Privacy Policy

Last updated February 5, 2024.

Version 2.1


Surgical XR Pty Ltd (ACN: 628735642), located at Suite 406, Level 4/2 Technology Pl, Macquarie University NSW 2109 conducting business within the European Economic Area (EEA) or processing the personal data of data subjects within EEA understands the importance of privacy to our customers, visitors and suppliers, business partners, employees and other individuals (hereinafter also referred as: “you” or the “user” or the “data subject”). We are committed to safeguarding your privacy. We collect and store information (non-personal information and personal information or personal data) so that we can efficiently provide our products and services and support your interest in our products.

This Privacy Policy describes what kind of data we collect and how we handle the information that you provide to us and the basic personal data processing principles we adhere to.

Please contact us at privacy@surgicalxr.com with any questions.

We are committed to conduct our business in accordance with all applicable data protection legislation/regulations of all relevant jurisdictions, including the California Consumer Privacy Act, the European Union’s General Data Protection Regulation 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. As well as the Australian Privacy Principles and the Privacy Act 1988 (Cth).

Legal mention

Please ensure you read this Privacy Policy before using the Surgical XR websites or submitting information to us.

This Privacy Policy is subject to change from time to time, so please review this Policy each time you visit the website. Your use of this website is subject not only to this Privacy Policy, but also to this site's Terms of Use, consent disclaimer, and the other documents linked from our Legal page. Please read the above mentioned terms and documents. By accessing and using this website or any of our other websites through this website, and by providing us with your information, you agree to the practices described in this Privacy Policy.

The information we collect and how we handle it depends on the data type and what you do when you use our services and products. We only use the information required to successfully provide the products and services requested and only for the purposes you agreed with. Therefore, to protect your safety, you should not provide Surgical XR with any personal information that is not specifically requested.

BY USING THE SURGICAL XR WEBSITE, YOU AGREE NOT TO DISRUPT OR INTERCEPT OUR ELECTRONIC INFORMATION POSTED ON THIS WEBSITE OR ON ANY OF OUR SERVERS. YOU ALSO AGREE NOT TO ATTEMPT TO CIRCUMVENT ANY SECURITY FEATURES OF OUR WEBSITE, AND TO ABIDE BY ALL APPLICABLE, LOCAL, STATE, FEDERAL AND INTERNATIONAL LAWS.

Information provided to Surgical XR by you is not subject to the privacy rule promulgated under the US Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) but may be subject to the requirements of privacy laws or regulations adopted by your state of residence.

We do not sell or rent your personal identifying information or medical information to any third party. We may contract with reputable vendors to assist us in processing information or delivering the items that our customers order. These vendors are restricted from using or selling the information for any purpose, other than helping us to provide the products and services.

Information (non-personal and personal data)


Non-personal information

Non-personal data is information that does not identify you directly or indirectly as an individual person that we collect to help us understand how you use our services and products, as well as to protect and enhance them. It includes essentially the following:

  • Browser type and browser name and language used

  • Computer type

  • Access time and date of our website

  • The web page from which you came directly to our website

  • The web page(s) you access during your visit

  • Other web server log files (links clicked, terms searched, and anonymized or disconnected information that no longer allows direct or indirect identification of the user).

Personal information or personal data

Personal data is any information that identifies you directly or indirectly as an individual. It includes, but is not limited to: name, address, email address, phone number, identification number, location data, facial identifier, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Definition of “personal data” may differ across jurisdictions and applicable laws and regulations. Surgical XR’s management of personal data may also vary depending on the country.

We collect certain personal information, such as:

  • Personally identifying information (such as your name, email address, phone number, or similar information)

  • Unique identifiers and preference information

  • Professional activity linked to utilization of Surgical XR products, including utilization of surgical video footage, imagery or optical AI recognition footage.

Surgical XR products and services may also collect certain personal information. You may find out more information about that collection in their associated privacy policies, notices, and terms of service, or by looking for the associated notice at our privacy page at www.SurgicalXR.com/privacy.


Automated data collection

Cookies

We use different types of “cookies” as part of data collection.

Essential cookies if agreed to by the user are required for the proper functioning of the site and may be used to:

  • Remember previous actions when navigating back to a page in the same session

  • Manage and pass security tokens to different services within the website to identify a visitor’s status

  • Maintain tokens for the implementation of secure areas of the website.

  • Route customers to specific versions/applications of a service, such as what might be used during a technical migration

Non-essential cookies are not required for the proper functioning of the site, and may be used to:

  • Track and store data about visits

  • Track and store visitor information

  • Record session details and page traffic

  • Customize and retarget contacts based on behavioral and demographic data

We use Google Analytics, event actions and Unity codes to help analyze how visitors interact on our websites and our AI applications. If you would like more information about this practice and your choices about how this information is used, please visit Google Analytics and Unity Technologies.

Social networks

Links to our LinkedIn page account are provided on some web pages.

Purpose for information collection

Surgical XR may collect, process, and use personal data obtained through its services, websites and products.

Processing of personal information is lawful and where applicable is based on at least one of the following grounds:

  • Consent

  • Fulfilling a contractual obligation

  • Complying with a legal obligation

  • Protecting any data subject’s vital interests

  • Legitimate interests of Surgical XR when balanced against the rights and interests of the data subject

  • Other regionally appropriate basis

  • If you are not sure which lawful ground is relevant in a particular case you shall start by eliminating the grounds that cannot be relied upon and seek the advice and guidance of our Data Privacy Officer at privacy@surgicalxr.com.

Conditions for consent

Where there is a need to request and receive your consent prior to collection, processing and transfer, Surgical XR is committed to seeking such consent and obtaining it in line with the conditions set by the applicable data protection legislation/regulations.

Your (control) rights

Under the applicable data protection legislation/regulations, you have various rights in connection with the processing of your personal information. These rights may differ based on your region.

Surgical XR shall strictly uphold your rights and is responsible for implementing adequate procedures and policies to effectively protect your rights and monitoring compliance with applicable data protection laws and regulations. We will respond and provide information upon request without undue delay and in any event within the legally required timeline for your jurisdiction. That period may be extended where possible by local law.

Please note that we will have to identify you in order to fulfil your request; this requires identification documents that can prove your identify. We will retain archival copies of the information you have requested. Until our backups are overwritten, we will retain the information, but make no further use of your personal information. You can submit your requests to our Data Protection Officer via email at privacy@surgicalxr.com.

As data subjects, your rights may include the following, depending on your jurisdiction and applicable laws:

Right to be informed

Where personal information is collected from you directly, Surgical XR will ensure that you will receive all the information required at or before the time your personal information is obtained.

Right of access

We ensure that upon request, as available in your jurisdiction, access to your personal information will be granted and the regionally appropriate information will be provided, such as:

  • The specific pieces of personal information that are being held;

  • The purposes of processing;

  • The categories of personal information concerned;

  • The recipients or categories of recipients to whom the personal information has been or will be disclosed, in particular, recipients in third countries or international organizations;

  • Where possible, the envisaged period for which the personal information will be stored or, if not possible, the criteria used to determine that period;

  • The existence of the right to request from Surgical XR rectification or erasure of personal data or restriction of processing of personal information concerning the data subject or to object to such processing;

  • The right to lodge a complaint with a Data Protection Authority;

  • Where the personal information is not collected from you, any available information as to their source; and

  • The existence of automated decision-making, if any, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.

  • Right to rectification

  • You have the right to ask for rectification of any inaccurate personal data that concerns you and as appropriate, we will ensure that any inaccurate or incomplete information is erased, amended or rectified.

Right to erasure

In some jurisdictions, you may have the right to have your personal data erased, e.g. if any of the following apply in your region:

  • The data is no longer needed for its original purpose and no new lawful purpose exists;

  • The lawful basis for the processing is consent, you withdraw that consent, and no other lawful ground exists;

  • You exercise the right to object, and we have no overriding grounds for continuing the processing;

  • The data has been processed unlawfully; or

  • Erasure is necessary for compliance with European Union law or national law.

  • We will communicate any erasure of personal data to each recipient to whom the data has been disclosed, unless this proves impossible or involves a disproportionate effort.

Right to restriction of processing

As a data subject, you have the right to request the restriction of processing of your personal data if:

  • The accuracy of the personal data is contested (and only for as long as it takes to verify that accuracy);

  • The processing is unlawful (and you request the restriction of processing instead of the erasure of your personal information);

  • We no longer need the personal data for the original purposes of the processing, but still need it for the establishment, exercise or defence of legal claims; or

  • There is a verification of overriding grounds pending in the context of an erasure request.

Right to data portability

When available, the right to data portability allows you to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format, and to transmit those data to another controller.

Right to object

When available, where processing is justified on the basis of legitimate interests, you may object to such processing, including profiling, unless Surgical XR is in a position to demonstrate that compelling legitimate grounds, which override your interests, rights and freedoms, exist for the processing or for the establishment, exercise or defence of legal claims.

Profiling and automated decision-making

When available, where decision-making, including profiling, is based solely on automated processing and produces legal effects that concern you or similarly you are significantly affected by it, you have the right to object not to be subject to such a decision.

We do not base decision making or profiling solely on automated processing; human involvement ensures that the collaborators have the authority and competence to change the decision that concerns your personal information.

You may find more information about your regional rights at www.SurgicalXR.com/privacy.

Data sharing and transfers

Surgical XR will not transfer personal information with other entities.

Personal data transfers to third countries

Any transfer of personal information which is undergoing processing or is intended for processing after it is transferred to a third country or international organization requires special consideration and shall be carried out in compliance with local data protection legislation/regulations.

For example, as a general rule, in accordance with the GDPR, personal information shall be transferred outside the EU only if adequate safeguards are in place ensuring the same level of data protection as guaranteed under the GDPR. In addition, member states are, unless the transfer is based on an adequacy decision (see below), entitled to restrict the transfer of specific categories of personal data under their national laws.

Pursuant to the GDPR, each Surgical XR entity which is subject to the GDPR shall, amongst other things, ensure that one of the following safeguards are in place when transferring data to a recipient in a third country (i.e. Non-EU country):

a. Adequacy decision.
Personal data may be transferred if the European Commission has decided that the relevant third country or international organization ensures an adequate level of protection. The list of adequate countries can be found below:

  • Andorra

  • Argentina

  • Canada

  • Switzerland

  • Faroe Islands

  • Guernsey

  • Israel

  • Isle of Man

  • Jersey

  • New Zealand

  • Uruguay

b. Appropriate safeguards.
Personal data may be transferred if one of the following appropriate safeguards are in place:

  1. Binding corporate rules for intra-group transfers;

  2. Standard data protection clauses adopted by the European Commission or adopted by a Data Protection Authority and then approved by the European Commission;

  3. Approved code of conduct together with binding and enforceable commitments by the third country entity to apply appropriate safeguards;

  4. Accredited GDPR certification mechanism together with binding and enforceable commitments by the third country entity to apply appropriate safeguards; or

  5. Contractual clauses between the relevant Surgical XR entities and the third country entity authorised by the Data Protection Authority.

  6. Currently, Surgical XR entities perform intragroup transfers of personal data on the basis of an adequacy decision or on the basis of standard contractual clauses (SCCs) and certifies to the Privacy Shield. You may find more information about our Privacy Shield certification in our Privacy Shield Policy.

Security

Surgical XR has implemented technical and organizational security measures to protect your personal data from loss, misuse or unauthorized access, disclosure, deletion or modification. It includes, among other mechanisms, secured back-up and archiving servers, access control, firewalls or encryption.

Unfortunately, however, no data transmission over the Internet is certain to be 100% secure. As a result, while we strive to protect this information, we cannot guarantee its security.

Children

We understand the need to protect children's privacy online (we define "children" as minors younger than 13 years of age). We do not knowingly collect or use any personal information from children. We do not knowingly allow children to register with us, order our products, communicate with us, or to use any of our online services. If you are a parent or guardian of a child and you become aware that he or she has provided us with personally identifying information without your consent, you should contact us at Privacy@surgicalxr.com. If we become aware that a child has provided us with personally identifying information, we will delete this information from our records.

Contacts

If you have any questions about this Privacy Policy and your rights, please contact Surgical XR using the below details. As mentioned above, we will address your request without undue delay and in any event within the legally required timeline for your jurisdiction. That period may be extended where possible by local law.


Worldwide requests

Surgical XR Pty Ltd.

Attn: Data Privacy Officer

Suite 203, Level 2 Technology Place, Macquarie University, NSW 2109


This Data Privacy Officer is located in Australia

privacy@surgicalxr.com


If we fail to respond to your request within the deadline, or if you are dissatisfied with our response, you may lodge a complaint with your Data Protection Authority.

Data retention and destruction

In principle, we will retain your personal data for as long as reasonably necessary for our legitimate business purposes. Personal information must be kept to be available for legal or regulatory compliance. Retention deadlines vary depending on the type of data and the need to delete obsolete data is assessed on a case-by-case basis.

We are responsible for the secure destruction of personal information once the necessary period that was required to achieve the processing purpose ends. Such destruction must be done through a specific procedure and in order to be secure and avoid potential unlawful data processing, for instance any disclosure to Third Parties, appropriate control mechanisms to monitor the data destruction procedure are in place.

Privacy Policy revision

This Privacy Policy is subject to change at any time, so please check back periodically. If significant changes are made in how your personal data is collected, processed or shared, this Privacy Policy will be updated and an alert will be displayed on our website. If required by law, we will seek your consent prior to any significant change.

Our Data Privacy Officer is responsible for the maintenance and accuracy of the present Privacy Policy. This policy shall be reviewed at least annually or more frequently, as appropriate, by the Data Privacy Officer.

Any inquiry regarding the present Privacy Policy can be addressed to the Data Privacy Officer via this email privacy@surgicalxr.com.

The policy effective date is at the top of this page.