customer relationship management, generating and actioning sales leads and other marketing activities.
• To communicate with you about our products, services, related entities and other activities (unless you have opted out from direct marketing communications).
• To perform research and analysis and improve or develop our products, services and processes.
• To comply with legal and regulatory obligations.
• If otherwise permitted or required by law.
• For other purposes with your consent, unless you withdraw your consent.

The ‘lawful processing’ grounds on which we will use personal information are:

• Where you have provided your consent.
• To perform a contract that we have in place with you.
• Where it is necessary for our legitimate business interests, including undertaking reporting, due diligence, monitoring compliance with our policies and standards, protecting and secure our premises and systems.
• To comply with our legal and regulatory obligations.
• In an emergency, to protect your vital interests.

7. When we disclose personal information

In conducting our business, we may disclose personal information about you to third parties for the purposes outlined above. These third parties may include those described below, where appropriate.

Among the ALS Group

Your personal information may be shared within the ALS Group to provide you with the services you have requested, for us to manage our relationship with you or for our administrative purposes and internal business purposes.

Our third-party service providers

Your personal information, as well as the personal information of our staff, suppliers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our third-party service providers.

Our third-party service providers include:

• IT service providers.
• HR services providers
• Logistics providers.
• Marketing, promotional and market research agencies.
• External business advisors (e.g. auditors and lawyers).

Other disclosures and transfers

We may also disclose your personal information to the following types of entities:

• Financial institutions and payment processing providers.
• In connection with the conduct of clinical trials and tests, the study sponsor(s), regulatory authorities, ethics committees and institutional review boards and accredited laboratories or specialised service providers for regulatory reporting and compliance purposes, and for contracted analysis services in connection with the trial or test.
• In case of the sale of the business (in whole or in part), to the purchaser (as an asset of the business).
• For job applicants, referees whose details you provide to us.
• To law enforcement agencies where we are required or authorised to by law.

We may also disclose your personal information to third parties:

• To provide the service or product you have requested.
• If otherwise permitted or required by law.
• With your consent.

8. Overseas disclosures of personal information

We operate a global business, and your personal information may be transferred to our related companies located in the countries in which we operate, predominantly in Singapore, the US, Canada and the EEA or the UK. The list of global locations can be found on the ALS website.

Where we transfer personal information overseas, we take steps to protect it with appropriate safeguards, including contractual obligations.

9. How we hold personal information

We generally hold personal information in computer systems, including computer systems operated for us by our service providers. These may include Australian-based cloud servers or the servers of third parties within Australia or overseas, including Singapore, EEA, and the US.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. This includes taking appropriate organisational and technical measures to protect the personal information we hold.

We will keep personal information about you for the purpose(s) outlined above (see ‘How we use personal information’), or where a law or court order requires or permits us to retain it for a given period or for another purpose.

10. Direct marketing

We may use your personal information so we can contact you with information about our products and services, special offers, promotions and events that may be of interest to you, and if you applied for a job with us, we may contact you to inform you about new job opportunities that may align with your skills and experience.

We may contact you by email, mail or telephone. You can let us know at any time if you no longer wish to receive these communications, by contacting us (using the contact details at the end of this policy) or using the opt-out/unsubscribe facility in our communications.

11. Our website

ALS Group websites may use cookies.

Cookies are small text files created and stored on the browser or hard drive of your computer or device when you visit our website. Cookies are used to distinguish you from other users of our website, to monitor and analyse website usage, compile aggregate data, personalise your visit, and assist us in our marketing efforts. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site to make it more user friendly. A web browser can be configured to reject or delete cookies however this may cause websites to have limited functionality.

For more information, please see our Cookies Policy.

12. Accessing or correcting your personal information

You have the right to request access to the personal information we hold about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period.

You also have the right to request the correction of the personal information we hold about you if it is inaccurate, out of date, incomplete, irrelevant or misleading. Unless an exception applies, we must correct the personal information we hold about you within a reasonable time period.

To seek access to, or correction of, your personal information, please contact our Privacy Officer (see details below).

We will respond to requests for access to or correction of personal information within a reasonable period (usually 30 days). We will generally provide you with access to your personal information (subject to some exceptions permitted by law) but may charge an access fee to cover the cost of retrieving the information and supplying it to you.

13. Contact us

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your rights in relation to the personal information we hold about you, you may contact our Privacy Officer at privacy@alsglobal.com.

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above. We will inquire into your complaint and respond within a reasonable period of time (usually 30 days).

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5288, Sydney NSW 2001.

If you are in the EEA, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

14. Changes to our privacy policy

We may review and revise our Privacy Policy from time to time. We will notify you about changes to this Privacy Policy by posting an updated version on our website. We encourage you to check our website from time to time to ensure you are familiar with our latest Privacy Policy.

Our Privacy Policy was last updated in May 2026.

Schedule 1.- Additional information to EU/UK citizens

This schedule supplements the ALS Privacy Policy and provides additional information for citizens in the European Economic Area (EEA) or the United Kingdom (UK) or where the processing of your personal data is subject to the EU General Data Protection Regulation or the UK GDPR.

1. Who is responsible for your personal data

The ALS entity responsible for your personal data will generally be the ALS entity with which you interact, that provides services to you, receives services from you, manages your application, engages you in a study, trial, or other program, or otherwise determines the purposes and means of the processing of your personal data.

If you would like more information about which ALS entity is the controller of your personal data in a specific case, please contact us using the details below.

2. Categories of Personal Data

ALS may process the categories of personal data described in the Global Privacy Policy. Depending on your relationship with ALS, these may include:

• Identity data.
• Contact data.
• Professional and employment-related data.
• Recruitment and candidate data.
• Communications data.
• Financial data.
• Transaction data.
• Customer relationship and commercial data.
• Recruitment and candidate data.
• Technical and online usage data.
• CCTV and access control data.
• Profile, behavioural, and preference data.
• Trial, testing, study, or research participation data.
• Health and safety data, where relevant.
• Special categories of personal data, where relevant.
• Data relating to criminal convictions and offences, where permitted by law.
• Any other personal data you provide to ALS or that ALS lawfully obtains from other sources.

Where ALS processes special categories of personal data under the GDPR or UK GDPR, it will do so only where it has one or more valid legal basis, as expressed under Section 6 of this Schedule and one or more valid conditions under art. 9 GDPR / UK GDPR.

3. Sources of personal data

ALS may collect personal data:

• Directly from you.
• From other ALS group entities.
• From service providers, business partners, recruiters, referees, healthcare or research partners, or other third parties.
• From publicly available sources.
• By generating data internally, for example through records of interactions, system logs, analytics, or inferred information.

Where ALS does not collect personal data directly from you, it will process such data only where permitted by law and will provide the information required by Articles 14 GDPR and UK GDPR, unless an exemption applies.

4. Purposes of processing and legal bases

ALS processes personal data only where it has a valid legal basis to do so. Depending on the circumstances, ALS may rely on one or more of the following legal bases:

• Your consent.
• The need to perform a contract with you or to take steps at your request before entering into a contract.
• The need to comply with a legal obligation.
• The need to protect your vital interests or those of another person.
• The need to perform a task carried out in the public interest, where applicable.
• ALS’ legitimate interests provided those interests are not overridden by your rights and freedoms.

The table below sets out the main purposes for which ALS may process personal data, and the legal bases ALS may rely on.

5. Legitimate interests

Where ALS relies on legitimate interests as the legal basis for processing, those interests include, but are not limited to:

• Managing and operating ALS’ business efficiently.
• Ensuring the security and safety of premises, systems, information and ALS personnel.
• Administering customer, supplier, and business relationships.
• Internal reporting, governance, and compliance.
• Preventing fraud and misuse.
• Improving products, services, and business processes.
• Defending or enforcing legal rights.

You may request further information about the legitimate interests relevant to a specific processing activity by contacting ALS using the contact details set out in this Schedule.

6. Who we share personal data with

We may share personal data, where relevant and permitted by law, with:

• ALS group entities.
• Service providers and processors, including IT, hosting, cloud, communications, document management, and support providers.
• Professional advisers, including lawyers, auditors, consultants, and insurers.
• Payment service providers, banks, and finance-related partners.
• Customers, suppliers, and business partners where necessary to provide services or manage the relationship.
• Recruitment agencies, referees, and background screening providers.
• Study, trial, research, laboratory, healthcare, ethics, and regulatory partners where relevant.
• Regulators, supervisory authorities, public authorities, courts, tribunals, and law enforcement agencies.
• Potential buyers, sellers, or corporate transaction counterparties.
• Any other person where disclosure is required or permitted by law.

