Effective Date: July 10, 2023

Syri Research Center (“Syri Research,” “we,” “our,” or “us”) is steadfastly committed to upholding the highest standards of regulatory compliance, data protection, and ethical integrity in all our clinical research practices. We implement and maintain rigorous, structured protocols designed to ensure the integrity, confidentiality, and security of all clinical research activities and associated data.

Our operational framework is meticulously aligned with recognized clinical research standards and global regulatory requirements. This includes, but is not limited to:•Good Clinical Practice (GCP): Adherence to internationally recognized ethical and scientific quality standards for designing, conducting, recording, and reporting trials that involve the participation of human subjects.•FDA Regulatory Guidelines: Compliance with applicable regulations set forth by the U.S. Food and Drug Administration governing clinical research.•Ethical Standards: Strict observance of ethical principles for human subject research, including those outlined in the Declaration of Helsinki.•Data Protection Frameworks: Implementation of industry best practices for data privacy and security.We maintain comprehensive internal standard operating procedures (SOPs) that ensure continuous compliance with these frameworks across the entirety of our research lifecycle.

Safeguarding the confidentiality of the information entrusted to us is a foundational priority. Our data handling practices are governed by the following core principles:•Data Minimization: We restrict the collection of personal and health information strictly to what is necessary for the specific research purpose.•Purpose Limitation: Collected data is utilized exclusively for its intended, disclosed research objectives and operational necessities.•Access Control: Access to sensitive information is strictly provisioned based on the principle of least privilege, limited only to authorized personnel who require such access to perform their designated duties.•Proactive Safeguarding: We deploy robust, reasonable safeguards to prevent unauthorized access, disclosure, alteration, or destruction of data.

In capacities where Syri Research handles Protected Health Information (PHI), our operations are structured to align with the Health Insurance Portability and Accountability Act (HIPAA) and corresponding state privacy laws. Our practices are designed to ensure:•The stringent protection of sensitive health-related information.•Highly controlled, logged access to confidential patient and participant data.•Secure transmission, handling, and communication of PHI in all formats.

To protect the integrity and confidentiality of our data repositories, Syri Research maintains a comprehensive suite of administrative, technical, and physical safeguards. These measures include:•Systems Security: Advanced access controls, encryption protocols, and secure authentication mechanisms for all systems handling research data.•Secure Storage: Utilizing secure, compliant storage environments with robust backup and disaster recovery protocols.•Continuous Monitoring: Ongoing oversight, auditing, and monitoring of data handling activities to detect and mitigate potential vulnerabilities.While we employ industry-standard precautions to protect information, we acknowledge that no system or transmission over the internet can be guaranteed to be entirely secure. We continuously evaluate and enhance our security posture to address emerging threats.

The ethical treatment of research participants is the cornerstone of our operations. Syri Research is committed to conducting clinical activities in strict accordance with ethical mandates, prioritizing:•Respect for Persons: Ensuring informed consent and respecting the autonomy of all participants.•Beneficence and Non-Maleficence: Maximizing potential benefits while minimizing risks, ensuring the protection of participant rights, safety, and well-being.•Scientific Integrity: Maintaining uncompromising integrity, accuracy, and transparency in all data collection, analysis, and reporting processes.

In the execution of our research operations, we may engage third-party service providers, vendors, or clinical partners. We exercise rigorous due diligence in these engagements, taking reasonable and necessary steps—including the execution of Business Associate Agreements (BAAs) or equivalent confidentiality agreements—to ensure that such providers uphold data protection and confidentiality standards commensurate with our own.

Syri Research reserves the right to review, amend, or update this Compliance and Privacy Policy periodically to reflect changes in our operational practices, technological advancements, or evolving regulatory landscapes. Any modifications will be posted to our website with a revised "Effective Date." Continued engagement with our services constitutes acknowledgment of the updated policy.

We welcome inquiries regarding our compliance frameworks or privacy practices. For questions, concerns, or to exercise any applicable data rights, please contact our Compliance and Privacy Officer through the designated channels provided on our website.