What We Do
Collection Centres
FAQ
Practitioner Portal
Search Health Tests
i-screen logo

Our Privacy Policy

Your privacy is important to us. We take security very seriously and are committed to protecting your personal information.
illustration of speech bubbles
This Privacy Policy regulates how www.i-screen.com.au (i-screen, our Website, us, our, we) uses, stores and protects your personal information.
This Privacy Policy is an integral part of our Terms and Conditions. All capitalised terms used in this Privacy Policy have a similar meaning given to them in the Terms and Conditions, unless otherwise stated.
By using our Website in any way, or by receiving Services from us, you agree to be bound by this Privacy Policy.

PRIVACY POLICY AND CONSENT FORM

(A) This Privacy Policy applies to the collection, use, and disclosure of personal information by Intelligent Screening Pty Ltd (ACN 615 110 917) trading as i-screen ("i-screen", "we," "us," "our"), a company registered under the laws of Australia and governed by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs"). (B) i-screen is responsible for managing personal information collected through its website www.i-screen.com.au (the "Website"), mobile applications, Platform, and related Services. (C) Our Commitment: We are committed to protecting the privacy of all client information. i-screen provides wellness and educational services, clinical consultation services, and corporate health screening programs (the "Services") to individuals and businesses. These Services are delivered through various formats including online platforms, pathology testing coordination, AI-assisted health interpretations, GP consultations, and corporate wellness programs. In providing these Services, we handle personal and health information in compliance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). (D) Our Registered Office: 202/37 Barrack St, Perth WA 6000, Australia (E) Postal Address: PO Box 8441, South Perth WA 6151, Australia (F) Contact Information: admin@i-screen.com.au | 0290606208 (G) Health information (such as pathology results, medical history, or health questionnaire responses) is considered "sensitive information" under the Privacy Act and is afforded the highest level of protection. We will only collect and use it with your consent or as otherwise permitted or required by law and as necessary for your care and wellness support. We do not use identifiable health information to send you third-party marketing. We only use sensitive health information for your care, wellness support, compliance, or other purposes permitted by law and described in this policy. (H) Questions or concerns about this Privacy Policy or the management of personal information may be directed to our Privacy Officer at admin@i-screen.com.au.

OUR GROUP OF BRANDS

This Privacy Policy applies to Intelligent Screening Pty Ltd (ACN 615 110 917) trading as i-screen and the following related entities and brands within our group:

  • i-screen Australia (www.i-screen.com.au)
  • i-screen New Zealand (www.i-screen.co.nz)
  • i-screen Singapore (www.i-screen.sg)
  • healthily UK (www.healthily.co.uk)
  • i-screenPets (www.i-screenPets.com.au) — pet wellness and screening services

Where we refer to "our group", "related entities", or "related brands" in this Privacy Policy, we mean the entities and brands listed above. Each brand may collect and use your personal information as described in this policy. We do not use identifiable health information across brands for marketing purposes.

1. LEGAL AND REGULATORY FRAMEWORK

1.1 Privacy Act, APPs and Healthcare Standards

(a) As an Australian health service coordinator, i-screen adheres to the Privacy Act 1988 and the Australian Privacy Principles. The APPs set out standards for handling personal information throughout the entire information lifecycle from collection to disposal.

(b) In practice, this means we: (i) Operate with openness and transparency about data management (ii) Only collect information necessary for our Services with your consent (iii) Inform you about collection purposes and uses (iv) Use and disclose information only for expected purposes or with additional consent (v) Take steps to secure your information and allow you to access and correct it (vi) Comply with the Privacy Amendment (Notifiable Data Breaches) scheme

1.2 Healthcare Identifiers Act

We ensure our practices comply with the Healthcare Identifiers Act 2010 when using healthcare identifiers such as Medicare numbers or Individual Healthcare Identifiers (IHI). We only use such identifiers for purposes directly related to your healthcare management, identity verification, or processing Medicare/NDIS claims as required by law.

2. SCOPE OF CLIENTS AND SERVICES COVERED

This Privacy Policy applies to all individuals who engage with i-screen's Services, including:

(a) Individual wellness clients (self-funded or family-funded pathology testing and health screening)

(b) Medicare-funded clients (those using Medicare rebatable services, CDM referrals, or GP consultations)

(c) NDIS participants (clients receiving Services under the NDIS)

(d) Insurance clients (workers' compensation, motor vehicle accident schemes)

(e) Corporate clients and employees (participating in workplace wellness programs)

(f) Clinical consultation clients (accessing GP or Dietitian/DNA consultations)

Note: If you are acting on behalf of a client (as a parent/guardian, case manager, or corporate representative), this policy also covers how we handle your personal details provided in that context.

