PRIVACY POLICY AND CONSENT FORM

(A) This Privacy Policy applies to the collection, use, and disclosure of personal information by Intelligent Screening Pty Ltd (ACN 615 110 917) trading as i-screen ("i-screen", "we," "us," "our"), a company registered under the laws of Australia and governed by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

(B) i-screen is responsible for managing personal information collected through its website www.i-screen.com.au (the "Website"), mobile applications, Platform, and related Services.

(C) Our Commitment: We are committed to protecting the privacy of all client information. i-screen provides wellness and educational services, clinical consultation services, and corporate health screening programs (the "Services") to individuals and businesses. These Services are delivered through various formats including online platforms, pathology testing coordination, AI-assisted health interpretations, GP consultations, and corporate wellness programs. In providing these Services, we handle personal and health information in compliance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

(D) Our Registered Office: 202/37 Barrack St, Perth WA 6000, Australia

(E) Postal Address: 202/37 Barrack St, Perth WA 6000, Australia

(F) Contact Information: admin@i-screen.com.au | 0290606208

(G) Health information (such as pathology results, medical history, or health questionnaire responses) is considered "sensitive information" under the Privacy Act and is afforded the highest level of protection. We will only collect and use it with your consent and as necessary for your care and wellness support.

(H) Questions or concerns about this Privacy Policy or the management of personal information may be directed to our Privacy Officer at admin@i-screen.com.au.

1. LEGAL AND REGULATORY FRAMEWORK

1.1 Privacy Act, APPs and Healthcare Standards

(a) As an Australian health service coordinator, i-screen adheres to the Privacy Act 1988 and the Australian Privacy Principles. The APPs set out standards for handling personal information throughout the entire information lifecycle from collection to disposal.

(b) In practice, this means we: (i) Operate with openness and transparency about data management (ii) Only collect information necessary for our Services with your consent (iii) Inform you about collection purposes and uses (iv) Use and disclose information only for expected purposes or with additional consent (v) Take steps to secure your information and allow you to access and correct it (vi) Comply with the Privacy Amendment (Notifiable Data Breaches) scheme

1.2 Healthcare Identifiers Act

We ensure our practices comply with the Healthcare Identifiers Act 2010 when using healthcare identifiers such as Medicare numbers or Individual Healthcare Identifiers (IHI). We only use such identifiers for purposes directly related to your healthcare management, identity verification, or processing Medicare/NDIS claims as required by law.

2. SCOPE OF CLIENTS AND SERVICES COVERED

This Privacy Policy applies to all individuals who engage with i-screen's Services, including:

(a) Individual wellness clients (self-funded or family-funded pathology testing and health screening) (b) Medicare-funded clients (those using Medicare rebatable services, CDM referrals, or GP consultations) (c) NDIS participants (clients receiving Services under the NDIS) (d) Insurance clients (workers' compensation, motor vehicle accident schemes) (e) Corporate clients and employees (participating in workplace wellness programs) (f) Clinical consultation clients (accessing GP or Dietitian/DNA consultations)

Note: If you are acting on behalf of a client (as a parent/guardian, case manager, or corporate representative), this policy also covers how we handle your personal details provided in that context.

3. COLLECTION OF PERSONAL AND HEALTH INFORMATION

3.1 Types of Personal Information Collected

We only collect personal information reasonably necessary to provide wellness and health screening services. The types of information we may collect include:

3.1.1 Identity and Contact Details (a) Legal name or consistent pseudonym (where permitted) (b) Date of birth (essential for result interpretation) (c) Address, phone number, email (d) Emergency contact information (e) Next of kin details

3.1.2 Health and Medical Information (f) Relevant health history and medical reports (g) Health questionnaire responses (h) Pathology test results and interpretations (i) Treatment notes and assessments (j) Family medical history (where relevant) (k) Information from other health professionals (with consent)

