Privacy policy

EVRIMA TECHNOLOGIES PTY LIMITED – PRIVACY POLICY

Evrima Technologies Pty Limited ABN 78 631 919 698 (we, us or our), understands that protecting your personal information is important. We are the owner, operator and licensor of the website at www.evrima.com (Website). This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our Website and patient recruitment services (Services) to you or when otherwise interacting with you. 

This Privacy Policy takes into account the requirements of the: 

- Australian Privacy Act 1988 (Cth);
- Australian Privacy Principles; 
- New Zealand Privacy Act 2020; and 
- New Zealand Health Information Privacy Code 2020.

The information we collect

Personal information: is information (and in Australia includes an opinion), whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. This includes personal information provided by you directly (whether face-to-face, by telephone, email, online forms, post, through social media or by communicating with us in any way), when you make an enquiry through our Website or over the phone or when you communicate with us during an appointment, you are voluntarily giving us the personal information that we collect.

Why we collect, hold, use and disclose personal information

The types of personal information we may collect about you include:

Candidate

If you are contacting us to participate in a clinical trial or want information about clinical trials (Candidate) then we may collect the following personal information:

• your name;
• your date of birth;
• your contact details (including email address, street address and your telephone number);
• your driverʼs license, Medicare card and/or other identifying documentation;
• your sensitive information as defined below including health information or biometric information from documents or images you upload when interacting with our Website or Services;
• personal preferences, interests and behaviours;
• details of services that we have provided to you and/or that you have enquired about and our response to you;
• support requests submitted to us and our response to you;
• your location and movements, personal preferences, interests and behaviours; and any feedback that you may have provided in relation to our Services.

Client

If you are contacting us as a researcher or as the host or sponsor of a clinical trial (including on behalf of a contract research organisation) (Client) then we may collect the following personal information:

• your name;
• your contact details (including email address, street address and your telephone number); the name and contact detail of the organisation or company that you work for;
• business affairs and study parameters required for us to provide you with the Services; any feedback that you may have provided in relation to our Services;
• details of services that we have provided to you and/or that you have enquired about and our response to you;
• support requests submitted to us and our response to you; and financial or credit card information.

When you visit our Website:

• your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
• information about your access, your browsing activity, and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
• additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; 
• we may collect statistical (non-personal) information about your use of the Website and our Services to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies; and
• any other personal information requested by us and/or provided by you or a third party. If you sign up to receive emails from us, we may collect:
  • your name;
  • your email address; your interests; and
  • your marketing preferences.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. 

Sensitive information (Candidate): The types of sensitive information (and health information for the purposes of the New Zealand Health Information Privacy Code 2020) we may collect about you include:

• your medical history including health data, test results, survey results, physical traits and physiological information; 
• genetic traits and specific genetic information; 
• mental traits; 
• economic identity; 
• cultural identity; 
• social identity; and
• any other sensitive information you provide to us. 

Unless otherwise permitted by law, we will not collect sensitive information about you without first obtaining your consent.

How we collect personal information

We collect personal information in a variety of ways, including:

• Directly: We collect personal information which you directly provide to us, including when you register for an account or for a clinical trial, during an appointment, through the ‘contact us’ form on our Website or when you request our assistance via email, or over the telephone.
• Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our Website, in emails, over the telephone and in your online enquiries.
• From third parties: We collect personal information from third parties, such as details of your use of our Website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.

Why we collect, hold, use and disclose personal information

Personal information: We may collect, hold, use and disclose personal information for the following purposes:

• to enable you to access and use our Services, including to provide you with a login;
• to verify your identity; 
• to provide our Services to you, including matching Candidates with clinical trials; 
• to contact and communicate with you about our Services, including in response to any support requests you lodge with us or other enquiries you make with us;
• for internal record keeping, administrative, invoicing and billing purposes;
• for analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms;
• for advertising and marketing, including to send you promotional information about our products and services and other information that we consider may be of interest to you;
• to comply with our legal and regulatory obligations and resolve any disputes that we may have; and
• if otherwise required or authorised by law.

Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:

•  

• any purposes you consent to;
• the primary purpose for which it is collected, including to enable us to provide the Services by matching Candidates and recruiting Candidates for clinical trials;
• secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to provide our Services to you;
• to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or
• another person and it is impracticable for us to obtain your consent; and if otherwise required or authorised by law.

Derived Data: Where you provide consent, we may transform Personal information and Sensitive information into Derived Data to enable search, matching, and algorithmic improvements. Derived Data is a non- reversible mathematical representation of the original data and cannot be used to reconstruct the original data. Derived Data can only be used for the above purposes and will not be used for:

• attempts to identify you;
• sale or licencing to a 3rd party, or train public foundation models.

You may withdraw your consent to have Personal and Sensitive information transformed into Derived Data at any time, however withdrawal does not affect prior lawful processing.

Our disclosures of personal information to third parties

We may disclose personal information to:

• IT service providers, data storage, web-hosting and server providers; our employees, contractors and/or related entities;
• our existing or potential agents or business partners; sponsors or organisations responsible for the clinical trials;
• anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
• third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see here: How Google uses information from sites or apps that use our services – Privacy & Terms – Google
• or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses);
• and any other third parties as required or permitted by law, such as where we receive a subpoena.

Where you are a Candidate, we may disclose your personal information to:

• our Clients when we have matched you to a clinical trial; and
• third parties for medical research purposes.

We limit the information we provide to Clients and third parties to the information they require in order to perform clinical trials or medical research. We will only disclose your personal information to Clients and third parties that are required by law to meet the same privacy standards that are applicable to us.

Multi-tenancy and data segregation: The platform is multi-tenant. Participant Data is stored in a logically segregated workspace administered by the relevant sponsor/site and is not visible to other tenants unless you authorise sharing or disclosure.

We may use de-identified, aggregated metrics across tenants to monitor service performance and quality. This use does not identify you and does not transfer platform intellectual property.

Google Analytics: We have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here: Google Analytics Opt-out Browser Add-on Download Page. To opt-out of personalised ad delivery on the Google content network, please visit Googleʼs Ads Preferences Manager here: Opt out of user-based advertising - Google AdSense Help. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Appleʼs advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

Advertising Platform APIs – Data Access and Use
Our platform integrates with the advertising APIs of several third-party platforms – including Google Ads Manager, Meta (Facebook and Instagram), Spotify, Snapchat and TikTok. These integrations are used in two distinct ways, each with different data responsibilities, which are described separately below.

The platforms whose APIs we integrate with are:

• Google Ads Manager API (Google)
• Meta Marketing API (Facebook and Instagram)
• Spotify Ad Analytics API
• Snapchat Marketing API
• TikTok for Business API

Two Modes of Access
Our own campaigns (Evrima as data controller): We operate our own advertising campaigns on these platforms to promote our patient recruitment services. In this context, we act as the data controller and access advertising data in our own right.

Advertiser-connected accounts (Evrima as data processor): Our platform also allows third-party advertisers (such as clinical trial sponsors and research organisations) to connect their own advertising accounts to our platform. When an advertiser connects their account, the advertising data accessed via that connection belongs entirely to that advertiser. In this context, we act as a data processor, processing the advertiser’s data solely to provide and power features within our platform on their behalf. We do not claim ownership of, or independent rights over, advertiser-connected data.

What advertising platform data we access
Across both modes of access, we access the same categories of data from each platform:

• Campaign performance metrics: impressions, clicks, click-through rates, reach, frequency, relevance scores and related performance statistics for advertising campaigns.
• Audience and user segments: aggregated audience segment information used for campaign targeting and optimisation, including custom audiences, lookalike audiences, interest-based and behavioural segments. We do not access or store individual-level audience profile data from any platform.
• Conversion data: conversion events and attribution data linked to advertising campaigns (for example, form completions or clinical trial registrations resulting from an advertisement).
• Ad spend: total and per-campaign advertising expenditure, budget utilisation and spend pacing data. We do not access billing account details, payment methods or invoicing records from any platform.

Why we access this data
For our own campaigns, we access advertising platform data to:

• Measure and report on the performance of our patient recruitment advertising campaigns;
• Optimise campaign targeting so that clinical trial advertisements reach the most relevant audiences;
• Attribute conversions to specific campaigns and platforms; and
• Support internal business reporting, budgeting and operational planning.

For advertiser-connected accounts, we access and process advertising platform data solely to:

• Power reporting, analytics and campaign management features within our platform for the benefit of the advertiser; and
• Provide the services the advertiser has requested from us.

In neither case do we use advertising platform data to make automated decisions about individuals, or for any purpose unrelated to the operation and improvement of advertising campaigns.

How we use and store this data

Data from each platform is accessed programmatically via the respective advertising API, using OAuth 2.0 or equivalent authorisation, and is processed within our secure internal systems.

For our own campaigns, performance and spend data may be stored internally for reporting and auditing purposes in accordance with our data retention schedules.

For advertiser-connected accounts, data is processed to deliver platform features to the advertiser and is not used for Evrima’s own purposes, combined with other advertisers’ data, or disclosed to any other party without the advertiser’s instruction or consent.

Audience segment data is used solely for campaign configuration and targeting and is not stored as personally identifiable information.

Conversion data is linked to campaign identifiers only and is not used to build or enrich individual user profiles.

All data obtained via advertising platform APIs is handled in accordance with each platform’s applicable developer and data use policies, including any Limited Use or Restricted Data Use requirements.

Advertiser responsibilities
Where an advertiser connects their own advertising account to our platform, that advertiser is the data controller for the data accessed via that connection. The advertiser is responsible for ensuring they have the necessary rights, consents and legal bases to connect their account and share that data with us for processing. Our processing of advertiser-connected data is governed by the terms of our agreement with that advertiser.

Platform-specific data use policies
Our use of each platform’s API is governed by, and compliant with, the following policies:

• Google – Google API Services User Data Policy, including Limited Use requirements;
• Meta – Meta Platform Terms and Meta’s Restricted Data Use policy;
• Spotify – Spotify for Developers Terms of Service and Spotify’s data use guidelines;
• Snapchat – Snap Inc. Developer Terms of Service and Snap’s Advertising Policies; and
• TikTok – TikTok for Business API Terms of Service and TikTok’s Commercial Content Policy.

In each case:

We only request API access scopes necessary to perform the functions described in this policy;

We do not use API data from any platform to develop, improve or train generalised artificial intelligence or machine learning models;

We do not permit humans to access advertising platform data except where necessary to provide or improve our services, to comply with applicable law, or with your or the advertiser’s affirmative agreement; and

We implement appropriate technical and organisational security measures, including access controls and encryption, to protect all data obtained via advertising platform APIs.

Sharing of advertising platform data
We do not sell, rent or share advertising platform data with third parties, except:

• With our employees, contractors or service providers who require access to perform their duties on our behalf, subject to confidentiality obligations;
• With the advertiser who owns the data, through features and reports delivered within our platform;
• Where required by law or a regulatory authority; or
• In aggregated and de-identified form for internal service monitoring and quality purposes.

We do not transfer advertising platform data to any other advertising networks, data brokers or third-party analytics services beyond the integrations with each respective platform’s own services. Advertiser-connected data is never shared with other advertisers or used across tenants.

Retention of advertising platform data
For our own campaigns, performance and spend data is retained for up to 36 months for reporting, auditing and business planning purposes, after which it is securely deleted or anonymised.

For advertiser-connected accounts, data is retained only for as long as necessary to deliver the relevant platform features, or as otherwise directed by the advertiser. Conversion data in both cases is retained for a period consistent with the relevant campaign cycle and applicable legal obligations.

Your rights in relation to advertising platform data
To the extent that data obtained from any advertising platform API relates to or is associated with your personal information, you retain all the rights described in the “Your rights and controlling your personal information” section of this Privacy Policy, including the rights to access, correct and complain. If you are an advertiser seeking to exercise rights over data you have connected to our platform, please contact us using the details below.

Overseas disclosure

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

If you are located in Australia 

Unless we seek and receive your consent to an overseas disclosure of your personal information, we will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles and/or we will take such steps as are reasonable in the circumstances to require that overseas recipients protect your personal information in accordance with the Australian Privacy Principles.

If you are located in New Zealand

Before disclosing any personal information to an overseas recipient, we will comply with Information Privacy Principle 12 and only disclose the information if: 

• you have authorised the disclosure after we expressly informed you that the overseas recipient may not be required to protect the personal information in a way that, overall, provides comparable safeguards to those in the New Zealand Privacy Act 2020; 
• we believe the overseas recipient is subject to the New Zealand Privacy Act 2020; 
• we believe that the overseas recipient is subject to privacy laws that, overall, provide comparable safeguards to those in the New Zealand Privacy Act 2020; 
• we believe that the overseas recipient is a participant in a prescribed binding scheme; 
• we believe that the overseas recipient is subject to privacy laws in a prescribed country; or 
• we otherwise believe that the overseas recipient is required to protect your personal information in a way that, overall, provides comparable safeguards to those in the New Zealand Privacy Act 2020 (for example, pursuant to a data transfer agreement entered into between us and the overseas recipient).
  

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services. If you do not agree with this Privacy Policy, please discontinue the use of our Services. 

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. 

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us. 

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner (if you are in Australia) or the Office of the New Zealand Privacy Commissioner (if you are in New Zealand). 

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. We restrict access to personal information to those who have a need to know, maintaining technological products to prevent unauthorised computer access and regularly reviewing our technology to maintain security. We choose technology partners based on their security and privacy policies and practices.

We commit to the record and reports retention requirements in the ICH Guideline for Good Clinical Practice (the Guidelines). The Guidelines are an internationally accepted standard for the designing, conducting, recording and reporting of clinical trials. The Guidelines are incorporated by reference in the Therapeutic Goods Regulations 1990 in Australia and the Guideline on the Regulation of Therapeutic Products in New Zealand Part 11: Clinical Trials – regulatory approval and good clinical practice requirements in New Zealand. Compliance with the Guideline is a condition of approval for the conduct of a clinical trial.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. 

In case of a security incident or any other breach of security safeguards, such as unauthorised disclosure of personal information under our control, we will respond in accordance with applicable data protection laws.

Cookies

We may use cookies on our Website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online Website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online Website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.

Our Website does not currently recognize Do Not Track (DNT) signals sent by our users’ web browsers.

Links to other websites

Our Website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Artificial Intelligence (AI) Technologies

Overview

We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.

How we use AI

We may use AI technologies to:

• Match patients with clinical trials by analysing patient profiles and trial eligibility criteria
• Conduct analysis and data processing
• Generate and modify content and coding
• Improve and optimise our services and operations
• Personalise your experience with our services

Data protection and security

When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.

Your rights and our commitments

Any information generated or inferred about you by AI technologies is treated as personal information, and you maintain all the rights outlined in this privacy policy. When using AI with your personal information, we commit to:

Transparency and control

• We'll inform you when AI is used to make decisions that may significantly affect you
• We maintain human oversight and review of significant AI-generated decisions
• Our staff are trained to understand AI limitations and verify outputs before relying on them
• We implement processes to verify the accuracy of AI-generated outputs

Security

• We use appropriate technical and organisational measures to maintain the security and integrity of your personal information
• We regularly test and monitor AI outputs for accuracy and reliability

Risk mitigation

• We regularly assess and document risks associated with using AI to process personal information
• We implement appropriate measures to address these risks
• We continuously monitor AI performance and regularly review their impact

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our Website. We recommend you check our Website regularly to ensure you are aware of our current Privacy Policy. Your continued use of our Services will indicate your acceptance of any amendments to this Privacy Policy. 

For any questions or notices, please contact us at:

Australia 
Evrima Technologies Pty Limited ABN 78 631 919 698 

Email: enquiries@evrima.com.au

Last update: November 2025

© LegalVision ILP Pty Ltd