3. COLLECTION OF PERSONAL AND HEALTH INFORMATION

3.1 Types of Personal Information Collected

We only collect personal information reasonably necessary to provide wellness and health screening services. The types of information we may collect include:

3.1.1 Identity and Contact Details (a) Legal name or consistent pseudonym (where permitted) (b) Date of birth (essential for result interpretation) (c) Address, phone number, email (d) Emergency contact information (e) Next of kin details

3.1.2 Health and Medical Information (f) Relevant health history and medical reports (g) Health questionnaire responses (h) Pathology test results and interpretations (i) Treatment notes and assessments (j) Family medical history (where relevant) (k) Information from other health professionals (with consent)

3.1.3 Financial and Funding Information (a) Medicare number (for rebatable services) (b) NDIS participant details and plan information (c) Insurance claim references (d) Payment information and transaction history (e) Corporate wellness program details

3.1.4 Account and Platform Information (a) Account activity data and preferences (b) Platform usage patterns and interactions (c) Communication preferences and history (d) Historical tracking data and trends

3.1.5 AI and Technology Data (a) Data processed through our AI interpretation systems (b) Algorithm inputs and outputs (reviewed by health professionals) (c) Platform analytics and performance data

3.1.6 Third-party contact details you provide (gifts, referrals and administrative contacts) If you provide us with another person’s contact details (for example, to send a gift, to refer someone, or as an administrative/corporate contact), you confirm you have authority to provide those details.

Gift purchases: If you order a test or service as a gift, we may use the recipient’s email address (and any message you include) to deliver the gift notification, redemption instructions, and any necessary service-related communications about the gift (for example, reminders that the gift is available to redeem). We will not use the recipient’s email address to send marketing communications unless the recipient separately subscribes or otherwise consents.

We will use third-party contact details only for the purpose you provided them and in accordance with this Privacy Policy. If we send any optional promotional communication, the recipient will be provided with a simple way to opt out.

3.2 How We Collect Information

3.2.1 Direct Collection (a) Through Account registration and service agreements (b) Via health questionnaires and assessment forms (c) During clinical consultations and health screenings (d) Through customer service interactions (e) Via our Website, mobile applications, and Platform (f) Through corporate wellness program enrollments (g) Where you choose to subscribe to newsletters, updates, alerts, or other communications (h) When you enter promotions, competitions, or participate in marketing campaigns we run (i) When you request information about offers, events, new services, or educational content

3.2.2 Third-Party Collection (with consent) (a) From Laboratory Partners providing test results (b) From referring healthcare providers (c) From corporate wellness program administrators (d) From NDIS support coordinators or plan managers (e) From insurance providers or case managers

3.2.3 Automated Collection (a) Website cookies and analytics data (b) Platform usage and interaction data (c) IP addresses and device information (d) Performance and system data

We collect information by lawful and fair means and will not do so in an unreasonably intrusive way. We provide clear notice about data collection at the time of collection and explain any consequences if information is not provided.

We may also use third-party analytics and advertising technologies (such as cookies, pixels, SDKs and server-to-server integrations) on our Website and Platform. These technologies may collect information about your device and your interactions with our Website or Services (for example, pages viewed, actions taken, timestamps, IP address, device/browser identifiers) and may result in information being disclosed to the third-party providers that operate those technologies.

3.3 Eligibility and age restrictions

(a) The collection of personal information is neither intended for, nor directed to, persons who are under the age of eighteen (18) years old. Persons under age eighteen (18) may only use our Website with the involvement and consent of a parent or legal guardian.

(b) If you are under 18 years old, you must have a parent or legal guardian review and agree to this Privacy Policy on your behalf before you can use our Services.

4. USE OF INFORMATION (PURPOSE OF COLLECTION)

4.1 Primary Purposes

The primary purpose for collecting your information is to provide comprehensive wellness and health screening services, including:

4.1.1 Service Delivery (a) Coordinating pathology testing through Laboratory Partners (b) Providing AI-assisted health interpretations (reviewed by qualified professionals) (c) Delivering clinical consultations (GP, Dietitian/DNA services) (d) Managing corporate wellness programs (e) Facilitating medical imaging coordination (DEXA scans, calcium scoring) (f) Supporting historical tracking and trend analysis

4.1.2 Account and Communication Management (a) Creating and managing your Account (b) Scheduling appointments and sending reminders (c) Processing payments and managing subscriptions (d) Providing customer support and technical assistance (e) Sending service-related communications and updates

4.1.3 Health Professional Coordination (a) Sharing reports with referring healthcare providers (with consent) (b) Coordinating care within your treating team (c) Facilitating referrals to appropriate specialists (d) Supporting clinical decision-making and continuity of care

4.2 Secondary Purposes

We may use information for related secondary purposes that you would reasonably expect: 4.2.1 Quality Assurance and Improvement (a) Clinical audits and service quality reviews (b) AI system training and improvement (using de-identified data) (c) Platform development and enhancement (d) Customer satisfaction surveys and feedback collection

4.2.2 Regulatory and Compliance (a) Meeting reporting requirements to funding bodies (b) NDIS progress reporting and compliance (c) Medicare and insurance claim processing (d) Regulatory reporting and audit compliance

4.2.3 Research, analytics and algorithm development (De-identified / anonymised) De-identified information means information that has had direct identifiers removed and is handled in a way that is not reasonably likely to identify you.

We may use de-identified (anonymised) information for:

(a) Population health trend analysis (b) Service effectiveness research (c) Health outcome studies (d) Platform performance analytics (e) Developing, validating and improving i-screen’s internal models, tools and algorithms (for example, refining biological age algorithms and improving interpretation frameworks) (f) Developing, testing and refining reference ranges and wellness benchmarks (including defining “optimal” reference ranges and decision-support thresholds) (g) Statistical analysis and quality improvement initiatives that support safer, more accurate services

We take steps to ensure data used for these purposes is de-identified so it does not reasonably identify you, and we do not attempt to re-identify de-identified data.

We will seek additional consent for any use outside these expected purposes.