3.1.3 Financial and Funding Information (a) Medicare number (for rebatable services) (b) NDIS participant details and plan information (c) Insurance claim references (d) Payment information and transaction history (e) Corporate wellness program details

3.1.4 Account and Platform Information (a) Account activity data and preferences (b) Platform usage patterns and interactions (c) Communication preferences and history (d) Historical tracking data and trends

3.1.5 AI and Technology Data (a) Data processed through our AI interpretation systems (b) Algorithm inputs and outputs (reviewed by health professionals) (c) Platform analytics and performance data

3.2 How We Collect Information

3.2.1 Direct Collection (a) Through Account registration and service agreements (b) Via health questionnaires and assessment forms (c) During clinical consultations and health screenings (d) Through customer service interactions (e) Via our Website, mobile applications, and Platform (f) Through corporate wellness program enrollments

3.2.2 Third-Party Collection (with consent) (a) From Laboratory Partners providing test results (b) From referring healthcare providers (c) From corporate wellness program administrators (d) From NDIS support coordinators or plan managers (e) From insurance providers or case managers

3.2.3 Automated Collection (a) Website cookies and analytics data (b) Platform usage and interaction data (c) IP addresses and device information (d) Performance and system data

We collect information by lawful and fair means and will not do so in an unreasonably intrusive way. We provide clear notice about data collection at the time of collection and explain any consequences if information is not provided.

3.3 Eligibility and age restrictions

(a) The collection of personal information is neither intended for, nor directed to, persons who are under the age of eighteen (18) years old. Persons under age eighteen (18) may only use our Website with the involvement and consent of a parent or legal guardian.

(b) If you are under 18 years old, you must have a parent or legal guardian review and agree to this Privacy Policy on your behalf before you can use our Services.

4. USE OF INFORMATION (PURPOSE OF COLLECTION)

4.1 Primary Purposes

The primary purpose for collecting your information is to provide comprehensive wellness and health screening services, including:

4.1.1 Service Delivery (a) Coordinating pathology testing through Laboratory Partners (b) Providing AI-assisted health interpretations (reviewed by qualified professionals) (c) Delivering clinical consultations (GP, Dietitian/DNA services) (d) Managing corporate wellness programs (e) Facilitating medical imaging coordination (DEXA scans, calcium scoring) (f) Supporting historical tracking and trend analysis

4.1.2 Account and Communication Management (a) Creating and managing your Account (b) Scheduling appointments and sending reminders (c) Processing payments and managing subscriptions (d) Providing customer support and technical assistance (e) Sending service-related communications and updates

4.1.3 Health Professional Coordination (a) Sharing reports with referring healthcare providers (with consent) (b) Coordinating care within your treating team (c) Facilitating referrals to appropriate specialists (d) Supporting clinical decision-making and continuity of care

4.2 Secondary Purposes

We may use information for related secondary purposes that you would reasonably expect: 4.2.1 Quality Assurance and Improvement (a) Clinical audits and service quality reviews (b) AI system training and improvement (using de-identified data) (c) Platform development and enhancement (d) Customer satisfaction surveys and feedback collection

4.2.2 Regulatory and Compliance (a) Meeting reporting requirements to funding bodies (b) NDIS progress reporting and compliance (c) Medicare and insurance claim processing (d) Regulatory reporting and audit compliance

4.2.3 Research and Analytics (De-identified) (a) Population health trend analysis (b) Service effectiveness research (c) Health outcome studies (d) Platform performance analytics

We will seek additional consent for any use outside these expected purposes.

