Privacy

StrongRoom AI is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

STRONGROOM AI PRIVACY POLICY 2026

1. ABOUT THIS POLICY

1.1 This Privacy Policy (Policy) applies to SRSPV Pty Ltd (StrongRoom AI, we, our or us), and describes how StrongRoom AI collects, discloses, handles and protects the privacy of personal information.

1.2 StrongRoom AI provides technology to its customers (including pharmacies, aged care facilities and hospitals) that use personal (including sensitive health) information to streamline our customers’ services, including managing patient medication efficiently and transparently.

1.3 We are committed to protecting privacy and understand the importance of protecting personal information. This Policy outlines:

(a) the types of personal information that we usually collect and hold;

(b) how we collect and hold personal information;

(d) how you may access your personal information that is held by us and seek the correction of such information;

(e) how you may complain and how we deal with complaints; and

(f) whether we disclose personal information to overseas recipients.

1.4 We handle personal information in accordance with this Policy and applicable legislation, including the Privacy Act 1988 (Cth) (Privacy Act).

1.5 In this Policy:

(a) personal information means any information or opinion about an identified individual or an individual who is reasonably identifiable, whether true or not.

(b) health information means any personal information that is also information about your health or disability. Note: sensitive information includes health information, but it also expands to other information or opinion about an individual, including biometric information.

1.6 We may amend this Policy from time to time by publishing changes on our website at www.strongroom.ai (Site). We recommend that you visit our Site regularly to keep up to date with any changes.

2. TYPES OF PERSONAL INFORMATION WE COLLECT

2.1 StrongRoom AI may collect personal information from and about users of our Site and services (including our customers’ representatives, employees and contractors), as well as individuals with whom we otherwise interact. The types of personal information we collect depends on the dealings we have with an individual. For example:

(a) For users of our Site:

(i) identifiers (eg name, alias, email address, phone number, company name, unique personal identifier, internet protocol address, referral information, other similar identifiers);

(ii) commercial information (eg company name, position, business contact details, other similar information);

(iii) internet or other electronic network activity information (eg internet protocol address, browser type, cookies used for identification, and information regarding a user’s interaction with the Site).

(b) For our customers’ representatives (including employees and contractors):

(i) your name, employer, position and business contact details;

(ii) if you elect to enable the functionality, biometric data (ie facial & fingerprints) for use of our software; and

(iii) your preferences;

(i) your name, date of birth and contact details (eg address, email address and phone number);

(ii) your employment and academic history and professional references;

(iii) your bank account details; and

(iv) background checks.

2.2 StrongRoom AI may also collect personal and sensitive information inputted into our software and services by our customers (including about their patients, suppliers and patients’ prescribers). For example:

(i) your name, date of birth and contact details (eg address, email address phone number);

(ii) biometric data (e.g. facial and fingerprints);

(iii) if you are a prescriber, your employer, title, prescriber number, position and business contact details;

(iv) health and prescription information;

(v) your preferences (including, if you are a prescriber, your prescribing habits); and

3. WAYS WE COLLECT YOUR PERSONAL INFORMATION

3.1 We may collect personal information from or about you in different ways depending on your dealings with us, including:

(a) from you directly when you interact with us, eg from our discussions with you, when you complete a form, from your emails or from your interaction with our Site;

(b) automated technologies and interactions (eg location data) as you interact with the Site;

(d) from publicly available sources, including social media.

3.2 Further to clause 3.1(c), if you are a patient of, or receive health services from a health service provider with whom we interact with, your health service provider might share your personal information with us so that we can provide our range of services and technological solutions to them. We have strict requirements about how we handle sensitive information (which includes health information). In this regard:

(a) we rely on your health service provider to have obtained your permission to share your personal information with us;

(b) the collection by us of your personal information from the health service provider is reasonably necessary in the provision of, or assisting (the health service provider) in the provision of, a health service;

(c) the collection by us of your personal information is limited only to what is reasonably necessary in the provision of, or assisting (the health service provider) in the provision of, a health service; and

(d) it is unreasonable or impracticable for us to collect that information directly from you.

3.3 If you apply for a job or contract position with us, we may also collect personal information about you from third parties and publicly available sources, including:

(a) recruiters;

(b) government departments to verify your entitlement to work in Australia or other relevant location;

(d) academic institutions;

(e) your current or previous employers; or

(f) your referees.

4. PURPOSES FOR WHICH WE COLLECT, USE AND DISCLOSE PERSONAL INFORMATION

4.1 We collect personal information reasonably necessary for us to carry out our business. This includes the following purposes:

(a) to provide and update our services;

(b) to manage and conduct our business;

(d) to obtain feedback;

(e) to help us manage, develop and enhance our services, including our Sites and applications;

(f) to consider your suitability for employment; and

(g) to comply with our legal obligations, resolve any disputes, and enforce our agreements and rights with third parties.

4.2 If you are a patient of or receive health services from the health service provider with whom we interact with, we may collect, hold and disclose your sensitive information if it is reasonably necessary to enable us to provide services and any technical support that we might provide to your health service provider.

4.3 Please note that we may not be able to provide you with the services or enable the health service provider with whom you engage with to provide its health services if you choose not to provide certain information or require anonymity.

4.4 We may de-identify personal information that we hold for our business purposes, including:

(a) conducting data analytics activities about our services;

(b) generating insights and benchmarks for our customers;

(d) marketing and improvement of our services; and

(e) training of our algorithms and our artificial intelligence models.

5. DIRECT MARKETING

5.1 We may use your personal information to identify a product or service that you may be interested in. We may, with your consent, use the personal information we have collected about you to contact you from time to time whether by email to tell you about new products or services and special offers that we believe may be of interest to you.

5.2 You can withdraw your consent to receiving direct marketing communications from us at any time by following the opt-out instructions provided below in clause 5.3 of this Policy, or, if applicable, by clicking the “unsubscribe” link in the direct marketing email.

5.3 You may opt out of receiving marketing material from us at any time by contacting us via the contact details set out in clause 10 of this Policy, and we will remove you from our marketing mailing list.

6. DISCLOSING YOUR PERSONAL INFORMATION

6.1 We do not sell personal information (including health information) to third parties.

6.2 In the course of providing our products and services, in limited circumstances, we may disclose your personal information to:

(a) third parties (including technology tools) we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, data comparative analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs and market research;

(b) our affiliate and subsidiary companies under common ownership, management or control with us;

(d) anyone to whom part of all of our assets or businesses are transferred or sold;

(e) our professional advisers, including lawyers, accountants and auditors; and

(f) government agencies, regulatory bodies, law enforcement agencies or other similar entities.

in all instances (other than (f)), we take reasonable steps to ensure that the third party receiving the personal information has first agreed to protect the privacy of your information and that any limited disclosure is lawful.

6.3 In addition to clause 6.2 (a), your information may be disclosed to third-party service providers located outside of Australia. Your personal information (including sensitive information) may be disclosed to them strictly for the purposes as outlined in this Privacy Policy.

6.4 Where your information is disclosed to third parties located overseas, we take reasonable steps to ensure that these third parties do not breach Australian Law in relation to your personal information.

7. HOW WE HOLD AND STORE YOUR PERSONAL INFORMATION

7.1 To the extent we collect any personal information, we store your personal information electronically. Electronic information may be stored by our third-party storage providers.

7.2 We take reasonable and appropriate steps (including organisational and technological measures) to protect your personal information from misuse, interference and loss, as well as from unauthorised access, modification or disclosure.

7.3 We will also take reasonable steps (including organisational and technological measures) to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the Privacy Act.

7.4. In the event that we collect and/or hold unsolicited personal information, we will take reasonable steps to destroy or de-identify that information as soon as practicable.

8. ACCESS TO AND CORRECTION OF YOUR INFORMATION

8.1. We will take reasonable steps to ensure that the personal information we collect, use or disclose is up to date, accurate and complete.

8.2. You may request access to, and the correction of, any personal information we hold about you by contacting us using the details set out in clause 10 this Policy. We will need to verify your identity before responding to your request.

8.3. Subject to any applicable exceptions or requirements, we will provide you with access to the personal information you request within a reasonable time. If we decide to refuse your request, we will tell you why in writing and how to complain.

9. COMPLAINTS

9.1 You can make a complaint in writing to us using the details set out in this Policy. We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

9.2. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) via the OAIC Site, www.oaic.gov.au.

10. CONTACT US
If you have a question or comment regarding this Policy or wish to make a complaint or exercise your privacy rights, please address your correspondence to our Human Resources Manager at office@strongroom.ai.