4.3 Direct marketing and communications

4.3.1 What we may send Where permitted by law, we may use your contact details to send you: (a) newsletters and updates about i-screen (b) educational content and service updates that relate to our Services (c) invitations to events, webinars, or programs (d) special offers, promotions, or competitions we run (e) surveys about your experience (where not purely “service delivery”).

4.3.2 When we send marketing We will only send direct marketing where permitted by law, including where: (a) you have provided consent (for example, by subscribing or otherwise requesting marketing), or (b) consent may be inferred from your relationship with us and the marketing is reasonably related to what you would expect from that relationship.

4.3.3 Channels We may send these communications by email, SMS, telephone, post, in-app messaging, push notifications, and other digital channels

4.3.4 Sensitive information and marketing We do not use identifiable health information to send you marketing messages or to market third-party products. Any marketing communications are based on your contact details and your interactions with i-screen (for example, your account status or purchase history), not on your pathology results or health history.

4.3.5 Opt-out You can opt out at any time (see Section 16). We will always provide a simple way to unsubscribe from marketing messages and will action opt-out requests as soon as practicable.

4.3.6 Marketing by related entities In addition to marketing i-screen’s Services, we may (with your consent where required) use your contact details and limited interaction information to promote products or services offered by our related entities and brands, including i-screen Pets and any other brands listed in the "Our Group of Brands" section of this policy.

For these purposes, we may use advertising and measurement technologies (including Meta) to create audiences and deliver promotions for i-screen Pets and other related brands. We do not use or disclose identifiable health information for these marketing activities.

You can opt out at any time (see Section 16). If you opt out, we will stop using your information for these related-entity marketing activities as soon as practicable.

5. DISCLOSURE OF INFORMATION (SHARING WITH OTHERS)

5.1 Within Your Care Team

We may share relevant information with members of your healthcare team to coordinate care: (a) Referring doctors and specialists (b) NDIS support coordinators and case managers (c) Insurance case managers and rehabilitation providers (d) Corporate wellness program administrators (aggregate data only) (e) Other healthcare providers involved in your care (with explicit consent)

5.2 Laboratory Partners and Service Providers

5.2.1 Independent Laboratory Partners (a) Healius Pathology Pty Ltd (and associated brands) (b) Nutripath Integrative Pathology Services (c) Australian Clinical Labs (d) Douglass Hanly Moir Pathology (e) OmegaQuant LLC (f) GlycanAge (g) myDNA (h) true.me (i) Other NATA-accredited laboratories as listed on our Website

We share necessary identification and health information with Laboratory Partners to facilitate testing services. These are independent entities with their own privacy obligations.

5.3 Funding Bodies and Government Agencies

5.3.1 NDIS and Disability Services (a) National Disability Insurance Agency (NDIA) (b) NDIS Quality and Safeguards Commission (c) Plan managers and support coordinators

5.3.2 Medicare and Government Services (a) Medicare Australia (for rebatable services) (b) Department of Health (as required) (c) Australian Taxation Office (for business compliance)

5.3.3 Insurance Providers (a) Workers' compensation insurers (b) Motor vehicle accident schemes (c) Private health insurers (with consent)

5.4 Required or Permitted by Law

We may disclose information without consent when: (a) Required by court order or subpoena (b) Mandated by law, including but not limited to the statutory reporting of notifiable conditions to state and territory public health authorities by our Laboratory Partners, reporting of reportable incidents, and compliance with other public health requirements under applicable Commonwealth, state, or territory legislation. (c) Necessary to prevent serious threat to life, health, or safety (d) Required for law enforcement investigations (e) Needed to protect our legal rights or property

5.5 Corporate Reporting and De-identified Data

5.5.1 Corporate Wellness Programs Individual employee health information remains strictly confidential. Employers receive only: (a) Aggregate, de-identified statistical reports (b) General workforce health trends (c) Comparative analyses and benchmarking (d) Wellness program effectiveness metrics

5.5.2 Health Data Analytics We may provide de-identified Health Data to third parties for: (a) Population health research (b) Healthcare trend analysis (c) Service development and improvement (d) Academic research partnerships

5.6 Notifiable Conditions and Public Health Disclosures

5.6.1 Statutory Reporting of Notifiable Conditions (a) Under Australian state and territory public health legislation, certain diseases and medical conditions are classified as “notifiable conditions.” When a pathology test identifies a notifiable condition, the testing laboratory is legally required to report the result to the relevant state or territory health authority.

(b) Our Laboratory Partners (as listed in Section 5.2 of this Privacy Policy) are independent entities subject to these statutory reporting obligations. When a notifiable condition is detected in your test results, the Laboratory Partner will disclose your personal and health information—including your name, date of birth, contact details, and test results—to the relevant public health authority as required by law.

(c) This disclosure occurs under the lawful authority of applicable public health legislation and does not require your separate consent. It is consistent with the exception under Australian Privacy Principle 6.2(b), which permits disclosure of health information where required or authorised by or under an Australian law.

5.6.2 Contact by Public Health Units (a) Following notification of a notifiable condition, you may be contacted directly by a public health unit or authorised public health officer from the relevant state or territory Department of Health. The purposes of this contact may include:

  • Confirming your diagnosis and collecting additional epidemiological data
  • Conducting contact tracing and partner notification
  • Providing information about treatment options and support services
  • Disease surveillance and public health monitoring
  • Any other purpose required or authorised under applicable public health legislation

(b) i-screen does not control or coordinate this process. Public health units operate independently under their own statutory authority, and i-screen is not responsible for the manner, content, or timing of any contact from a public health unit.

