XRHEALTH AU PTY LTD – PRIVACY POLICY

XRHealth AU Pty Ltd (ABN 69 631 035 419) (we, us or our), understands that protecting your personal information is
important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or
collected by us, when interacting with you.

1. The information we collect
Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not,
about an individual who is identified or reasonably identifiable.
The types of personal information we may collect about you include:
• Identity Data including your name, age, profession, photographic identification, and gender.
• Contact Data including your telephone number, address and email.
• Financial Data including bank account and payment card details (through our third party payment processor,
who stores such information and we do not have access to that information).
• Background Verification Data including your government-issued identification details requested as part of our
verification process to comply with our due diligence obligations, anti-money laundering laws and related
ongoing monitoring commitments.
• Transaction Data including details about payments to you from us and from you to us and other details of
products and services you have purchased from us or we have purchased from you.
• Technical and Usage Data when you access any of our websites or platforms, details about your internet
protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions,
device and network information, acquisition sources, search queries and/or browsing behaviour, access and
use of our website (including through the use of Internet cookies or analytics), and communications with our
website.
• Profile Data including your username and password for our website, profile picture, appointments you have
made, and support requests you have made.
• Interaction Data including information you provide to us when you participate in any interactive features,
including surveys, contests, promotions, activities or events.
• Marketing and Communications Data including your preferences in receiving marketing from us and our third
parties and your communication preferences.
• Professional data including where you are a worker of ours or applying for a role with us, your professional
history such as your previous positions and professional experience.
• Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive
information means information relating to your racial or ethnic origin, political opinions, religion, trade union
or other professional associations or memberships, philosophical beliefs, sexual orientation or practices,
criminal records, health information or biometric information. The types of sensitive information we collect
include:
o information about your health and the health services provided to you; and
o information about your symptoms or diagnosis, specialist reports and test results, prescriptions and
other pharmaceutical purchases;
o biometric information and templates, such as voice recognition information and eye-recognition
information;
o lifestyle, diet, exercise and health related information that you share with us; and
o health insurance information, including details of your policy or claims, and Medicare number.

2. How we collect personal information
We collect personal information in a variety of ways, including:
• when you provide it directly to us, including face-to-face, over the phone, over email, or online;
• when you complete a form, such as registering for any events or newsletters, or responding to surveys;
• when you use any website we operate (including from any analytics and cookie providers or marketing
providers. See the “Cookies” section below for more detail on the use of cookies);
• from third parties, such as doctors or other health professionals (for health service clients), insurance brokers,
and medical insurers; or
• from publicly available sources.

3. Why we collect, hold, use and disclose personal information
Personal information: We collect, hold, use and disclose your personal information for the following purposes:
• to enable you to access and use our website, platform and hardware, including to provide you with a login;
• to verify you as a new client, including to perform anti-money laundering, anti-terrorism, sanction screening,
fraud and other background checks on you;
• to do business with you, including to dispatch and deliver our hardwarre to you, register your attendance at
our events, assess your application, manage your appointments;
• to contact and communicate with you about our business, including in response to any support requests you
lodge with us or other enquiries you make with us;
• to contact and communicate with you about any enquiries you make with us via any website we operate;
• for internal record keeping, administrative, invoicing and billing purposes;
• for analytics, market research and business development, including to operate and improve our business,
associated applications and associated social media platforms;
• for advertising and marketing, including to send you promotional information about our events and
experiences and information that we consider may be of interest to you;
• to run promotions, competitions and/or offer additional benefits to you;
• if you have applied for employment with us, to consider your employment application; and
• to comply with our legal obligations or if otherwise required or authorised by law.
Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:
• any purposes you consent to;
• the primary purpose for which it is collected;
• secondary purposes that are directly related to the primary purpose for which it was collected, including
disclosure to the below listed third parties as reasonably necessary to do business with you;
• to contact emergency services, or to speak with your family, partner or support person where we reasonably
believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us
to obtain your consent; and
• if otherwise required or authorised by law.

4. Our disclosures of personal information to third parties
Personal information: We will only disclose personal information (excluding sensitive information) to third parties where it
is necessary as part of our business, where we have your consent, or where permitted by law. This means that we may
disclose personal information (excluding sensitive information) to:
• our employees, contractors and/or related entities;
• IT service providers, data storage, web-hosting and server providers;
• third party customer relationship management providers such as HubSpot and Cliniko;
• marketing or advertising providers;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• payment systems operators or processors;
• our existing or potential agents or business partners;
• sponsors or promoters of any promotions or competition we run;
• if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal
information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the
assets transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided
to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in
connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our
legal rights;
• third parties to collect and process data, such as analytics providers and cookies; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.
Sensitive information: We will only disclose sensitive information with your consent or where permitted by law. This
means that we may disclose sensitive information to:
• our employees, contractors and/or related entities;
• IT service providers, data storage, web-hosting and server providers;
• professional advisors;
• if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal
information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the
assets transferred;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in
connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our
legal rights;
• third parties to collect and process data, such as analytics providers and cookies; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.
Google Analytics: We have enabled Google Analytics Advertising Features. We and third-party vendors may use first-party
cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google
advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage
Data about you.
You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found
here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences
Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install
their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile
device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices
with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit
the settings menu on your device.
To find out how Google uses data when you use third party websites or applications, please see here.

5. Overseas disclosure
We store your personal information in Australia. Where we disclose your personal information to third parties, those third
parties may store, transfer or access personal information outside of Australia, including but not limited to, the United
States of America. We will only disclose your personal information overseas in accordance with the Australian Privacy
Principles.

6. Your rights and controlling your personal information
Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will
collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide
personal information to us, however, if you do not, it may affect our ability to do business with you.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set
out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and
warrant that you have such person’s consent to provide the personal information to us.
Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of
communications (including marketing communications), please contact us using the details below or opt-out using the opt out
facilities provided in the communication.
Access: You may request access to the personal information that we hold about you. An administrative fee may be payable
for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to
your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably
possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we
can provide access to your information in another form that still meets your needs, then we will take reasonable steps to
give you such access.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or
misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information
found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be
legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as
soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain
about the refusal.
Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of
the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our
investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may
contact the Office of the Australian Information Commissioner.

7. Storage and security
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access
or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure
personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us
over the Internet. The transmission and exchange of information is carried out at your own risk.

8. Data retention
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for,
including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, unless otherwise
required to retain it for longer under law. We may retain your personal information for a longer period in the event of a
complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of
the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the
purposes for which we process your personal information and whether we can achieve those purposes through other
means, and the applicable legal, regulatory, tax, accounting or other requirements.

9. Cookies
We may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store
your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information.
However, they do recognise you when you return to our online website and allow third parties to cause our
advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when
you choose to provide our online website with personal information, this information may be linked to the data stored in
the cookie.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access
all or parts of our website.

10. Links to other websites
Our website may contain links to other party’s websites. We do not have any control over those websites and we are not
responsible for the protection and privacy of any personal information which you provide whilst visiting those websites.
Those websites are not governed by this Privacy Policy.

11. Amendments
We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our
website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact us at:
XRHealth AU Pty Ltd (ABN 69 631 035 419)
Email: officeau@xr.health

© LegalVision ILP Pty Ltd