5. DISCLOSURE OF INFORMATION (SHARING WITH OTHERS)

5.1 Within Your Care Team

We may share relevant information with members of your healthcare team to coordinate care: (a) Referring doctors and specialists (b) NDIS support coordinators and case managers (c) Insurance case managers and rehabilitation providers (d) Corporate wellness program administrators (aggregate data only) (e) Other healthcare providers involved in your care (with explicit consent)

5.2 Laboratory Partners and Service Providers

5.2.1 Independent Laboratory Partners (a) Healius Pathology Pty Ltd (and associated brands) (b) Nutripath Integrative Pathology Services (c) Australian Clinical Labs (d) Douglass Hanly Moir Pathology (e) OmegaQuant LLC (f) GlycanAge (g) myDNA (h) true.me (i) Other NATA-accredited laboratories as listed on our Website

We share necessary identification and health information with Laboratory Partners to facilitate testing services. These are independent entities with their own privacy obligations.

5.3 Funding Bodies and Government Agencies

5.3.1 NDIS and Disability Services (a) National Disability Insurance Agency (NDIA) (b) NDIS Quality and Safeguards Commission (c) Plan managers and support coordinators

5.3.2 Medicare and Government Services (a) Medicare Australia (for rebatable services) (b) Department of Health (as required) (c) Australian Taxation Office (for business compliance)

5.3.3 Insurance Providers (a) Workers' compensation insurers (b) Motor vehicle accident schemes (c) Private health insurers (with consent)

5.4 Required or Permitted by Law

We may disclose information without consent when: (a) Required by court order or subpoena (b) Mandated by law (e.g. reportable incidents, public health requirements) (c) Necessary to prevent serious threat to life, health, or safety (d) Required for law enforcement investigations (e) Needed to protect our legal rights or property

5.5 Corporate Reporting and De-identified Data

5.5.1 Corporate Wellness Programs Individual employee health information remains strictly confidential. Employers receive only: (a) Aggregate, de-identified statistical reports (b) General workforce health trends (c) Comparative analyses and benchmarking (d) Wellness program effectiveness metrics

5.5.2 Health Data Analytics We may provide de-identified Health Data to third parties for: (a) Population health research (b) Healthcare trend analysis (c) Service development and improvement (d) Academic research partnerships

6. THIRD-PARTY SERVICE PROVIDERS AND INTERNATIONAL DATA PROCESSING

6.1 Technology and Platform Providers

6.1.1 Practice Management and Communication (a) Platform hosting and maintenance providers (b) Cloud storage and backup services (c) Payment processing providers (Braintree, PayPal) (d) Email and communication services (e) Customer support platforms

6.1.2 AI and Analytics Services (a) Various AI platforms and technologies for health interpretation (b) Data analytics and reporting tools (c) Machine learning and algorithm providers (d) Third-party health databases and reference libraries

6.2 International Data Processing and Storage

Your personal information may be processed, stored, or accessed by our operational and technology contractors located in:

6.2.1 Primary Locations (a) United Kingdom: Operational staff and shared services with access to data (b) Singapore: Technical support and system maintenance services (c) Indonesia: Software development and operational support

6.2.2 Cloud Service Locations Data may also be stored or processed through cloud service providers with servers in various international locations, including the United States and other countries where our technology partners operate.

6.2.3 Safeguards for International Transfers Before any international transfer, we ensure: (a) Appropriate contractual protections are in place (b) Data protection standards equivalent to Australian privacy law (c) Security requirements and compliance obligations (d) Regular monitoring and audit of international partners

6.3 Health Data Analytics and Commercial Use

We may perform data analytics on de-identified health and sensitive information that we collect for health and lifestyle trends (Health Data). This de-identified Health Data may be provided, by way of sale or otherwise, to third parties for research, population health analysis, and service development purposes.

6.3.1 Third-Party Health Data Safeguards (a) All third-party recipients must enter into binding contractual agreements that: (i) Strictly prohibit any attempt to re-identify de-identified data. (i) Require maintenance of secure data environments with encryption and access controls. (ii) Limit data use to specified research or analytical purposes only. (iii) Prohibit further sale, transfer, or sharing without our explicit written consent. (iv) Mandate secure deletion of data after specified retention periods. (v) Require regular security audits and compliance reporting. (vi) Include financial penalties for contractual breaches.

