Privacy Notice

Review Date: 27th May 2024

This Privacy Notice explains how we use the personal information that Qritive PteLtd., its subsidiaries and affiliates collects or generates both in relation to ourWebsite along with any webpages and portals thereof and ourmobile application, products and services (“Privacy Notice”) as updated fromtime to time.

Qritive Pte. Ltd., company registration UEN 201725049R having its registeredoffice at 114 Lavender Street, #11-83, CT Hub 2 Singapore, 338729. (hereafter“Qritive”, “we”, “us” or “our”) collects, uses or processes your (“you” or “your” or“Customer” or “User”) personal data. This Privacy Notice is applicable when youuse our Website along with any webpages and portals thereofor the Qritive application i.e., Qritive Pantheon (the “Website” and “Application”respectively) or Qritive’s proprietary software including but not limited to QAisuite of AI products and all its allied renditions, Devices etc. (collectively the“Services”). Our Services also include the and demo serversthat Qritive sets up with Clients.

All definitions in this Privacy Notice shall be interpreted in accordance withapplicable data protection laws which refers to the General Data ProtectionRegulation (Regulation no. 2016/679) and the Directive on Privacy and ElectronicCommunications (Directive 2002/58/EC), as well as the national implementationsand related national legislation.

This Privacy Notice shall be construed in accordance with the applicable dataprotection laws, including but not limited to Data Protection Act 2018, GeneralData Protection Regulation (GDPR), Children’s Online Privacy Protection Act(COPPA), Information Technology Act 2000 (IT Act), The Information Technology(Reasonable Security Practices and Procedures and Sensitive Personal Data orInformation) Rules 2011 (SPDI rules) and Health Insurance Portability andAccountability Act (HIPAA).

By visiting our Website, or using our Application or Services, you acknowledge andaccept the data processing described in this Privacy Notice, our Website termsand related documents. We will let you know, by posting on our Website orotherwise, if we make any changes to this Privacy Notice from time to time. Yourcontinued use of the Services after notifying such changes will amount to youracknowledgement and acceptance of the amended Privacy Notice.

We strive to treat your personal information as safely and securely as reasonably possible. As described below, your personal data may be collected and used by Qritive or disclosed to third parties for use on behalf of Qritive. This Privacy Notice describes the information we collect about you and what may happen to that information. You must be at least 18 years old to have our permission to use our Services. Our policy is that we do not knowingly collect, use or disclose Personal data about visitors that are under 18 years of age.</p

I. About the service

See separate Product Services – Qritive for applicable terms and conditions of the Services that Qritive provides.

II. Personal data?

a. What is personal data?

“Personal data” means any information relating to an identified or identifiable natural person, known as ‘Data Subject’, who can be identified directly or
indirectly; it may include name, address, gender, email address, phone number, IP address, location data, cookies, call records and similar information. It may also include “special categories of personal data” such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a Data Subject, data concerning health or data concerning a natural person’s sexual orientation.

b. What Personal data does Qritive collect and process?

Qritive receives, processes and stores two distinct sets of personal data. We will process the following personal data on the Services:

1. User profiles
• First and Last Name
• E-mail address at the time of sign up
2. Technical usage data
• such as the URL you are accessing the Services from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information and operating system;

• information about your use of the Services, such as what you viewed or searched for; page response times, download errors, length of visits to
certain pages, page interaction information (such as scrolling, clicks and mouse-overs), consultation length(s), recurrence of visits and other
interaction information, methods used to browse away from the page.
3. A third set of personal data is processed using Qritive or affiliated software applications, which you as a User will upload the data on the
platform and Qritive will act as Data Processor on behalf as of you as Data Controller for this data:
• Anonymised patient case information pseudonymized DICOM images including embedded metadata;
• content that you post, upload and/or contribute to the Services;

For the data listed in clause II (b) (3) above, where you as a User of the Services will act as Data Controller and Qritive or affiliates as provider of Services, will act as a Data Processor, you hereby acknowledge and agree for Data Processing Agreement which is effective from the date of your first use of Services. The Data Processing Agreement outlines what kind of processing we are instructed to perform on your behalf regarding Personal data pertaining to Data Subjects where you are the Data Controller.

Information about third parties should only be provided to us if you have demonstrable permission and consent of Data Subjects i.e., your patients, to do
so or if the information is available in the public domain. You shall be solely responsible for receiving all informed, written, explicit or implicit consents as required under applicable laws, from the Data Subjects i.e., your patients or similar data owners. Your use of Services is deemed that such consents have been duly received by you and will be available upon request for Qritive to audit. We will rely on you to provide information which is accurate, complete and up to date and you agree to ensure this.

III. Why does Qritive process this Personal data?

Qritive will process the Personal data sets described above for the following purposes:

Qritive will process the Personal data sets described above for the following purposes:

• To enable you to verify your account, to administer your account, to enable and provide the Services and integration with third party services, and to provide, personalize and improve your experience with the Services, and to otherwise provide the Services according to the Terms of Service

• to send you alerts or messages by email or otherwise, including to provide you with marketing of our and our related parties’ products and services;
• to inform you about updates of the Services or the terms and conditions of Services;
• to improve and develop the Services or new services and to analyse your use of the Services;
• to ensure the technical functioning of the Services and to prevent the use of the Services in breach of the Terms (including the Universal Terms and
any other terms in relation to Application or Services);
• to enforce the Terms and any additional Terms (including the Universal Terms and any other terms in relation to Application or Services), including
to protect our rights, property and safety and the rights, property and safety of third parties if necessary;
• to fulfil our obligations as Data Controller and Data Processor;
• to respect and fulfil our obligations in regard to the Rights of the Data Subject;
• to respond to any queries, you raise with us and to provide customer support; and
• to fulfil requirements by law (see clause VIII below).

We will be unable to provide you the Services unless you provide us with the Personal data listed in clause II.b above. The processing of the Personal data above is necessary to enter into the Terms (including Universal Terms) with us and to maintain the contractual relationship between you and us, where Qritive will act as Data Processor for the collected data. Some of this collected information is subject to processing of third parties, both within and outside the European Union (third countries).

The data listed in clause II.b.2 above is solely collected and used for performance and issue handling pertaining to the platform and will not be used for identifying you as a user, unless this is requested by official legal investigations as in provided in clause VIII below.

The processing of your Personal data for the purposes listed above is conducted on the basis of the legitimate interest of Qritive. Our legitimate interest for the processing is maintaining sufficient IT security through logging data when you use our Services and to evade fraud and to protect the Services from cyber threats. We also log data for the maintenance and improvement of our Services.

IV. Disclosure of personal data

There are circumstances where we may wish to disclose or are compelled to disclose your Personal data to third parties. These scenarios include disclosure to:

1. our affiliates and sister companies;
2. our service providers who capture and store data collected through the forms that are filled by visitors to our Website;
3. subject to appropriate legal basis such as consent, our advertising and marketing teams who enable us, for example, to deliver
personalized ads to your devices or who may contact you by email, telephone, SMS or by other means;
4. public authorities where we are required by law to do so; and
5. other third parties where you have provided your consent.

The service providers are contractually bound not to share Personal data collected from visitors on our Website with anyone else.

We confirm and acknowledge that we do not commercially exploit or distribute Personal data to any third party for commercial purposes. We share and disclose
your Personal data to companies with which we have contracts in place. These companies mainly provide data storage, data analytics, advertising, IT support and
other services to be able to run and improve our Services.

When you use our Services, you may be directed to other websites where the Personal data collected is not in our control. The privacy notice of such other
websites will govern the Personal data obtained from you on that website.

V. Cookie Statement

In order to collect the information including Personal data as described in this Privacy Notice, we may use cookies and similar technology on our Website. A
cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device (“Cookies”). Cookies
can be first party, i.e. cookies that the website you are visiting places on your device, or third party cookies, i.e. cookies placed on your device through the
Website but by third parties, such as, Google.

We use the Cookies for the sole purpose of making it possible to browse the Website and let you use its functionalities. We use third party Cookies like Google
Analytics to collect statistical information in an aggregated form on the number of users accessing the Website and generate statistical data on how the visitor uses the Website. We also use third party advertisements on our Website. Some of these advertisers such as Google through Google AdSense program may collect information including your IP address, your ISP, the browser you used to visit our Website, etc. You can refer to the list of cookies used by us along with the purpose of using them below.

You can choose to disable or selectively turn off our third party cookies in your browser settings, however, this may affect how you are able to interact with our Website as well as other websites.

VII. Your consent

By contacting us, subscribing to our newsletter, you consent to the processing for the purposes contained in clause II(b) above which includes processing of your name, gender, contact details and preferences as set out in this Privacy Notice By accepting Qritive’s Terms, we process your Personal data to be able to fulfil our agreement with you for the purposes listed above in clause III. Qritive will process Personal data if it has a legal obligation to do so to fulfil requirements by law as pointed out in clause VIII below’.

VIII. Data Subject Rights

Data Subjects may have numerous rights in relation to their personal data.

1. Right to make a subject access request (SAR): Data Subjects may request in writing copies of their personal data. However, compliance
with such requests is subject to certain limitations and exemptions and the rights of other individuals. Each request should make clear
that a SAR is being made. You may also be required to submit a proof of your identity and any payment permitted by law, where applicable.

2. Right to rectification: Data Subjects may request that we rectify any inaccurate or incomplete personal data.

3. Right to withdraw consent: Data Subjects may at any time withdraw their consent to the processing of their personal data carried out by
us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.

4. Right to object to processing including automated processing and profiling: We do not make automated decisions about Data Subjects.
However, we may rely on information provided by third parties such as credit reference agencies which may score Data Subjects on the basis of automated decisions. Profiling may be carried out for business administration purposes, such as monitoring trends in User visits of our Website. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to
refuse such request. We will comply with each valid opt-out request in relation to marketing communications.

5. Right to erasure: Data Subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, our business record retention obligations that we have to comply with.

6. Restriction: Data Subjects may request that we restrict our processing of their personal data in various circumstances. We will
comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain

7. Right to data portability: In certain circumstances, Data Subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Services. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not
imply erasure of the Data Subject’s personal data which may still be retained for legitimate and lawful purposes.

8. Right to lodge a complaint with the supervisory authority: We suggest that Data Subjects contact us about any questions or complaints in relation to how we process their personal data. However, each Data Subject has the right to contact the relevant supervisory authority directly.

IX. Responding to Legal Requests

We may access, preserve and share your Personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when
necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations
described in Article 23(1) in the GDPR.

X. Retention of Personal Data

Personal data about registered users will be retained for as long as the user has an active profile on the Services. users who have not used our Services will have all personal data deleted after 1 year of inactivity on the Services.

If you agree to be added to our mailing list, we will keep your personal information for that purpose unless and until you tell us that you want to unsubscribe or be removed from the list. If you advise that you do not want to be added to our mailing list or you ask to be removed, we will delete your Personal data (aside from keeping a record that you have asked us not to send you marketing information).

XI. Personal data of children under the age of 18

Qritive Software applications and the Services provided under it are not directed at, marketed to, nor intended for, children under 18 years of age. The Website does not knowingly collect or solicit information from anyone under the age of 18 or allow anyone under the age of 18 to sign up for the Service. In the event that you learn that you have gathered personal information from anyone under the age of 18 without the consent of a parent or guardian, you will delete that information as soon as possible.

You are required under the Children’s Online Privacy Protection Act (“COPPA”) as well as the GDPR and other Personal Data Protection laws (as those may apply) to obtain verifiable parental consent (or from the child’s legal representative) in order to collect, use or disclose Personal Data pertaining to that child.

If you are a parent or guardian of a person under the age of 18 and you become aware of that the child has provided personal data to us without your consent,
please contact to exercise your access, rectification, erasure, limiting of processing and objection rights.

XII. Security Practices

The importance of security for Personal data is of great concern to us. At Qritive, we have gone to great lengths to manage the security and integrity of the Services and to ensure that we use best–in-class services when providing secure transmission of information from your device. Personal Data collected via the
Services is stored in secure environments that are not available or accessible to the public; only those duly authorised people, officers, employees or agents of Qritive who need access to your information in order to do their jobs are allowed access.

Anyone who violates our privacy or security policies is subject to disciplinary action, including possible termination of their contract with Qritive and civil and/or criminal prosecution. Qritive uses the latest technologies to ensure utmost security, including utilising several layers of firewall security and encryption of Personal data to ensure the highest level of security. As a result, while we strive to protect your Personal data, you acknowledge that:

(a) there are security and privacy limitations of the Internet which are beyond our control;

(b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Website cannot be guaranteed; and

(c) any such information and data may be viewed or tampered with in transit by a third party.

XIII. Grievance Officer

To exercise your rights, or if you have any questions or complaints regarding our processing of your personal data, please contact us our grievance officer, Encey Yao at the following email ID – In your letter/email please state your full name, your username (if you are a user) and which institution you are linked to. Note that you should sign the request to receive information about the processing of your personal data yourself.

XIV. Notice of Changes to the Privacy Notice

If we make changes to this Privacy Notice, we will notify you by posting a copy of the updated policy on our Services prior to any change becoming effective. We
will post a copy of the updated policy on our Services prior to any change becoming effective. If your consent is required due to the changes, we will provide
you additional prominent notice as appropriate under the circumstances and ask for your consent in accordance with applicable law.