Privacy Policy

Effective Date: 27 July 2023

This Privacy Policy replaces the Privacy Policy version dated 1 May 2018.

Adherium Limited (ACN 605 352 510) and its affiliates, Adherium (NZ) Limited, a New Zealand registered company (1155872), Adherium North America, Inc. and Adherium Europe Ltd (“Adherium”, “we”, “us”, “our”) respect and are committed to protecting the privacy of any person who uses our services (“you” or “your”).

The Privacy Policy specifically explains:

Who we are

What this policy covers

What Personal Data we collect and when

Lawful basis for processing (EU/UK)

How we use your Personal Data

What happens if you do not provide Personal Data

Who we share it with

What is aggregated information?

Protection of your information

Our Data or Security Breach response

International data transfers

How long we keep your information

Your rights

Automated processing

Third-party websites/apps

Minors’ information

Cookies

Marketing and advertisements

Communications from Adherium

Changes to this Policy

How to contact us

Additional contact information for EU, EEA and UK residents

Additional information for California residents

How to make a complaint

WHO WE ARE

Adherium delivers platform solutions to assist patients, healthcare professionals and healthcare organisations in chronic respiratory disease management.

Our Hailie® technology platform includes electronic medication sensors (“Sensors”), desktop and mobile applications (“App”), the https://go.hailie.com, https://uk.hailie.com, and https://au-go.hailie.com/ portals (“Portal”), Hailie Software Development Kit (SDK), data services and any related website (e.g., https://www.hailie.com) or mobile applications on or in which this Privacy Policy is linked or referenced (all together the “Services”).

When we provide Services directly to you: Adherium (NZ) Limited is an agency responsible for processing Personal Data in relation to Services provided directly to New Zealand and Australian residents. Adherium (NZ) Limited is the data controller in relation to Services provided directly to EU/EEA or UK residents.

When you access our Services through a third party (e.g., Healthcare Professional or a third party software platform): Adherium acts as a data processor, and we process your Personal Data according to data controller’s instructions. This happens where your healthcare professional enrols you into a clinical study or a disease management programme using our Services. Alternatively, Hailie sensors may be available for use with third-party apps in a way that does not require you to have an Account with us (see below) or otherwise interact with us. With these Services, we may still receive a limited amount of information generated by your use of the Sensor and the third-party app. To the extent this information identifies you as a person, we will be a data processor on behalf of the third-party running the app (the data controller) and the use of the information will be governed by the third party’s privacy policies, not ours.

WHAT THIS POLICY COVERS

In this Privacy Policy, “Personal Data” means information that Adherium collects from users of the Services that identifies a person directly or indirectly and can be used on its own or with other information in combination to identify or contact one of our users. Please take your time to read this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Services. By accessing and/or using the Services, you are acknowledging that you have read and agree to the terms of this Privacy Policy. If you do not agree, you must immediately cease using the Services. If you are accessing the Services subject to this Policy and have any questions about this Policy or our privacy practices, you can contact us at privacy@adherium.com.

This Privacy Policy explains how we collect, store, disclose, transfer and otherwise process your Personal Data when you use any element of the Services for the purpose of compliance with data protection laws, including the New Zealand Privacy Act 2020, the Australian Privacy Act 1988, the Australian Privacy Principles, the Data Protection Act 2018 (UK). We are bound by the General Data Protection Regulation 2016/679 (“GDPR”) in relation to Personal Data collected from residents of the European Union ("EU") or processed in the EU. In relation to Personal Data collected from residents of the United Kingdom (“UK”) or processed in the UK, we are bound by the GDPR as implemented in the UK (“UK GDPR”). Other data protection laws may also apply. When we provide Services as a business associate to a covered entity or to another business associate and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HIPAA regulations apply, Adherium’s privacy obligations are governed by the Business Associate Agreements we enter into with those covered entities and business associates. Under HIPAA, the covered entity should be your point of contact for any privacy-related requests.

Some of the Personal Data we collect and transmit may be considered “health data” (i.e., data related to your health), “protected health information” or “PHI” (i.e., information that relates to your past, present, or future health or condition(s); the provision of health care to you; or the past, present, or future payment for the provision of health care to you), and/or medical records as defined by state law.

We believe that privacy and transparency about the use of your Personal Data are of utmost importance. Therefore, our privacy practices are intended to comply with HIPAA and relevant state law related to the use and disclosure of medical records, where applicable. Additionally, in this Privacy Policy, we provide you with detailed information about our collection, use, maintenance, and disclosure of your Personal Data.

For additional information related to how we use and disclose your Personal Data, health data, PHI, and/or medical records data, please contact us at privacy@adherium.com.

WHAT PERSONAL DATA DO WE COLLECT AND WHEN

We ask you to provide certain Personal Data necessary for us to provide the Services to you and to carry out the activities as outlined below.

If you enquire about our Services

Your name, preferred title and contact details: physical address, phone or mobile number, email address;
The name of your organisation and your role within it;
Areas of interest in relation to our Services; and
The purpose for which you wish to use our Services.

We collect this information to ensure we can best respond to your enquiries.

If you are a Healthcare Professional and we set up a Portal account for you

Your name and email address; and
Password.

You will use your email address and the password to access your account. Once your account is set up, you will be able to create patient accounts. We collect this information to create your account and to ensure that Hailie Web Portal rights are granted to authorised users only.
“Healthcare Professional” means a healthcare provider or a healthcare practitioner including, without limitation a clinician, principal investigator, investigator, general practitioner, pharmacist, nurse, caregiver, healthcare educator, clinical research organisation, research institution.

If you are a Healthcare Professional and you access our Portal:

Time and date of access and time zone from which you access the Portal;
Operating system information;
Your activity within a patient account;
Other Portal performance measure such as the amount of data in and out, the average response time or server error.

We collect this information to enable us to create account access logs and protect data integrity.

If you are a patient and your user account is created

To use the Services you will require your own user account which will contain your prescription information and medication use data (the “Account”). You can create the Account through the Hailie® App or your Healthcare Professional can create it for you via the Portal. The following Personal Data is required to create an Account:

A valid email address, either your personal one, or if you are using the Services through a healthcare provider, organisation or a plan, you may be able to use a dummy email address to protect your privacy further;
In some instances, where emails are not used, a mobile number may be used instead of an email address;
Your password;
To enable us to track your medication usage, we collect details of your prescription(s), including the type of inhaler(s) you use and, the number and time of the doses you have been prescribed.

If you are participating in a clinical trial or disease management programme

Your Healthcare Professional may also include your patient identifier or other clinical identifiers in the Account. In some cases, when your account is created by your Healthcare Professional and your data will be uploaded only via our desktop app, your account may be created using only your coded patient ID, without any direct identifiers. Your Healthcare Professional may also request that you provide to us additional clinically-relevant information about yourself, for example: your age, gender, weight, height, ethnicity, smoking status.

We collect this information to create your account, monitor your medication usage and enable you or your Healthcare Professional to view you medication usage data and to provide meaningful clinical information to your Healthcare Professional.

When you pair or sync your Sensor with the App

When you pair your Sensor with the App for the first time we collect Sensor Serial Number and MAC address. The Sensors log information about your inhaler use from the moment you attach the Sensor to the inhaler and start using them. When you sync your Sensor with the App or Portal we receive the following information collected by the Sensor:

Sensor Serial Number and MAC address;
The date and time of inhaler use; and
Depending on the Sensor models, inhaler technique information, for example, whether the inhaler was primed, its orientation, or inhalation information when the inhaler was used, to confirm correct medication usage technique.

We collect this information to ensure that the medication usage is collected in the correct account, to help us resolve any support queries you may have.

When you use our App or Portals

From time to time when you use our App or Portals, we may ask you specifically for information relevant to you tracking and improving the management of your respiratory health, including:

Your other medication prescriptions;
Your peak flow measurements; or
Access to information relevant to the management of your respiratory health held on third-party mobile apps.

Location permission
The Hailie® solution requires enabled Bluetooth® wireless technology to upload Hailie sensor data. As Bluetooth® can be used to derive your location, if you are a mobile device user, please note that your mobile device data provider may require you to give location permissions in order to use Bluetooth® wireless technology. Without your permission, Hailie App will not be able to collect data from your Hailie Sensor. We do not collect your location data.

You may revoke permission at any time by accessing your device settings and turning location services off, however by doing so the Hailie App will no longer be able to collect data from your Hailie Sensor.

If the Services are provided to you via a third party

If you are enrolled into the Services as part of a program offered by a third party (such as your Healthcare Professional, healthcare organisation or a healthcare plan), while registering you to use the Services the third party may, with your permission, have collected and provided to us some of your Personal Data (for example, name, email, identification number or a patient code, prescription details and other information you have agreed to us receiving). If this applies to you, please make sure you review the third party’s privacy policy.

Online shop

When online purchases via our e-commerce platform www.hailie.com are enabled we collect:

Your contact details (name, address, email, phone number); and
Details about the Sensors or Services you purchased.

Our e-commerce platform is hosted in the USA by Shopify. As part of its operations, Shopify collects information as described in its Privacy Policy at https://www.shopify.com/legal/privacy. We use a third party payment processor to process credit card payments made via the e-commerce platform.

Technical information

When you access our Portals, we may collect and analyse technical information about user activities, such as user traffic patterns, IP addresses, browser types, browser language, operating system, software and hardware attributes, referring and exit pages and URL, the state or country from which you accessed the Portal, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the time spent on a page, the terms used in searches on the Portal, the time and date you access the Portals, upload or post content, error logs and other similar information.

When you contact us to lodge a complaint

When you lodge a complaint, we will collect your contact details, the specifics of the complaint, including the Sensor number, or other account details relevant to responding to the complaint.

When you contact us to make a privacy-related requests

When you make a privacy-related request, we will need to confirm your identity. We may ask for your date of birth, gender, identity documentation such as a passport or driving licence.

Information we do not collect

Other than the health information described above, we do not knowingly and intentionally collect or maintain any information regarding users’ race or ethnic origins, political opinions, religious or philosophical beliefs or other sensitive information.

LAWFUL BASIS FOR PROCESSING (EU/UK)

When we provide Services directly to you, we process your health-related Personal Data on the basis of your explicit consent and other data in performance of the contract.

When we provide Services to you via a third party, such as a Healthcare Professional (e.g., when you are enrolled into a clinical trial or a disease management programme that uses Hailie solution), the Healthcare Professional must establish lawful basis for processing your Personal Data, and the Healthcare Professional is the controller and we are the processors in relation to your Personal Data.

When you access our Services through a third party software platform, the third party must establish lawful basis for processing your Personal Data, the third party is the controller and we are the processors.

HOW WE USE YOUR PERSONAL DATA

The Services are intended to help you learn more about your health. To do this, we collect and use your personal information for the following purposes:

Providing the best experience possible with the Services, including creating and managing your Account;
To allow you to display Sensor information specific to you (if you are a patient) or your patient group (if you are a Healthcare Professional) and information which lets you track your or your patients’ respiratory health;
Responding to your inquiries, requests, complaints, and if applicable, completing your orders, processing payments and providing technical support;
Keeping you posted with our latest announcements and changes to the Services;
Analyzing and improving our products and services;
Conducting statistical and other analyses about the use of the Services;
Creating aggregated data sets (see the Aggregated Information heading below);
When you permit a third party (e.g., your Healthcare Professional, healthcare organisation or healthcare plan) to access your information, using your information to assist that third party in carrying out its operations;
Processing by third party processors that provide services to us, which are bound by the same privacy obligations as this Privacy Policy;
As required by legal or regulatory obligations;
To fulfil our obligations to you under and enforce our Terms of Service;
Other purposes as required or permitted by law; and
As otherwise set out in this Privacy Policy.

Adherium does not currently use third-party service providers to monitor and analyze the use of the Services.