(b) De-identification processes include removal of direct identifiers and statistical disclosure control methods to minimize re-identification risk.

(c) We conduct ongoing monitoring and audit of third-party compliance with these contractual obligations.

(d) Third parties must demonstrate equivalent or superior privacy and security standards to Australian requirements.

6.4 AI Technology Providers

We utilise various artificial intelligence platforms and technologies, which may include: (a) Third-party AI interpretation systems (b) Machine learning platforms for data analysis (c) Natural language processing services (d) Health database and reference services

All AI-generated content undergoes mandatory review by qualified Australian health professionals before release to users.

7. CONSENT AND ACTIVE AGREEMENT

7.1 Consent Framework

Because we handle sensitive health information, consent is fundamental to our service delivery. Under Australian privacy law, we require your consent to collect and use health information unless an exception applies.

7.1.1 Integrated Consent Process This Privacy Policy serves as both a privacy notice and consent mechanism. By: (a) Creating an Account on our Platform (b) Using our Services (c) Signing our Service Agreement (d) Submitting health questionnaires or forms You actively consent to our collection, use, and disclosure of your personal information as outlined in this policy.

7.2 What You're Consenting To

7.2.1 Data Collection and Use (a) Collection of personal and health information for service delivery (b) Processing of information through our AI systems (with professional review) (c) Storage of information in secure systems and cloud platforms (d) Use of information to coordinate care and provide wellness services

7.2.2 Information Sharing (a) Sharing with Laboratory Partners for testing services (b) Communication with your healthcare team (with explicit consent) (c) Reporting to funding bodies (NDIS, Medicare, insurance providers) (d) Processing through third-party technology providers (e) International data processing with appropriate safeguards

7.2.3 Service Enhancement (a) Use of de-identified data for service improvement (b) AI system training and development (c) Quality assurance and audit activities (d) Research and analytics (anonymised data only)

7.3 Informed and Voluntary Consent

(a) Your consent must be: (i) Informed: You understand what you're agreeing to (ii) Voluntary: No pressure or coercion (iii) Current: Up-to-date and relevant to our current practices (iv) Specific: Related to the particular uses described

(b) We avoid "bundling" unnecessary consents and provide genuine choices for optional services.

7.4 Withdrawing or Modifying Consent

7.4.1 Your Right to Withdraw You may withdraw consent at any time by contacting our Privacy Officer. This may affect our ability to provide certain services.

7.4.2 Modification of Consent You can modify consent for specific uses (e.g., stopping information sharing with particular providers) while maintaining consent for core services.

7.4.3 Process for Changes (a) Written or verbal request to our team (b) Immediate cessation of affected activities (c) Clear explanation of any service limitations (d) No penalty for withdrawal decisions

8. ARTIFICIAL INTELLIGENCE TECHNOLOGY AND LIMITATIONS

8.1 AI Implementation in Our Services

8.1.1 AI-Assisted Health Interpretations We utilise sophisticated AI and machine learning technologies to assist in analysing pathology results and generating preliminary health insights. Our AI systems: (a) Process biomarker data using multiple health information sources (b) Generate educational content about test results (c) Identify patterns and trends in health data (d) Provide risk assessments and wellness recommendations

8.1.2 Professional Review Process All AI-generated content undergoes mandatory review by qualified Australian health professionals who: (a) Verify accuracy and clinical appropriateness (b) Modify or reject inappropriate AI recommendations (c) Ensure compliance with professional standards (d) Maintain final authority over all interpretations

8.2 AI Limitations and Risks

8.2.1 Known Limitations You acknowledge that AI systems have inherent limitations: (a) May exhibit bias based on training data (b) Cannot account for individual medical history or circumstances (c) May produce inconsistent responses to similar inputs (d) Cannot detect errors in data entry or processing (e) May occasionally "hallucinate" or provide incorrect information