5.6.3 Information Disclosed to Public Health Authorities The information disclosed to public health authorities by our Laboratory Partners in connection with notifiable conditions may include:

  • Your full name and date of birth
  • Your residential address and contact details (phone, email)
  • The notifiable condition identified and relevant test results
  • The date of specimen collection and testing
  • The name of the requesting practitioner (where applicable)
  • Any other information required under the relevant public health legislation

5.6.4 Your Acknowledgment By using our Services, you acknowledge and accept that:

  • Notifiable condition reporting is a legal requirement that applies to all pathology testing in Australia, regardless of how the testing was initiated
  • You may be contacted by a public health unit if your results indicate a notifiable condition
  • This reporting and contact cannot be opted out of, as it is mandated by law
  • i-screen is not responsible for, and has no control over, the actions of public health authorities following notification

5.7 Marketing service providers

(a) We may disclose limited personal information (typically contact details and general engagement information) to trusted third parties who help us deliver marketing communications (such as email/SMS distribution providers and analytics providers).

(b) We do not sell or rent identifiable personal information for third-party marketing.

(c) We do not disclose identifiable health information to third parties for marketing.

5.8 Advertising and measurement technologies (e.g., Meta)

We may use advertising and measurement technologies such as the Meta Pixel and/or Meta Conversions API to measure the effectiveness of our advertising, attribute conversions, manage audiences (including suppression), and improve marketing for i-screen and, where applicable, our related entities and brands (including i-screen Pets). These advertising platforms may be located overseas (including the United States) and may process information in accordance with their terms and policies.

In doing so, we may disclose to advertising platforms (such as Meta Platforms, Inc. and its related entities) limited information about your interactions with our Website or Services (for example, pages viewed, actions taken, time of interaction, device/browser information, and identifiers).

Where available and permitted, we may also disclose certain identifiers in hashed form (for example, hashed email address and/or hashed phone number) to help the advertising platform match events to its users for measurement and attribution. Hashing is a security measure and does not necessarily mean the information is anonymous.

We do not disclose identifiable health information to advertising platforms for marketing. Where these activities involve marketing for a related entity, we will only do so where permitted by law and in accordance with your preferences and any consent requirements.

6. THIRD-PARTY SERVICE PROVIDERS AND INTERNATIONAL DATA PROCESSING

6.1 Technology and Platform Providers

6.1.1 Practice Management and Communication (a) Platform hosting and maintenance providers (b) Cloud storage and backup services (c) Payment processing providers (Braintree, PayPal) (d) Email and communication services (e) Customer support platforms

6.1.2 AI and Analytics Services (a) Various AI platforms and technologies for health interpretation (b) Data analytics and reporting tools (c) Machine learning and algorithm providers (d) Third-party health databases and reference libraries

6.2 International Data Processing and Storage

Your personal information may be processed, stored, or accessed by our operational and technology contractors located in:

6.2.1 Primary Locations (a) United Kingdom: Operational staff and shared services with access to data (b) Singapore: Technical support and system maintenance services (c) Indonesia: Software development and operational support

6.2.2 Cloud Service Locations Data may also be stored or processed through cloud service providers with servers in various international locations, including the United States and other countries where our technology partners operate.

6.2.3 Safeguards for International Transfers Before any international transfer, we ensure: (a) Appropriate contractual protections are in place (b) Data protection standards equivalent to Australian privacy law (c) Security requirements and compliance obligations (d) Regular monitoring and audit of international partners

6.3 Health Data Analytics and Commercial Use

We may perform data analytics on de-identified health and sensitive information that we collect for health and lifestyle trends (Health Data). This de-identified Health Data may be provided, by way of sale or otherwise, to third parties for research, population health analysis, and service development purposes.

6.3.1 Third-Party Health Data Safeguards (a) All third-party recipients must enter into binding contractual agreements that: (i) Strictly prohibit any attempt to re-identify de-identified data. (ii) Require maintenance of secure data environments with encryption and access controls. (iii) Limit data use to specified research or analytical purposes only. (iv) Prohibit further sale, transfer, or sharing without our explicit written consent. (v) Mandate secure deletion of data after specified retention periods. (vi) Require regular security audits and compliance reporting. (vii) Include financial penalties for contractual breaches.

(b) De-identification processes include removal of direct identifiers and statistical disclosure control methods to minimize re-identification risk.

(c) We conduct ongoing monitoring and audit of third-party compliance with these contractual obligations.

(d) Third parties must demonstrate equivalent or superior privacy and security standards to Australian requirements.

6.3.2 Academic and research partnerships (anonymised data) (a) We may collaborate with universities, research organisations, or academic institutions to conduct research and analysis using de-identified (anonymised) data. Examples include studies on biomarkers, wellness trends, and outcomes research. (b) These partnerships may support publication of findings; however, any published results will be presented in aggregate form and will not identify individuals. (c) Where a research partner receives de-identified data, we require contractual safeguards consistent with Section 6.3.1, including prohibitions on re-identification, limits on use, security controls, and deletion/retention requirements. (d) Where appropriate or required, we will ensure relevant ethics review/approval is obtained prior to the research proceeding.

