Australia Privacy Policy

Effective Date: May 2026

Applies to: Individuals in Australia

1. Introduction

Apreo Health, Inc. (“Apreo”, “we”, “us”, or “our”) is committed to protecting your personal information and handling it in a lawful, fair, and transparent manner. This Privacy Notice explains how we collect, use, share, transfer, and protect your personal information when you:

  • Visit our website or digital platforms
  • Participate in a clinical trial using Apreo technologies
  • Contact us for support or business purposes
  • Use or interact with our health technologies or services

This Notice also explains your privacy rights and how you can exercise them.

2. Who We Are

Apreo Health, Inc. is a US based medical technology company developing respiratory clinical devices. We work internationally with hospitals, clinical sites, regulators, research partners, and service providers.

For the purposes of the Privacy Act 1988 (Cth), Apreo is an “APP entity” and is responsible for determining the purposes for which personal information is collected and used.

Our details:
Apreo Health, Inc.
4040 Campbell Ave, Ste. 210
Menlo Park, CA 94025
United States
Email: dpo@apreohealth.com

3. Data Protection Legislation

We process personal information in accordance with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles set out in Schedule 1 to that Act

We apply a consistent privacy approach based on the core principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, security, and accountability.

Where required, we also comply with applicable clinical trial legislation and regulatory requirements relevant to medical devices and clinical research.

4. Personal Information We Collect

The types of personal information we collect depend on your relationship with us and how you interact with Apreo.

4.1 Personal Information You Provide Directly

  • Contact details, such as name, email address, phone number, role, and organisation
  • Account or login details, where applicable
  • Communications and correspondence
  • Information provided when you participate in or support clinical research, in line with approved study protocols

4.2 Health and Clinical Data

For clinical trial participants or users of our medical device, we may process:

  • Health, respiratory, or physiological data
  • Medical history relevant to study eligibility
  • Safety, adverse event, and vigilance information
  • Study documentation required for regulatory compliance

Health information is treated as Sensitive Information under the Privacy Act and is subject to enhanced legal, technical, and organisational safeguards.

4.3 Technical and Website Data

  • IP address and general location information
  • Cookie and analytics identifiers
  • Browser, device, and operating system information
  • Website usage and activity data

4.4 Professional and Business Related Data

  • Contact and professional details of investigators, site staff, vendors, and partners
  • Contractual, billing, and payment information
  • Due diligence, compliance, and credentialing records
  • Business communications and project management information

4.5 Information from Third Parties

  • Information provided by clinical sites, investigators, or research partners
  • Regulatory or safety documentation
  • Publicly available professional information where relevant

Please Note: In some circumstances, failure to provide personal information may mean that we are unable to enrol you in a clinical trial, provide services, comply with regulatory obligations, or respond to your enquiry.

5. How We Collect Personal Information

We collect personal information:

  • Directly from you
  • From clinical sites, investigators, and research partners
  • From service providers supporting our operations
  • From publicly available sources
  • Automatically through cookies and similar technologies on our website

Apreo does not use personal information in automated decision making processes that make, or are substantially and directly related to making, decisions that could significantly affect individuals’ rights or interests.

6. How We Use Your Personal Information

We only collect, use and disclose personal information where permitted under Australian privacy law and for defined purposes, including:

6.1 Clinical Research and Trials

  • Managing clinical trial participation and study records
  • Monitoring safety and adverse events
  • Analysing clinical outcomes and device performance based on clinical assessments
  • Meeting ethical, scientific, and regulatory requirements

6.2 Product Evaluation and Development

  • Assessing safety, efficacy, and performance during clinical investigations
  • Supporting scientific analysis and regulatory submissions
  • Improving device design based on aggregated clinical findings

6.3 Website and Communications

  • Responding to enquiries and requests
  • Providing professional or business related information
  • Improving website functionality and security

6.4 Business, Legal, and Security Purposes

  • Managing contracts, partners, and vendors
  • Protecting systems, data, and networks
  • Complying with legal, regulatory, and reporting obligations
  • Establishing, exercising, or defending legal claims

7. Use of Personal Information Under Australian Privacy Law

Apreo collects, uses and discloses personal information only where permitted by the Privacy Act 1988 (Cth) and the Australian Privacy Principles, including where:

  • You have provided consent, including express consent for health information
  • The collection, use or disclosure is reasonably necessary for Apreo’s functions or activities
  • The collection, use or disclosure is required or authorised by law, including applicable clinical trial, medical device, or regulatory requirements

Health information and other Sensitive Information is collected only in accordance with APP 3 and relevant clinical trial and research legislation, ethics approvals, and informed consent documentation.

Where personal information is used or disclosed for a purpose other than the primary purpose of collection, this will occur only where permitted by law or within reasonable expectations.

8. Cookies, Analytics and Tracking Technologies

Our website uses cookies and similar technologies to operate effectively and to understand how it is used. Cookies may include:

Necessary and Essential Cookies

These Cookies are essential to provide services and enable core Website features, including user authentication and fraud prevention, and without them, the requested services cannot be delivered.

Cookies Policy and Notice Acceptance Cookies

These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies

These Cookies remember your preferences, such as login details or language settings, to provide a more personalised experience and avoid you having to reenter them each time you use the Website.

Tracking and Performance Cookies

These Cookies are used to analyse website traffic, understand how users interact with the Website, and test new pages or features, and may involve information linked to a pseudonymous identifier associated with your device.

Where required, we seek your consent before placing non essential cookies. You can manage your cookie preferences through your browser settings. Further information is available in our Cookie Notice.

Our website may contain links to third party websites. We are not responsible for their content or privacy practices. Any personal information you provide to third party websites will be handled in accordance with their own privacy notices.

9. Who We Might Share Your Information With

We may share personal information with:

  • Clinical trial sites, investigators, and research partners
  • Service providers supporting our operations
  • Professional advisers, such as legal or audit advisers
  • Regulators or authorities, where required by law
  • Third parties, where necessary, to protect legal rights or prevent harm
  • A buyer or successor organisation in the event of a business transfer

Where appropriate, contractual and security safeguards are in place for data sharing.

10. How Long We Keep Your Information For

We retain personal information only for as long as necessary for the purposes described, in accordance with legal, regulatory, and contractual requirements. Clinical research and safety records may be retained for extended periods where required by medical device or research regulations.

11. How We Keep You Updated on Our Products and Services

We may contact you where necessary to manage our relationship with you, deliver our services, or meet legal or regulatory obligations. These communications are service related and are not marketing.

Where we send marketing or promotional communications, we comply with the Spam Act 2003 (Cth). You may opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us using the details in the Contact Us section.

We do not use health information for direct marketing purposes without your express consent, as required by APP 7.

12. Your Rights Over Your Information

Under Australian privacy law, you have the right to:

  • Request access to your personal information
  • Request correction of inaccurate, out of date, or incomplete information
  • Make a complaint if you believe your privacy has been misused

Some rights may be limited where processing is required for clinical research, public health, or legal obligations.

To exercise any of these rights, please contact us using the details in the Contact Us section below.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at:
https://www.oaic.gov.au

13. Security

We implement appropriate technical and organisational measures to protect personal information, including access controls, encryption where appropriate, monitoring, incident response procedures, and staff training.

14. International Transfers

Personal information may be disclosed to recipients located outside Australia, including in connection with clinical trials, research collaborations, and secure cloud services.

In accordance with APP 8, we take reasonable steps to ensure that overseas recipients do not breach the Australian Privacy Principles, including through contractual protections, due diligence, and security controls, or that an exception under APP 8 applies.

Where required, we provide notice and obtain consent for overseas disclosures that may carry additional risk.

15. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business, which may involve the sale and transfer of control of all or part of our business. Any personal information that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part, and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.

16. Contact Us

If you would like to exercise your privacy rights, ask a question, or raise a concern about how we handle your personal information, please contact our Data Protection Officer using the details below.

Data Protection Officer / Privacy Officer
Primary contact for all enquiries
Email: dpo@apreohealth.com

17. Changes to Our Privacy Notice

Thank you for taking the time to read our Privacy Notice. We may update this Privacy Notice from time to time. The most current version will always be available on our website.

This Notice was last updated on May 2026.