1. General
PRiiMO Pty Ltd ABN 54 631 333 821 (PRiiMO or us or we or our) collects and handles personal information (data), including sensitive health information, about users of the PRiiMO Patient User Interface and the PRiiMO Service.

PRiiMO also collects some personal information (data) about other users of the PRiiMO website.

PRiiMO is an Australian corporation regulated by the Australian data privacy statute in relation to PRiiMO’s handling of personal information about users in all countries. As well as PRiiMO’s legal obligation to comply with the Australian data privacy statute wherever in the world that PRiiMO provides the PRiiMO Service, data privacy statutes in many countries confer additional protections on users.

This Privacy Policy applies in addition to PRiiMO’s obligations under local laws in each country.

2. Definitions
In this Privacy Policy, the following terms have the following meaning:

Anonymised Data means any information, data or content which is collected, processed and/or otherwise generated by PRiiMO and which is anonymous, and/or does not personally identify you and/or reveal your specific identity as an individual, and/or cannot be attributed to you.

Candidate Data means Personal Data that you provide to PRiiMO relating to an
application for a position with PRiiMO, as further detailed in section 4 below.

Data means Personal Data and Anonymised Data.

Data Protection Laws means the Privacy Act 1988 (C’th of Australia), the General Data Protection Regulation (EU) 2016/679 (as may be amended, replaced or superseded from time to time) (GDPR), the laws in the European Economic Area (EEA) implementing or supplementing the GDPR in the relevant countries, and other data protection laws applicable to PRiiMO in relation to Processing and other Handling of User Data, according to the terms of this Privacy Policy.

Personal Data means any information, data or content which can personally identify you as an individual and/or otherwise can be attributed to you as an individual, or as otherwise defined in applicable Data Protection Laws (whether referred to as personal data, personal information, personally identifying information or similar term), as further detailed in section 4 below. Personal Data may include pseudonymised information, being information about a person which does not include direct personal identifiers, but which could be used to identify you except that controls and safeguards are used to protect you from being identified. Anonymised Data is not Personal Data.

PRiiMO Patient User Interface means the PRiiMO smartphone app or PRiiMO web interface for other internet access devices as available from time to time to access the PRiiMO Service.

PRiiMO Service means the service provided by PRiiMO of controlled and safeguarded sharing and exchange of information between an individual, an individual’s clinician and other health professionals that are involved in the individual’s health care (to the extent that those other health professionals use this service).

Process, Handle and Use have the meaning ascribed to it under Data Protection Laws. In addition, “Use” includes any accessing, viewing, visiting or browsing the Website for any purpose. User or you or your means any individual (including, without limitation, clinicians) or entity that Uses the PRiiMO Patient User Interface and/or the PRiiMO Service and/or the PRiiMO Website for any purposes, using a computer and/or any other device, including cellular device and/or by any other means of communications.

User Data means Candidate Data and Visitor Data, together.

Visitor Data means Personal Data that you upload to the Website in order to contact us, for instance, if you are interested in our services or in receiving our newsletter, as further detailed in section 4 below.

Website means PRiiMO’s internet website available at www.priimo.co or any other
address as may be available from time to time.

3. Collection of Data – General Provisions
Personal Data and Anonymised Data. In the course of Use of the Website, we collect and Process two types of data: Personal Data and Anonymised Data.

Candidate Data and Visitor Data. As for Personal Data that we collect and Process in connection with Use of the Website, the collection is further divided to two parts: Candidate Data and Visitor Data. This collection and Processing of Data commences on your first Use of the Website, and may be executed by the User Data you provide to the Website and by technological tools we implement in the Website in order to collect and/or otherwise Process the Data.

PRiiMO Patient User Interface and PRiiMO Service. As for Personal Data that we collect and Process in connection with Use of the PRiiMO Patient User Interface and/or Use by you or your clinician of the PRiiMO Service, we collect and Process this Personal Data to enable information about your health status and health care, including scans and test results, to be shared with and exchanged between your clinician and other healthcare professionals (including those working in hospitals and providers of scanning, testing and like services) that use the PRiiMO digital platform. This information may also be shared and exchanged as pseudonymised information (i.e. information which does not include direct personal identifiers but which could be used to identify you except that controls and safeguards are used to protect you from being identified). Applicable Data Protection Laws state detailed requirements that are designed to ensure protection of data privacy rights of patients and that must be fulfilled by persons and entities (including PRiiMO and clinicians) handling pseudonymised health data about individual patients. Anonymised
Data about you may also be used within the PRiiMO Service, or within controlled research programs, to facilitate comparison of treatment plans and results relating to (anonymised) you and results against clinical plans and results of other (anonymised) patients. These comparisons assist your clinician and other medical professionals to continue to refine clinical best practice.

4. Collection and Use of Personal Data related to Use of the Website
No Legal Requirement. When you Use the Website you may, at your choice and without any legal obligation to do so, provide us with Personal Data (and other data). However, if you do not provide us with your contact details we may not be able to reply and/or otherwise respond to any message you leave on the Website.
Your Consent. By Using the Website and uploading Personal Data to the Website, you agree and consent as follows:
• that Personal Data is yours, that you have the legal right to provide us such
Personal Data, and that it is complete, accurate and true; and
• that the Personal Data you provide will be stored in our database(s), and will be
Processed by PRiiMO (including, third parties acting on our behalf) for the
purposes and the terms as specified in this Privacy Policy.
Personal Data you Provide. The types of Personal Data you provide may include (by way of a non-exhaustive list) the following: 
• when you Use the “Contact Us” form, the Visitor Data you will be required to
provide us is: your name, email address, your phone call, and any other
information you decide to incorporate in the “Message” box in the “Contact Us”
form;
• when you elect to receive our newsletter, the Visitor Data you will be required
to provide us is: your name (optional), email address, phone (optional) and/or
any other information you decide to incorporate in the “message box” in the
Website); and
• when you Use the Website in order to apply for a position at PRiiMO, the
Candidate Data you will be required to provide us is: your name (optional), email
address, your LinkedIN® address (optional), the position you are interested in,
and your resume (optional).

Personal Data we Collect or Generate. When you Use the Website, we may collect some Personal Data about you, such as your IP address, by using certain technological tools as detailed in section 8 below.

How we Use your Personal Data. Personal Data that you provide or that we Process will be Used by us for the following main purposes (as may be amended from time to time):
• if you send us Candidate Data, we will Use it in order to review and assess your
computability to work at PRiiMO, including (where applicable), to conduct
background and reference checks, to interview you, and to consult with our
advisers about your candidacy;
• if you send us Visitor Data, we will Use it in order to contact and communicate
with you regarding the subject matter of your message: whether to send you our
newsletter, responding to your query in the Website, etc.;
• if we collect your IP address, we will Use it to identify you as a User in your next
visit in the Website, without the necessity of entering your details; and
• we may Use your Personal Data for sending marketing materials. In order to do
so, in some jurisdictions we will obtain your prior consent and/or otherwise act
as required by applicable law.

In addition, we may Use your Personal Data to enforce this Privacy Policy, resolve disputes, comply with any applicable law, regulations or other requests from authorised authority(ies), and/or as otherwise authorised by you.

5. Collection and Use of Personal Data related to Use of the PRiiMO Patient User Interface and Use by you or your clinician of the PRiiMO Service
Verification of your identity. When you Use the PRiiMO Patient User Interface or the PRiiMO Service, you will be required to provide us with Personal Data (and other data) to enable us to verify your identity and entitlement to access Personal Data about you.

Your consent. You will be required to provide consent to your clinician if you wish to Use the PRiiMO Patient User Interface or the PRiiMO Service to view, exchange and share Personal Data such as relevant information about your health status and health care, including scans and test results, with your clinician and other healthcare professionals (including those working in hospitals and providers of scanning, testing and like services) that use the PRiiMO Service. Your clinician will provide you with a Consent Form and, if requested by you, the clinician’s Privacy Policy. You should read this Consent Form and Privacy Policy carefully, as they describe relevant permitted Uses by PRiiMO and other users of the PRiiMO Service of Personal Data about you.

Type of information we collect and Use. We collect and Use Personal Data (which may identify an individual), pseudonymised information (which does not include direct personal identifiers but which could be used to identify an individual except that controls and safeguards are used to protect the individuals from being identified), and Anonymised Data.

