Privacy

Volpara Privacy Policy

1.Introduction

Volpara Solutions Limited a wholly owned subsidiary and master distributor of Volpara Health Technologies Limited, a New Zealand corporation with company number 2206998 (“us,” “we,” or “Volpara”) is committed to respecting the privacy of our customers, users of Volpara products, services and applications, including our websites (collectively, the “Services”) in accordance with data protection law including HIPAA, ISO27001, GDPR, DPA 1988 and no less onerous equivalents.

2. Your Consent to, and Agreement with, this Privacy Policy

Please read this Privacy Policy carefully to understand our policies and practices regarding Personal Data and Sensitive Personal Data (both, defined below) and how we will treat it. By using the Services, you are accepting and consenting to the practices described in this policy.

3. Your Express Representation of Authorization and Compliance

3.1 Prior to using the Services, you expressly represent and warrant that you are authorized to use the Services and that you will at all times comply with applicable national, state and regional laws relating to the handling, storage, use, privacy and protection of data (including as applicable obtaining the express and informed consent of the “Data Subject”, such term to include personnel, subcontractors and patients as applicable) whose data is to be processed in connection with the Services). You also represent and warrant that all information you provide to us will be current, true, accurate, supportable and complete. It is entirely your choice whether or not to submit, use or disclose Personal Data and Sensitive Personal Data through Volpara’s Services. If you choose not to provide the required data, you may not be able to use certain features of Volpara’s Services.

3.2 In order to access the Services you will either create a user login and password via the services or integrate an existing identity structure during onboarding. You are solely responsible for maintaining the confidentiality of all user logins and passwords and for ensuring that your login and password is used only by you.

3.3 You are solely responsible for:

3.3.1 any and all access and use of the Services that occurs under your account; and

3.3.2 for the accuracy, quality, integrity, legality, reliability, appropriateness, security and right to use all data and information that you input into the Services.

3.4 You may not circumvent or otherwise interfere with any user authentication or security of the Services.

3.5 You must notify us within 48 hours if any of your account data is lost, stolen or used without permission.

4. “Personal Data” and “Sensitive Personal Data”

As used in this Privacy Policy,

“Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject”) that may be used directly or indirectly to identify an individual, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Sensitive Personal Data” means data relating to physical or mental health, such as medical history, family history, medical diagnosis, health background, current health status, age, gender, sexual behavior and sexual orientation, demographic information (including race, ethnicity, marital status, salary, education, political, religious, and trade union information), and information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, payments for treatment and health insurance information or other personally identifiable information under an applicable law.

5. The Purpose

We may use Personal Data and/or Sensitive Personal Data:

i) to perform our Services, which may entail the transfer of data and storage of the data (including storage on the Cloud for certain services as applicable and in accordance with data protection law relating to cross-border transfer of data);

ii) to collect information transmitted from your computing device for the purpose of providing Services, such as information that lets Volpara know when you are accessing our Services;

iii) to provide you with notices and to facilitate communication between us;

iv) to carry out our obligations and enforce our rights arising from any contracts we have entered into regarding you, including Business Associate Agreements;

v) to notify you about changes to Volpara’s Privacy Policy;

vi) to comply with any court order, law or legal process, including responding to any government or regulatory request, subpoena, or search warrant;

vii) for aggregate, statistical analysis to monitor and/or improve our services,

viii) for research; and

ix) to prevent, detect, and investigate security incidents, breaches, and/or unlawful activities.

6. Data Security

We use reasonable technical, physical, and administrative safeguards that are designed to enhance the security, confidentiality, integrity and accessibility of Personal Data and Sensitive Personal Data. We incorporate secure storage and transmission technologies including de-identification, data removal, redundancy, encryption, firewalls, auditing and monitoring protocols. Despite Volpara maintaining ISO27001 Information Security auditable compliance we cannot in all instances, however, ensure or warrant the security of all information transmitted via Volpara’s Services and cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by a breach or interference with our systems.