PUMA CONSUMER HEALTH DATA PRIVACY POLICY

Effective Date: March 1, 2024

Last updated: October 30, 2025

This Consumer Health Data Privacy Policy (“Health Data Policy”) describes how Puma Biotechnology, Inc. (“Puma,” “we,” “us,” or “our”) processes “Consumer Health Data” or “Regulated Health Information” as that term is defined under applicable state law (collectively “Health Data”), about consumers who reside in the states of Nevada, Washington, New York, and any other applicable U.S. jurisdiction in connection with all Puma products, services, and patient education and support programs where this Health Data Policy is linked or posted (“Offerings”). This Health Data Policy supplements the Puma Privacy Policy available at https://pumabiotechnology.com/privacy-policy.html (“Privacy Policy”).

Our Collection of Health Data

To provide our Offerings, we collect and process information about you, including information that could be considered Health Data. The information we collect depends on how you interact with us and use the Offerings, as described further in the “What types of personal data do we collect and how do we use it?” section of our Privacy Policy.

Because Health Data is broadly defined, many of the categories of information we collect could also be considered Health Data. Depending on how you interact with us and our Offerings, we may collect the following information that may be considered Health Data:

  • Information about your health-related conditions,
    • services, treatment, symptoms, diseases or diagnosis.
  • Information about interventions relating to your health condition.
  • Information about health-related surgeries or procedures.
  • Information about use or purchase of or satisfaction with a prescribed medication.
  • Measurements relating to a health status.
  • Information about your diagnoses or diagnostic testing, treatment or medication.
  • Information identifying you when you seek health services.
  • Payment information that relates to your physical health (such as insurance details).
  • Information that may be used to infer or derive data related to the above.

Sources of Health Data

Depending on how you interact with us and the Offerings, we may collect Health Data about you directly from you (which may include your interactions with our websites and the Offerings), from other people (including other users of the website and Offerings), your device(s), and partners, vendors and third parties, as described further in our Privacy Policy.

Why We Collect and Use Health Data

We collect and use Health Data as reasonably necessary to provide you with the Offerings you have requested. This may include:

  • to provide, personalize, conduct and improve our services and Offerings;
  • to communicate with you;
  • to comply with a legal obligation, process or request;
  • to enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • to detect, prevent or otherwise address security, fraud or technical issues;
  • to protect the rights, property or safety of us, our users, a third party, or the public as required or permitted by law;
  • to evaluate your candidacy and process your application for employment; and
  • to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Health Data held by us about our customers is among the assets transferred.

We may also collect, use and disclose Health Data for other purposes with your consent or authorization.

Disclosure of Health Data

We may disclose each of the categories of Health Data described above as reasonably necessary to provide you with the Offerings you have requested (as described above), or for other purposes with your consent or authorization.

We share Health Data with the following categories of third parties:

  • mentors and other patient support individuals involved in our patient support programs, if you choose to use our patient support services to interact with mentors through our mentor program, we will share data, including Health Data, as directed by you and your interactions.
  • vendors, including for IT service management, security, website hosting, and our patient support program:
  • data analytics and advertising vendors:
  • actual or prospective licensees or buyers in the event we license or sell any business or assets, or if substantially all of our assets are acquired by a third party; and
  • law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with law, enforce our terms and conditions, detect, prevent or otherwise address security, fraud or technical issues, and protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.

We may also share Health Data with additional categories of third parties with your consent or authorization. For additional information regarding our sharing of information, including Health Data, please see the “How do we disclose your personal data?” section of our Privacy Policy.

Your rights regarding Health Data

Depending on your place of residency, you may have some or all of the following rights regarding your Health Data, subject to applicable law and certain exceptions:

  • Right to Confirm and Access: If you ask us, we will confirm whether we are collecting, sharing, or selling your Health Data. You may request that we provide you with a copy of the Health Data that we maintain about you. At your request, we will provide a list of all third parties and affiliates with whom we have shared or sold your Health Data.
  • Right to Correct: If your Health Data that we maintain is inaccurate and you would like us to correct it, you may request that we make changes to it.
  • Right to Withdraw Consent: Where we have relied on your consent or authorization for certain processing of your Health Data, you may withdraw that consent or authorization at any time, including if we requested your authorization to “sell” your Health Data.
  • Right to Delete: You may request that we delete the Health Data we maintain about you.
  • Right to Appeal: If we deny your request to exercise any of the above rights, you may request to appeal this decision.

You may exercise any of these rights, and as applicable, to appeal a consumer rights action, by contacting us using the information provided below. We may need to collect information from you to verify your identity, such as your email address or date of birth before providing a substantive response to the request.

Changes

We’ll notify you before we make material changes to this Health Data Policy. You’ll have the opportunity to review the revised Health Data Policy before you choose to continue using our Offerings.

Contact

Questions, comments and requests regarding this policy are welcomed and should be addressed to info@pumabiotechnology.com, or by calling us at 844-PUMABIO (844-786-2246).