Processing and handling information as encrypted or pseudonymised information. We process and handle information about Users as encrypted information wherever that is reasonably practicable. We may also process and handle information about Users as pseudonymised information.

Controls and safeguards. Where we process and handle information about Users as
pseudonymised information, we implement and monitor technical, operational,
administrative and contractual controls and safeguards and information security
measures to protect personal (identifying) information and to minimise any risk that
pseudonymised information might be used to reidentify any individual in circumstances where a user should not expect information about them to be made available or used as personal (identifying) information.

Purpose of processing, handling and disclosing information. We process, handle and may disclose information about users in the form of personal (identifying) information to the extent necessary to communicate with users (including clinicians and healthcare professionals responsible for treating or monitoring the health of patients), to respond to user queries, to improve the usage experience of users of the PRiiMO Patient User Interface, the PRiiMO Service and the PRiiMO Website, and to the extent necessary to comply with applicable law.

Location of processing and handling. We primarily process and handle personal information in Australia, but to the extent permitted by law may process and handle it in other places around the world, either ourselves or through activities of contractors to us (who commit to us to only process and handle this personal information for us and within the scope of activities that we allowed to do).

Artificial intelligence and machine learning. We use Anonymised Data to develop artificial intelligence and machine learning features and functionality of the PRiiMO Service to facilitate clinicians in developing best practice in treatment and monitoring of patients.

Your rights. You have the right to review, ask to rectify, erase, transfer, withdraw consent, and object to processing and other handling of personal (identifying) information and pseudonymised information about you, by sending us a request.

6. Lawful basis for Processing
We only process Personal Data where we have a lawful basis to do so. The lawful basis will depend on the reason(s) we collected and need to Use your Personal Data, and may differ according to Data Protection Laws.
The lawful basis pursuant to some Data Protection Laws for processing User Data will be:
• when you gave your consent for processing your User Data for specific purpose.
For example, if you gave your clinician and/or us your consent in relation to Use
of the PRiiMO Patient User Interface and/or Use by you or your clinician of the
PRiiMO Service, or if you sent us your Candidate Data in order to apply to a
position in PRiiMO;
• when it is necessary for the performance of a contract with you. For example, we
will process your Visitor Data to address your query in the Website, or to send you
our newsletter;
• where there is a legitimate interest to process the User Data (for example, to
identify and prevent abuse of the Website, to improve the performance of the
Website); or
• to comply with a legal obligation that apply to us (for example, to disclose
information to authorities).

7. Your rights regarding your Personal Data
In various countries you have legal rights in relation to Processing of Personal Data about you. Data Protection Laws vary between countries. The following is a general, but not complete, guide:
• you may have the right to request a review of your Personal Data we Process;
• you have the right have your Personal Data rectified to the extent it is incorrect,
incomplete or not processed in compliance with Data Protection Laws;
• you may be entitled to require that we erase certain part of your Personal Data if
its processing is not justified;
• you may have the right to ask the transfer of your Personal Data to other
controllers;
• in some circumstances, you have the right to withdraw consent (where the lawful
basis for Processing is consent);
• under certain circumstances, you may have the right to object to the Processing
of your Personal Data due to your particular situation; or
• you have the right to lodge a complaint before the applicable supervisory
authority of your jurisdiction.

If you wish to exercise any of your rights, please contact us at [email protected]. We will act in accordance with the Data Protection Laws, in order to comply with your request.

8. Collection of Anonymised Data related to Use of Website
General. In addition to the categories of personal data described above, we may also
collect and use information from you when you Use our Website for any purpose.

Anonymised Data we Collect. PRiiMO collects statistical information about how Users locate and navigate the Website, browser type, operating system version, referring URL, including the number and frequency of users to each web page, the length of their stays etc.

How we Collect Anonymised Data. We may use technological tools for the collection of Anonymised Data, as detailed below, and as may be further added from time to time:
• we use Google Analytics to analyse how users interact with our Website. For
information about how Google uses the information provided to Google Analytics
see https://www.google.com/analytics/terms/. Depending on your browser, you
may control the information provided to Google by using the Google Analytics opt
out browser add-on (if any).
• we may use other “cookies” (or other similar technologies) for the purposes set
out below. A “cookie” is a small data file that we transfer to your computer or
device, which creates a unique identifier, in order to identify the User in its future
interaction with the Website.
For more detailed information about the cookies we use, how they work and how you can change your cookie preferences at any time, please see our Cookies page.
How we Use Anonymised Data. We may Use Anonymised Data for the same purposes we Use Personal Data (where applicable), and also for the following purposes:
• to monitor and analyse your Use of the Website;
• for the technical administration and troubleshooting of the Website;
• to improve the usefulness and quality of the Website and to enhance the
positioning of Website within Internet search engines;
• to gather statistical data and system analytics data about how PRiiMO’s Website
is being used;
• to assist in determining the effectiveness of our Website content and advertising;
• for commercial research and further development; or
• for any other legitimate purpose.
Due to the nature of the Anonymised Data, you hereby warrant and represent that you will not have claim or demand, of any kind, regarding the Use of the Anonymised Data for any legitimate purpose.

9. Sharing Personal Data with Others
We will not disclose, share, rent, or sell your Personal Data to any third party, other than as permitted under this Privacy Policy and as necessary to provide your clinician and you with the PRiiMO Service. We may share Data with third parties, as follows:
Service Provider: We may share Data with our contracted service providers (such as cloud vendors, advertisers, companies that provide analysis and processing activities, messaging services, etc.) so that these service providers can provide services on our behalf.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, the Data may be transferred to a successor or affiliate as part of that transaction along with other assets.

Official Authorities: We may need to disclose Data in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.

10.International transfer of Information collected
We may store, process or maintain Data in various sites worldwide, including through cloud-based service providers worldwide. Where applicable, by using the Website, the PRiiMO Patient User Interface or the PRiiMO Service, you agree and consent to transfer of your Personal Data to countries outside your state or country.
Where the GDPR applies and we transfer Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:
• the country that we send the data to might be approved by the European
Commission as offering an adequate level of protection for Personal Data;
• the recipient might have signed up to a contract based on “model contractual
sections” approved by the European Commission, obliging them to protect your
Personal Data;
• where the recipient is located in the US, it might be a certified member of the EUUS Privacy Shield scheme; or
• in other circumstances the law may permit us to otherwise transfer your Personal
Data outside the EEA.

11.Retention
We retain different types of Data for different periods, depending on the purposes for
processing the Data, our legitimate business purposes as well as pursuant to legal
requirements under the applicable law. We will retain Personal Data for as long as
required and needed to comply with our legal obligations or to pursue our legitimate
business purposes (such as defend ourselves). Unless otherwise restricted under
applicable law, Anonymised Data will be retained indefinitely.

12.Security
We are committed to protecting the security of Personal Data. We use a variety of
administrative, technical, and physical security technologies and procedures to help
protect your Personal Data from unauthorised access, use, or disclosure. While we strive to protect your Personal Data, we cannot ensure or warrant that the Personal Data or private communications you transmit to us will always remain private and will not be illegally accessed, and accordingly you assume all risk associated therewith and agree that we will not under any circumstances be liable to you in respect thereof.

13.Our Policy Regarding Children’s Privacy
Our Website, the PRiiMO Service and the PRiiMO Patient User Interface are not designed or intended to be Used by or for persons under 18 and we do not knowingly collect Personal Data from persons younger than 18. If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Privacy Policy.

14.Privacy Policy Changes
If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy in our Website, so that you are aware of what information we collect, how we Use it, and under what circumstances, if any, we disclose it. To the extent legally required, we will obtain your re-consent for material change. We reserve the right to modify this Privacy Policy at any time, so please review it frequently.

15.Making a Complaint
If you think we have breached any Data Protection Laws, or you wish to make a complaint about the way we have handled your Personal Data, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you within a reasonable time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Where the GDPR applies, if you are not satisfied with the response you receive from us or you think that your rights have been infringed by us, you may escalate your concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator. However, we recommend you contact us first, and we will do our best to resolve any complaint.

16.Contact Us
For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us at [email protected].

Effective: 10 June 2020