We will only use your personal information for other purposes where you have given your valid consent to our use of your personal information for those purposes.

WHAT HAPPENS IF YOU DO NOT PROVIDE PERSONAL DATA

You do not have to provide all the Personal Data which we request, but if you do not provide the information you may not be able to register for and use any or a subset of the Services.

If you are a Healthcare Professional, we need to confirm your identity before we can create a Portal account for you.

If you are a patient, the minimum requirements to set up an Account will vary depending on whether we provide Services directly to you or via a third party (refer to If you are a patient and your user account is created ). An active patient Account requires the minimum registration information and a Sensor serial number, which is uploaded into your Account automatically during the first pairing of the Sensor to the App. Without the Sensor serial number, you will not be able to track your medication use.

DISCLOSING OR SHARING PERSONAL INFORMATION

We respect your right to control who accesses your information. We disclose or share your Personal Data when:

Your account is set up by a third party, you enable us to share your information with a third party or you choose to share your information with other mobile applications or websites. In these cases, by turning on the data sharing, you enable us to share your Personal Data, including health-related information, with a third party at your discretion and with your consent if required. If you instruct us to share information from your Account with a third party, the information will be the responsibility of that third party. We encourage you to read the privacy policies of any third parties carefully.
We engage certain third party data processors to provide certain aspects of the Services. Those processors are required to use the information for the sole purpose of performing services on behalf of Adherium and consistent with the terms set out in this Privacy Policy.
Our business is transferred. We may transfer your information to a third party if some or all of the business of Adherium is transferred to another entity by way of merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control (in whole or in part). In such circumstance, Adherium will contractually require that the new entity will honour this Privacy Policy.

When: (i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant) or other legal requirements; (ii) disclosure would mitigate Adherium’s liability in an actual or threatened lawsuit; (iii) necessary to protect the legal rights of Adherium’s users, customers, business partners or other interested parties; or (iv) necessary for the prevention or detection of crime (subject in each case to applicable law).

AGGREGATED INFORMATION

We will use your information to create aggregated data sets which no longer identify you as a person. We will use aggregated data for any purpose at our sole discretion, for example, statistical modelling of medication adherence behavioural patterns or market segment research. If we transfer aggregated data to third parties, we will make sure there are measures in place to ensure the third party cannot identify you.

PROTECTION OF YOUR INFORMATION

We take great care to make sure that your information is kept safe, but no system or electronic data transmission is completely secure.

We use a combination of reasonable physical, technical, and administrative security controls to: (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you; and (iv) to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls, virus scanning tools, data encryption, authentication, backups, access controls, and secure work environments. We also use organisational controls to restrict access to employees with the need and right to perform the services described in this Privacy Policy and ensure that this access is audited (unless you decide to share your data as described above).

While Adherium uses reasonable security controls, we cannot guarantee or warrant that such techniques will prevent unauthorized access to your Personal Data. ADHERIUM IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US. You assume the risk that unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your Personal Data at any time.

You are responsible for maintaining the security of your account credentials. Adherium will treat access to the Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We recommend that you take all appropriate steps to secure any device that you use to access our Services. We may at our discretion suspend your use of all or part of the Services without notice, if we suspect or detect any breach of security.

If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below. If we become aware of a possible security breach, we will ensure that it is addressed in accordance with applicable laws.

Please note that Adherium will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers. If you receive a suspicious email from Adherium, please notify us at privacy@adherium.com.

DATA OR SECURITY BREACH

Adherium takes the security of your Personal Data seriously. In the event of a data or security breach, Adherium will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Adherium’s control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Adherium in connection with such security incident; (iii) as applicable, cooperate with any affected Adherium user or client in accordance with the terms of Adherium’s contract with such user or client; and (iv) document and record actions taken by Adherium in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. Adherium will notify you of any data or security breaches as required by and in accordance with applicable law.

INTERNATIONAL TRANSFERS

When we collect your Personal Data, it may be transferred to our affiliated companies or service providers including where these companies or providers are located outside the jurisdiction you reside in. Regardless of where you live, we take care to ensure your Personal Data is kept safe and your right to privacy is respected. Before we transfer your information from your country of residence or between other jurisdictions, we will make sure that there are appropriate legal and technical measures in place, so your information is kept private and secure in accordance with the laws of your country of residence.

We will only transfer your Personal Data from the jurisdiction in which you reside or provide the data under the following conditions:

(a) If the information is “Personal Data" as defined in the EU GDPR or the UK GDPR, of the EU and UK residents: on the basis of: (i) the European Commission’s or the UK government’s adequacy determination; (ii) standard contractual clauses, or (iii) where there are appropriate safeguards in place; or
(b) Other Personal Data: only if (i) the overseas recipient is bound by the laws or a binding scheme that are/is substantially similar to the laws the data subject can enforce; or (ii) on the basis of standard contractual clauses, data processing agreements, or where there are other appropriate safeguards in place.

Adherium companies have offices in Australia, New Zealand, the United Kingdom and the USA.

Our Portals are hosted as follows:

go.hailie.com and us-go.hailie.com are hosted in the USA, and
au.hailie.com and au-go.hailie.com is hosted in Australia,
uk.hailie.com is hosted in the UK.

We store your Personal Data on secure servers in the following locations:

For Services delivered to Australia, New Zealand and Hong Kong your information is hosted in Australia;
For Services delivered to the EU, the United Kingdom, the United States or other locations, the Personal Data is hosted in the United States.

HOW LONG WE KEEP YOUR INFORMATION

If you deactivate your account, your information is retained on our secure servers for as long as permitted or required under applicable law. If you want to erase your Account information, you can contact us at privacy@adherium.com.

YOUR RIGHTS

You can access most of your Personal Data in the App or Portal directly, or you can request a copy of all information stored about you by asking us at privacy@adherium.com.

We take care to ensure that your Personal Data is accurate and up-to-date. However, if any information we hold is incorrect or inaccurate, you can send us a request to correct it by contacting us at privacy@adherium.com.

As a user of the Services and the Hailie App, you may have certain rights relating to your Personal Data. These rights are subject to local data protection and privacy laws and may include the right to:

Depending on where you are located you may have the following rights:

You can access your Personal Data held by Adherium.
You can ask us to restrict processing of that information while we verify whether it is accurate.
You can ask us to erase your Personal Data, to the extent permitted by applicable data protection and privacy laws and to the extent technologically feasible. When you ask us to erase your account, your information will be de-identified and access to your account will no longer be possible.
You can also object to having your Personal Data processed for statistical analysis purposes, to the extent permitted by law, by contacting us in writing. Please note, if you withdraw your consent to Adherium processing your Personal Data, this will not affect the lawfulness of any processing done prior to you withdrawing consent.
You can object to the further processing of your Personal Data, including the right to object to marketing.
You can request to receive communications related to the processing of your Personal Data.
You can request that your Personal Data be transferred to a third party, if possible;
You can receive your Personal Data in a structured, commonly used, and machine-readable format.
You can rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete.
You can make a complaint to a relevant data protection authority, to the extent permitted by applicable data protection and privacy laws.

We work hard to respond to all requests in a timely manner, according to the requirements of the applicable data protection laws.

Please send your requests in writing to privacy@adherium.com.

This section does not limit or exclude other rights that you may have as the data subject under the applicable data protection laws. For more details on the rights you have in respect of your Personal Data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en#fundamental-rights) or the national Data Protection Authority in your country.

In some circumstances and in accordance with applicable laws, we may refuse certain requests, for example, we will decline requests that are vexatious or technically infeasible. In such cases, we will provide you with our reasons for the decision.

If you are not satisfied with our handling of your request, refer to How to make a complaint section for information on how to lodge a complaint.

We reserve the right to verify your identity before any request relating to your Personal Data is processed by us.

DATA PORTABILITY

Where it is technically feasible for us to do so and you have the legal right to make the request, you can request a copy of any Personal Data that you have provided us, in a structured, commonly-used and machine-readable format, so you can transmit it to another data controller, by emailing privacy@adherium.com. Please note, we will not disclose any derivative information (for example, algorithmic results) or information which may compromise any of our intellectual property or confidential business information.

AUTOMATED PROCESSING

If we use automated processing of your Personal Data to give you feedback on your use of the Services and improve the management of your chronic condition, we will do so for information purposes only and not to make any decisions which could produce a legal effect or significantly affect you.

THIRD-PARTY WEBSITES/APPS

Our Portal, App or websites may contain links to websites or applications offered by third parties that are not operated by Adherium. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy(ies) of every site you visit. Adherium has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. Any information you provide on third-party sites is governed by their privacy policies, not ours. We are not responsible for any information that you provide to such third parties. This Privacy Policy does not apply to your use of or access to any third-party sites or services.

MINORS

Minors are permitted to use the Services only with the prior consent of a parent or guardian. We do not knowingly collect any information from minors unless we, or the controller we process the Personal Data for, have received verifiable consent from a parent or legal guardian. If we become aware that a user is a minor and has provided Personal Data without the consent of a parent or legal guardian, we will delete such information as required by law. If you know of a minor user whose information may have been collected without consent from a parent or legal guardian, please email us at privacy@adherium.com.

If you are a resident of California under the age of 18 and have registered for a user account with us, you may ask us to remove content or information that you have posted.

COOKIES

By using our sites and apps, you agree to us storing and accessing cookies and similar technologies on your device.

What are cookies?

Cookies are simple text files which are sent to and stored on your device when you visit a website or use an app. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using the Services.

Some cookies are deleted when you close the browser on your device (session cookies). Other cookies remain on your device until their expiry or removal (persistent cookies). Some cookies relate to the functionality of the website and improve your user experience (functional cookies). Other cookies allow us to collect statistics (aggregated and anonymous) on the use of the website by our visitors or customers (analytical cookies). Some cookies may be essential for us to provide certain interactive functions or to ensure online environment.

What cookies do we use and why?

Adherium uses cookies to improve and help personalize users’ experience with our Portals. For example, we use functional cookies to make logging in to your account a little easier and to track some operational features of our Portal. We may also use analytical cookies to analyse and improve our Services. For example, to understand how users reach and use our Portal and what improvements we should make to the Services and Portal.

Cookies that we use are listed below. This list is not exhaustive but describes the main reasons we typically set cookies. As we adopt additional technologies, we may gather information through other methods. Please refer to cookie notices on our Portals and websites for additional details.

When you access our Portals, we use the following cookies:

Cookie	Description
ARRAffinity	This cookie is set by websites that run on Windows Azure cloud platform. ARRAffinity is a cookie used to affinitise a client to an instance of an Azure Web App.
ARRAffinitySameSite	Subset of the above cookie to direct the user to the same site.

When you access au-go.hailie.com Portal, we use the following cookies:

Cookie	Description
TimeZoneOffset	Cookie to display time values in the user’s local time

Third party cookies

Our website https://www.hailie.com is hosted on Shopify Inc. The Shopify Inc. privacy policy, including information about cookies and similar tracking technologies can be found here: https://www.shopify.com/legal/privacy.

How to manage cookies?

If you want to manage your cookie settings in your browser, select the ‘help’ section of your browser (e.g., Google Chrome, Mozilla Firefox, Apple Safari, Internet Explorer) for more information. Your browser will allow you to change your cookie preferences.

You are free to remove, reject or delete cookies, but you may not get the full experience of our Portals. If you decide to block or disable some of the cookies you may not be able to have access to certain features of the Hailie® solution

If you enable a do not track signal or otherwise configure your browsers to prevent us from collecting cookies, you will need to reenter your login information each time you visit the login page. You may also be unable to take advantage of some of the Services.

Do not track disclosure

Some web browsers may transmit do not track (“DNT”) signals to websites with which the user communicates. To date, there is no industry standard for DNT and users cannot know how a given company responds to a DNT signal they receive from browsers. Adherium is committed to remaining apprised of DNT standards. However, Adherium does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow Adherium to respond to signals or other mechanisms regarding the collection of your Personal Data.

