4DMEDICAL

Privacy Policy

4DMedical Limited ABN 31 161 684 831 and its related bodies corporate, including but not limited to 4DMedical USA Inc., 4DMedical R&D Inc. and Australian Lung Health Initiative Pty Ltd ABN 56 631 802 447 (4DMedical, us, we, our) take your privacy seriously and are committed to responsible privacy practices. 

Please read the following privacy policy (Privacy Policy) to understand how we collect, use, disclose, store, handle and protect your personal information. We seek to comply with relevant laws, including the Privacy Act 1988 (Cth) (Privacy Act) and the EU General Data Protection Regulation (GDPR), where applicable.  We hope that this will help you make an informed decision about sharing personal information with us.  As well as applying to our interactions with you, this Privacy Policy also applies to all information collected through this website and any other websites or platforms we operate.

This Privacy Policy sits alongside our Terms of Use, and any other terms and conditions that apply to the products and services we provide to you.

What is personal information?

In this Privacy Policy, ‘personal information’ has the meaning set out in the Privacy Act. In general terms, personal information is information (whether fact or opinion) about an individual who is identified or reasonably identifiable from that information or other information combined with that information.


Some types of personal information are classified as ‘sensitive information’ and/or ‘health information’, which are subject to additional protection under the Privacy Act. Sensitive information may include information about your racial origin and health status, and health information may include information about a health-related service you have had or will receive, including test results and appointment details.

What types of personal information do we collect?

The types of personal information we collect about you will depend on the purpose for which the personal information is collected. This can include:

  • in the case of customers procuring our products and/or services – your name, organisation name, billing or shipping address, email address, telephone number(s), business details, feedback, payment information and order details;

  • technical information and general analytics, such as web browser type and browsing preferences, Internet service provider, referring/exit pages, date/time stamps, IP address, time zone and geolocation data (if applicable), some of which is collected automatically, arising from your use of our website and/or platforms, as well as information about your usage of our website and/or platforms when browsing (see: “How do we collect personal information” below);

 

  • if you have requested to receive news about exclusive offers, promotions, events, newsletters or surveys from 4DMedical – your name, mailing or street address, email address, and telephone number(s);

 

  • if you have contacted us to make a complaint, provide feedback, submit an enquiry, request a call-back or request a product replacement – your name, mailing or street address, email address, and telephone number(s);

  • in the case of our sites where we have CCTV technology installed, CCTV footage and recordings;

 

  • in the case of prospective employees or contractors – information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers;

 

  • in the case of our suppliers and distributors – your name, mailing or street address, email address, and telephone number(s);

 

  • in relation to our shareholders – your name, address, date of birth and any information required to manage our shareholder relationships and to meet our legal and regulatory obligations; and

 

  • any other information you provide while interacting with us.


Generally, we will not collect sensitive information about you. However, in certain circumstances, we may collect (intentionally or inadvertently) limited sensitive information about you. For instance, we may collect sensitive information about you where:

  • in the case of prospective or current employees or contractors, you choose to disclose information to us regarding your vaccination status, disabilities, medical conditions or specific dietary or allergy requirements;

 

  • in the case of information shared with us by customers as part of our software-as-a-service platform or otherwise, where users of our platform, products or services have inadequately de-identified information provided to us which contains your health information, medical condition(s) or history before sharing that information with us; or

 

  • you directly provide us with sensitive information (such as health and medical information) and consent to us using the information for a particular purpose (such as our promotional and marketing activities).

Generally, we will not collect sensitive information about you.  However, in certain circumstances, we may collect (intentionally or inadvertently) limited sensitive information about you.  For instance, we may collect sensitive information about you where:

  • in the case of prospective or current employees or contractors, you choose to disclose information to us regarding your vaccination status, disabilities, medical conditions or specific dietary or allergy requirements;
  • in the case of information shared with us by customers as part of our software-as-a-service platform or otherwise, where users of our platform, products or services have inadequately de-identified information provided to us which contains your health information, medical condition(s) or history before sharing that information with us; or
  • you directly provide us with sensitive information (such as health and medical information) and consent to us using the information for a particular purpose (such as our promotional and marketing activities).

How do we collect personal information?

We collect your personal information directly from you, including when you:

  • access or use our website;
  • subscribe, purchase or otherwise use our products or services;
  • sign up to receive news and exclusive offers, promotions, or events;
  • enter surveys, competitions, promotions or request information or material from us;
  • make inquiries about us or our products or services or otherwise communicate with us by email, by telephone, in person, via a website, app or otherwise; and
  • apply to work with us or are engaged by us as a contractor.

