We collect and use information about you, your devices and interactions to improve our services. For more information about how we collect your personal information and our use of cookies on our website, please see our Privacy Policy.

Privacy Policy

This privacy policy (Privacy Policy) explains how Annalise-AI Pty Ltd (ACN 635 645 260) and our related entities (Annalise.ai, we, us or our) handle and manage your personal information we collect about you as a: 

• radiologist, radiology practice, medical imaging provider, hospital or clinical staff or other medical/health professional (Clinician) using or interested in using our AI-enabled medical imaging software (Platform) and/or referring Patient information/imaging to us; 

• patient of a Clinician or other medical and/or health practitioner using the Platform (Patient); 

• visitor to our website accessible at the domain annalise.ai (Website) and/or subscriber to our newsletter (Visitor); and/or 

• contracted service provider, business partner or health professional, medical specialist, hospital or clinical staff (Partner). 

We are bound by and adhere to the Privacy Act 1988 (Cth) and the Australian Privacy Principles under that Act (Privacy Act) and this Privacy Policy. 

By subscribing to our newsletter, registering to use the Platform, visiting the Website, using any of our services or otherwise providing us with any personal information you agree that you are 16 years of age or older and consent to our collection, use, holding and disclosure of your personal information in accordance with and as set out in this Privacy Policy. 

PROVIDING OTHER PEOPLE’S PERSONAL INFORMATION 

If you (whether as a Referring Health Professional, which is defined below, or otherwise) provide us with the personal information (including sensitive information) of another individual (e.g. a Patient), you warrant that you have complied with your obligations under the Privacy Act and relevant State and Territory legislation relating to the collection and disclosure to us of personal information, sensitive information and health records and have obtained the individual’s prior consent: (i) for you to disclose such to us; and (ii) to our collection, holding, use and disclosure of their personal information in accordance with this Privacy Policy (a copy of which you have provided/referred to the Patient). 

DEFINITIONS 

All terms used in this Privacy Policy that are defined in the Privacy Act have the meanings given to them in the Privacy Act. 

WHAT PERSONAL INFORMATION WE COLLECT, WHEN AND HOW 

For Clinicians (including Referring Health Professionals) 

As a Clinician, we collect your personal information either: 

• directly, when you supply, buy or register for products or services to or from us, request information about us or our products or services, provide feedback, respond to a survey, fill in a form or a request for services (including an application for an account with us), fill in a form on our Website (including a registration form to register as a Clinician) or otherwise provide it to us via the Website, over the phone, via email or in-person; or 

• from your employer or another Clinician who registers you with us on your behalf. 

We may collect personal information about you such as your name, gender, date of birth and contact details (including your address, phone numbers and emails, whether personal or for work), credit card, bank account or other details to facilitate payments. 

For Patients 

If you are a Patient or prospective Patient, we may be provided with and thus collect personal information (including sensitive/health information) about you as detailed below which will include a unique identification number which, while we cannot identify you from it, you can be identified from by your Referring Health Professional. However, the “Security Measures” (described below) operate such that it is extremely difficult for us to identify you, even if we wanted to. 

Subject to the Security Measures, Clinicians may refer (Referring Health Professionals) medical imaging and/or Patient studies to us for analysis (Information Package). Information that may be collected from Referring Health Professionals by Annalise.ai will include an identification number unique to you as a Patient (UID). 

Security Measures: Before the Information Package is sent by your Referring Health Professional to Annalise.ai, all identifying information, other than the UID, such as your name, address and date of birth, is stripped out and never given to us. That means that only your Referring Health Professional (and not us) has a record of your name, date of birth/age and sex and can link you to the UID. When the Information Package is sent from your Referring Health Professional to us it is also encrypted in transit using TLS 1.2 encryption (i.e. HTTPS). Even though we collect the UID as part of the Information Package and treat the collection of that Information Package as the collection of personal and health information (because the UID means the Referring Health Professional can re-identify it), once we hold the Information Package it is almost impossible for us (or any third party other than your Referring Health Professional) to re-identify, trace or connect it back to you as this requires access to a UID lookup tool that only your Referring Health Professional has access to. 

It is necessary that we use the UID as an identifier because this is how we can track multiple studies relating to the one individual over time (even though we do not know who that individual is). The ability to track, for example, changes in the growth of a tumour over time is very powerful in assisting your Referring Health Professional to make informed clinical diagnoses and decisions. If we did not use a UID we would have no way of knowing which medical images we receive are part of the same series or for the same person (even though we do not know the identity of the person to whom the UID relates). In addition, if we did not use a UID your Referring Health Professional would not be able to reliably verify that the results generated by Annalise.ai and returned to that Referring Health Professional belong to the same patient as on their system, which may lead to false diagnoses and undermine clinical decision-making. 

For Visitors 

As a Visitor we collect your personal information (such as your name, email address and phone number) if/when you provide it to us on the Website. We also use cookies on our Website, which are discussed below. 

For Partners 

We collect and hold personal information about individuals and individuals at businesses who supply goods and services to Annalise.ai and other individuals to facilitate our business activities and carry out our services. We may collect personal information about you such as your name, gender, date of birth and contact details (including your address, phone numbers and emails, whether personal or for work). 

For everyone 

We may also collect personal information about you via third parties including from our suppliers, merchants, direct mail, exhibition and trade events or online marketing. 

If you choose not to provide your personal information to us, we may not be able to undertake certain activities for you such as providing you with requested information, products or services. 

HOW WE USE YOUR PERSONAL INFORMATION 

For Clinicians (including Referring Health Professionals) 

As a Clinician/Referring Health Professional, we use the personal information that we collect about you for the purpose of managing our relationship with and providing the Platform and associated services to you, including: 

• to provide you with a trial of the Platform and associated services; 

• to provide after-sales support and helpdesk services; 

• to analyse and improve the Platform and other services we provide; 

• to provide you with a Clinician/Referring Health Professional account; and 

to manage your Clinician/Referring Health Professional account, including orders and payments, collecting overdue amounts, and managing fraud and risks. 

For Patients – Analysis and diagnosis 

The Information Package contains personal and health information when we collect it from your Referring Health Professional (specifically because it includes the UIDs) and it is treated as such by us (and your Referring Health Professional). However, the Security Measures we take mean it is not in an identifiable form to us (i.e. in our hands). Only your Referring Health Professional: (i) knows who the individual behind a UID is; and/or (ii) can find out your name, date of birth/age or sex from a UID. We use the Information Package for analysis and to assist diagnosis as requested by your Referring Health Professional. 

We perform AI-driven analysis on the medical image we receive from the Referring Health Professional as part of the Information Package using the UID to produce findings and associated observations without needing to know who the individual patient is. Our produced findings and associated observations may be used by your Referring Health Professional to assist their clinical decision-making. Our analysis may also highlight other relevant areas of interest for your Referring Health Professional to consider. Only your Referring Health Professional can link image findings and associated localisation information with you as an individual patient because only they have the UID lookup tool to ascertain your name, date of birth/age and sex from the UID. 

For Patients – Product development 

If we wish to undertake any research, product development purposes or to improve our AI model using your data we will de-identify your personal information and, only once de-identified, use the resulting de-identified datasets for such. When we say de-identify, as regards the Information Package, we mean that we will permanently delete or permanently de-identify all UIDs. Once de-identified, not even your Referring Health Professional (nor anyone else) will be able to look up who the de-identified information relates to via the UID or any other identifying information (as this will have been de-identified or removed). We have controls in place to ensure that the data is truly de-identified and cannot be re-identified prior to our use for these purposes. 

Occasionally we may share de-identified information with research institutions/bodies for academic and clinical research purposes but will only do so under strict contractual obligations governing their use of the de-identified data and prohibiting re-identification. 

For Visitors 

We use your personal information for the purposes set out in this Privacy Policy and for which you provide it to us as a Visitor. If you subscribe to our mailing list, we will use your contact details to provide you with news and updates about our company and our activities. If you send us a query via our Website, we will use your personal information to reply to your query. 

We may also use your personal information to: 

• personalise and customise your experiences on our Website; and 

• help us research the needs of our customers. 

Personal information may be collected through the use of “cookies” on our Website. Cookies are small text files that a website can use in order to recognise Visitors who revisit a website so as to facilitate their ongoing access to and use of the Website. They enable usage behaviour to be tracked and aggregate data to be compiled to facilitate more informative content on our Website. Typically, cookies involve the assigning of a unique number to the Visitor. You can prevent the use of cookies by setting up your web browser to block them. 

For Partners 

If you are a Partner we will use your personal information for our business and service dealings with you, including to contact you in relation to: 

• products or services we are ordering or receiving from you; and 

• to provide you with information, products or services you have requested. 

For everyone 

We may also use the personal information we collect about you: 

• to notify relevant organisations (such as medical insurers and/or legal advisors) of an incident/accident, including when a claim is made against Annalise.ai; 

• to undertake quality assurance activities, customer satisfaction surveys, statistical analysis and complaint handling; 

• to conduct research for the purposes of improving existing products or services or creating new products or services; 

• to provide you with ongoing information about us and our activities; 

• to allow us to provide third party information and offers in which we believe you may be interested; 

• to use aggregated or de-identified information for the purposes of data analysis, research and reporting; and/or 

• for other purposes as required or authorised by law. 

SHARING YOUR PERSONAL INFORMATION (DISCLOSURE) 

For Patients 

As a Patient, Annalise.ai will share your personal and health information with (because the persons noted below have the means to re-identify the information we send them using the UIDs): 

• your Referring Health Professional(s), employees and other health professionals in your Referring Health Professional’s clinic or hospital where they are working and any other health professional that your Referring Health Professional has asked us to share your personal information with; and 

• verified consultant medical specialists or other registered health professionals involved in your ongoing health care who have been requested to provide further advice on your medical condition. 