CHANGES TO THIS PRIVACY POLICY

We review our privacy practices regularly. We may update this Privacy Policy from time to time. We will provide you with advance notice of material revisions to this Privacy Policy. We will not make revisions that have a retroactive effect unless we are legally required to do so or to protect other users. Your continued use of the Services after the Effective Date constitutes your acceptance of this Privacy Policy, as amended. As of the Effective Date, the amended Privacy Policy supersedes all previous versions of or agreements, notices or statements about this Privacy Policy.

You can confirm you are looking at our latest Privacy Policy by clicking here, or you can request previous versions at privacy@adherium.com.

MARKETING AND ADVERTISEMENTS

Adherium does not send marketing and advertisements based on your Personal Data.

COMMUNCIATIONS FROM ADHERIUM

We may send communications, including emails, to you regarding your account and the Services. If we do, we will provide you with an option to opt out of these communications.

CHANGES TO THIS PRIVACY POLICY

You can confirm you are looking at our latest Privacy Policy by clicking here, or you can request previous versions at privacy@adherium.com.

HOW TO CONTACT US

If you have any questions or concerns about our Privacy Policy or if you would like to make a complaint about the manner in which your personal information has been collected or handled by us, please contact our Privacy Officer by email at privacy@adherium.com or in writing to:

Adherium (NZ) Ltd, PO Box 106612, Auckland 1143, New Zealand, or,
if you are an Australian resident, to Adherium Limited, PO Box 1149, Thornbury VIC 3071, Australia.

We will respond to all communications as soon as reasonably possible. If you want to give us any feedback about how we have handled your question or request, please let us know because we are always trying to improve.

ADDITIONAL CONTACT INFORMATION FOR EU, EEA AND UK RESIDENTS:

Our Data Protection Officer is Paulina Luczynska at privacy@adherium.com.

Adherium (NZ) Limited, which processes the personal data of individuals in the European Union, European Economic Area and/or UK, in either the role of data controller or data processor, has appointed DataRep as its Data Protection Representative for the purposes of EU GDPR and UK GDPR so that you can contact them directly in your home country. DataRep has locations in each of the EU countries, the UK, as well as Norway and Iceland in the EEA.

If you wish to raise a question, or otherwise exercise your rights in respect of your personal data, you may do so by:

contacting us on our online webform at datarep.com/adherium;
sending an email to DataRep at adherium@datarep.com quoting <Adherium (NZ) Limited> in the subject line; or
mailing your inquiry to DataRep at the most convenient of the addresses listed here.
- PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you address your letters to ‘DataRep’ and not ‘Adherium (NZ) Limited’ or your inquiry may not reach us.
- Please refer clearly to Adherium (NZ) Limited in the content of your request.

If you have any concerns over how DataRep will handle your personal data, please refer to their privacy notice at www.datarep.com/privacy-policy.

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask for and obtain from us an annual list identifying the categories of personal customer information which we shared, if any, with our affiliates and/or third parties in the preceding calendar year for marketing purposes. This list will be provided free of charge. Contact information for such affiliates and/or third parties must be included. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 2648 International Blvd, Suite 115, PMB 33, Oakland, CA 94601.

HOW TO MAKE A COMPLAINT

If you are not satisfied with our response to your question or concern, you can make a complaint to the relevant privacy regulator or data protection authority in your region (see below):

Australia: Office of the Australian Information Commissioner: https://www.oaic.gov.au/about-us/contact-us/
EU: please refer to this website for a list of the contact details of the Data Protection Authority for your country: https://edpb.europa.eu/about-edpb/board/members_en
New Zealand: Office of the Privacy Commissioner: https://www.privacy.org.nz/about-us/contact/
UK: Information Commissioner’s Office: https://ico.org.uk/global/contact-us/
Elsewhere: we can assist you in identifying the appropriate regulator in your region. Please contact us at privacy@adherium.com.

Welcome to the Hailie Solution