1. Introduction
Advanced Health Intelligence Limited (“AHI”/”we”/“us”/”our”) is committed to the protection of your personal information and your privacy and will ensure that information provided to us is handled in a secure manner. This Privacy Policy sets out the guidelines which AHI has established to protect the information you submit to AHI when using our website.
This Privacy Policy applies to users (“you”) of the AHI website and services available in connection with this website (the “Website”).
The purpose of this privacy notice is to explain what personal data we collect about you when you visit our Website. When you do this, we are the data controller.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at [email protected] or following the instructions on the “Contact Us” page.
Our collection and use of your Personal Data are subject to the data protection laws applicable where you reside, as set out in this Privacy Policy.
Where we collect and process your Personal Data based on your explicit consent, as set out in this Privacy Policy, we will ask for your consent in the Service before we collect any of your Personal Data. You can withdraw your consent at any time by using the contact details provided in this Privacy Policy. If you do withdraw your consent, you will no longer be able to participate in the
demonstration trial.
Cookies
For details about how AHI uses cookies and other tracking technologies, please refer to the linked Cookies page in the footer section of www.ahi.tech.
2. Interpretation & Definitions
Capitalised words in this Privacy Policy have the meanings given below. All definitions have the same meaning regardless of whether they are used in singular or plural.
- AHI means Advanced Health Intelligence Limited of U5, 71-73 South Perth Esplanade, South Perth, Western Australia, 6151.
- Business means the legal entity that determines the purposes and means of processing of Personal Data about residents of California in accordance with the CCPA.
- Controller means the legal entity or natural person that determines the means and purposes of processing of Personal Data about individuals in the European Economic Area or the United Kingdom in accordance with the GDPR.
- CCPA means the California Consumer Privacy Act, California Civil Code sections 1798.100 et seq, and its implementing regulations.
- GDPR means the General Data Protection Regulation (EU) 2016/679 and, from the point at which the GDPR ceases to apply in the United Kingdom, the UK GDPR.
- LGPD means the Brazilian General Data Protection Law (the Lei Geral de Proteção de Dados Pessoais).
- Personal Data means information which can be used directly or indirectly to identify you and which relates to you (and shall be deemed to include “Personal Data” as defined in the GDPR and LGPD and “personal information” as defined in the CCPA and the Australian Privacy Act 1998 (Cth) respectively).
- Processor means the legal entity or natural person that processes Personal Data on behalf of and in accordance with instructions from a Controller in accordance with the GDPR.
- Service Provider means the legal entity that processes Personal Data about residents of California on behalf of a Business in accordance with the CCPA.
- UK GDPR means the General Data Protection Regulation (EU) 2016/679 as it forms part of the law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018.
3. Personal Data We Collect
In order to use the Website, contact us via the “Contact Us” page and use our services you will be required to provide personal information such as your name, email, business or home address and contact number. This information is your Personal Data because it is about you and can be used to identify and / or differentiate you from other individuals using the Website. We collect this with your consent.
4. How does AHI Use My Personal Data?
AHI processes your personal data for many different purposes. Data protection law only allows us to use your personal data if we have a lawful reason. We have explained these purposes and the lawful reasons that we rely on to carry out that processing under data protection law below:
Processing of your personal data for the performance of a contract
AHI processes your personal data for purposes to fulfil its contract with you to provide services to you. For example, this includes:
- Entering into a contract with you.
- Providing our products and services to you.
- Providing information on our business, products and services to you.
- Managing our relationship with you.
- Handling service requests or complaints.
Processing of your personal data for legal and regulatory purposes
AHI may be required to process your personal data for various legal and regulatory purposes. For example, this includes:
- Keeping accurate and up-to-date records, contact details and records of contractual and statutory rights.
- To adhere to laws and regulations which apply to us.
- Retaining information for a specified amount of time.
- To run our business in an efficient manner, including audit, corporate governance, risk and financial management, planning and business capability.
- To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.
Processing of your personal data where you have consented to that processing
AHI may processes your personal data in certain circumstances where you have given your consent. For example, this includes:
- Providing you with information about our products and services that we feel may be of interest and benefit to you (unless you inform us that you do not want to receive such direct marketing).
- If you have provided sensitive personal data (also known as special categories of personal data) which we have recorded so that we can make appropriate adjustments for you in relation to the administration of our products and services.
- Where you have provided your contact details in order for us to contact you.
Processing of your personal data where we have a legitimate interest to do so
- AHI processes your personal data for various purposes where we believe we have a legitimate interest, and we have balanced this against your rights as an individual. For example, this includes:
- To monitor your use of our services and systems to ensure they are functioning correctly and efficiently.
- To monitor, develop and improve our services to ensure the correct customer outcomes are being achieved, and for training and quality purposes and to ensure our legislative and regulatory obligations are being adhered to, for example, we may conduct customer surveys, monitor underwriting decisions, record and review calls, review complaints and perform user / optimization testing.