 

Where it is reasonable and practicable to do so, we will only collect personal information about you from you directly and not from third parties. 

In limited circumstances, we may collect personal information about you from:

  • publicly available sources (such as the Internet);
  • from third parties (such as mutual contacts, another person making a purchase on your behalf, our service providers or from your referees during the recruitment process if you apply for a job with us); and
  • customers and users of our platform, products or services who share your information with us in the process of using our services and products.

 

We may also collect personal information through third parties such as our service providers or through promotional and marketing activities.

Whilst we will always maintain robust privacy practices, we are not responsible for the privacy practices of third parties, including service providers we engage, so you should review their relevant privacy policies to satisfy yourself as to how they protect and handle your personal information.

If you are a commercial customer of 4DMedical, it is your responsibility to ensure that suitable de-identification and re-identification protocols are in place for any clinical data provided to 4DMedical or received from us. 4DMedical works directly with third party vendors, such as Laurel Bridge Software, Inc. and Kailo Medical Pty Ltd to provide a packaged solution. However, ultimate responsibility for the privacy and correct operation of these tools rests with the customer and the relevant vendor.

We also use the following technologies to collect technical information and general analytics:

  • cookies, which are data files that are placed on your device and often include an anonymous unique identifier.  For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org;
  • log files, which track actions occurring on our website; and
  • web beacons, tags, and pixels, which are electronic files used to record information about how you browse our website.

 

You may disable your web browser from accepting cookies and other tracking technologies used to collect technical information and general analytics when browsing our website.  If you do so, you can still access our website, but it may impact your user experience.

In addition to our cookies, certain third parties may deliver cookies to your device for a variety of reasons. For example, we sometimes use various web analytics tools that help us to understand how visitors engage with our website. Any third party links or advertising on our website may also use cookies; you may receive these cookies by clicking on the link to the third party site or advertising. We do not control the collection or use of information by these third parties, and these third party cookies are not subject to this Privacy Policy. You should contact these companies directly if you have any questions about their collection and/or use of information. When linking to any other site, you should always check the relevant website’s privacy policy before providing any personal information.

You may also opt out of targeted advertising by using the links below: 

 

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal

Can you choose not to disclose your personal information?

If we cannot collect personal information about you, or if you use a pseudonym, we may not be able to provide you with the information or assistance you require.  For example, we will not be able to send you information you have requested if you have not provided us with a valid email address or telephone number.

How do we use your personal information?

We use your personal information for purposes for which we collect it, including managing our business and providing our products and services to you, including to:

  • provide our products and services to our customers or to receive goods or services from third parties;
  • enable the proper operation and functionality of our products and services;
  • verify your identity (for example, if you request access to the personal information we hold about you);
  • consider you for a job at 4DMedical (whether as an employee or contractor) or other relationships with us;
  • communicate with you, and to address or investigate any issues or complaints that we or you may have regarding our relationship and our products and/or services;
  • prevent, detect and investigate suspicious, fraudulent, criminal or other activity that may cause you, us or others harm, including in relation to our products and services;
  • comply with our legal or regulatory obligations such as notifying you of matters that we may be required by law to do so;
  • managing shareholder relationships – including communicating with shareholders, undertaking share transactions and payment of dividends;
  • identify opportunities to improve our products and services and to improve our service to you;
  • gain insights about you so that we can serve you better, understand your preferences and interests, personalise your experience and/or enhance products and services you are offered and receive;
  • to manage, research and develop our products and services;
  • for direct marketing purposes (see “Direct Marketing Communications” below); and
  • contact you regarding any of the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.

 

We may also use or disclose your personal information for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes, and for other purposes to which you have consented, or as otherwise permitted or required by law.

Technical information and general analytics is used for the purpose of gauging visitor traffic, trends and delivering personalised content to you while you are using our website, and to improve our website and our products and services.

  • where you have given us your consent;
  • where processing of your personal information is necessary for the performance of a contract with you;
  • to meet our legal obligations; and
  • to pursue our legitimate business interests.

 

We may use or disclose your personal information:

  • for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
  • for other purposes to which you have consented; and
  • as otherwise authorised or required by law.

To whom do we disclose personal information?

We may disclose your personal information to third parties in connection with the purposes described above (see the “How do we use your personal information?” section).