8.2.2 Individual Circumstances AI interpretations cannot consider: (a) Your complete medical history (b) Current medications and treatments (c) Recent health changes or symptoms (d) Family history and genetic factors (e) Lifestyle factors and personal circumstances (f) Social determinants of health

8.3 Educational Nature of AI Content

8.3.1 Not Medical Advice Despite AI processing and professional review, all interpretations remain: (a) General educational information (b) Intended to enhance biomarker understanding (c) Designed to facilitate healthcare discussions (d) Not personalised medical advice or recommendations (e) Not substitutes for professional healthcare consultations

Your Responsibilities: You must discuss all results and interpretations with qualified healthcare professionals who can provide clinical context based on your complete health profile.

9. DATA SECURITY AND STORAGE

9.1 Security Measures

9.1.1 Technical Safeguards (a) End-to-end encryption for data transmission (b) Secure cloud storage with encryption at rest (c) Multi-factor authentication for system access (d) Regular security audits and vulnerability assessments (e) Up-to-date firewalls and intrusion detection systems (f) Secure backup and disaster recovery procedures

9.1.2 Administrative Safeguards (a) Staff training on privacy and security obligations (b) Confidentiality agreements for all personnel (c) Access controls based on need-to-know principles (d) Regular privacy and security training updates (e) Incident response and breach notification procedures (f) Vendor management and third-party security requirements

9.1.3 Physical Safeguards (a) Controlled access to facilities and systems (b) Secure storage of any physical documents (c) Secure disposal of electronic devices and media (d) Environmental controls for data centers (e) Monitoring and logging of physical access

9.2 Data Breach Response

9.2.1 Breach Prevention We implement comprehensive measures to prevent unauthorised access, but no system is 100% secure.

9.2.2 Response Procedures In the event of a data breach: (a) Immediate containment and assessment (b) Investigation of scope and impact (c) Notification to affected individuals (as required by law) (d) Reporting to relevant authorities (OAIC) (e) Implementation of remedial measures (f) Review and improvement of security measures

9.2.3 Your Rights You will be promptly notified of any serious data breach affecting your information, including: (a) Nature and scope of the breach (b) Potential risks and impacts (c) Steps taken to address the breach (d) Recommended protective actions (e) Contact information for further assistance

10. DATA RETENTION AND DESTRUCTION

10.1 Retention Periods

10.1.1 Health Records As a health service coordinator, we retain health information according to: (a) Australian health records legislation requirements (b) Professional standards and guidelines (c) Minimum 7 years from last service date (adults) (d) Until age 25 for minor clients (e) Longer periods where required by law

10.1.2 Account and Transaction Data (a) Account information for active service periods (b) Payment records for taxation and audit requirements (c) Communication records for service continuity (d) Platform usage data for service improvement

10.1.3 Corporate and Employment Records (a) Employee wellness data according to workplace requirements (b) Corporate reporting data for contract periods (c) Aggregate analytics for business planning

10.2 Secure Destruction

10.2.1 Electronic Data (a) Secure deletion using certified methods (b) Overwriting of storage media (c) Destruction of backup copies (d) Certificate of destruction where required

10.2.2 Physical Records (a) Secure shredding of paper documents (b) Professional destruction services (c) Secure disposal of electronic devices (d) Chain of custody documentation

10.3 Data Minimisation We actively minimise data retention by: (a) Regular review of stored information (b) Automatic deletion of unnecessary data (c) De-identification of research data (d) Secure archiving of required records

11. ACCESS TO INFORMATION AND CORRECTIONS

11.1 Your Right to Access

11.1.1 What You Can Access (a) All personal information we hold about you (b) Details of how information has been used (c) Information about disclosures to third parties (d) Correction history and audit trails

11.1.2 Access Process (a) Submit written request to Privacy Officer (b) Identity verification (for security) (c) Response within 30 days (d) Information provided in requested format (e) No fee for standard requests

11.2 Correction Rights

11.2.1 When to Request Corrections (a) Information is inaccurate or out-of-date (b) Records contain errors or omissions (c) Personal details have changed (d) Health information is incorrect

11.2.2 Correction Process (a) Submit correction request with supporting evidence (b) Investigation and verification of changes (c) Updates made to relevant systems (d) Notification of changes to relevant third parties (e) Documentation of correction history

11.3 Limitations on Access

11.3.1 Rare Exceptions Access may be limited if: (a) Serious threat to life, health, or safety (b) Unreasonable impact on others' privacy (c) Frivolous or vexatious requests (d) Legal proceedings or investigations (e) Law enforcement requirements

Written explanation provided for any access limitations.

11.4 Third-Party Website Links

(a) Our Website may contain links to the websites of other organisations which may be of interest to you. Their inclusion cannot be taken to imply any endorsement or validation by us of the content of the third party website.

(b) Linked websites are responsible for their own privacy practices, and you should check those websites for their respective privacy policies, practices or statements. We are not responsible, nor do we accept any liability, for the conduct of organisations linked to our Website.

12. CORPORATE SERVICES AND EMPLOYEE PRIVACY

12.1 Employee Privacy Protection

12.1.1 Individual Confidentiality (a) Employee health information never disclosed to employers (b) Individual test results remain strictly confidential (c) No identification of specific employees in reporting (d) Complete control over personal health data sharing

12.1.2 Aggregate Reporting Only Employers receive only: (a) De-identified statistical summaries (b) General workforce health trends (c) Comparative industry benchmarking (d) Wellness program effectiveness metrics (e) Population-level insights and recommendations

12.2 Employee Rights and Choices

12.2.1 Voluntary Participation (a) No requirement to participate in wellness programs (b) Individual choice in sharing personal results (c) Opt-out options for all corporate communications (d) No employment consequences for non-participation

12.2.2 Data Control (a) Individual access to personal health data (b) Choice in healthcare provider communications (c) Control over follow-up services and referrals (d) Right to withdraw from corporate programs

12.3 Corporate Client Obligations

12.3.1 Privacy Protection Requirements Corporate clients must: (a) Respect employee privacy choices (b) Not request individual health information (c) Use aggregate data responsibly (d) Comply with workplace privacy laws (e) Support employee wellness voluntarily

13. CONSENT FOR SPECIFIC SERVICES

13.1 Clinical Consultation Services

13.1.1 GP Consultations By booking GP consultation services, you consent to: (a) Sharing relevant health information with the consulting physician (b) Potential diagnoses and medical recommendations (c) Prescription services and specialist referrals (d) Follow-up communications and care coordination

13.1.2 Dietitian/DNA Consultations Consent includes: (a) Review of genetic and nutritional data (b) Personalised dietary and lifestyle recommendations (c) Coordination with other healthcare providers (d) Ongoing support and follow-up services

13.2 AI-Assisted Interpretations

13.2.1 AI Processing Consent You consent to: (a) Processing of your health data through AI systems (b) Generation of preliminary interpretations and insights (c) Professional review and modification of AI content (d) Use of anonymised data for AI system improvement

13.2.2 Understanding AI Limitations You acknowledge: (a) AI interpretations are educational, not medical advice (b) Professional review does not guarantee accuracy (c) Individual circumstances may not be considered (d) Healthcare professional consultation is recommended

13.3 Corporate Wellness Programs

13.3.1 Employee Participation Participation in corporate wellness programs is voluntary and subject to the employee’s informed and independent consent. Employers or corporate representatives cannot provide consent on behalf of employees for the collection, use, or disclosure of their personal or health information. Consent must be given by the employee directly through their personal engagement with i-screen’s platform or services and must comply with the Australian Privacy Principles.

Consent covers: (a) Health screening and assessment participation (b) Aggregate data inclusion in corporate reporting (c) Wellness program communications and resources (d) Optional follow-up services and referrals

13.3.2 Data Usage Understanding that: (a) Individual results remain confidential and are never disclosed to employers (b) Aggregate data helps improve workplace wellness (c) Participation is voluntary and can be withdrawn (d) No individual identification in corporate reports or analytics

14. BUSINESS TRANSFERS AND CORPORATE TRANSACTIONS

If we merge with, or are acquired by, another company or organisation, or sell all or a portion of our assets, you consent to your personal information being disclosed to our advisers and any prospective purchaser or any prospective purchaser's adviser. Your personal information may be among the assets transferred in such transactions. However, personal information will always remain subject to this Privacy Policy or a privacy policy with substantially equivalent terms. You will be notified via email and/or prominent notice on our Website of any change in ownership or control of your personal information.

15. YOUR LEGAL RIGHTS

15.1 Privacy Rights Under Australian Law

15.1.1 Access Rights (a) Request copies of personal information held (b) Understand how information is used and disclosed (c) Receive information in accessible formats (d) Access correction and update history

15.1.2 Correction Rights (a) Request correction of inaccurate information (b) Add statements about disputed information (c) Have corrections communicated to relevant third parties (d) Receive confirmation of corrections made

15.1.3 Erasure Rights (a) Request deletion of unnecessary personal information (b) Have information removed when no longer required (c) Request anonymisation of research data (d) Understand retention requirements and limitations

15.1.4 Limitations on Information Deletion (a) While we will delete your personal information upon request where legally permissible, we are not responsible for removing your personal information from the lists of any third party who has previously been provided your information in accordance with this Privacy Policy. These third parties may include, but are not limited to, the following reference laboratories and service providers who have their own data retention obligations:

(i) Healius Pathology Pty Ltd (ii) Nutripath Integrative Pathology Services (iii) OmegaQuant LLC (iv) Douglass Hanly Moir Pathology (v) Australian Clinical Laboratories (vii) myDNA (viii) other accredited laboratories we may use from time to time

(b) You may need to contact these third parties directly to request deletion of your information from their systems.

15.2 Complaint and Review Rights

15.2.1 Internal Complaints (a) Lodge complaints about privacy practices (b) Request investigation of privacy concerns (c) Receive written responses to complaints (d) Have complaints escalated if unsatisfied

15.2.2 External Review (a) Complain to Office of Australian Information Commissioner (OAIC) (b) Seek independent review of privacy practices (c) Access mediation and conciliation services (d) Pursue legal remedies where appropriate

15.3 Consent Management Rights

15.3.1 Consent Control (a) Withdraw consent for specific uses (b) Modify consent for particular services (c) Understand consequences of consent withdrawal (d) Receive clear explanations of consent requirements

15.3.2 Choice and Control (a) Opt-out of marketing communications (b) Choose pseudonymous service options (where available) (c) Control information sharing preferences (d) Access alternative service arrangements

16. OPT-OUT RIGHTS AND PREFERENCES

16.1 Communication Preferences

16.1.1 Marketing and Newsletters (a) Opt-out of promotional communications (b) Unsubscribe from newsletters and updates (c) Choose communication frequency preferences (d) Select preferred communication channels

16.1.2 Service Communications Essential service communications cannot be opted out but you can: (a) Choose delivery method preferences (b) Update contact information (c) Request accessible formats (d) Designate preferred contacts

16.2 Data Usage Preferences

16.2.1 Research and Analytics (a) Opt-out of de-identified research participation (b) Exclude data from aggregate analytics (c) Choose not to participate in service improvement (d) Request removal from marketing databases

16.2.2 AI System Improvement (a) Opt-out of AI training data inclusion (b) Request non-AI interpretation services where available (c) Choose traditional interpretation methods (d) Access alternative service arrangements

16.3 Service Participation Choices

16.3.1 Corporate Programs (a) Withdraw from workplace wellness programs (b) Opt-out of corporate communications (c) Choose individual service arrangements (d) Request confidential service delivery

16.3.2 Third-Party Sharing (a) Limit information sharing with healthcare providers (b) Choose specific consent for each disclosure (c) Opt-out of certain Laboratory Partner communications (d) Control referral and follow-up services

17. COMPLAINTS AND FEEDBACK

17.1 Internal Complaint Process

17.1.1 How to Complain Contact our Privacy Officer at: (a) Email: admin@i-screen.com.au (b) Phone: (c) Mail: Information to Include (a) Description of privacy concern (b) Dates and circumstances involved (c) Desired resolution or outcome (d) Supporting documentation if available

17.2 Investigation Process

17.2.1 Our Response (a) Acknowledgment within 48 hours (b) Investigation within 30 days (c) Written response with findings (d) Implementation of corrective measures (e) Follow-up to ensure satisfaction

17.2.2 Resolution Options (a) Correction of information or practices (b) Policy updates and improvements (c) Staff training and education (d) System enhancements for prevention (e) Compensation where appropriate

17.3 External Complaints

17.3.1 Office of Australian Information Commissioner (OAIC) (a) Website: www.oaic.gov.au (b) Phone: 1300 363 992 (c) Mail: GPO Box 5218, Sydney NSW 2001

17.3.2 When to Contact OAIC (a) Unsatisfied with our internal response (b) Serious privacy breaches (c) Systemic privacy issues (d) Need for independent review

18. CONTACT INFORMATION

18.1 Privacy Officer Contact

17.1.1 Primary Contact (a) Email: admin@i-screen.com.au (b) Phone: 0290606208 (c) Mail: PO Box 8441, South Perth WA 6151

18.2 Business Contact Information

18.2.1 Intelligent Screening Pty Ltd trading as i-screen (a) ACN: 615 110 917 (b) Registered Office: 202/37 Barrack St, Perth WA 6000 (c) Website: www.i-screen.com.au

18.3 Response Timeframes

(a) General Inquiries: 2-5 business days (b) Privacy Complaints: 30 days maximum (c) Access Requests: 30 days maximum (d) Correction Requests: 30 days maximum (e) Urgent Matters: 24-48 hours

19. POLICY UPDATES AND CHANGES

19.1 Policy Review

This Privacy Policy is reviewed regularly and updated as necessary to reflect: (a) Changes in services and technology (b) Updates to privacy laws and regulations (c) Improvements in privacy practices (d) Feedback from clients and stakeholders

19.2 Notification of Changes

19.2.1 Material Changes (a) 30 days advance notice via email (b) Prominent notice on Website and Platform (c) Clear explanation of changes and impacts (d) Opportunity to review and provide feedback (e) Option to withdraw consent if unsatisfied

19.2.2 Minor Changes (a) Notice on Website and Platform (b) Inclusion in next service communication (c) Updated policy available online (d) No impact on existing service arrangements

19.3 Consent to Changes

19.3.1 Ongoing Consent Continued use of our Services after policy updates constitutes acceptance, except for material changes requiring active consent.

19.3.2 Active Consent Required for (a) Significant changes to data uses (b) New third-party sharing arrangements (c) Changes to international data processing (d) Modifications to consent withdrawal rights

20. FINAL ACKNOWLEDGMENTS

20.1 Policy Integration

This Privacy Policy forms an integral part of our Terms and Conditions and Service Agreements. All related documents should be read together for complete understanding of our privacy practices.

20.2 Governing Law

This Privacy Policy is governed by Australian privacy law, including the Privacy Act 1988 (Cth) and applicable state and territory legislation.

20.3 Contact for Clarification

If any aspect of this Privacy Policy requires clarification or if you need assistance understanding your rights and choices, please contact our Privacy Officer who will provide explanation in accessible formats.

Last Updated: 20th August 2025 Effective Date: This Privacy Policy is effective immediately for all new users and upon next service use for existing users.

By creating an Account, using our Services, or engaging with our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein.