Medi-Map Group Pty Limited (“we”) are committed to protecting and respecting your privacy and will comply at all times with relevant privacy laws including but not limited to: Australia

1. the Privacy Act 1988:
   1. We will use all reasonable endeavours to cooperate with, and assist you to respond to, any complaint or investigation by relevant authorities (including but not limited to the investigator, a Coroner, the Privacy Commissioner and the
      Police) relating to privacy issues arising from your use of the Software or the Services (both as defined below).
   2. to the extent applicable, any legislation from time to time in force in Australia affecting privacy, personal information (including health records and information) or the collection, handling, storage, processing, use or disclosure
      of data; and
   3. any ancillary rules, binding guidelines, orders, directions, directives, codes of conduct, or other instruments made or issued by a government agency under an instrument identified in paragraphs (i) to (ii) above.

This policy and any separate written agreements agreed by the parties we require you enter into for use of any particular Software (as defined below) of ours constitute the legal agreement (“Licence Agreement“) between you and us that applies to your
use of the following via any mobile telephone or other electronic device (“Device”):

1. MEDI-MAP mobile application software, the data supplied with it, and the associated media (“Medi-Map Mobile App”);
2. MEDI-MAP MY MEDS mobile application software, the data supplied with it, and the associated media (“Medi-Map My Meds”);
3. Medi-Map Web Service (accessible at https://medimap.com.au ) (“Medi-Map Web Service); and
4. Any of the services accessible through the Software (“Services”).

Medi-Map Mobile App, Medi-Map My Meds and Medi-Map Web Service are together referred to as the “Software”.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, through or in relation to the Software or the Services, will be processed by us. Please read the following carefully to understand our views
and practices regarding your personal data and how we will treat it. It is important that you read this Privacy Policy carefully because anytime you use our Software or Services, you consent to the practices we describe in the Licence Agreement
(including this Privacy Policy). If you do not agree to the practices described in the Licence Agreement, you should not use the Software or the Services.

By using the Software or any of the Services, you consent to us collecting and using technical information about the Devices and related software, hardware and peripherals for Services that are internet-based or wireless to improve our products and
to provide any Services to you.

Certain Services will make use of location data sent from the Devices. You can turn off this functionality at any time by turning off the location services settings for the Software on the Device. If you use these Services, you consent to us and our
affiliates’ and licensees’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve location-based products and services. You may withdraw this consent at any time by turning off the location
services settings on your device.

We may collect and process the following data about you:

1. Information you give us (Submitted information): You may give us information about you through registration of and use of the Software, or by corresponding with us (for example, by e-mail or chat). This includes information you provide when
   you download or register any Software, subscribe to or use any of our Software or Services, or link to any other healthcare providers or family members with regard to services associated with your healthcare, and when you report a problem
   with any Software or our Services. The information you give us may include your name, address, e-mail address and phone number, the Device’s phone number, age, username, password and other registration information, personal description
   and photograph, and medicine information.
2. Information we collect about you and your device. Each time you use the Software we may automatically collect the following information:
   1. technical information, including the type of mobile device you use, a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by
      the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, (“Device Information”).
   2. information stored on your Device, including login information, digital content, check-ins related to your use of the Software, medicine information, medicine compliance information or repeat requests to pharmacy. (“Content Information”).
   3. details of your use of any of the Software including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that
      you access (“Log Information”); and/or (iv) Location information. We may also use GPS technology or other location technology available through your Device to determine your current location. Some of our location-enabled Services
      require your device data for the feature to work. You can withdraw your consent at any time by turning off the location-enabled services settings on your device but doing so may affect your ability to use some Services or features
      of the Software.
3. Information we receive from other sources (“Third Party Information”). We may receive information about you from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from
   or about you. We may also receive information about you from third-party social networking services when you choose to connect with those services.
4. If you contact us, we may keep a record of that correspondence.
5. Unique application numbers: when you install or uninstall any Software containing a unique application number or when a Service searches for automatic updates, that number and information about your installation, for example, the type of operating
   system, may be sent to us.

We use cookies to distinguish you from other users of the Software. This helps us to provide you with a good experience when you use the Software or browse any of the sites and also allows us to improve the Software and our sites.

Cookies are small files that are placed on your browser or device by the website or app you’re using or ad you’re viewing. Pixel tags (also called clear GIFs, web beacons, or pixels) are small blocks of code on a webpage or app that allow them to
do things like read and place other cookies and transmit information to us or our partners. The resulting connection can include information such as a device’s IP address, the time a person viewed the pixel, an identifier associated with the browser
or device and the type of browser being used. Local storage is a technology that allows a website or app to store and retrieve data on a person’s computer, mobile phone, or other device. Some examples include device or HTML5 local storage and
caching.

We use the following types of cookies:

1. Persistent cookies – used to recognise you when you return to our website. This assists with our security services, and also enables us to personalise our content for you, greet you by name and remember your preferences (for example, your
   region) and provide personalised features such as start page, or deliver ads that are relevant to you.

2. Session cookies – used as an integral part of the identification process for our services. This is for security purposes to determine that you are who you say you are and to provide you with your confidential account information during
   a session. No personal information is kept in the cookie and the cookie is not written to your Device. When you log out of your session the cookie is no longer valid and is discarded when you close your browser.
3. Analytical/performance cookies – They allow us to recognise and count the number of visitors and to see how visitors move around our Software when they are using it. This helps us to improve the way the Software works, for example, by
   ensuring that users are easily finding what they are looking.
4. Essential cookies – These are cookies that are required for the operation of our website. They include, for example, authentication cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing
   services. For example, they help protect your account from being accessed by anyone other than you and let us know when several people have logged in from the same computer. With login approvals if someone logs into your account from
   a browser you’ve never used before, we may block them and ask for more information. They also help us implement login notifications, so you can be alerted when your account is accessed and disable any active sessions.
5. Functionality cookies – These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your region). For example, we may
   store information in a cookie that is placed on your browser or device so you will see the site in your preferred language.
6. Targeting cookies – These record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.
   We may also share this information with third parties for this purpose but will never share any information which enables you to be identified.

You may block cookies, by activating settings on your Device to refuse cookies. However, if you block or refuse all cookies:

1. you may not be able to access all parts or features of the Software, or the Software may operate more slowly and require you to re-enter data previously entered on other occasions.
2. we still use some cookies if you do not have an account or have logged out of your account. For example, if you have logged out of your account, we use cookies to help:
   1. Identify and disable the accounts of spammers.
   2. Recover your account if you ever lose access to it.
   3. Provide extra security features like login notifications and login approvals.
   4. Prevent people who are underage from signing up with a false birth date.
   5. Identify public computers so that we can discourage people from using ‘Keep me logged in’ and putting their account at risk; and
   6. Generate insights about the people who interact with our website, any services we provide, and the websites of our advertisers and partners; and
3. Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These are likely to be analytical/performance cookies or
   targeting cookies.

Except for Essential cookies, all cookies we use will expire after they are no longer required for their original purpose.

We use information held about you in the following ways:

1. Submitted Information: To ensure the correct identifiers are used to identify your linked medicine information.
2. Device information: To identify use of the Software and storage of data.
3. Content Information: To ensure that your doctor and pharmacy or care organisation has up to date information on your medicine list and medicine use. This may include repeat of prescriptions and mood statements.
4. Log information: To ensure appropriate use of the Software.
5. Location information: For clarification of your location.
6. Third Party Information: For notifications on missed medicine events and non-compliance notifications.
7. Unique application numbers: To ensure the [UUID] of the device is linked to the correct patient medicine data in the Services.
8. Use of the information by other providers such as doctors or pharmacy to be able to provide medicine services to a resident. If a resident chooses to change pharmacy or medical provider, the data will be made available to that user or organisation
   accordingly. This change is managed by you within the software and not by us.

We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this policy for as long as it is combined.

We do not disclose information about identifiable individuals to advertisers or for promotion.

You acknowledge and agree that:

1. we may derive or create data and information about the use of the Software and/or the Services by you and your authorised users (“Use Data”) and we may use and disclose Use Data to our third-party service providers in order to improve the
   Software and/or the Services; and
2. we may obtain and aggregate technical and other data about your use of the Software and/or the Services (excluding any personally identifiable data with respect to you or your authorised users) (“Aggregated Anonymous Data”), and we may use
   the Aggregated Anonymous Data to analyse, improve, support and operate the Software and/or the Services and otherwise for any business purpose, during and after the term of the Licence Agreement, including without limitation to generate
   industry benchmarks or best practices guidance, recommendations or similar reports for distribution to and consumption by you and other customers or prospective customers of ours. This may include the Australian e-Prescribing services,
   My Health Record, Pharmacist dispense of General Practitioner software. The intent of this is for the provision or improvement of medical services. For the avoidance of doubt, this clause 6.4 does not give us the right to identify you
   as the source of any Aggregated Anonymous Data.

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in the Companies Act 1988.

We may share your information with selected third parties including:

1. Business partners, suppliers, and sub-contractors who we engage to perform functions on our behalf. They will have access to your personal information as necessary to perform their functions but may not use it for other purposes. They must
   also process the personal information in accordance with this Privacy Policy and as permitted by applicable data protection laws, or
2. Other vendors in the health industry including but not limited to MyHR, medical practitioner software, pharmacy software, care plan providers, PHN or LHD software. We may provide them with resident demographic data and medication data.

We may disclose your personal information to third parties:

1. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
2. If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
3. If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
4. In order to:
   1. enforce or apply the Licence Agreement and other agreements or to investigate potential breaches; or
   2. protect the rights, property or safety of us, our customers, or others.

The data that we collect from you may not be transferred to, and stored at, a destination outside Australia. It may also be processed by our staff operating outside Australia who work for us. These staff may be engaged in the fulfilment of your request,
order or reservation, the processing details, and the provision of support services with your consent. We will take all steps reasonably necessary steps to ensure that your data is treated securely and in accordance with this privacy policy and
all applicable laws.

All information you provide to us is stored on our Australian based Azure secure servers based in Azure Eastern and Azure South Eastern data centres. Where there is a password that enables you to access certain parts or features of the Software, you
are responsible for keeping this password confidential. We require all staff not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will use reasonable physical and technical measures to protect your personal data, we cannot guarantee the security of your data transmitted to via
our Software – any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, including shielded [VMs] and having the minimum number of administrators.

Certain Services may include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected, or used by other users.

You can always choose not to provide us with any information, or to disable cookies although this may affect your ability to access or use the Software and/or the Services or any particular features of them, and we may not be able to process transactions
with you.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third
party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at office@medimap.com.au

The Software and our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and
that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

In addition to the above-listed rights, the General Data Protection Regulation 2016/679 (“GDPR”)provides individuals within the European Union and the European Economic Area with enhanced rights in respect of their personal data. These rights may
include, depending on the circumstances surrounding the processing of personal data:

1. the right to object to decisions based on profiling or automated decision making that produce legal or similarly significant effects on you.
2. the right to request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest or (ii) performance of a task in the public interest (including processing for direct
   marketing purposes).
3. in certain circumstances, the right to data portability, which means that you can request that we provide certain personal data about you that we process in a machine-readable format; and
4. in certain circumstances, the right to erasure, which means that you can request deletion or removal of certain personal data we process about you.

Note that we may need to request additional information from you to validate a request relating to the exercise of any of the rights above.

You have the right to access information held about you. Your right of access can be exercised in accordance with that Act. If permitted by law, we may charge you a small fee for providing you with this ability. We may decline to process requests that
are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. If you would like to make a request to access your
information, please contact our customer service department at office@medimap.com.au

We take reasonable steps to ensure that we retain information about you only for so long as is necessary for the purpose for which it was collected, or as required under any contract or by applicable law.

Any changes we may make to this privacy policy will be notified to you by e-mail for consent to be provided to the proposed changes. By using the Software and Services after accepted changes, you also confirm your agreement to the new practices identified
in the update.

We will comply with all applicable legal requirements relating to collection and use of personal data or information.

We specifically confirm that the Software and Services are not targeted at children, that we will comply at all times with the requirements of the Children’s Online Privacy Protection Act and that we do not knowingly collect any information from anyone
under 13 years of age.

Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act (USA), as well as the GDPR where applicable

The Software and the Services may link to third-party websites and services that are outside our control. We are not responsible for the security or privacy of any information collected by websites or other services not operated by us. You should
exercise caution and review the privacy statements applicable to any third-party websites and services you use.

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to office@medimap.com.au