Consumer Health Data Privacy

This Consumer Health Data Privacy Policy (“Policy”) applies to residents of Australia to the extent that the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”) apply to Listen Health Pty Ltd (“Listen Health”, “we”, “our”, “us”) and the personal and health information we collect.

This Policy provides information about how Listen Health collects, stores, uses, and discloses your personal and health information arising out of and/or relating to you and/or your use of our Services – which include your use of our website, mobile applications, and any other technologies, features, or content we offer. This Policy applies to Australian residents about whom we collect “personal information” and “health information” as defined by the Privacy Act 1988 (Cth).

We encourage you to review our general Privacy Policy to learn more about Listen Health’s privacy practices. This Policy supplements our Privacy Policy in its entirety, and any capitalized terms in our Privacy Policy have the same meaning herein unless otherwise noted.

This Policy does not apply to third-party websites, applications, products, services, or other properties, even if they link to our Services or our Services link to them. We recommend you review the privacy practices of those third parties before connecting with or accessing their offerings and sharing any personal or health information.

1. Personal and Health Information We Collect

For purposes of this Policy, “Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether recorded in a material form or not, as defined under the Privacy Act 1988 (Cth). “Health Information” is a subset of Personal Information that includes information or an opinion about an individual’s health, disability, or health services provided to them, including genetic information or information collected in connection with the provision of a health service.

Our Services involve the collection of laboratory test results (“Lab Results”), self-reported health information (“Self-Reported Health Information”), and other health-related data gathered via cookies or similar technologies. Accordingly, we may collect, or have collected, the following categories of Personal and Health Information about you:

- Name and contact information (e.g., email address, phone number, postal address)
- Demographic information (e.g., age, gender)
- Account profile information
- Health conditions, treatments, or diseases
- Social, psychological, behavioral, or medical interventions
- Health-related surgeries or procedures
- Use or purchase of prescribed medication
- Diagnosis, diagnostic testing, or treatment information
- Gender-affirming care information
- Reproductive or sexual health information
- Genetic data
- Bodily functions, vital signs, symptoms, or related measurements
- Precise location information that could indicate your attempt to acquire or receive health services or supplies
- Data identifying you as seeking health care services
- Device information (e.g., IP address, device identifiers, mobile app identifiers, device operating system)
- Inferred data derived from non-health information to associate or identify you with the above information

We may create aggregated, de-identified, or anonymized information from Personal and Health Information by removing identifiable components (e.g., your name, email address, or linkable tracking ID) or through aggregation or obfuscation. For example, we may de-identify information provided or generated in connection with your use of our Services (including Lab Results and Self-Reported Health Information) in compliance with applicable Australian law. Such de-identified or anonymized information is not considered Personal Information under the Privacy Act 1988 (Cth).

2. Categories of Sources of Personal and Health Information

We may collect Personal and Health Information from the following categories of sources:
‍
- Directly from you through your interactions with us, such as when you use our Services, create an account, complete electronic forms, upload medical records, link a wearable or Internet of Things device, or contact us via chat, email, phone, or text (collectively “Self-Reported Information”).
- From third-party healthcare providers, laboratory services providers, or other medical and medical-adjacent service providers (“Lab and Provider Partners”), with your consent and in accordance with applicable law.
- Through linked wearable devices connected to our Services (which may include historical data related to your use of the wearable devices).
- From other third parties, such as our business partners and affiliates, with your consent where required.
- From third parties you choose (e.g., laboratory providers).
- Through automatic tracking technologies (e.g., cookies, subject to your consent where required).
- From our creation, inference, or generation of Personal Information about you.
- Listen Health implements measures to ensure that non-essential cookies or tracking technologies are not deployed without your consent, in compliance with Australian privacy laws and the ePrivacy principles where applicable.

3. How We Use Personal and Health Information

We use the Personal and Health Information we collect about you to:

- Provide customer service
- Deliver and maintain our Services
- Improve, develop, and research our products
- Conduct internal business operations, including general administration
- Market our Services, where permitted and in accordance with your preferences
- Fulfill any purpose consistent with your consent or instructions

We limit the disclosure of your Lab Results to third parties. To deliver our Services, we may share certain information with our Lab and Provider Partners, who agree to comply with strict limitations on the use of your Personal and Health Information, in accordance with Australian law.

4. To Whom We Disclose Personal and Health Information

We may disclose Personal and Health Information with your consent, as necessary to complete your transactions, provide the Services you have requested, or as permitted or required by applicable Australian law. For example, with your consent, we may share your Lab Results with your general practitioner, specialist, or healthcare provider.

We may disclose Personal and Health Information:

- To comply with legal obligations, such as in response to valid requests by public authorities or where required to protect an individual’s health or safety.
- In connection with an actual or potential merger, acquisition, sale of assets, reincorporation, consolidation, reorganization, or other corporate transaction involving Listen Health or the business unit primarily utilizing your Personal and Health Information.

5. Your Privacy Rights

As an Australian resident, you have the following rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, subject to certain exceptions:

- Right to access: You have the right to request access to the Personal and Health Information we hold about you.
- Right to correction: You have the right to request correction of inaccurate Personal and Health Information.
- Right to anonymity and pseudonymity: You may deal with us anonymously or pseudonymously where practicable.
- Right to deletion: You may request the deletion of your Personal and Health Information in certain circumstances, subject to legal retention obligations.
- Right to complain: You have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy rights.
- Right to opt out: You may opt out of receiving direct marketing communications or targeted advertising, where applicable.

Exercising Your Rights

To exercise your rights, please submit a request using one of the following methods:

- Email: legal@listenhealth.com.au

Requests are subject to identity verification to ensure compliance with the Privacy Act 1988 (Cth). You must provide sufficient information, including your first and last name and email address, to allow us to verify your identity and evaluate your request. We will not respond to requests if we cannot verify your identity or confirm that the information relates to you.

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation, please contact legal@listenhealth.com.au. We will respond to your request within thirty (30) days, unless an extension is reasonably necessary, in which case we will notify you within the initial period.

If you are visually impaired, have a disability, or require support in another language, please contact us at legal@listenhealth.com.au to access your privacy rights. You may designate an authorized agent to submit a request on your behalf, provided we receive proof of authorization and verify the agent’s identity.

We do not charge a fee to process requests unless they are excessive, repetitive, or manifestly unfounded. If a fee is warranted, we will provide a cost estimate before processing.

If you believe we have not handled your request appropriately, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting www.oaic.gov.au, calling 1300 363 992, or emailing enquiries@oaic.gov.au.

6. Changes to This Policy

We may update this Policy from time to time. We will notify you of changes by posting the updated Policy on our website or through other appropriate means. Modifications will be effective upon posting unless otherwise indicated. We recommend reviewing this Policy periodically. Your continued use of our Services after the effective date of any modified Policy indicates your acknowledgment that the updated Policy applies to your interactions with Listen Health.

7. Contact Us

If you have questions about this Policy or our privacy practices, please contact us at legal@listenhealth.com.au. Because email communications are not always secure, please do not include sensitive information in your emails.