Privacy Policy Statement

Last modified: 16 May 2025

This Privacy Policy applies to Metluma Pty Ltd (ABN 63 664 523 255) (Metluma, we, us or our).

Metluma’s collection, use, disclosure and storage of your personal information is regulated by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act and related legislation.

We want our visitors to feel protected when visiting and using Metluma’s services (the Metluma Services) which are available on our website (metluma.com) (Website) and via our Metluma mobile application (App) (collectively the Portal).

Updates to this Privacy Policy will be published on our Portal.

If you have any questions regarding this Privacy Policy or our privacy practices generally, please do not hesitate to contact our Privacy Officer at privacy@metluma.com.

Purpose

The purpose of this Privacy Policy is to:

• give you an understanding of the kinds of personal information that we collect and hold.
• communicate how and when your personal information is collected, used, disclosed, held and otherwise handled by us.
• inform you about the purposes for which we collect, hold, use and disclose personal information.
• provide you with information about how you may access your personal information and seek correction of your personal information.
• provide you with information about how you may make a privacy-related complaint, and how we will deal with any such complaint.

What is personal information?

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. It includes your name, date of birth / age, gender and contact details as well as health information, which is treated as “sensitive information” under the Privacy Act. Sensitive information also includes (but is not limited to), for example, personal information about an individual’s racial or ethnic origin; sexual orientation; membership of a professional association, trade association or trade union, as well as genetic information.

In this Privacy Policy, a reference to personal information includes sensitive information, such as your health information.

Collection of personal information

The personal information we collect depends on the nature of our relationship with you. Personal information collected by us will usually fall into one of the following categories:

• Contact and personally identifiable information (name, gender, age, birth date, address, email address, and telephone numbers).
• If you are applying for employment with Metluma or are a Metluma employee, your employment-related information (e.g. education and employment history including job titles, reference names and contact details, work performance, absences, workplace incidents, next of kin information) and superannuation fund details and your Tax File Number.
• Sensitive information (e.g. information about your health, including but not limited to menopause symptoms and medical history).
• Information obtained to assist in managing client and business relationships, including with workplaces that make our Services available to their employees and our business partners.
• Details of any steps you have taken via the Portal, for example, when you book an initial consultation, attend a webinar, subscribe to our newsletters and insights, participate in a coaching program or book a medical appointment.

We may collect your information from you in a variety of ways including when:

• we provide Services to you for example:
  • if are an individual using our Services to book a consultation, participate in a telehealth call, access webinars and participate in group or one-on-one coaching: or
  • if you are a representative of a company which engages us to provide our Services to your employees;
• you visit our Portal and submit information via the Portal (for example, if you complete an individual or business enquiry form or when you complete our UMA40 symptom tracker);
• you download and register to use the App;
• you submit your information in response to Metluma marketing events or activities;
• you contact us by any method, such as face-to-face, over the telephone, through an online form or the Portal, through a paper form or by email; or
• you apply for employment with Metluma or we engage you as a contractor or consultant.

Our Portal automatically collects information about how our Portal is accessed and used. This data includes the type of browser you are using, your IP address, the URL you have come from and the time spent at that URL, the date and time of your visit, pages viewed and your use of features of the Portal. We use this data to help administer the Portal, keep the Portal relevant to users, diagnose problems with our servers, analyse trends and observe Portal usage.

We may also collect data from third parties, for example

• when you connect any of the following with our Portal:
  • wearables and connected fitness devices and platforms, such as Fitbit and Garmin;
  • consumer health applications; and
  • health data aggregators, such as Apple Health,
• someone duly authorised to act on your behalf;
• where you have provided consent, from your medical or health practitioner to, for example, co-ordinate any care requirements you may have;
• from workplaces that have engaged us to provide our Services to their personnel; and
• recruiters we have retained, from referees you have provided in support of a job application and any service provider we may engage to conduct background checks on job applicants.

We do not collect any credit card details – all payments are processed by a third party payment processor.

You may choose to deal with us anonymously or under a pseudonym. However, in some circumstances, anonymity or the use of a pseudonym may render us unable to provide the relevant Service or reasonably conduct our business, and we may request that you identify yourself.

