48117_Amneal Code of Conduct-update 2023 R6.indd

November 2023 At Amneal, the term “Personally Identifiable Information” refers to two categories of personal data: • “General Personally Identifiable Information” and “Sensitive Personally Identifiable Information.” • “General Personally Identifiable Information” includes first and last name, birth date, gender, e-mail address, mailing address, profession, education, or professional afiliations used to identify you. • “Sensitive Personally Identifiable Information” refers to personal information including, but not limited to, religion, race, health status, political opinion, sexual preferences, income, social security number, credit card numbers, order history, or prescribing habits. Together, we refer to “General Personally Identifiable Information” and “Sensitive Personally Identifiable Information” as simply “Personally Identifiable Information.” Amneal will collect and use only as much Personally Identifiable Information as is: • Required by law or • Necessary to fulfill the purpose for which the Information is collected. All personal data in Amneal’s possession should be protected, following these principles: • Personal data is collected, processed, stored and transferred with adequate precautions to ensure confidentiality, and is accessible only to individuals with legitimate reasons to know or have access to it. • Employees and other individuals will be asked for their consent to the collection, processing, transfer and storage of their personal data as required by applicable laws. • Employees will have the opportunity to review their own personal data held by Amneal and to correct any errors found in accordance with the applicable law. Always consult your supervisor, your Human Resources representative, or the Corporate Compliance Department if you have any questions about Amneal privacy policies, or if you become aware of any privacy breaches. Protecting Electronic Communications and Data The Internet, Intranet, email, and voicemail are not secure forms of communication, so special care must be exercised when using these systems to avoid inappropriate disclosures. Confidential information must not be stored in unauthorized Internet- or cloud-based information storage systems or any personal device. 29