Global Privacy Notice

Last Updated: April 9, 2025

Epi-Minder Pty Ltd (ACN 616 831 684) ("Epiminder", "us" or "we") is developing and commercialising an implantable continuous electroencephalogram monitoring (iCEM) device called Minder to help treat epilepsy. As part of this, Epiminder collects data for appropriate purposes from many types of individuals and entities, including patients, family members, caregivers, physicians and other healthcare professionals, providers, investors, and other interested parties ("you or "your").

Your privacy is important to Epiminder and we recognize the responsibility you entrust in us when providing your personal and/or health data. This Global Privacy Notice ("Privacy Notice") explains how we handle and treat your personal or health data when (i) you utilize our products, services, and tools ("Epiminder Products and Services") as further described below, or (ii) you visit our website https://epiminder.com (hereinafter the "Website"), or (iii) you express interest in our organization and products, and request information from us. The purpose of this Privacy Notice is to provide you with a clear explanation of (i) what data we collect, (ii) how we collect the data, (iii) how we use and share the data, and (iv) your legal rights regarding such data. Such activities shall be carried out in accordance with applicable data privacy and protection laws, including the Australia Privacy Act 1988 and the Australian Privacy Principles, and the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA) in the US.

We strongly recommend that you read this Privacy Notice and make sure you fully understand our practices in relation to personal and health data. After you have read this Notice, if you have any questions or would like further clarification, please contact us at privacy@epiminder.com.

Scope of this Privacy Notice

Epiminder collects certain types of personal and health data from patients, healthcare professionals, customers, potential investors, and other interested parties as they (i) utilize Epiminder Products and Services, (ii) visit our Website, or (iii) contact our company for more information.

In this Privacy Notice, (i) "personal data" includes different types of identifying information about you, and (ii) "health data" refers to physical or mental health information, including your medical history, your current state of health, and symptoms that you may be experiencing. Examples of personal and health data include:

  • Identification information such as your name, title, company name, job title, gender and date of birth.
  • Contact information, including email and/or postal address, telephone number(s).
  • Employer details and business address (if you are an individual employed by or representing an organisation with whom Epiminder is doing business).
  • Your work history and qualifications (e.g., if you contact us through our Website about employment opportunities or your work history with us).
  • Technical and usage information, including details of your visits to our Website or our office locations, including traffic data, location data, website usage, IP address, and other communication information.

How does Epiminder collect your personal and health data?

Data Collection in General. We may collect your personal and health data through the following sources:

  • Through your use of Epiminder Products and Services.
  • Communications with us based on your interest in Epiminder Products and Services, which may include information from family members or caregivers, or health professionals involved in your treatment.
  • If you are a contact person for a (prospective) patient, we may receive your contact information and other relevant data from the person who is considering Epiminder Products and Services.
  • Through your completion of forms, questionnaires, or general communications with Epiminder contacts by telephone, email, SMS (text messaging), or other electronic means.

Through our Website. In addition, we may collect certain website data about you (which may overlap with the Epiminder Products and Services data described above) if you choose to directly provide it through our Website, including:

  • Identification information such as name, title, company name, job title, gender and date of birth
  • Contact information, including email and/or postal address, telephone number(s)
  • Employer details and business address, as well as work history and qualifications (e.g. if you contact us about employment opportunities with us)
  • Technical and usage information, including details of your visits to our website, including traffic data, location data, website usage, IP address and other communication information

How does Epiminder use your personal and health data?

  • For provision of Epiminder Products and Services, we may use your data to:
    • Support and maintain your use of Epiminder Products and Services
    • Appropriately address complaints, answer questions, or inform you of relevant product or service updates, helpful information, tips and reminders
    • Contact you regarding your use of our products or services, including sending technical notices, manufacturing news, updates and alerts, relevant data privacy or security events, or changes to our terms and conditions
  • For product improvement, we may use your data to:
    • Develop and/or improve our products and therapies
    • Enhance or modify our services
    • Conduct data analysis
  • For marketing purposes, with your consent where required by applicable law, we may use your data to:
    • Send emails and notices regarding opportunities related to our products and services
    • Conduct data analysis
  • For internal business purposes, we may use your data to:
    • Ensure access to and maintenance of our products and services, including proper functioning
    • Analyze or conduct audits of our products and services
    • Track any fraudulent or other inappropriate activities, and ensure content integrity on our products and services
  • For compliance with legal and regulatory requirements, we may use your data to meet post-marketing obligations, any recalls and returns if applicable, and data retention requirements.
  • For general business reasons, we may engage and communicate with you to discuss our organization and operations (namely with potential investors and other interested parties).

With whom does Epiminder share your personal and health data?

Data shared to provide Epiminder Products and Services

We share your personal and health data when necessary or permitted, and for purposes described in this Privacy Notice. We may share your data with the following categories of third parties:

  • Affiliates: We may share your personal and health data with our corporate parent, subsidiaries, and affiliates.
  • Business partners / service providers: We may transfer your data to our business partners / service providers as necessary to fulfil and continue our operations. For example, we may rely on service providers to distribute our Epiminder products and services, provide customer support, and/or other related services.
  • Government agencies, regulators and professional advisors: Where permitted or required by applicable law, we may also transfer your personal and/or health data to government agencies and regulators (such as medical device agencies, tax authorities, or other government offices) to comply with our legal obligations, and to professional advisors when necessary to defend our legal interests.
  • Organizations involved in business transactions: In the event of an investment, merger, reorganization, dissolution or similar corporate event, or the sale of all (or substantially all) of our assets, we expect that the information that we have collected, including personal and health data, will be transferred to the acquiring entity or the surviving entity in a merger or similar transaction. Such information would be transferred in accordance with applicable laws.

Data shared as permitted or directed by you

  • Data shared with healthcare professionals (HCP/s): You may direct us to share your personal or health data with your HCP/s, as applicable. In such cases, your HCP will have access to your name, device settings, email address, date of birth, health data, and other related information.
  • Data shared with your friends and/or family members: You may direct us to share your data with your caregivers, friends and/or family members, the scope of which will be determined by your request or instruction.
  • Data shared with third parties: You may direct us to share your data with third parties who are relevant to your care, well-being, and/or your use of Epiminder products and services. In such cases, the third party will have access to your personal and health data. (Please note that we have no control over the data activities of such third parties; once shared, the processing of your data will be subject to the third parties' privacy policies.)

Website cookies

We use "cookies" to enhance functionality and to keep track of visits to our Website. A cookie is a small data file that contains information about your visit to a website. Your computer provides this information, including your IP address, during your first visit to a web server. The server records this information in a text file and stores this file on your hard drive. When you visit the same website again, the server looks for the cookie and structures itself based on the information provided. A cookie only identifies your computer to a web server when you visit the site. If you visit our Website to browse or download information, our web server will record the date and time of your visit to our site, the pages viewed and the information downloaded.

We generally use this information for statistical purposes. Most web browsers are initially set up to accept cookies. You can reset your browser to refuse all cookies or to warn you before accepting cookies. If you have set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. You can refuse cookies by turning them off in your browser. If your browser is configured to reject all cookies, you will be unable to use services on the website that require cookies in order to participate. You may still be able to use some information-only pages if you do not accept cookies.

How does Epiminder keep your personal and health data safe?

We are committed to keeping your personal and health data secure, and we maintain appropriate information security policies, rules, and technical measures to protect the data from unauthorized access, improper use or disclosure, unlawful destruction, or accidental loss. We have put in place procedures to address any suspected breach of personal and health data and will notify individuals and any applicable government agency of a breach when legally required.

Protecting your data includes (i) securing our physical premises and digital storage media, and (ii) robust access control over our information technology systems and databases to protect electronic information from unauthorised interference, access, modification, or disclosure. Data which is collected by our Minder device is stored and processed using commercial cloud providers based in the United States and Australia. Please note that, as with any organization, we cannot completely eliminate security risks associated with the storage and transmission of data (including data that is transmitted through the internet).

How long does Epiminder keep your data?

We will keep your personal and health data for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, regulatory, post-approval monitoring, or reporting requirement, to establish or defend legal claims, or to prevent fraud.

To determine the appropriate retention period for personal and health data, we consider the following criteria:

  • Our legal obligations to retain the data under applicable laws.
  • Applicable legal holds or limitation periods for the establishment, exercise or defence of any potential legal claims.

When we no longer require your personal or health data, we will either delete or anonymize it or, if this is not possible (for example, because your data has been stored in backup archives), then we will securely store your data and isolate it from any further processing until deletion is possible. If we anonymize your data (so that it can no longer be associated with you), we may use and store this information indefinitely without further notice to you.

Your privacy rights

If you have a question, request, or complaint regarding your data, please contact us at privacy@epiminder.com. In your communication, please make clear what changes, corrections, or limitations you would like to place on your personal or health data. For your protection, we may only implement requests regarding the data associated with your particular email address used to contact us, and we may ask you for additional steps to verify your identity. Please note that we may not be able to accommodate every data request for a change, correction, or limitation, and we may need to retain certain data for recordkeeping, regulatory or legal reasons, or to complete any ongoing transactions.

With respect to complaints, we will endeavour to resolve complaints quickly and informally. If you wish to proceed with a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer by email. We will investigate your complaint and endeavour to resolve it within a reasonable period, not usually exceeding 30 days. In Australia, if you consider that we have not dealt with your complaint or request adequately, you may contact the Office of the Australian Information Commissioner: https://www.oaic.gov.au/about-us/contact-us.

International data transfers

We are headquartered in Australia and may have service providers in other countries, and your personal or health data may be transferred to the United States or other locations outside of your country where privacy laws may not be as protective as those in your country. We will take appropriate steps to ensure that transfers of data are in accordance with applicable laws.

Children

Epiminder Products and Services are not intended for use by individuals under 18 years of age in any jurisdiction and Epiminder does not market or promote the product for anyone under 18. Therefore, we do not knowingly collect any personal or health data from persons under 18. If we learn that we have collected or received data from any person under 18 without verification of parental consent, we will delete that information. If you believe that we might have any information from or about an individual under the age of 18, please contact us at privacy@epiminder.com.

Contact us

You may contact us using the following details:

Email: privacy@epiminder.com

Postal address:

Privacy Officer
Epiminder
Office 210/211
West Podium, Mezzanine 2
525 Collins Street
Melbourne VIC 3000
Australia

Changes to this Privacy Notice

We may make changes to this Privacy Notice from time to time. To ensure that you are always aware of how we use your data, we will update this Privacy Notice to reflect any changes to our practices or data processing activities. We may make changes to comply with updates in applicable law, regulatory requirements, or emerging privacy practices. Please regularly check this document or this webpage for the latest version of this Privacy Notice.