- To prevent and detect fraud, money laundering and other crime. This may include checking your location when you use a mobile device to help prevent fraud.
- Recovering debts from third parties.
- Business management and planning, including accounting, risk reporting and auditing to ensure our business is run efficiently and in accordance with best practices.
- To conduct data analytics studies to review and better understand our customers and how our products and services are delivered.
- Dealing with legal disputes.
Please note, we may continue to process your personal data where we have a legitimate interest to do so, even when you don’t have a relationship with us or your relationship has ended with us. You can object to our processing of your data under this basis at any time, please see below “What are my data protection duties and rights and what can I do to enforce them?”
How does AHI use my special category personal data?
Some of your personal data which we hold about you may be special category personal data. This is sensitive information, for example in respect of your race or health. We will only use your sensitive personal data in the following ways:
- Where we have your explicit consent. For example, to enable us to make necessary and appropriate adjustments for you in the administration of our products and services.
- Where we have a legal requirement to use it.
What happens if the purposes change?
- We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated or incompatible purpose, we will notify you and we will explain the lawful reason which allows us to do so.
5. Sharing Your Personal Data
We will share your Personal Data with trusted third parties who provide us with services necessary to enable you to access this Website and our services. Any such third parties are required by a contract between us and them to take appropriate security measures to protect your Personal Data and may only use your Personal Data in line with our instructions and not for their own purposes.
AHI does not share, rent or sell your personal information to any third party in any way other than as disclosed in this Privacy Policy. By providing your Personal Data to us via the Website you agree that AHI may share your personal information, on a confidential basis, with third party individuals and organisations that assist us, including contractors, financial service providers, web hosts and others.
You further agree that we may delegate upon appropriate terms our authority to collect, access, use and disseminate your personal information and you hereby agree that every authorization granted by you to AHI under this Privacy Policy is also granted to any third party hired or contracted AHI for the purpose of maintaining, operating, repairing, improving or otherwise assisting in the running of the Website and their services.
You agree to not hold AHI liable for the actions of any third party even if we would normally be held vicariously liable for their actions and that you must take legal action against them directly for any tort or other actionable wrong suffered by you.
The following is a list of third parties with whom we are currently sharing users’ personal information (please note that the list is non-exhaustive):
- Fastly
- Amazon Cloudfront
- Amazon Web Services
- Stripe payment
- MongoDB
- Mailjet
- Google Website Analytics
We may also share your Personal Data where required to do so by law or where we believe in good faith that disclosure is necessary to protect the safety of users of the Service or the public, investigate and prevent possible wrongdoing in connection with the Service, to protect and defend our rights and assets and to protect against legal liability.
If we are subject to any merger, acquisition of asset sale, your Personal Data may be transferred to the acquiring or merged entity. We will notify you if this occurs and provide you with details of any arising change to this Privacy Policy.
We may share statistics (and other relevant information) relating to your body scan data with third parties when we are liaising with them about the services and products we provide. Where we do so, we will always anonymize your data so that any third parties cannot link it to you.
6. Retaining Your Data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymized, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
7. Protecting Your Data
The security of your Personal Data is important to us, and we have implemented organizational and technical security measures in line with good industry practice to ensure that your Personal Data is protected.
Unfortunately, no method of transmission over the internet or method of electronic storage is 100% secure. Whilst we will always take steps to protect your information in line with good industry practice, we cannot guarantee its absolute security.
8. Children’s Privacy
We do not provide services to anyone under the age of 13. Our Terms of Service prohibit use of our services by anyone under the age of 13, and we do not knowingly collect Personal Data from anyone under the age of 13.
If You are a parent or guardian and you believe your child is using our services, please contact us to delete their Personal Data.
If we become aware that we have collected Personal Data from anyone under the age of 13, we will take steps to delete their Personal Data.
9. Your Rights
You have rights in respect of your Personal Data. The specific rights available to you depend on your country of residence. If you are in the European Economic Area or UK, you have the rights listed at Section 10 of this Privacy Policy. If you are a resident of California, you have the rights listed at Section 11 of this Policy. If you are a resident of Brazil, you have the rights listed at Section 12 of this Policy.
If you live in Australia, you have the right to request access to or correction of the Personal Data we hold about you and the right to stop receiving unwanted direct marketing. You can also make a complaint about us to the Office of the Australian Information Commissioner if you think we have mishandled your Personal Data.
You can exercise your rights or complain to us about how we use your data by emailing us at [email protected] or writing to us at the address provided at Section 13, below.
10. GDPR Specific Processing
If you reside in the European Economic Area (“EEA”) or the United Kingdom (“UK”), this Privacy Policy applies as follows:
- AHI is the Controller for your Personal Data.
- The trusted third parties with whom we share your Personal Data as described in the
- Privacy Policy are our processors for your Personal Data. We enter into data processing agreements that meet the requirements of Article 28 of GDPR with our sub-processors and processors.
- We only transfer your Personal Data outside the EEA or UK with your explicit consent or where otherwise permitted by law to do so.