6.4 AI Technology Providers

We utilise various artificial intelligence platforms and technologies, which may include: (a) Third-party AI interpretation systems (b) Machine learning platforms for data analysis (c) Natural language processing services (d) Health database and reference services

All AI-generated content undergoes mandatory review by qualified Australian health professionals before release to users.

7. CONSENT AND ACTIVE AGREEMENT

7.1 Consent Framework

Because we handle sensitive health information, consent is fundamental to our service delivery. Under Australian privacy law, we require your consent to collect and use health information unless an exception applies.

7.1.1 Integrated Consent Process This Privacy Policy serves as both a privacy notice and consent mechanism. By: (a) Creating an Account on our Platform (b) Using our Services (c) Signing our Service Agreement (d) Submitting health questionnaires or forms You actively consent to our collection, use, and disclosure of your personal information as outlined in this policy.

7.2 What You're Consenting To

7.2.1 Data Collection and Use (a) Collection of personal and health information for service delivery (b) Processing of information through our AI systems (with professional review) (c) Storage of information in secure systems and cloud platforms (d) Use of information to coordinate care and provide wellness services

7.2.2 Information Sharing (a) Sharing with Laboratory Partners for testing services (b) Communication with your healthcare team (with explicit consent) (c) Reporting to funding bodies (NDIS, Medicare, insurance providers) (d) Processing through third-party technology providers (e) International data processing with appropriate safeguards (f) Disclosure of your personal and health information to state and territory public health authorities by our Laboratory Partners where your test results indicate a notifiable condition, as required under applicable public health legislation. This may result in you being contacted directly by a public health unit for follow-up, data capture, contact tracing, or other public health purposes.

7.2.3 Service Enhancement (a) Use of de-identified data for service improvement (b) AI system training and development (c) Quality assurance and audit activities (d) Research and analytics (anonymised data only)

7.2.4 Marketing communications You acknowledge that, where permitted by law, we may use your contact details to send you marketing communications about i-screen (such as offers, updates and educational content). This may occur where you have provided consent or where consent may be inferred from your relationship with us and the communication is reasonably related to that relationship. You can opt out of marketing at any time (see Section 16).

7.2.5 De-identified data for research and algorithm improvement You acknowledge that we may use de-identified (anonymised) information for research, analytics, and to develop and improve our internal algorithms and reference ranges, as described in Sections 4.2.3 and 6.3, subject to the safeguards and opt-out options in this policy.

7.3 Informed and Voluntary Consent

(a) Your consent must be: (i) Informed: You understand what you're agreeing to (ii) Voluntary: No pressure or coercion (iii) Current: Up-to-date and relevant to our current practices (iv) Specific: Related to the particular uses described

(b) We avoid "bundling" unnecessary consents and provide genuine choices for optional services.

7.4 Withdrawing or Modifying Consent

7.4.1 Your Right to Withdraw You may withdraw consent at any time by contacting our Privacy Officer. This may affect our ability to provide certain services.

7.4.2 Modification of Consent You can modify consent for specific uses (e.g., stopping information sharing with particular providers) while maintaining consent for core services.

7.4.3 Process for Changes (a) Written or verbal request to our team (b) Immediate cessation of affected activities (c) Clear explanation of any service limitations (d) No penalty for withdrawal decisions

8. ARTIFICIAL INTELLIGENCE TECHNOLOGY AND LIMITATIONS

8.1 AI Implementation in Our Services

8.1.1 AI-Assisted Health Interpretations We utilise sophisticated AI and machine learning technologies to assist in analysing pathology results and generating preliminary health insights. Our AI systems: (a) Process biomarker data using multiple health information sources (b) Generate educational content about test results (c) Identify patterns and trends in health data (d) Provide risk assessments and wellness recommendations

8.1.2 Professional Review Process All AI-generated content undergoes mandatory review by qualified Australian health professionals who: (a) Verify accuracy and clinical appropriateness (b) Modify or reject inappropriate AI recommendations (c) Ensure compliance with professional standards (d) Maintain final authority over all interpretations

8.2 AI Limitations and Risks

8.2.1 Known Limitations You acknowledge that AI systems have inherent limitations: (a) May exhibit bias based on training data (b) Cannot account for individual medical history or circumstances (c) May produce inconsistent responses to similar inputs (d) Cannot detect errors in data entry or processing (e) May occasionally "hallucinate" or provide incorrect information

8.2.2 Individual Circumstances AI interpretations cannot consider: (a) Your complete medical history (b) Current medications and treatments (c) Recent health changes or symptoms (d) Family history and genetic factors (e) Lifestyle factors and personal circumstances (f) Social determinants of health

8.3 Educational Nature of AI Content

8.3.1 Not Medical Advice Despite AI processing and professional review, all interpretations remain: (a) General educational information (b) Intended to enhance biomarker understanding (c) Designed to facilitate healthcare discussions (d) Not personalised medical advice or recommendations (e) Not substitutes for professional healthcare consultations

Your Responsibilities: You must discuss all results and interpretations with qualified healthcare professionals who can provide clinical context based on your complete health profile.