This may include disclosing your personal information to the following types of third parties:

  • our related companies;
  • any potential or actual third party acquirer of our business or assets, and advisors to that third party;
  • our professional advisers (such as lawyers, accountants or auditors) and insurers;
  • our employees, contractors, agents and third party service providers who assist us in performing our functions and activities e.g. financial institutions, cloud service providers, data transfer and storage providers, shipping companies, telecommunications providers and IT support service providers;
  • organisations authorised by us to conduct promotional, research or marketing activities;
  • third parties to whom you have authorised us to disclose your information (e.g. referees or account nominees); and

 

We use third party service providers to provide us with web analytics services, such as Google Analytics.  You can read more about how Google uses your personal information here.

If we disclose your personal information to third parties, we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose of disclosure and in a manner consistent with applicable laws, for example (where commercially practical) by including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.

Direct marketing communications

We will only send you direct marketing communications (either through mail, SMS or email), including any news and exclusive offers, promotions, or events, where you have consented for us to do so.

You may opt-out of receiving direct marketing communications at any time by contacting us or by using opt-out facilities provided in the direct marketing communications.

How do we store personal information?

We store your personal information in paper-based files and/or other electronic record keeping methods in secure databases.  Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed).  We may combine or link personal information we hold about you with other personal information about you from third party sources.

Does personal information leave Australia?

Your personal information may be stored through third party service providers located in Australia, New Zealand, the United Kingdom, the European Union or the United States of America.  We may disclose your personal information to overseas recipients, such as to our subsidiaries and service providers located overseas, in order for them to provide their products and services, and to obtain services connected with our business. 

New Zealand, the United Kingdom, Switzerland and European Union member countries have data protection laws which protect personal information in a way which is at least substantially similar to the Privacy Act and the Australian Privacy Principles, and there will be mechanisms available to you to enforce protection of your personal information under those data protection laws. In these circumstances, we do not require the overseas recipients to comply with the Privacy Act and the Australian Privacy Principles and we will not be liable for a breach of the Privacy Act or the Australian Privacy Principles if your personal information is mishandled by overseas recipients.

Your personal information may be transferred to recipients located in the United States of America. The United States of America does not have data protection laws as comprehensive as Australia’s, and we will accordingly take commercially reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Privacy Act and the Australian Privacy Principles (except where you are located in the United States). Where you are located in the United States, we will handle your personal information in accordance with the provisions below related to HIPAA, California and other US State privacy laws as applicable.

How do we protect your personal information?

We implement reasonable measures to protect and safeguard your personal information from misuse, loss, theft and unauthorised access, modification or disclosure. 

We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises.  We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

However, particularly for electronic data stores and due to the fact that the Internet is inherently insecure, we cannot guarantee the security of transmission of personal information disclosed to us online.  Accordingly, you transmit your personal information to us online at your own risk and are encouraged to exercise care in sending personal information via the internet.

Please notify us immediately if you know or reasonably suspect that your personal information has been subject to any data breach, breach of security or other unauthorised activity.

To the maximum extent permitted by applicable law, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, modification of, disclosure of, misuse of or loss or corruption of any personal information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law, including the Competition and Consumer Act 2010 (Cth), the GDPR, or any liability which cannot be excluded due to the operation of applicable laws.

How long do we keep your personal information?

Generally, we will retain your personal information for the period necessary for the purposes for which your personal information was collected (as outlined in this Privacy Policy) unless a longer retention period is required by law or if it is reasonably necessary for us to comply with our legal obligations, resolve a dispute or maintain security.

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us as described in the “How to contact us” section below.  We will provide access to that information in accordance with the Privacy Act, subject to any exemptions that may apply.  We may charge an administration fee in limited circumstances, but we will let you know in advance if that is the case.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting us as described in the “How to contact us” section below. Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information.

You can also ask us to notify any third parties that we provided incorrect information to about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know.

Questions or complaints?

If you have any questions, concerns or complaints about our collection, use, disclosure or management of your personal information, you may contact us as described in the “How to contact us” section below.

We are committed to resolving any complaints reasonably and to ensuring that we are doing the right thing by our customers. We will make all reasonable inquiries and your complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.

If you consider your concerns have not been resolved satisfactorily by us, or you have concerns regarding the way we handle your personal information, you can contact:

Individuals located in the EU

If you are located in the European Union, you may have the following rights:

  • The right to access, rectify or update the personal information we hold about you.
  • The right to request erasure of personal information we hold about you, for example if the personal information is no longer necessary to provide services to you.
  • The right to require us to stop using all or some of your personal information (for example, if we no longer has a legal right to keep using it) or to restrict its use of your personal information (for example, if you consider that the personal information we hold about you is inaccurate or if it is unlawfully held).
  • The right to data portability. In some circumstances you have the right to be provided with a copy of the personal information we hold about you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You may withdraw your consent at any time where we relied on your consent to process your personal information.

 

We may ask you to provide suitable identification when you seek to exercise any of these rights.

HIPAA

In certain cases we may process your personal information in connection with services provided to your health care provider.  In such a case, if you are a resident of the United States, your personal information may be treated as “protected health information” subject to the protections of the Health Insurance Portability and Affordability Act (HIPAA).  In such cases, we act as a business associate to the health care provider and will comply with the requirements of HIPAA with respect to your protected health information.  Any requests relating to your protected health information in connection with such a service through your health care provider should be directed to your health care provider in the first instance.

Individuals Located In California

If you are a resident of California, you may have the following rights under the California Consumer Privacy Act and California Privacy Rights Act (California Privacy Laws):

  • Right to Access and Right to Know regarding personal information. You have the right to request that we disclose the following to you:
    • the categories of personal information we have collected about you;
    • the categories of sources from which the personal information is collected;
    • our business or commercial purpose for collecting or selling personal information;
    • the categories of third parties with whom we share personal information;
    • the specific pieces of information we have collected about you;
    • the categories of personal information about you, if any, that we have disclosed for monetary or other valuable consideration and the categories of third parties to which we have disclosed the information, by category or categories of personal information for each third party to which we disclosed the personal information; and
    • the categories of personal information about you that we disclosed for a business purpose.
  • Right to Deletion of Personal Information. You have the right to request that we delete personal information about you that we have collected from you subject to certain exceptions.
  • Right to Correct. You have the right to request that we correct personal information that we maintain about you that is inaccurate.
  • Right to Opt-out of Sale or Sharing. We do not sell or share personal information as those terms are defined in California Privacy Laws and therefore are not required to provide this opt-out.
  • Right to Limit the Use or Disclosure of Your Sensitive Personal Information. We are not required to provide this opt-out because any sensitive personal information we may collect is subject to HIPAA and exempt from the California Privacy Laws or because we do not infer characteristics based on your sensitive personal information or use the sensitive personal information for a purpose such that the right to limit would apply.

 

We may not discriminate against you because of your exercise of any of the foregoing privacy rights, or any other rights under the California Privacy Laws.

You can make a request under California Privacy Laws by contacting us as described in the “How to contact us” section below.   As required or permitted under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights, which may include your name, email address, and residence address.  If we believe we need further information to verify your request as required by law, we may ask you to provide additional information to us.  We may limit our response to your exercise of the above rights as permitted under applicable law.

As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us.

California Notice at Collection

We collect the following categories of personal information from California residents for the following business purposes: 

Identifiers, Personal information described in California Civil Code § 1798.80(e), Commercial information, including records of products or services purchased, Characteristics of protected classifications under California or US federal law, such as demographic information like age, race or gender, Internet or other electronic network activity information, Audio, electronic, visual, thermal, olfactory, or similar information; professional or employment-related information, and education information:

  • Purpose: See the section above entitled “How do we use your personal information?”
  • Sold or Shared: No.
  • Retention: See the section entitled “How long do we keep your personal information?”

 

Sensitive personal information.  We may collect this category of information in providing services from our customers, but such information will generally be covered by HIPAA and exempt from the California Privacy Laws.  We may also collect such information from job applicants and employees in processing job applications and managing the employment relationship, but do not infer characteristics based on such information.

We do not share personal information with third parties for their own direct marketing purposes, unless you give us permission to do so. When we give you notice, and you consent, we will share your personal information as you direct us to.

Local exemptions and inconsistency with law

Where local laws allow for an exemption to compliance with certain legal obligations, we may rely on such an exemption.

This Privacy Policy will not apply to the extent that it is inconsistent with any applicable law.

How to contact us

If you have a query, concern or complaint about the manner in which your personal information has been collected or handled by us or would like to request access to or correction of the personal information we hold about you, please contact us using the details provided below:

Data Privacy Officer
4DMedical
Online:   https://4dmedical.com/privacy/
Email:     dpo@4dmedical.com

Changes to this Policy

We may change or update this Privacy Policy from time to time to keep up-to-date with legal requirements and the way we operate our business.  An up-to-date version of this Privacy Policy is available at any time on this page. You are responsible for reviewing this Privacy Policy periodically and informing yourself of any changes. We suggest that you check back regularly. If we make significant changes to our Privacy Policy, we will seek to inform you by notice on our website or by email.

Last updated: 14 August 2023

What's new at 4DMedical

Get the latest news about respiratory imaging and ventilation analysis