- If we transfer your Personal Data outside the EEA and the UK including to the United States, and Australia where the data protection laws may offer a lower level of protection than in your country.
- We may share statistics (and other relevant information) relating to Personal Data with third parties when we are liaising with them about the services and products we provide. Where we do so, we will always anonymize your data so that any third parties cannot link it to you.
- Our representative in the EU and UK is Evalian Limited, who can be contacted by emailing [email protected].
- We have designated a Data Protection Officer, who can be contacted by emailing [email protected].
- You have the following rights in respect of your Personal Data:
- You have the right of access to your Personal Data and can request copies of it and information about our processing of it.
- If the Personal Data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your Personal Data with your consent, you can withdraw your consent at any time.
- Where we are using your Personal Data because it is in our legitimate interests to do so, you can object to us using it this way.
- Where we are using your Personal Data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
- You can ask us to restrict the use of your Personal Data if:
- It is not accurate.
- It has been used unlawfully but you do not want us to delete it.
- We do not need it anymore, but you want us to keep it for use in legal claims;
- or
- if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances you can compel us to erase your Personal Data and request a machine-readable copy of your Personal Data to transfer to another service provider.
- You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
- You can withdraw consent. If you withdraw your consent, we may not be able to provide You with access to certain specific functionalities of the Service.
- You can also raise a complaint with the data protection supervisory authority in the country in which you reside.
- To exercise your rights in respect of your Personal Data you can contact us using the details set out at Section 9 or Section 13 of this Privacy Policy.
11. California Specific Processing
If you are a resident of California, this Privacy Policy applies as follows:
- To the extent applicable under the CCPA, AHI is the Business for your Personal Data.
- We may share statistics (and other relevant information) relating to your Personal Data with third parties when we are liaising with them about the services and products we provide. Where we do so, we will always anonymize your data so that any third parties cannot link it to you.
- AHI does not sell your Personal Data within the meaning of the CCPA.
- You have the following rights in respect of your Personal Data to the extent required by the CCPA:
- You have the right to disclosure of specific information to you about the collection and use of your Personal Data over the last 12 months.
- You have the right to request that your Personal Data is deleted, subject to certain exceptions.
- You have the right not to be discriminated against for exercising your rights under the CCPA.
- To exercise your rights in respect of your Personal Data you can contact us using the details set out at Section 9 or Section 13 of this Privacy Policy.
- California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. If this applies to you, please contact us using the details set out at Section 10 or Section 13 of this Privacy Policy. We will action your request to the extent required by law.
- California Civil Code Section 1798 (California's ‘Shine the Light’ law) enables California residents with an established business relationship with us to request information once a year about the sharing of their Personal Data with third parties for direct marketing purposes. If this applies to you, please contact us using the details provided at Section 9 or 13 of this Privacy Policy.
12. LGPD Specific Processing
If you reside in Brazil, this Privacy Policy applies as follows:
- AHI is the Controller for your Personal Data.
- The trusted third parties with whom we share your Personal Data as described in the Privacy Policy are our sub-processors for Personal Data. We enter into data processing agreements with our sub-processors and processors to ensure they only process your Personal Data in accordance with our instructions.
- We only transfer your Personal Data outside of Brazil with your explicit consent or where otherwise permitted by law to do so.
- We may share statistics (and other relevant information) relating to your Personal Data with third parties when we are liaising with them about the services and products we provide. Where we do so, we will always anonymize your data so that any third parties cannot link it to you.
- We have designated a Data Protection Officer, who can be contacted by emailing [email protected].
- You have the following rights in respect of your Personal Data:
- You have the right of access to your Personal Data and can request copies of it and information about our processing of it.
- If the Personal Data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your Personal Data with your consent, you can withdraw your consent at any time.
- Where we are using your Personal Data because it is in our legitimate interests to do so, you can object to us using it this way.
- Where we are using your Personal Data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
- You can ask us to restrict the use of your Personal Data if:
- It is not accurate.
- It has been used unlawfully but you do not want us to delete it.
- We do not need it anymore, but you want us to keep it for use in legal claims;
- or
- if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances you can compel us to erase your Personal Data and request a machine-readable copy of your Personal Data to transfer to another service provider.
- You have the right to review a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
- You can withdraw consent. If you withdraw your consent, we may not be able to provide You with access to certain specific functionalities of the Service.
- You can also raise a complaint with the data protection supervisory authority in the country in which you reside.
- To exercise your rights in respect of your Personal Data you can contact us using the details set out at Section 9 or Section 13 of this Privacy Policy.
13. Our Contact Details
You can contact us about this Privacy Policy, to exercise your rights or to complain by writing to:
Advanced Health Intelligence Limited, U5, 71-73 South Perth Esplanade, South Perth, Western Australia, 6151.
You can email us about this Privacy Policy at [email protected].
14. Updates to this Privacy Notice
We will review and update this Privacy Policy from time to time. Please visit this page periodically to check for updates.
This Privacy Policy was last updated on the date shown at the bottom of this document.