As noted above, the information reports and image findings we send back to your Referring Health Professional include UIDs. This allows your Referring Health Professional and the health professionals noted above with access to the UID lookup tool (but not us) to identify you. It is important that your Referring Health Professional can verify that information reports and image findings relate to you and not to another patient, otherwise they might give you incorrect reports/findings and/or make the wrong decisions for your care. 

For Visitors 

We may disclose your personal information to our Website host or service providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner. To the extent that we do share your personal information with a service provider, we would only do so if that party has agreed to comply with its obligations under the Privacy Act or our privacy standards as described in this Privacy Policy. 

For everyone 

We may share your personal information: 

• with our professional advisers (such as auditors and legal advisers); 

• with Annalise.ai’s related bodies corporate within our corporate group structure; and 

• for other purposes as required or authorised by law. 

You can contact the Annalise.ai Privacy Officer at the contact details below if you have any questions about the disclosure of your personal information. 

Annalise.ai will de-identify personal information to carry out evaluations of our service quality and timeliness, including providing the de-identified information to other parties to assist us with these activities. 

MARKETING COMMUNICATIONS 

For Clinicians (including Referring Health Professionals) 

If you are a Clinician/Referring Health Professional, we may use your personal information to provide you with direct marketing materials if you would reasonably expect us to or if you consent to receive direct marketing materials. We will seek your consent to provide you with direct marketing materials if we have obtained your personal information from a third party. Direct marketing material may include promotional material about us or the products or services we offer. 

We do not sell your personal information to third parties for marketing purposes. 

You may opt out of receiving direct marketing material by contacting us in any of the ways specified in the direct marketing materials. 

Please click ‘unsubscribe’ in any of our messages or inform us if you do not wish to receive marketing communication from us and we will remove you from our mailing list. 

ACCESS TO AND CORRECTION OF YOUR INFORMATION 

For everyone 

You may request access to personal information we hold about you, including reports of any imaging services provided by Annalise.ai. If you ask for a copy of a report of any imaging services provided by Annalise.ai, we may request personal information (such as your requesting doctor, date of birth, mobile number or email address) from you to verify your identity before providing the requested information. In some instances, charges may apply to provide copies. We will tell you about any costs before they are incurred. In some limited circumstances we may refuse your request but will provide you with our reasons. You may complain about our refusal (see ‘Complaints’ section below). 

Annalise.ai endeavours to ensure that the personal information we collect, use and disclose is accurate, up-to-date and complete. The accuracy and completeness of that information depends on the information you provide to us. Please let us know: 

• if there are any errors in the information we hold; and 

• of any changes to your information (such as your name, address, phone number or Medicare number). 

As regards the Information Package, we note that we have no way of ascertaining which information relates to you as we do not have access to the UID lookup tool and thus cannot connect a UID to your name, date of birth or address. We recommend, as regards the Information Package, that you contact your Referring Health Professional for access to or the correction of your personal information. 

DATA SECURITY 

We take reasonable steps (including the Security Measures) to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Records are held securely for future retrieval in accordance with applicable laws and good business practice. If Annalise.ai no longer needs, or is no longer required, to retain Personal Information, Annalise.ai will destroy or de-identify your personal information. 

In particular, we have security controls in place with our cloud provider including redundancy protection and monitoring, strict access controls, in-transit and at-rest encryption and industry-standard authentication protocols (in addition to the Security Measures). 

COMPLAINTS 

If you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this Privacy Policy, the APPs and/or the Privacy Act in respect of your personal information, or for any other queries, problems, complaints or communication in relation to this Privacy Policy, please send your complaint to the Annalise.ai Privacy Officer at the address below. The complaint will be investigated and a response will be sent to you as quickly as possible (generally within 30 days of our receipt of your complaint). If you are not satisfied with the response, you can contact the Office of the Australian Information Commissioner (OAIC). 

CONTACT DETAILS 

Annalise-AI Pty Ltd 

Attention: Privacy Officer 

Level 5, 24 York Street, Sydney NSW 2000, Australia 

Email: [email protected] 

FURTHER INFORMATION 

For further information about the Privacy Act or to make a complaint to the Privacy Commissioner, please see the website of the OAIC at www.oaic.gov.au. 

CHANGES TO THIS PRIVACY POLICY 

2020 Privacy Policy – effective 1 October 2020. From time to time we make changes to our policy, processes and systems in relation to how we handle your personal information, including to take into account new laws, regulations and technology. Please visit our website www.annalise.ai/privacy to obtain a copy of the latest version of this Privacy Policy at any time. Your continued use of the Platform and/or the Site, requesting our services or the provision by you of further personal information to us after this Privacy Policy has been revised will be deemed to be your acceptance of and consent to the revised Privacy Policy.