Privacy Policy

---

The privacy of your personal information is important to us. We are committed to accord the information the due level of care as presented in this Privacy Policy, consistent with the Personal Data Protection Act 2012 (Act 26 of 2012) (“PDPA”) and the Personal Data Protection Regulations 2021 including any other relevant regulations which may be in force and amended from time to time (the “Regulations”) in Singapore.

This policy applies to Osteopore International Pte. Ltd. (UEN 200311327H) in Singapore (referred to below as Osteopore, we, us or our). This policy outlines our obligations and practices in the handling of the personal information we collect and hold in Singapore about our customers, prospects, vendors, suppliers, partners, and all others who come into contact with us and our related companies, across all touch points of our business operations.

Personal Information

In this Privacy Policy, the term Personal Information refers to any and all data, whether true or not, about an individual who can be identified from that data or from that data and other information to which Osteopore has or is likely to have access.

We treat Personal Information as confidential and will accord the due level of care in accordance with this Privacy Policy and consistent with the PDPA and the relevant Regulations.

Types of Personal Information we collect

The Personal Information we collect in the course of and as a result of providing products and services to our customers includes but may not be limited to your name, telephone number(s), email address, mailing address, employer company/institution, job title, medical specialty, date of birth and social media handles.

We also collect Personal Information about patients for the purpose of making tailored implants using our technology. This may include the patient's name, contact details and/or other identifiers provided by the customer, as well as the patient's date of birth and information about any illnesses, medical conditions and disabilities they may have and relevant CT scans or medical records.

Purpose of collection

Generally, we collect Personal Information from existing and prospective customers and suppliers for purposes relating to the products and services we offer or require, or in assessing your suitability for employment with us. These purposes include, but are not limited to:

• Making and supplying implants tailored to patients' needs;
• Communication with you in relation to products and services we provide which are relevant to your relationship with us;
• Responding to your enquiries regarding training courses and any other services we offer;
• Processing requests, orders and administering accounts;
• Providing customer support including account servicing (order confirmations, reminders, delays, cancellations, etc.);
• Administering and performing any contracts with service providers;
• Offering you updated marketing and promotional packages you can benefit from, including products and services offered by our selected partners;
• Providing course and product updates and upgrades;
• Receiving feedback;
• Conducting surveys;
• Meeting regulatory and legal obligations;
• Processing applications for employment; and
• As otherwise required to manage our business.

We may, for these purposes, contact you via mail, email, telephone, SMS, smartphone applications, facsimile or other communication (including sending electronic messages).

Personal Information about patients such as age, illnesses, medical conditions and disabilities may affect tissue regeneration. We collect such Personal Information in order to tailor implants suitable to each patient's individual needs. The other Personal Information we collect about a patient's identity is dependent on the level of detail provided by the relevant company/institution to enable them to associate our work with the correct patient.

Collection of Personal Information

Where possible, we will collect your Personal Information directly from you and secure the relevant consent from you, generally by completing forms.

Alternatively, we may collect Personal Information from our distributors and customers, including Personal Information obtained from questionnaires regarding patients wanting to receive treatment using our products and services. Where possible, we request this information is provided to us in de identified form, for example, by associating the details with a unique identifier used by the relevant hospital or clinic instead of the patient's name or contact details. We request that personally identifiable information about patients only be provided to us with the patients' consent.

Our websites may offer interactive facilities, such as a customer enquiry form, where Personal Information may be collected. In addition, we may obtain Personal Information from third parties such as our partners and/or regulatory bodies. Where you have accessed and used our websites and any services we offer via these websites, you agree to be bound by this Privacy Policy in respect of the Personal Information collected about you via our websites.

In some cases, we may collect Personal Information from publicly available sources and third parties such as suppliers, recruitment agencies, employers, contractors, customers and business partners.

Regardless of how we collect it, we will handle Personal Information in accordance with the PDPA and the relevant Regulations.

Disclosure of Personal Information

In the normal course of conducting our business, we may disclose your Personal Information to:

• Our related bodies corporate, including Osteopore Limited (ABN 65 630 538 956) and Osteopore Australasia Pty Ltd (ABN 11 644 114 698) (who may use Personal Information in the same way we do);
• Our accountants, insurers, lawyers, auditors and other professional advisers;
• Regulatory bodies and agencies;
• Funding agencies;
• Partners and service providers who assist us in providing services or who perform functions on our behalf (eg mailing houses of letters or printers for our marketing materials);
• Third parties to whom you have directed or permitted us to disclose your Personal Information;
• In the unlikely event that Osteopore or its assets are acquired or considered for acquisition by a third party, that third party and its advisors;
• Government agencies, courts or other third parties where required by law.

We do not allow these external organisations to use your Personal Information for anything other than the purposes for which we supplied it to them, or as permitted or required by law. We will take reasonable steps to ensure such external organisations are required to protect the privacy of your Personal Information.

Some of those to whom we disclose Personal Information may be located overseas, including our related entities and service providers in Australia and distributors around the world. We may also use overseas service providers to store Personal Information, such as cloud-based storage solutions, although this may not involve a disclosure of Personal Information to those providers. By providing your Personal Information to us, you consent to us disclosing your Personal Information to any such overseas recipients for purposes necessary or useful in the course of operating our business. For the avoidance of doubt, foreign recipients will not be bound by the PDPA and the relevant Regulations and you will not be able to seek redress for a breach by those foreign recipients under the PDPA and the relevant Regulations.

Please note that we may collect, use and disclose Personal Information without your consent under certain circumstances, including where it pertains to your vital interests, matters affecting the public, where our legitimate interests outweigh any adverse effect on you, business improvement and research purposes, subject to the provisions of the PDPA.

Direct marketing

From time to time, we may contact you via mail, email, telephone, SMS, facsimile or other methods (including electronic messages) to inform about our products and services, or about special offers and promotions that we think may be of interest to you. You can let us know at any time if you no longer wish to receive marketing material (by contacting us at the details below) and we will remove your details from our direct marketing database.

We will not disclose your Personal Information to external organisations outside Osteopore for the purposes of allowing them to directly market their products and services unless expressly authorised by you.

Ensuring Personal Information is up to date

We rely on the Personal Information we hold in conducting our business. Therefore, it is very important that the Personal Information we hold is accurate, complete and up to date.

We will do our best to ensure that the Personal Information we hold is accurate, complete and up to date whenever we collect or use it. This means that from time to time, we may ask you to tell us if there are any changes to your Personal Information. If you find that the Personal Information we hold about you is incorrect at any time, please contact us immediately so that we can correct it as soon as practicable. We shall correct the Personal Information in our possession or under our control unless we are satisfied on reasonable grounds that the correction should not be made. We may also, with your consent, send the corrected Personal Information to specific organisations to which the Personal Information was disclosed by Osteopore within a year before the date the correction was made.

Access to Personal Information by individuals

You can access most of the Personal Information we hold about you and information about the ways in which the Personal Information has been or may have been used or disclosed by us within a year before the date of your request. We will require a formal written request from you to our Data Protection Officer (details under the section “Resolving concerns” below).

An administrative fee will be charged to you to cover the reasonable cost of retrieving the information and supplying it to you. We will respond to all requests for access to Personal Information within a reasonable time.

Access to Personal Information may be refused under certain circumstances as specified in the PDPA, including where the provision of such Personal Information could reasonably be expected to threaten the safety or physical or mental health of any other individual, would cause immediate or grave harm to your safety or your physical or mental health, reveal personal data about another individual and where it would be contrary to national interest. If we deny or restrict your access, we will explain why as required by applicable laws.

Data security

The security of your Personal Information is important to us and we take all reasonable precautions to protect your Personal Information from unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks and to prevent the loss of any storage medium or device on which your Personal Information is stored.

Some of the ways we protect Personal Information include:

• External and internal premises security;
• Restricting access to Personal Information only to staff who need it to perform their day-to-day functions;
• Maintaining technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls, and anti-virus software; and
• Maintaining physical security over paper records.

Data retention

We will retain your Personal Information for a reasonable period for the intended purposes, or as required by law. We will destroy or de-identify Personal Information once the purpose for which it is collected is no longer being served by retention of the Personal Information and is no longer necessary for legal or business purposes.

On giving reasonable notice to us, you may at any time withdraw any consent given to us, or deemed to have been given to us, in respect of the collection, use or disclosure by Osteopore of your Personal Information for any purpose.

We will thereafter inform you of the likely consequences of withdrawing your consent and shall not prohibit you from withdrawing your consent to the collection, use or disclosure of your Personal Information, unless such collection, use or disclosure is required or authorised under the PDPA or other written law.

Websites and cookies

The type of Personal Information we collect on our websites depends on how you make use of them. When you visit our websites, our host records your IP address, domain name, the date and time of the visit, the pages viewed and other statistical information. This information may be collected by using cookies (data sent to your web browser, which generally allows our site to interact more efficiently with your computer or device). If you disable the use of cookies, your use of our site may be affected. Information collected about your visit to our site is retained for statistical and website development reasons and is not in a form which would enable us to identify you.

When visiting our sites, you will not be required to provide us with any Personal Information unless you request information about our product or service, or respond to a contest or promotion, or provide feedback. In which case, we will ask you to provide contact details along with other information required for us to fulfil or respond to your request.

The Personal Information provided may also be retained for product planning purposes, and we may use your Personal Information to contact you for direct marketing purposes with your consent (as discussed in the 'Direct marketing' section above).

Third-party websites

Our website may contain links to other websites which are owned or operated by third parties independent of Osteopore. Those websites should contain their own privacy statements and their owners or operators are responsible for informing you about their security and privacy practices. Osteopore will not be responsible for the privacy policies and practices of other websites even if you access them using links from our websites. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

In addition, if you are linked to our websites from a third-party website, Osteopore will not be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

Email

If you send us an email containing your Personal Information, we will take reasonable steps to protect the confidentiality of that information. The content of emails is sometimes monitored by our internet host for maintenance and fault detection purposes.

Although we take steps to protect Personal Information and other data sent by email, email is not a secure method of communication. If you are concerned about sending your Personal Information to us in this manner, you may prefer to contact us by any of the other means set out below.

Resolving concerns

If you have any concerns about our handling of your Personal Information or you believe a data breach may have occurred, please contact us and we will take the relevant steps to address your concerns. The contact details for our Data Protection Officer are as follows:

When contacting us please provide as much detail as possible in relation to your question, concern or complaint. We take all complaints seriously and will respond to your complaint within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

Where we have identified and assessed a data breach as one that results in, or is likely to result in, significant harm to an affected individual or is, or is likely to be, of a significant scale, we will notify the Info-communications Media Development Authority, being the designated Personal Data Protection Commission under the PDPA, as soon as is practicable, but in any case no later than 3 calendar days after the day we make that assessment.

Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time. If we make any changes to this Privacy Policy and the way in which we use your Personal Information, we will post these changes on our websites and will do our best to notify you of any significant changes. Please check our Privacy Policy on a regular basis.

The last update to this document was 22 October 2021.