7. International transfers of personal data

ALS operates globally and may transfer your personal data outside the EEA or UK, including to countries that may not be recognised as providing an equivalent level of data protection under applicable law.

Where ALS transfers personal data outside the EEA or UK, it will do so only where permitted by law and subject to appropriate safeguards included on Chapter V GDPR.

You may request further information about the safeguards used for international transfers, and, where applicable, a copy of the relevant safeguard mechanism, by contacting ALS using the details in this Schedule.

8. How long we keep personal data

ALS will retain personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting, reporting, contractual, or litigation-related requirements.

Retention periods vary depending on the type of personal data, the legal basis, the purpose of processing, and applicable legal requirements.

Where personal data is no longer required, ALS will securely delete it or anonymise it in accordance with applicable law and ALS’ retention standards.

9. Whether you are required to provide personal data

In some cases, the processing of your personal data will be necessary:

• To enable ALS to enter into or perform a contract with you.
• To enable ALS to provide products or services.
• To allow ALS to process an application, registration, or participation request.
• To comply with legal or regulatory obligations.
• To operate certain systems, safety procedures, or access controls.

If you do not provide personal data that is required, ALS may be unable to:

• Provide the relevant product or service.
• Assess or process your application.
• Allow you to participate in a study, trial, or program.
• Enter into or manage a contract with you.

10. Your rights under the GDPR and UK GDPR

Subject to applicable law and depending on the circumstances, you may have the right to access, rectify, and/or erase your personal data, restrict or object to the processing, request data portability, object or request review of certain forms of automated decision-making and lodge a complaint with a competent supervisory authority.

ALS does not currently make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on individuals.

ALS may ask you to verify your identity before responding to a rights request.

To exercise your rights, please contact ALS using the contact details set out in this Schedule.

11. Complaints

If you have concerns about how ALS handles your personal data, please contact ALS first using the contact details in this Schedule.

You also have the right to lodge a complaint with the supervisory authority in the EEA country of your habitual residence, place of work, or place of the alleged infringement, or with the UK Information Commissioner’s Office, as applicable.

If you are in the EEA, you can check your National Supervisory Authority here: Our Members | European Data Protection Board

If you are in the UK, you can contact the Information Commissioner’s Office at:

https://ico.org.uk/

12. Contact details

If you have questions about how ALS handles your personal data or wish to exercise your rights, please contact ALS’ Privacy Specialist

13. Changes to this Schedule

ALS may update this Schedule from time to time to reflect changes in law, regulation, business operations, or ALS’s privacy practices. The latest version will be made available together with the ALS Global Privacy Notice.

Last updated: May 2026

Schedule 2.- Additional information to USA Residents

This schedule supplements the ALS Privacy Policy and provides additional information for individuals residing in certain states in the United States where applicable privacy laws grant consumer privacy rights or impose specific notice requirements.

This Schedule is intended to address applicable US state privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable state privacy laws, to the extent they apply to ALS’s processing of personal information.

Depending on how you interact or engage with us, we may provide you with other privacy notices with additional details about our privacy practices.

1. Categories of Personal Data

ALS may process the categories of personal data described in the Global Privacy Policy. Depending on your relationship with ALS, these may include:

• Identity data.
• Contact data.
• Professional and employment-related data.
• Recruitment and candidate data.
• Communications data.
• Financial data.
• Transaction data.
• Customer relationship and commercial data.
• Technical and online usage data.
• CCTV and access control data.
• Profile, behavioural, and preference data.
• Trial, testing, study, or research participation data.
• Health and safety data, where relevant.
• Sensitive data, where relevant.
• Data relating to criminal convictions and offences, where permitted by law.
• Any other personal data you provide to ALS or that ALS lawfully obtains from other sources.

In certain circumstances, ALS may process sensitive personal information or sensitive data where necessary for the purposes listed in Section 3 of this Schedule and where permitted by applicable law.

ALS only uses and discloses sensitive data:

• For the purposes described in the Global Privacy Policy and this Schedule.
• As reasonably necessary and proportionate for those purposes.
• As permitted by applicable law.
• Where required, with your consent or subject to an applicable legal exception.

Where required by law, ALS will obtain consent before processing sensitive data or will provide a right to limit or opt out of certain processing activities.

For more information on how to exercise your rights, please, see Section 7 “Your rights regarding your personal data” of this Schedule.

2. Sources of personal data

ALS may collect personal data:

• Directly from you.
• From other ALS group entities.
• From service providers, business partners, recruiters, referees, healthcare or research partners, or other third parties.
• From publicly available sources.
• By generating data internally, for example through records of interactions, system logs, analytics, or inferred information.

3. Purposes of processing

ALS may collect, use, and disclose personal information for the purposes described in the Global Privacy Policy and for the following business or commercial purposes, as applicable:

• Employee management.
• Providing products and services.
• Managing customer and business relationships.
• Recruitment and candidate assessment.
• Conducting trials, tests, studies or research activities.
• Security, CCT and access control.
• Marketing and communications.
• Regulatory compliance and reporting.
• Fraud prevention, investigations and legal claims.
• IT, security and system administration.

4. Who we share personal data with

We may share personal data, where relevant and permitted by law, with:

• ALS group entities.
• Service providers and processors, including IT, hosting, cloud, communications, document management, and support providers.
• Professional advisers, including lawyers, auditors, consultants, and insurers.
• Payment service providers, banks, and finance-related partners.
• Customers, suppliers, and business partners where necessary to provide services or manage the relationship.
• Recruitment agencies, referees, and background screening providers.
• Study, trial, research, laboratory, healthcare, ethics, and regulatory partners where relevant.
• Regulators, supervisory authorities, public authorities, courts, tribunals, and law enforcement agencies.
• Potential buyers, sellers, or corporate transaction counterparties.
• Any other person where disclosure is required or permitted by law.

5. Sales, sharing, and targeted advertising

ALS may disclose certain personal information to third parties in ways that may be considered a “sale”, “sharing”, or processing for targeted advertising under certain US state privacy laws.

Depending on the circumstances and applicable law, this may include disclosures involving identifiers, online identifiers, internet or electronic network activity information, commercial information, geolocation data, or inferences to advertising, analytics, or similar partners.

ALS may engage in limited sale, sharing, or targeted advertising activities as described in this Schedule.

Where required by applicable law, you may have the right to opt out of:

• The sale of your personal information.
• The sharing of your personal information for cross-context behavioural advertising.
• The processing of your personal information for targeted advertising.

For more information on how to exercise your rights, please, see Section 7 “Your rights regarding your personal data” of this Schedule.

6. How long we keep personal data

ALS will retain personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting, reporting, contractual, or litigation-related requirements.

Retention periods vary depending on the type of personal data, the purpose of processing, and applicable legal requirements.

Where personal data is no longer required, ALS will securely delete it, anonymise or deidentify it in accordance with applicable law and ALS’s retention standards.

ALS may use de-identified information in accordance with applicable law. Where ALS maintains de-identified information, ALS will not attempt to re-identify it except as permitted by law.

7. Your rights regarding your personal data

Depending on your state of residence and subject to applicable law, you may have the right to:

• Know or access personal information ALS has collected about you.
• Request information about the categories of personal information collected, sources, purposes, and disclosures.
• Request access to specific pieces of personal information, where applicable.
• Request correction of inaccurate personal information.
• Request deletion of personal information.
• Request a copy of personal information in a portable and, to the extent technically feasible, readily usable format.
• Opt out of the sale of personal information and/or of the sharing of personal information for cross-context behavioural advertising, where applicable.
• Opt out of the processing of personal information for targeted advertising.
• Opt out of certain forms of profiling in furtherance of decisions that produce legal or similarly significant effects, where applicable.
• Not be discriminated against or retaliated against for exercising your privacy rights.

These rights are subject to exceptions and limitations under applicable law. ALS may ask you to verify your identity before responding to a rights request.

To exercise your rights, please contact ALS using the Section 8 “Contact Details” set out in this Schedule.

7.1. Right to appeal

If ALS declines to act on your privacy request, you may have the right to appeal that decision, depending on your state of residence. To submit an appeal, please contact ALS using the contact data set out in Section 8 “Contact Details” set out in this Schedule.

Please include sufficient information for ALS to identify your original request and review the decision.

If your appeal is denied, ALS will inform you, where required by law, of any additional rights you may have to contact or complain to the relevant state authority

8. Contact details

If you have questions about how ALS handles your personal data or wish to exercise your rights, please contact ALS Privacy Specialist

9. Changes to this Schedule

ALS may update this Schedule from time to time to reflect changes in law, regulation, business operations, or ALS’s privacy practices. The latest version will be made available together with the ALS Global Privacy Notice.

Last updated: May 2026

Back to top