You may also choose not to provide us with your personal information.  Depending on the circumstances in which you do so, however, we may be unable to provide you with our Services as a result.

Why do we collect, use and store your personal information?

We collect, use and store your personal information to provide you with our Services which include:

• Monitoring and assisting you to improve your health and wellbeing, for example, sending you details of programs, tools and service providers which may assist with the management of your menopause symptoms;
• Training and education, for example, providing workplace training as well as group and one-on-one coaching;
• Conducting research about women’s health; and
• Client and business relationship management.

If you are an employee or contractor we have engaged, we will collect, use and store personal information for employee and contractor management including engagement, training, performance management, payroll, superannuation, health and safety and staff management purposes;

We may also collect, use and store your personal information:

• for marketing purposes, in order to provide you with information about the Services we offer (where you have provided consent);
• to respond to your questions or suggestions;
• to improve the quality of our Services and the Portal;
• for the prevention of fraud and/or identifying and investigating any suspicious use of our Portal or the Metluma Services;
• for our internal business and management processes, for example, accounting or auditing purposes;
• for any other purpose to comply with our obligations under law; or
• for any other purpose that would reasonably be expected by you.

You may opt out of receiving marketing information by notifying us accordingly, or by using any unsubscribe facility we provide in our marketing messages for that purpose.  You can also opt-out by changing your account settings by logging into your profile on the Portal. If you opt-out of receiving marketing information, we may still contact you in connection with the Services we provide to you, such as for appointment reminders and scheduled coaching sessions and workshops.

Our Services, functions and activities, as well as those of our contracted service providers, may change from time to time.

Cookies

Our Portal uses cookies or similar tracking technologies to help us track Portal use and remember user preferences. Cookies are small files that store information on your computer, mobile phone or other device. A cookie enables the entity that put the cookie on your device to recognise you when you use different websites, devices and/or browsing sessions. We use cookies for different purposes such as:

• Authentication: to determine if a user is logged-in and then deliver the right experience and features to that unique user.
• Security: to impose security measures on the Portal. Cookies also help to detect unusual and suspicious activities.
• Performance: to help our Portal learn how services work for different users and how to route traffic between servers.
• Analytics and Research: to learn which of our Services are most frequently used and accessed. This helps determine what areas of our Portal and Services to improve, what to remove and what to leave the same.
• Remarketing: to use search engines and social media to advertise our services online. Third party vendors, such as Google and Meta, use cookies and tags to display relevant ads based on your past visits to our Portal. Remarketing allows us to tailor our marketing to better suit your needs and display ads that are relevant to you. Any data collected will be used in accordance with this Privacy Policy, or the privacy policy of other remarketing services that we may use.

Where we collect personal information via cookies, the personal information will be handled in accordance with this Privacy Policy.

You can disable cookies through your internet browser. However, our Portal may not work as intended if you do so.

Protecting and storing your personal information

We understand the importance of keeping personal information secure and safe. Some of the ways we do this are:

• Requiring employees and contractors to enter into confidentiality agreements;
• Ensuring that employees abide by this Privacy Policy and are kept up-to-date on Metluma’s security practices;
• Securing hard copy document storage (i.e. storing hard copy documents in locked filing cabinets);
• Implementing security measures for the transmission of personal information to our servers and any access to computer systems to protect that personal information from unauthorised access, modification or disclosure and loss, misuse and interference;
• Ensuring data storage devices such as laptops, tablets and smart phones are password protected;
• Ensuring that our servers are located in controlled, secure environments, protected from unauthorised access, use or alteration;
• Providing discreet environments for confidential discussions;
• Implementing access control for our buildings including waiting room / reception protocols and measures for securing the premises when unattended; and
• Implementing security measures for our Portal.

Personal information may be stored in hardcopy form but will be primarily stored electronically in our software and systems.

Personal information is stored in Australia.

Our cloud-based practice management software and electronic health record system is provided by Telstra Health Helix.

Who will we disclose your personal information to?

