Privacy Policy

In this Privacy Policy, 'HealthMatch', 'us', 'we' or 'our' means HealthMatch Pty Ltd (ABN 77 618 446 905) and our affiliates. We are committed to respecting your privacy. Our Privacy Policy sets out how we collect, use, store and disclose your personal information when you visit the HealthMatch Platform (healthmatch.io) ( Platform).

Please read this Privacy Policy carefully. It explains what personal information we collect, why we collect it, how we use it, and your choices related to your information.

Please read this Privacy Policy carefully. It explains what personal information we collect, why we collect it, how we use it, and your choices related to your information.

Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include sensitive information, such as health information and genetic information, that you provide to us or that we obtain from third parties.

The HealthMatch Platform

We are a for-profit social enterprise that matches you with clinical trials based on certain attributes that are derived from information which you provide to us through the HealthMatch Platform. With your authorization, we may obtain your medical records from third parties, such as your health care providers, to conduct further suitability assessments. We provide de-identified attributes (i.e. information about your medical conditions) to clinical trial providers to determine your suitability for participation in clinical trials. With your consent, we may also provide your personal information to clinical trial providers (including clinical trial sites). We receive a fee from clinical trial providers each time we refer a potential trial participant.

By using the HealthMatch Platform, you will be able to control and manage the personal data you input into the Platform in various ways. For example, you will be able to:

• choose whether we can share your personal information to clinical trial providers; and
• (to extent permitted by law) delete your profile and we will erase or de-identify any of your personal information that we hold.

Where you use the Platform on behalf of someone else (i.e. a patient), you must ensure you have that person's express consent and authorization to provide us with their personal information.

Sensitive Health Information

1. We only use your sensitive health information (with your authorization) to find and match you with potential treatments and clinical trials and to notify relevant clinical trial providers that you have matched in a clinical trial.
2. We will use aggregated and de-identified information for clinical trial research and development and to promote the effectiveness of the Platform. We may share this aggregated and de-identified information with our carefully selected third party partners for the same purpose. This will, for example, help guide research efforts and drug development, progressing life-saving cures onto the market faster.

We will never sell your sensitive health information to target ads or marketing to you and we will not use your sensitive health information for these purposes without your consent.

Some personal information we collect may constitute protected health information under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). If you are matched to a clinical trial, your match will provide you with a Notice of Privacy Practices describing their collection and use of your health information to the extent they are required by HIPAA, not HealthMatch. We will only collect and use protected health information for the purposes of providing our services and we only collect the minimum amount necessary to fully perform and provide the services on the Platform. Protected health information will not be used for any other purpose, including marketing, without your consent.

What is de-identified information and how do we use and disclose it?

We may use or disclose de-identified information as described in this Privacy Policy. De-identified information is derived from the personal information and sensitive information that you provide to us. Before we use or disclose such information, we will carefully remove certain information or alter the information that we collect about you so you can no longer be identified from that information.

In order to match you with clinical trials, we provide your profile to clinical trial providers such as pharmaceutical companies, clinical trial sites connected to hospitals or other health service providers, and contract research organisations. Where we provide such information, it is in a de-identified format. Clinical trial providers use this information to confirm your suitability to participate in clinical trials, and may also use this information on an aggregated basis for research and development purposes.

We may provide aggregate de-identified information derived from personal and sensitive information to carefully selected non-profit disease-specific advocacy groups for research purposes and to assist in promoting awareness of the Platform, clinical trials and medical developments.

We may also undertake data analytics on de-identified data related to your use of our Platform, in order to improve the functionality of the Platform.

What personal information do we collect?

We do not seek to collect information relating to your results as part of a clinical trial that you are matched with through use of our Platform.

We may collect the following types of personal information and sensitive information:

• name;
• mailing or street address;
• email address;
• telephone number and other contact details;
• age or date of birth;
• details of your disease type or other medical condition(s);
• details of your hospital;
• your medical visits and procedures;
• your genetic information, including test results which contain genetic information;
• details about your treatment and side effects;
• your family history of any related medical conditions;
• details of clinical trials you have participated in prior to using our matching service;
• your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
• details of the clinical trials we have matched you with, whether we have been notified by clinical trial providers that you meet their criteria to participate in such trials and whether you have enrolled in such trials;
• any additional information relating to you that you provide to us directly through our website or Platform, directly from third parties, such as your health care providers, from whom you authorize us to obtain information, or indirectly through your use of our website or Platform or online presence or through other websites or accounts from which you permit us to collect information; or
• any other personal information that may be required in order to facilitate your dealings with us.

We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:

• register on our website or for our Platform;
• complete the questionnaire on your medical conditions and history through our Platform;
• communicate with us through correspondence, chats or email;
• use the Platform to update your privacy preferences;
• interact with our sites, services, content and advertising, including through the use of tracking technologies, as further described below;
• (in the case of collection of clinical trial enrolment information) when you enroll in a clinical trial; or
• invest in our business or enquire as to a potential purchase in our business.

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks), from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. Workplace privacy laws in certain jurisdictions may contain certain exemptions regarding certain acts undertaken in relation to employee records. Where appropriate, we make use of relevant exemptions under applicable workplace privacy laws.

Why do we collect, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

• to match you with clinical trials relevant to your medical profile;
• to enable you to be contacted by clinical trial providers to enrol in trials you have matched to;
• to enable you to access and use our Platform and to manage your privacy preferences;
• to enable you to access and use other components of our website;
• to operate, protect, improve and optimise our Platform, business and our users’ experience;
• to send you notifications of trial matches and where you meet some or all of the trial criteria;
• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
• to send you our electronic newsletter;
• to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
• to consider your employment application; and
• to protect you from conduct that violates the Terms of Use.

Do we use your personal information for direct marketing?

When you use our Platform, we may:

• use your personal information to send you direct marketing communications and information about our services and products, in accordance with applicable privacy and marketing laws; or
• de-identify your personal information before disclosing it to third parties to facilitate our general marketing or promotional activities.

We engage third party service providers to assist us with delivering direct marketing via various channels, including through social media and other digital platforms. We take all reasonable steps to ensure that your personal information is protected when disclosing information to such third parties.

You can always opt-out of receiving direct marketing communications by contacting us using the details set out below, by using an unsubscribe link or by telling us through your profile settings via our Platform.

If you are not yet a registered user of our Platform, then we may market our services to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms. We will always do this in accordance with our legal requirements and if we use a third party to do so, we will only do so with our trusted partners.

For California residents, we do not provide your information to third parties for their direct marketing purposes. However, we may share aggregate or other information that no longer personally identifies you with other parties for our business purposes, marketing, analytics, or other uses.

To whom do we disclose your personal information?

We seek your consent before providing your name, contact details, and medical records to a clinical trial provider (or to a clinical trial site that has been contracted by the relevant clinical trial provider), so that they can contact you to participate in a trial.

This consent is requested generically in our questionnaire, which allows us to share your details with trials that you match to automatically. You can revoke this consent for specific trials. You can still use the Platform without providing this consent, and can provide consent for each individual trial.

Any further personal information that you then provide to a clinical trial provider (including to a relevant clinical trial site) will be subject to that trial provider's privacy policy and any other arrangements between you and them.

We may also disclose personal information for the purposes described in this privacy policy, where necessary for our legitimate business purposes and on a need to know basis, to:

• our employees and affiliates;
• third party suppliers and service providers (including information technology providers for the operation of our website, Platform and/or our business);
• professional advisers;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us; and/or
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Disclosure of personal information outside your country

We may disclose your personal information outside of the country in which you reside or of which you are a citizen to our third party service providers located in Australia, the United States and Japan. In addition, your personal information may be processed in the country in which it was collected and in other countries, where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your data, you consent to such transfer. We will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the privacy laws of your country.

We may disclose de-identified information to international clinical trial providers, including in the United States, China, Singapore, New Zealand and Europe (including the European Union), for the purposes of matching you with clinical trials. We will always seek your consent before providing your name and contact details to any such clinical trial provider so that you can participate in a trial.

Cookies and Tracking Technologies; Do-Not-Track Signals

Cookies Generally

We may collect personal information about you when you use and access our website or Platform.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website and Platform, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website and Platform that help us track your website or Platform usage and remember your preferences. These include:

• Session cookies, which are stored during an active session, i.e. during the period you use our Platform. Session cookies are normally deleted when you close your browser. We use this type of cookie to map your actions on our Platform.
• Persistent cookies, which are stored on your device until the specified expiration date for each cookie, or until you manually delete the cookie from the device. The cookie will be activated each time you visit a website that created the special persistent cookie. A persistent cookie allows you to remember your preferences or actions on a website (or on different websites.)
• Web beacons, which are transparent images that can be included in emails or on our Platform, which let us see what our visitors click on.

Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so. We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

Marketing Cookies

Marketing cookies are used to deliver ads that are relevant to you and your interests, or to limit the number of times you see the same ad on a website. These types of cookies are also used to help measure the efficiency of an advertising campaign. These cookies can be used to remember what you looked at when you visited a website. We use this information to provide you with personalized content recommendations and for marketing communications. We may combine the information collected by these cookies with other information that you have provided to us.

• Facebook Pixel. We use Facebook and their partner networks, such as Instagram, to market ourselves using the Facebook pixel that collects data about behaviour and purchases on our website and to measure the effect of our advertising. This tracking is used to evaluate and measure how different campaigns and marketing strategies perform on Facebook & Instagram. By sharing this data with Facebook, we can, for example, offer personalized advertising content and adjust the frequency of advertising you see from us. Facebook stores the data we send to them for up to 2 years depending on the type of data in question. Here you will find Facebook's privacy policy.
• TikTok Pixel. We use TikTok to market ourselves using the TikTok pixel that collects data about behavior and purchases on our website and to measure the effect of our advertising. This tracking is used to evaluate and measure how different campaigns and marketing strategies perform on TikTok. Here you will find TikTok's privacy policy.

Opting out

If you decide at any time that you no longer wish to accept cookies from the Platform for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all portions of the Platform or all functionality of the Platform.

If you are a Facebook user, you can control whether ads based on your behaviour should appear on Facebook and other websites that use Facebook's advertising services in <fbLink>Facebook's advertising settings</fbLink>.

Do-Not-Track

Our Platform does not currently recognize “Do Not Track” signals sent by some browsers.

Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, we:

• use secure communications between your browser and our servers;
• store your information in encrypted form; and
• have processes in place to ensure that all data requests are authenticated and authorised.

We also restrict access to personal information within our organisation to those personnel who need it to operate our service.

However, we cannot guarantee the security of your personal information. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform.

We may retain your personal information as long as you continue to use the Platform, have an account with us, or for as long as is necessary to fulfil the purposes outlined in this Privacy Policy. You can ask to close your account by contacting us as described below, and we will delete your personal information on request. We may, however, retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes as set out in this privacy policy.

Children’s Privacy

Our Platform is not designed nor intended to be used or accessed by children under the age of 18. No one under age 18 may provide any information to or through Platform. We do not intentionally collect personal information from children through the Platform. If you are under age 18, do not use or provide any information on or through Platform, including, but not limited to, your name, address, telephone number, e-mail address, user name or other. If we learn we have collected or received personal information from a child under age 18 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including personal information from or about a child under age 18, please contact us immediately at privacy@healthmatch.io.

Links

Our website, Platform or electronic newsletter may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information

You can access and update the personal information we hold about you by logging into your profile on our Platform.

Where we hold other personal information about you, you can contact us using the information below or the contact us function on our website to access or correct this information.

Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information. If you contact us about inaccurate information, we will take reasonable steps to ensure that it is corrected.

General Data Privacy Regulation (GDPR)

The General Data Protection Regulation (“GDPR”) took effect on May 25, 2018, and is intended to protect the data of European Union (EU) citizens.

If you are a resident of the European Economic Area (EEA), or are accessing our Platform from within the EEA, you may have certain rights with respect to your data.

Legal Basis for Processing Personal Information under GDPR

We may process Personal Information (as defined in the GDPR) under the following conditions:

• Consent: You have given your consent for processing personal information for one or more specific purposes.
• Performance of a contract: Provision of personal information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
• Legal obligations: Processing personal information is necessary for compliance with a legal obligation to which HealthMatch is subject.
• Vital interests: Processing personal information is necessary in order to protect your vital interests or of another natural person.
• Public interests: Processing personal information is related to a task that is carried out in the public interest or in the exercise of official authority vested in HealthMatch.
• Legitimate interests: Processing personal information is necessary for the purposes of the legitimate interests pursued by HealthMatch.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The laws of certain jurisdictions may provide data subjects with various rights in connection with the processing of personal information, including:

• The right to withdraw any previously provided consent;
• The right to access certain information about you that we process;
• The right to have us correct or update any personal information;
• The right to have certain personal information erased;
• The right to have us temporarily block our processing of certain personal information;
• The right to have personal information exported into common machine-readable format;
• The right to object to our processing of personal information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and
• The right to lodge a complaint with the appropriate data protection authority.

Where we are deemed a data controller under the laws of certain jurisdictions, we will take steps to help ensure that you are able to exercise your rights regarding personal information about you in accordance with applicable law. To do so, you may contact us at privacy@healthmatch.io. Please note these rights may be limited in certain circumstances as provided by applicable law. We will promptly review all such requests in accordance with applicable laws. Depending on where you live, you may also have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning personal information about you. We encourage you to first reach out to us at privacy@healthmatch.io, so we have an opportunity to address your concerns directly before you do so.

Making a complaint

If you think we have breached any applicable privacy laws, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below or the contact us function on our website. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below or the contact us function on our website: