Privacy Policy.

Last updated: 30 November 2023

1. General

(a) This website and mobile app (collectively, the Site) is operated by Super Young Pty Ltd (ACN 666 767 764) (we, us or our).

(b) Your privacy is important to us and we are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act).

(c) This policy outlines how and when we collect, use, share and store your personal information (including health information) and applies to all personal information we collect through:

 (i) the Site;
 (ii) our booking form; and
 (iii) our products and services.

(d) By accessing or using the Site, booking form or any of our products or services, you indicate that you:

 (i) have readand understood this policy; and
 (ii) agree that your access to, or use of, the Site, booking form oranyof our products or services indicates your consent to this policy.

(e) If you have any questions about this policy, you can contact us via:

hello@superyoung.com.au

2. What personal information we collect

(a) Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information is true or recorded in a material form. Personal information may also include health information.

(b) We collect and use personal information from customers, authorised users or visitors of the Site, staff (actual or prospective), purchasers of our products or services, and any other individual who interacts with us.

(c) We collect and use different types of personal information depending on the type of dealing you have with us, which may include:

 (i) your name, gender, dateof birth, address, phone numberand email address;
 (ii) information aboutthe products or services you book or enquire about, including how the products or services are used;
 (iii) information relating to your health and medical care, including your previous and current medical history and health related contraindications (where reasonably necessary to provide any of our products or services to you);
 (iv) your financial and payment information (such as credit card numberand bank account details), method of payment and any additional information required for user authentication processes (Booking Information); and
 (v) any other information relating to you that you provide to us, including the information you provide by email, telephone, booking or referral processes or forms, orthrough waiver or booking forms, surveys, competition forms, at special events and other promotional activities we may run from time to time.

(d) We only collect sensitive information (as defined in the Privacy Act) from you, including health information, to the extent that it is reasonably necessary for the health services we may provide to you, if:

 (i) we have your consent (written or verbal); or
 (ii) the collection is required by law and is consistent withthe provisions ofthe APPs.

3. Collection

3.1 Methods of collection

(a) We collect your personal information in several ways, including:

 (i) through your use, or bookings, of our products or services (and our records of these);
 (ii) when you visit the Site or submit information throughthe Site, contact us, or complete any forms or documents (including booking forms) for our products or services;
 (iii) when you participate in our surveys, competitions, promotions, questionnaires or other promotional activities we may run from time to time;
 (iv) from third parties (which we discuss further in clause 4.2 of this policy); and
 (v) from publicly available sources of information.

(b) The personal information we collect will track and enhance your use of the Site or our products or services, and assist us in providing a better service to you and determining services that are appropriate for you.

(c) We will only collect personal information that is necessary for one or more of our business functions or for a purpose outlined in this policy or otherwise disclosed to you.

(d) By providing your personal information to us, you acknowledge that you are authorised to provide such information to us.

3.2 Collection from you

(a) When we collect personal information directly from you, we will take reasonable steps to notify you (using a collection notice) at, before, or as soon as practicable after, the time of collection.

(b) As a collection notice is specific to a particular collection of personal information, it will provide more specific information about our information-handling practices than this policy.

(c) This policy is subject to any specific provisions contained in our collection notices and the terms and conditions of any offers, products and services. We therefore encourage you to read those provisions carefully.

3.3 Collection from an authorised representative

(a) When we collect your personal information from your authorised representative, we will take reasonable steps to make sure you are aware of the collection.

(b) If you provide us with personal information about another individual (as their authorised representative), we rely on you to:

 (i) inform them that you are providing their personal information to us; and
 (ii) advise them that they can contact us for further information.

(c) You must take reasonable steps to ensure the individual is aware of, and consents to, the matters outlined in this policy, including that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual's right to access that information, and who we are and how to contact us.

(d) Upon our request, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and provided to us.

4. How we use your personal information

4.1 Purposes of use and disclosure

(a) We only use and disclose your personal information for the purposes for which it is collected and any other purposes permitted by law.

(b) In particular, we use your personal information to:

 (i) provide you with our products or services, or the Site;
 (ii) analyse and assess your blood test results;
 (iii) determine if our products and services (including treatments) are suitable for you;
 (iv) consider andtake steps to optimize and improve your health;
 (v) accept bookings placed via the Site or any booking form, including processing your payment information, and providing you with invoices and/or booking confirmations;
 (vi) improve, develop and manage our products, services and the Site;
 (vii) operate, maintain, test and upgrade our systems;
 (viii) notify you of important changes to our Site; and
 (ix) notify you of opportunities and promotions we think you might be interested in, including new product or service offerings.

(c) We may also use your personal information:

 (i) to customize the advertising and content on our Site;
 (ii) to communicate with you and provide information that we think may interest or benefit you, including information about our products or services, the Site, offers, competitions, promotions, events and surveys we may runfromtimetotime;
 (iii) to charge and bill you for our products and services;
 (iv) to verify your identity;
 (v) to conduct fraud, risk reduction and creditworthiness checks;
 (vi) to perform research and analysis about our products, services andthe Site;
 (vii) to comply with regulatory or other legal requirements,
 (viii) for any purpose to which you have consented;
 (ix) for any other purpose notified to you atthetimeof collection.

(d) In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your personal information as part of the transaction, without your consent or notice to you.

4.2 Disclosure to third parties

(a) We may provide your personal information to:

 (i) our employees, related entities, business partners, contractors, suppliers and agents fromtimetotimeforthe purpose of delivering, providing and administering our products, services or Site; and
 (ii) third party service providers forthe purpose of performing functions on our behalf, but those service providers may not process or use such information for any other purpose. Examples of these third party service providers include pathology, blood test and IV providers, doctors and other medical referral parties, marketing and analysis organizations, financial and credit card institutions to process payments, billing providers and payment gateways, hosting companies, web developers, internet service providers, customer service providers, customer support specialists, research and data analysis firms, external business advisors (including auditors and lawyers) and our insurer,

(collectively, Authorised Affiliates).

(b) When we disclose your personal information to any of our Authorised Affiliates, we will use reasonable endeavors to ensure that they undertake to protect your privacy. These Authorised Affiliates are not permitted to use the information for any purpose other than the purpose for which they have been given access.

(c) Our Authorised Affiliates may also provide us with personal information collected from you. If you disclose personal information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, store, use and disclose your personal information.

(d) We may also disclose any personal information we consider necessary to comply with any applicable law, regulation, legal process, governmental request or industry code or standard.

4.3 Overseas disclosure

(a) Our Authorised Affiliates may be located in or outside Australia.

(b) Before we disclose your personal information overseas, we will take reasonable steps to ensure that our overseas Authorised Affiliate:

 (i) treats your personal information securely; and
 (ii) complies with the relevant APPs.

(c) By accessing, booking or using our products, services or Site, or providing your personal information to us, you explicitly and freely consent to the transfer of your personal information to our overseas Authorised Affiliates.

(d) If you do not wish to receive information from any of our Authorised Affiliates, please contact us.

4.4 Disclaimer

(a) We will not disclose your personal information to any third party (other than our Authorised Affiliates) without your written consent, unless:

 (i) we are required or authorized by law;
 (ii) we are permitted to under this policy; or
 (iii) such disclosure is, in our opinion, reasonably necessary to protect our rights orproperty, avoid injury to any person orensure the proper functioning of the Site.

(b) This policy only covers the use and disclosure of information we collect from you. The use of your personal information by any third party is governed by their privacy policies and is not within our control.

5. Storage and Security

5.1 Protecting your personal information

(a) We take reasonable steps in the circumstances to keep your personal information (including health information) safe and secure. We use a combination of technical, administrative, and physical controls to protect and maintain the security of your personal information (including health information).

(b) Our officers, employees, agents and third-party contractors are expected to observe the confidentiality of your personal information.

(c) Wherever possible, we procure that Authorised Affiliates who have access to your personal information take reasonable steps to:

 (i) protect and maintain the security of your personal information; and
 (ii) comply withthe relevant APPs when accessing andusing your personal information.

5.2 No guarantee

(a) The transmission of information via the internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee the security of any personal information transmitted through the Site.

(b) You provide your personal information to us at your own risk and to the extent permitted by law, we are not responsible for any unauthorized access to, and disclosure of, your personal information.

5.3 Destruction of personal information

(a) Subject to clause 5.3(b), we will destroy or de-identify personal information (including health information) where it is no longer required, unless we are required or authorized by law to retain the information.

(b) We will retain your Booking Information for our records, unless you request in writing that we delete this information.

5.4 Suspected data security

(a) We have a comprehensive data breach notification policy and response plan (Response Plan), which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may result.

(b) As part of the Response Plan, we will notify you as soon as practicable if we:

 (i) discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorized person orin any unauthorized manner;
 (ii) believe that you are likely to suffer serious harm as a result; and
 (iii) are unable to prevent the likely risk of harm.

(c) If you would like more information about our Response Plan, please contact us.

6. Direct Marketing

(a) We may use your personal information to send you information, including about our product and service offerings, where you have provided your consent (expressly or impliedly) for us to do so or we are permitted to do so by law.

(b) We may send this information to you via the communication channels specified at the time you provide your consent. These communication channels may include mail, email, SMS telephone, social media or by customizing online content and displaying advertising on our Site.

(c) These communications may continue, even after you stop using our products or services.

(d) You can opt out of receiving these communications by:

 (i) contacting us; or
 (ii) using the unsubscribe function in the email or SMS.

(e) You may re-subscribe at any time by re-registering.

7. Links to Other Sites from Our Site

(a) Our Site may contain hyperlinks or banner advertising to or from third party websites (including our third party service providers).

(b) We do not endorse any of these third parties, their products or services, or the content on these websites.

(c) These websites are not subject to our privacy standards, policies and procedures. Therefore, we recommend that you make your own enquiries about their privacy practices.

(d) We are in no way responsible for the privacy practices or content of these third party websites.

8. Cookies and Other Technologies

(a) We may collect information when you access and use our Site by utilizing features and technologies of your internet browser, including cookies, beacons, tags, scripts and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.

(b) The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the cookies installed on your device, the date and time (including time zone) of your visit, the pages you have accessed, the links which you have clicked on and the type of browser that you were using.

(c) We may use cookies, beacons, tags, scripts and similar technologies to:

 (i) enable us to identify you as a return user and personalize and enhance your experience anduseof our Site; and
 (ii) help us improve our service to you when you access our Site andto ensure that our Site remains easy touseand navigate.

(d) Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies.

(e) If you reject or disable our cookies or similar technologies, you may still use the Site but may only have limited functionality of the Site.

(f) We may also use your IP address to analyze trends, administer the Site and other websites we operate, track traffic patterns and gather demographic information.

(g) Your IP address and other personal information may be used for credit fraud protection and risk reduction.

9. Access

(a) We use our reasonable endeavors to keep your personal information accurate, up-to-date and complete.

(b) You have the right to access any personal information we hold about you, subject to some exceptions provided by law.

(c) You can access, or request that we correct, your personal information by writing to us. We may require proof of identity.

(d) If we do not allow you to access any part of your personal information, we will tell you why in writing.

(e) We will not charge you for requesting access to your personal information but may charge you for our reasonable costs in supplying you with access to this information.

10. Consent

You acknowledge and agree that we, our Authorised Affiliates and each of their officers, employees, agents and contractors are permitted to collect, store, use and disclose your personal information in accordance with this policy and the Privacy Act.

11. Changes to the Policy

(a) We may change this policy from time to time at our discretion.

(b) Any revised policy will be posted on our Site and will be effective from the time of posting.

(c) Your continued use of our products, services or the Site following the posting of any revised policy indicates your acceptance of the changes to the policy.

(d) You should regularly check and read the policy.

12. Further Information

Further information about Australian privacy law is available from the Office of the Australian Information Commissioner's website at www.oaic.gov.au.

13. Complaints

(a) If you have any issues about this policy or the way we handle your personal information, please contact us using the details above at section 1(e) and provide full details of your complaint and any supporting documentation.

(b) At all times, privacy complaints:

 (i) will be treated seriously;
 (ii) will be dealt with promptly;
 (iii) will be dealt within a confidential manner; and
 (iv) will not affect your existing obligations or your commercial arrangements with us.

(c) Our Privacy Officer will endeavor to:

 (i) respond to you within 10 business days; and
 (ii) investigate and attempt toresolve your concerns within 30 business days orany longer period necessary and notified to you by our Privacy Officer.