In providing our Services, your personal information may be disclosed to medical and other health practitioners we have engaged to assist us with the delivery of our Services to you.

Like most businesses in Australia, we contract out some of our functions and rely on third party suppliers or contractors to help us conduct our business, for example to provide specialised services such as employment services, software services and systems, cloud computing technology and data storage services, legal advice, insurance broking, security services, business advisory services and financial services. We may disclose personal information to these third parties in connection with their provision of goods or services to us.

We may disclose your personal information to healthcare practitioners, or other entities where required or permitted by law, which may include the following circumstances:

• You have consented to such disclosure.
• We believe that you would reasonably expect, or have been told, that information of that kind is usually passed to those individuals, bodies or agencies, and it is being disclosed for a purpose related (or directly related, in the case of sensitive information) to the reason we collected the information.
• A permitted general situation or permitted health situation (as these terms are defined in the Privacy Act) exists in relation to the disclosure.
• We believe it is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (e.g. police and ASIC).

We reserve the right to transfer information (including your personal information) to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of Metluma provided that the third party agrees to adhere to the terms of this Privacy Policy and handle personal information in accordance with the APPs.

De-identified information (ie information which cannot be used to identify an individual) may be shared with universities so that the universities may conduct research about women’s health and women’s health services.

Third party websites

Our Portal may contain links to third party websites. Please be aware that these third party websites are not subject to this Privacy Policy or our privacy standards and procedures, and we are not responsible for, nor do we endorse, the content or privacy of these sites. You will need to contact these third party sites directly to obtain their privacy policies.

Accuracy of personal information

We take steps to help ensure that all personal information we collect, use or disclose is accurate, complete and up to date. Please contact our Privacy Officer (details below) if you are aware that personal information that we hold about you does not meet this objective.

How can I access my personal information and contact Metluma?

You can request access to personal information that we hold about you.

The procedure for requesting and obtaining access is as follows:

• All requests for access to personal information are to be made in writing and addressed to our Privacy Officer (see contact details below). All requests should specify how the information is proposed to be accessed (photocopies, electronic copy, or visual sighting).
• Please provide as much detail as possible regarding the Metluma business, department and / or person to whom you believe your personal information has been provided and when. This will allow us to process your request more efficiently.
• We will endeavour to acknowledge your request within 14 days of the request being made.
• Access will usually be granted within 30 days your request. If the request cannot be processed within that time for whatever reason, we will let you know the anticipated timeframe for a response to be provided.
• You will need to verify your identity and, where relevant, your authority before access to personal information is granted.
• We may charge a reasonable fee for responding to your access request, which will be notified to you and required to be paid prior to the release of any information. Once the request has been processed by us, you will be notified of our response and proposal for suitable access (provision of photocopies, digital copies or visual sighting, where appropriate).
• We may refuse to grant access to personal information if there is an exception to such disclosure which applies under relevant privacy legislation.

If, as a result of access being granted (or at any other time), you become aware that we hold personal information that you regard as being no longer accurate or correct, you may request the deletion or correction of such information.

Upon receipt of a request to correct or delete personal information, we will either make such corrections or deletions or provide written reasons as to why we decline to make such alterations. If we decline your correction request, we will include a statement about your correction request with your personal information (if you ask us to do so).

We have a designated Privacy Officer who is responsible for the management of:

• requests for access to personal information; and
• complaints regarding our management of personal information.

For information regarding privacy, our Privacy Officer can be contacted at:

Metluma

P:  0418 98 00 86
E: privacy@metluma.com

How do we handle complaints?

If you consider that there has been a breach of the Australian Privacy Principles or your privacy rights, you are entitled to complain to Metluma.

All complaints are to be in writing and directed to the Privacy Officer using the contact details above. The Privacy Officer will endeavour to acknowledge receipt of a written complaint within 2 business days.

The Privacy Officer will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this timeframe is not achievable, we will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.

If you are not satisfied with the outcome of Metluma’s investigation and decision, you can lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC) by phoning 1300 363 992 or by using the OAIC’s contact details on its website www.oaic.gov.au