9. DATA SECURITY AND STORAGE

9.1 Security Measures

9.1.1 Technical Safeguards (a) End-to-end encryption for data transmission (b) Secure cloud storage with encryption at rest (c) Multi-factor authentication for system access (d) Regular security audits and vulnerability assessments (e) Up-to-date firewalls and intrusion detection systems (f) Secure backup and disaster recovery procedures

9.1.2 Administrative Safeguards (a) Staff training on privacy and security obligations (b) Confidentiality agreements for all personnel (c) Access controls based on need-to-know principles (d) Regular privacy and security training updates (e) Incident response and breach notification procedures (f) Vendor management and third-party security requirements

9.1.3 Physical Safeguards (a) Controlled access to facilities and systems (b) Secure storage of any physical documents (c) Secure disposal of electronic devices and media (d) Environmental controls for data centers (e) Monitoring and logging of physical access

9.2 Data Breach Response

9.2.1 Breach Prevention We implement comprehensive measures to prevent unauthorised access, but no system is 100% secure.

9.2.2 Response Procedures In the event of a data breach: (a) Immediate containment and assessment (b) Investigation of scope and impact (c) Notification to affected individuals (as required by law) (d) Reporting to relevant authorities (OAIC) (e) Implementation of remedial measures (f) Review and improvement of security measures

9.2.3 Your Rights You will be promptly notified of any serious data breach affecting your information, including: (a) Nature and scope of the breach (b) Potential risks and impacts (c) Steps taken to address the breach (d) Recommended protective actions (e) Contact information for further assistance

10. DATA RETENTION AND DESTRUCTION

10.1 Retention Periods

10.1.1 Health Records As a health service coordinator, we retain health information according to: (a) Australian health records legislation requirements (b) Professional standards and guidelines (c) Minimum 7 years from last service date (adults) (d) Until age 25 for minor clients (e) Longer periods where required by law

10.1.2 Account and Transaction Data (a) Account information for active service periods (b) Payment records for taxation and audit requirements (c) Communication records for service continuity (d) Platform usage data for service improvement

10.1.3 Corporate and Employment Records (a) Employee wellness data according to workplace requirements (b) Corporate reporting data for contract periods (c) Aggregate analytics for business planning

10.2 Secure Destruction

10.2.1 Electronic Data (a) Secure deletion using certified methods (b) Overwriting of storage media (c) Destruction of backup copies (d) Certificate of destruction where required

10.2.2 Physical Records (a) Secure shredding of paper documents (b) Professional destruction services (c) Secure disposal of electronic devices (d) Chain of custody documentation

10.3 Data Minimisation We actively minimise data retention by: (a) Regular review of stored information (b) Automatic deletion of unnecessary data (c) De-identification of research data (d) Secure archiving of required records

11. ACCESS TO INFORMATION AND CORRECTIONS

11.1 Your Right to Access

11.1.1 What You Can Access (a) All personal information we hold about you (b) Details of how information has been used (c) Information about disclosures to third parties (d) Correction history and audit trails

11.1.2 Access Process (a) Submit written request to Privacy Officer (b) Identity verification (for security) (c) Response within 30 days (d) Information provided in requested format (e) No fee for standard requests

11.2 Correction Rights

11.2.1 When to Request Corrections (a) Information is inaccurate or out-of-date (b) Records contain errors or omissions (c) Personal details have changed (d) Health information is incorrect

11.2.2 Correction Process (a) Submit correction request with supporting evidence (b) Investigation and verification of changes (c) Updates made to relevant systems (d) Notification of changes to relevant third parties (e) Documentation of correction history

11.3 Limitations on Access

11.3.1 Rare Exceptions Access may be limited if: (a) Serious threat to life, health, or safety (b) Unreasonable impact on others' privacy (c) Frivolous or vexatious requests (d) Legal proceedings or investigations (e) Law enforcement requirements

Written explanation provided for any access limitations.

11.4 Third-Party Website Links

(a) Our Website may contain links to the websites of other organisations which may be of interest to you. Their inclusion cannot be taken to imply any endorsement or validation by us of the content of the third party website.

(b) Linked websites are responsible for their own privacy practices, and you should check those websites for their respective privacy policies, practices or statements. We are not responsible, nor do we accept any liability, for the conduct of organisations linked to our Website.

12. CORPORATE SERVICES AND EMPLOYEE PRIVACY

12.1 Employee Privacy Protection

12.1.1 Individual Confidentiality (a) Employee health information never disclosed to employers (b) Individual test results remain strictly confidential (c) No identification of specific employees in reporting (d) Complete control over personal health data sharing

12.1.2 Aggregate Reporting Only Employers receive only: (a) De-identified statistical summaries (b) General workforce health trends (c) Comparative industry benchmarking (d) Wellness program effectiveness metrics (e) Population-level insights and recommendations

12.2 Employee Rights and Choices

12.2.1 Voluntary Participation (a) No requirement to participate in wellness programs (b) Individual choice in sharing personal results (c) Opt-out options for all corporate communications (d) No employment consequences for non-participation

12.2.2 Data Control (a) Individual access to personal health data (b) Choice in healthcare provider communications (c) Control over follow-up services and referrals (d) Right to withdraw from corporate programs

12.3 Corporate Client Obligations

12.3.1 Privacy Protection Requirements Corporate clients must: (a) Respect employee privacy choices (b) Not request individual health information (c) Use aggregate data responsibly (d) Comply with workplace privacy laws (e) Support employee wellness voluntarily

13. CONSENT FOR SPECIFIC SERVICES

13.1 Clinical Consultation Services

13.1.1 GP Consultations By booking GP consultation services, you consent to: (a) Sharing relevant health information with the consulting physician (b) Potential diagnoses and medical recommendations (c) Prescription services and specialist referrals (d) Follow-up communications and care coordination

13.1.2 Dietitian/DNA Consultations Consent includes: (a) Review of genetic and nutritional data (b) Personalised dietary and lifestyle recommendations (c) Coordination with other healthcare providers (d) Ongoing support and follow-up services

13.2 AI-Assisted Interpretations

13.2.1 AI Processing Consent You consent to: (a) Processing of your health data through AI systems (b) Generation of preliminary interpretations and insights (c) Professional review and modification of AI content (d) Use of anonymised data for AI system improvement

13.2.2 Understanding AI Limitations You acknowledge: (a) AI interpretations are educational, not medical advice (b) Professional review does not guarantee accuracy (c) Individual circumstances may not be considered (d) Healthcare professional consultation is recommended

13.3 Corporate Wellness Programs

13.3.1 Employee Participation Participation in corporate wellness programs is voluntary and subject to the employee’s informed and independent consent. Employers or corporate representatives cannot provide consent on behalf of employees for the collection, use, or disclosure of their personal or health information. Consent must be given by the employee directly through their personal engagement with i-screen’s platform or services and must comply with the Australian Privacy Principles.

Consent covers: (a) Health screening and assessment participation (b) Aggregate data inclusion in corporate reporting (c) Wellness program communications and resources (d) Optional follow-up services and referrals

13.3.2 Data Usage Understanding that: (a) Individual results remain confidential and are never disclosed to employers (b) Aggregate data helps improve workplace wellness (c) Participation is voluntary and can be withdrawn (d) No individual identification in corporate reports or analytics

13.4 Notifiable Conditions Reporting

13.4.1 Acknowledgment of Statutory Obligations By using our Services and undergoing pathology testing coordinated through our Platform, you acknowledge and accept that: (a) Certain test results may identify notifiable conditions under Australian public health law (b) Our Laboratory Partners are legally obligated to report such results to the relevant public health authority (c) You may be contacted by a public health unit for follow-up, data capture, contact tracing, or provision of health information (d) This process is a statutory requirement and cannot be opted out of (e) Providing accurate contact information is important for this public health function

14. BUSINESS TRANSFERS AND CORPORATE TRANSACTIONS

If we merge with, are acquired by, restructure with, or sell all or a portion of our business or assets (including as part of a financing, insolvency, or other corporate transaction), we may disclose your personal information to our advisers and to any prospective purchaser (and their advisers) for the purpose of assessing or completing the transaction.

Any disclosure for due diligence will be limited to what is reasonably necessary and will be subject to appropriate confidentiality and security obligations, and where practicable we will use aggregated or de-identified information.

Your personal information may be among the assets transferred in such transactions. However, personal information will always remain subject to this Privacy Policy or a privacy policy with substantially equivalent terms. You will be notified via email and/or prominent notice on our Website of any change in ownership or control of your personal information.

15. YOUR LEGAL RIGHTS

15.1 Privacy Rights Under Australian Law

15.1.1 Access Rights (a) Request copies of personal information held (b) Understand how information is used and disclosed (c) Receive information in accessible formats (d) Access correction and update history

15.1.2 Correction Rights (a) Request correction of inaccurate information (b) Add statements about disputed information (c) Have corrections communicated to relevant third parties (d) Receive confirmation of corrections made

15.1.3 Erasure Rights (a) Request deletion of unnecessary personal information (b) Have information removed when no longer required (c) Request anonymisation of research data (d) Understand retention requirements and limitations

15.1.4 Limitations on Information Deletion (a) While we will delete your personal information upon request where legally permissible, we are not responsible for removing your personal information from the lists of any third party who has previously been provided your information in accordance with this Privacy Policy.

You may need to contact these third parties directly to request deletion of your information from their systems. These third parties may include, but are not limited to, the following reference laboratories and service providers who have their own data retention obligations:

(i) Healius Pathology Pty Ltd (ii) Nutripath Integrative Pathology Services (iii) OmegaQuant LLC (iv) Douglass Hanly Moir Pathology (v) Australian Clinical Laboratories (vi) myDNA (vii) other accredited laboratories we may use from time to time

15.2 Complaint and Review Rights

15.2.1 Internal Complaints (a) Lodge complaints about privacy practices (b) Request investigation of privacy concerns (c) Receive written responses to complaints (d) Have complaints escalated if unsatisfied

15.2.2 External Review (a) Complain to Office of Australian Information Commissioner (OAIC) (b) Seek independent review of privacy practices (c) Access mediation and conciliation services (d) Pursue legal remedies where appropriate

15.3 Consent Management Rights

15.3.1 Consent Control (a) Withdraw consent for specific uses (b) Modify consent for particular services (c) Understand consequences of consent withdrawal (d) Receive clear explanations of consent requirements

15.3.2 Choice and Control (a) Opt-out of marketing communications (b) Choose pseudonymous service options (where available) (c) Control information sharing preferences (d) Access alternative service arrangements

16. OPT-OUT RIGHTS AND PREFERENCES

16.1 Communication Preferences

16.1.1 Marketing and Newsletters (a) You can opt out of promotional communications at any time by using the unsubscribe option included in the message or by contacting our Privacy Officer. (b) We action opt-out requests as soon as practicable and within a reasonable period, and we do so free of charge. (c) Where we send commercial electronic messages (such as marketing emails or SMS), we include a functional unsubscribe facility in accordance with applicable Australian law. (d) You can control certain online advertising and measurement technologies through our cookie/consent settings (where available) and may also be able to adjust advertising preferences through the relevant third-party platforms. (e) You may opt out of marketing from i-screen and our related entities (including i-screen Pets). You can do this via the unsubscribe mechanism in the message, via our cookie/consent settings (where available), or by contacting our Privacy Officer.

If you opt out of marketing, we will not send you further marketing communications. We may still send essential service communications (for example, account, order, appointment, results, security, or critical service notices).

16.1.2 Service Communications Essential service communications cannot be opted out but you can: (a) Choose delivery method preferences (b) Update contact information (c) Request accessible formats (d) Designate preferred contacts

16.2 Data Usage Preferences

16.2.1 Research and Analytics (a) Opt-out of de-identified research participation (b) Exclude data from aggregate analytics (c) Choose not to participate in service improvement (d) Request removal from marketing databases

Where practicable, we will action your opt-out request going forward. If information has already been irreversibly anonymised and included in aggregated datasets, it may not be possible to remove it without re-identifying it (which we do not do).

16.2.2 AI System Improvement (a) Opt-out of AI training data inclusion (b) Request non-AI interpretation services where available (c) Choose traditional interpretation methods (d) Access alternative service arrangements

16.3 Service Participation Choices

16.3.1 Corporate Programs (a) Withdraw from workplace wellness programs (b) Opt-out of corporate communications (c) Choose individual service arrangements (d) Request confidential service delivery

16.3.2 Third-Party Sharing (a) Limit information sharing with healthcare providers (b) Choose specific consent for each disclosure (c) Opt-out of certain Laboratory Partner communications (d) Control referral and follow-up services

17. COMPLAINTS AND FEEDBACK

17.1 Internal Complaint Process

17.1.1 How to Complain Contact our Privacy Officer at: (a) Email: admin@i-screen.com.au (b) Phone: 0290606208 (c) Mail: PO Box 8441, South Perth WA 6151, Australia Information to Include (a) Description of privacy concern (b) Dates and circumstances involved (c) Desired resolution or outcome (d) Supporting documentation if available

17.2 Investigation Process

17.2.1 Our Response (a) Acknowledgment within 48 hours (b) Investigation within 30 days (c) Written response with findings (d) Implementation of corrective measures (e) Follow-up to ensure satisfaction

17.2.2 Resolution Options (a) Correction of information or practices (b) Policy updates and improvements (c) Staff training and education (d) System enhancements for prevention (e) Compensation where appropriate

17.3 External Complaints

17.3.1 Office of Australian Information Commissioner (OAIC) (a) Website: www.oaic.gov.au (b) Phone: 1300 363 992 (c) Mail: GPO Box 5218, Sydney NSW 2001

17.3.2 When to Contact OAIC (a) Unsatisfied with our internal response (b) Serious privacy breaches (c) Systemic privacy issues (d) Need for independent review

18. CONTACT INFORMATION

18.1 Privacy Officer Contact

18.1.1 Primary Contact (a) Email: admin@i-screen.com.au (b) Phone: 0290606208 (c) Mail: PO Box 8441, South Perth WA 6151

18.2 Business Contact Information

18.2.1 Intelligent Screening Pty Ltd trading as i-screen (a) ACN: 615 110 917 (b) Registered Office: 202/37 Barrack St, Perth WA 6000 (c) Website: www.i-screen.com.au

18.3 Response Timeframes

(a) General Inquiries: 2-5 business days (b) Privacy Complaints: 30 days maximum (c) Access Requests: 30 days maximum (d) Correction Requests: 30 days maximum (e) Urgent Matters: 24-48 hours

19. POLICY UPDATES AND CHANGES

19.1 Policy Review

This Privacy Policy is reviewed regularly and updated as necessary to reflect: (a) Changes in services and technology (b) Updates to privacy laws and regulations (c) Improvements in privacy practices (d) Feedback from clients and stakeholders

19.2 Notification of Changes

19.2.1 Material Changes (a) 30 days advance notice via email (b) Prominent notice on Website and Platform (c) Clear explanation of changes and impacts (d) Opportunity to review and provide feedback (e) Option to withdraw consent if unsatisfied

19.2.2 Minor Changes (a) Notice on Website and Platform (b) Inclusion in next service communication (c) Updated policy available online (d) No impact on existing service arrangements

19.3 Consent to Changes

19.3.1 Ongoing Consent Continued use of our Services after policy updates constitutes acceptance, except for material changes requiring active consent.

19.3.2 Active Consent Required for (a) Significant changes to data uses (b) New third-party sharing arrangements (c) Changes to international data processing (d) Modifications to consent withdrawal rights

20. FINAL ACKNOWLEDGMENTS

20.1 Policy Integration

This Privacy Policy forms an integral part of our Terms and Conditions and Service Agreements. All related documents should be read together for complete understanding of our privacy practices.

20.2 Governing Law

This Privacy Policy is governed by Australian privacy law, including the Privacy Act 1988 (Cth) and applicable state and territory legislation.

20.3 Contact for Clarification

If any aspect of this Privacy Policy requires clarification or if you need assistance understanding your rights and choices, please contact our Privacy Officer who will provide explanation in accessible formats.

Last Updated: 19th March 2026 Effective Date: This Privacy Policy is effective immediately for all new users and upon next service use for existing users.

By creating an Account, using our Services, or engaging with our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein.