Privacy Policy
Privacy Policy
Privacy Policy
This Privacy Policy was last updated on 2 May 2026.
Purpose and Scope
Privacy is given serious importance at Summit AI Limited (“Summit”). We take steps to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.
We strongly encourage you to go through this Privacy Policy carefully. A thorough understanding will help you make an informed decision when giving personal information to us. Our Terms of Service should be read together with this Privacy Policy as the defined terms all share the same meaning. When you access our website and/or engage us to provide any service, including web services, under the Terms of Service (the “Services”), you automatically consent to the terms of this Privacy Policy and agree to be bound by it and our Terms of Service. If there is any conflict between this Privacy Policy and the Terms of Service, then the Terms of Service prevail.
This Privacy Policy does not limit your existing rights under relevant privacy and data protection laws.
Purpose of This Policy & Who It Applies To
Summit is committed to protecting the privacy of everyone who interacts with our services. This Privacy Policy explains our practices regarding the use, collection, disclosure, and safeguarding of your personal data. By using our services, you acknowledge that you have read, understood, and agree to these terms. Summit operates in compliance with applicable privacy frameworks including the Australian Privacy Principles (APP) and New Zealand Privacy Principles (NZPP), among other applicable regulations.
This policy applies to all individuals whose data we process, including customers, end users, website visitors, and partners. This covers all services provided by Summit.
Customers: Healthcare clinics, their practitioners and admin staff
End users: Callers whose personal data is processed through our system
Website visitors: Individuals who visit our website at www.usesummitai.com
Partners: Third party vendors and business partners
Note: Summit processes personal data on behalf of our customers, which act as the data controllers. Our customers are responsible for their relationship with patients and for ensuring appropriate notices and consents are provided in accordance with applicable healthcare and privacy laws.
Collection Of Personal Information
We collect personal data directly when individuals interact with our services. We collect this data in three main ways: directly from individuals, automatically during service use, and from third-party systems.
Personal Information We Collect
We collect the following types of personal information in regards to providing our services:
Personal Identifiers: The individual's name, date of birth, phone number
Account Details: Account credentials, user preferences, and payment information for purchase of the Service.
Call Data: Individual's names, contact details and appointment details in our call recordings and transcripts,
Website Information: Traffic volumes, time spent on pages, IP address and/or other device identifying data.
Summit collects and holds such personal information that we may collect directly from you when you:
Make a request for provision of our Services,
Become a client and we provide you with the Services,
Use our website and/or software applications as a client,
Contact the Summit support team, or
Visit our website and/or download our software applications.
You may choose not to disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.
How We Use Personal Data
We use personal data to provide and improve our services, communicate effectively, and meet legal requirements. Specifically:
provide the requested Services to you,
market our Services (with Consent) and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
analyse effectiveness of marketing strategies;
to assess the effectiveness and use of Services and our products and other similar purposes;
carry out training of our personnel in relation to the Services,
ensure we comply with laws and regulations in applicable jurisdictions,
keep open lines of communication with you, including for support or in response to a complaint,
send you our bills and to collect any money owing to us. This includes authorising us to process credit card transactions,
ensure that you are adhering to our Terms of Service, and any other use that is authorised by you or relevant privacy laws.
Legal Basis for Processing
We process personal data based on:
Consent: When individuals provide clear consent, such as for call processing and marketing communications. This is withdraw-able at any time.
Contractual Necessity: To fulfil Summit AI's service agreements with our customers.
Legitimate Interests: To improve Summit AI's services and ensure operational efficiency, while respecting individual rights.
Communication: Sending post-call email alerts and updates.
Sharing & Disclosure of Data
All information that you provide to us or enter into our website, software applications, phone system or collected from your visiting our website or downloading/using our Service is automatically transferred to the Summit system. When you use our Services, you consent to your personal information being held by our system as outlined in this Privacy Policy.
We may share your personal information with third party service providers for the following purposes:
Internal Use: Data is accessed only by authorized personnel (executive leadership and authorized service providers) for service delivery and support.
Service Providers: To facilitate the operation of our services, we may share your data with trusted third-party providers such as payment processors, IT services or cloud storage providers.
Legal Compliance: We may disclose your information to comply with applicable laws and regulations or to respond to lawful requests from governmental authorities or regulatory bodies.
Health-Related Services: We may share information with authorized third parties as required to provide healthcare-related services or to meet our contractual obligations with you or your organization. We ensure that all third-party providers we engage with are compliant with privacy laws, including HIPAA, GDPR, and the Australian Privacy Act, as appropriate.
Cross-Border Transfers: Where personal data is transferred internationally, Summit implements appropriate safeguards, including standard contractual data protection obligations, and other legal safeguards with service providers. We ensure that all third-party providers we engage with comply with privacy frameworks, including NZPP and the Australian Privacy Act, as appropriate. Please visit our Trust Center for a current list of sub processors.
Data Retention & Accuracy
Retention Periods
We retain personal data only as long as necessary.
Call Recordings: Deleted upon termination of account subscription.
Call Transcripts: Deleted upon termination of account subscription.
Make.com Scenario Logs: Automatically deleted after 30 days.
Website Logs: Deleted after 90 days.
Account Information: Duration of active subscription plus 30 days after termination of subscription.
Purpose and Scope
Privacy is given serious importance at Summit AI Limited (“Summit”). We take steps to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.
We strongly encourage you to go through this Privacy Policy carefully. A thorough understanding will help you make an informed decision when giving personal information to us. Our Terms of Service should be read together with this Privacy Policy as the defined terms all share the same meaning. When you access our website and/or engage us to provide any service, including web services, under the Terms of Service (the “Services”), you automatically consent to the terms of this Privacy Policy and agree to be bound by it and our Terms of Service. If there is any conflict between this Privacy Policy and the Terms of Service, then the Terms of Service prevail.
This Privacy Policy does not limit your existing rights under relevant privacy and data protection laws.
Purpose of This Policy & Who It Applies To
Summit is committed to protecting the privacy of everyone who interacts with our services. This Privacy Policy explains our practices regarding the use, collection, disclosure, and safeguarding of your personal data. By using our services, you acknowledge that you have read, understood, and agree to these terms. Summit operates in compliance with applicable privacy frameworks including the Australian Privacy Principles (APP) and New Zealand Privacy Principles (NZPP), among other applicable regulations.
This policy applies to all individuals whose data we process, including customers, end users, website visitors, and partners. This covers all services provided by Summit.
Customers: Healthcare clinics, their practitioners and admin staff
End users: Callers whose personal data is processed through our system
Website visitors: Individuals who visit our website at www.usesummitai.com
Partners: Third party vendors and business partners
Note: Summit processes personal data on behalf of our customers, which act as the data controllers. Our customers are responsible for their relationship with patients and for ensuring appropriate notices and consents are provided in accordance with applicable healthcare and privacy laws.
Collection Of Personal Information
We collect personal data directly when individuals interact with our services. We collect this data in three main ways: directly from individuals, automatically during service use, and from third-party systems.
Personal Information We Collect
We collect the following types of personal information in regards to providing our services:
Personal Identifiers: The individual's name, date of birth, phone number
Account Details: Account credentials, user preferences, and payment information for purchase of the Service.
Call Data: Individual's names, contact details and appointment details in our call recordings and transcripts,
Website Information: Traffic volumes, time spent on pages, IP address and/or other device identifying data.
Summit collects and holds such personal information that we may collect directly from you when you:
Make a request for provision of our Services,
Become a client and we provide you with the Services,
Use our website and/or software applications as a client,
Contact the Summit support team, or
Visit our website and/or download our software applications.
You may choose not to disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.
How We Use Personal Data
We use personal data to provide and improve our services, communicate effectively, and meet legal requirements. Specifically:
provide the requested Services to you,
market our Services (with Consent) and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
analyse effectiveness of marketing strategies;
to assess the effectiveness and use of Services and our products and other similar purposes;
carry out training of our personnel in relation to the Services,
ensure we comply with laws and regulations in applicable jurisdictions,
keep open lines of communication with you, including for support or in response to a complaint,
send you our bills and to collect any money owing to us. This includes authorising us to process credit card transactions,
ensure that you are adhering to our Terms of Service, and any other use that is authorised by you or relevant privacy laws.
Legal Basis for Processing
We process personal data based on:
Consent: When individuals provide clear consent, such as for call processing and marketing communications. This is withdraw-able at any time.
Contractual Necessity: To fulfil Summit AI's service agreements with our customers.
Legitimate Interests: To improve Summit AI's services and ensure operational efficiency, while respecting individual rights.
Communication: Sending post-call email alerts and updates.
Sharing & Disclosure of Data
All information that you provide to us or enter into our website, software applications, phone system or collected from your visiting our website or downloading/using our Service is automatically transferred to the Summit system. When you use our Services, you consent to your personal information being held by our system as outlined in this Privacy Policy.
We may share your personal information with third party service providers for the following purposes:
Internal Use: Data is accessed only by authorized personnel (executive leadership and authorized service providers) for service delivery and support.
Service Providers: To facilitate the operation of our services, we may share your data with trusted third-party providers such as payment processors, IT services or cloud storage providers.
Legal Compliance: We may disclose your information to comply with applicable laws and regulations or to respond to lawful requests from governmental authorities or regulatory bodies.
Health-Related Services: We may share information with authorized third parties as required to provide healthcare-related services or to meet our contractual obligations with you or your organization. We ensure that all third-party providers we engage with are compliant with privacy laws, including HIPAA, GDPR, and the Australian Privacy Act, as appropriate.
Cross-Border Transfers: Where personal data is transferred internationally, Summit implements appropriate safeguards, including standard contractual data protection obligations, and other legal safeguards with service providers. We ensure that all third-party providers we engage with comply with privacy frameworks, including NZPP and the Australian Privacy Act, as appropriate. Please visit our Trust Center for a current list of sub processors.
Data Retention & Accuracy
Retention Periods
We retain personal data only as long as necessary.
Call Recordings: Deleted upon termination of account subscription.
Call Transcripts: Deleted upon termination of account subscription.
Make.com Scenario Logs: Automatically deleted after 30 days.
Website Logs: Deleted after 90 days.
Account Information: Duration of active subscription plus 30 days after termination of subscription.
Ensuring Data Accuracy
We work with our customers and third-party providers to keep data accurate and up-to-date. Individuals can request updates or corrections by contacting us.
Your Rights
We respect your rights to access, rectify, erase, or restrict, port and object to the use of your personal data. Under applicable data protection laws, you have several rights regarding your personal data. These rights include:
Right of Access: You may request a copy and access your personal data that we hold.
Right to Rectification: You may ask us to correct any personal information that is inaccurate or incomplete.
Right to Erasure: You may request deletion of your personal data in certain circumstances, subject to applicable legal retention obligations.
Right to Restrict Processing: You may request that we limit how we process your personal data in specific situations.
Right to Data Portability: You may request your personal data in a structured, portable, and machine-readable format, and have it transferred to another provider where applicable.
Right to Object: You may object to certain processing activities of your personal data, including marketing.
To exercise these rights:
Contact us via email at contact@usesummitai.com.
We will verify your identity to protect your privacy.
We aim to process all requests within 30 calendar days, in collaboration with clinics and service providers.
Complaints & Escalations
If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation to our Privacy Officer:
Name: Rubin Saini
Email: contact@usesummitai.com
We will investigate and respond promptly. If you are not satisfied, you can escalate your complaint to the relevant data protection authority in New Zealand or Australia.
Privacy Policy Updates
We may review and update this Privacy Policy periodically. Customers will be notified of any material changes via email, and the updated policy will be published on our website with the effective date indicated. For minor updates, notifications may also be provided to our customers via our client portal.
If you have any questions or concerns about this Privacy Policy, please provide us with the full details of your concern along with any supporting documentation to our Privacy Officer:
Name: Rubin Saini
Email: contact@usesummitai.com
GDPR Addendum
If you are located in the United Kingdom (“UK”) or the European Union (“EU”), and wish to use our website and/or Services, the GDPR applies to you. These additional terms (“GDPR Addendum”) apply to this and make up part of our Privacy Policy.
The UK Data Protection Act 2018 (“DPA”) and the EU General Data Protection Regulation (“EU GDPR”) were set up to control the collection, processing and transfer of UK and EU individuals’ personal data (as defined in the GDPR). The personal information described in the Summit Privacy Policy comes under the personal data in the GDPR. It is important to us that we comply with the GDPR when dealing with the personal data of UK and EU-based visitors to our website.
This GDPR Addendum was drafted to be concise and easy to understand. It does not outline in exhaustive detail all aspects of our collection and use of personal data. If you wish to have more information or need an explanation, please contact us. Your request should be sent to Rubin Saini, CEO of Summit at contact@usesummitai.com.
For the purposes of the GDPR:
Summit is the data controller (as defined in the GDPR) when processing personal information.
Our third party vendors are the data processors when processing personal information.
Processing personal data
The personal information outlined in this Privacy Policy is the personal data that Summit may process. Any processing done will be to achieve the purposes set out in this Privacy Policy.
As permitted under the GDPR we can process your information for the purposes described in the body of the Privacy Policy by relying on one or more of the following lawful grounds:
You have agreed with us explicitly that we may process your information for a specific reason;
The processing of personal information is necessary to perform the agreement we have with you (or to take steps to enter into an agreement with you);
The processing is necessary for us to comply with our legal obligations; or
The processing is actually necessary for our legitimate interests, which include:
(i) to protect our business interests;
(ii) to ensure that complaints are appropriately investigated;
(iii) to evaluate, develop or improve products and services we offer; or
(iv) to keep you informed of relevant products and services, unless you indicate that you do not wish us to be kept updated. While we will generally rely on your specific consent to process special categories of personal data (i.e., ‘sensitive information’), in some cases (for example, relating to an alleged offence), we may need to use some information to comply with our legal obligations.
It is possible to use access and use our website without providing us with data. However some of our services will require you to provide us with your name and email address, for example if you sign up to any newsletters. If you choose not to divulge that information, we will be unable to provide you with our full services.
Your rights
The GDPR grants you certain rights in relation to your personal data. These include:
Right of access
Right to rectification
Right to erasure
Right to withdraw consent
Right to restrict processing
Right to object to processing
Rights related to automated decision making, including profiling
Right to data portability
The right to complain to a supervisory authority
If your personal data is used or obtained for direct marketing purposes, you have the right to object.
If you wish to exercise any of your rights listed above, please contact our Privacy Officer. If you are dissatisfied with how we deal with your request, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
Children
It is not our intention to collect personal data from children under the age of 16. If you believe that a child under 16 has given us their personal data either through our website and/or by using our Services, please contact our Privacy Officer. If they can access it, then it is your responsibility to obtain the consent of any Guardian of any children who can access the website or the Services and you agree to do so.
International transfer of data
As Summit is based in New Zealand, the personal information that we collect through our website and our Services will be transferred to, and stored in, a country operating outside the United Kingdom or the European Economic Area (EEA). According to the GDPR, this transfer may only take place if the European Commission has decided that the country maintains an adequate level of protection. If this adequacy status is not granted to us we may transfer the personal data, so long as there are suitable safeguards.
The Summit Privacy Policy states that some of the personal information we collect is processed by third party data processors in other countries, including Australia. We will only transfer this data outside the United Kingdom or the EEA if that country has been given the adequacy status mentioned above, or if we have approved transfer instruments set up to protect your personal data. If you wish to know more, please contact us using the details in our Privacy Policy.
Data Retention Privacy Policy
We will only keep personal information for as long as is needed to achieve its purpose, or to comply with relevant law, whichever is longer.
Contacting us
Please contact us via the details as set out in our Privacy Policy.
Purpose and Scope
Privacy is given serious importance at Summit AI Limited (“Summit”). We take steps to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.
We strongly encourage you to go through this Privacy Policy carefully. A thorough understanding will help you make an informed decision when giving personal information to us. Our Terms of Service should be read together with this Privacy Policy as the defined terms all share the same meaning. When you access our website and/or engage us to provide any service, including web services, under the Terms of Service (the “Services”), you automatically consent to the terms of this Privacy Policy and agree to be bound by it and our Terms of Service. If there is any conflict between this Privacy Policy and the Terms of Service, then the Terms of Service prevail.
This Privacy Policy does not limit your existing rights under relevant privacy and data protection laws.
Purpose of This Policy & Who It Applies To
Summit is committed to protecting the privacy of everyone who interacts with our services. This Privacy Policy explains our practices regarding the use, collection, disclosure, and safeguarding of your personal data. By using our services, you acknowledge that you have read, understood, and agree to these terms. Summit operates in compliance with applicable privacy frameworks including the Australian Privacy Principles (APP) and New Zealand Privacy Principles (NZPP), among other applicable regulations.
This policy applies to all individuals whose data we process, including customers, end users, website visitors, and partners. This covers all services provided by Summit.
Customers: Healthcare clinics, their practitioners and admin staff
End users: Callers whose personal data is processed through our system
Website visitors: Individuals who visit our website at www.usesummitai.com
Partners: Third party vendors and business partners
Note: Summit processes personal data on behalf of our customers, which act as the data controllers. Our customers are responsible for their relationship with patients and for ensuring appropriate notices and consents are provided in accordance with applicable healthcare and privacy laws.
Collection Of Personal Information
We collect personal data directly when individuals interact with our services. We collect this data in three main ways: directly from individuals, automatically during service use, and from third-party systems.
Personal Information We Collect
We collect the following types of personal information in regards to providing our services:
Personal Identifiers: The individual's name, date of birth, phone number
Account Details: Account credentials, user preferences, and payment information for purchase of the Service.
Call Data: Individual's names, contact details and appointment details in our call recordings and transcripts,
Website Information: Traffic volumes, time spent on pages, IP address and/or other device identifying data.
Summit collects and holds such personal information that we may collect directly from you when you:
Make a request for provision of our Services,
Become a client and we provide you with the Services,
Use our website and/or software applications as a client,
Contact the Summit support team, or
Visit our website and/or download our software applications.
You may choose not to disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.
How We Use Personal Data
We use personal data to provide and improve our services, communicate effectively, and meet legal requirements. Specifically:
provide the requested Services to you,
market our Services (with Consent) and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
analyse effectiveness of marketing strategies;
to assess the effectiveness and use of Services and our products and other similar purposes;
carry out training of our personnel in relation to the Services,
ensure we comply with laws and regulations in applicable jurisdictions,
keep open lines of communication with you, including for support or in response to a complaint,
send you our bills and to collect any money owing to us. This includes authorising us to process credit card transactions,
ensure that you are adhering to our Terms of Service, and any other use that is authorised by you or relevant privacy laws.
Legal Basis for Processing
We process personal data based on:
Consent: When individuals provide clear consent, such as for call processing and marketing communications. This is withdraw-able at any time.
Contractual Necessity: To fulfil Summit AI's service agreements with our customers.
Legitimate Interests: To improve Summit AI's services and ensure operational efficiency, while respecting individual rights.
Communication: Sending post-call email alerts and updates.
Sharing & Disclosure of Data
All information that you provide to us or enter into our website, software applications, phone system or collected from your visiting our website or downloading/using our Service is automatically transferred to the Summit system. When you use our Services, you consent to your personal information being held by our system as outlined in this Privacy Policy.
We may share your personal information with third party service providers for the following purposes:
Internal Use: Data is accessed only by authorized personnel (executive leadership and authorized service providers) for service delivery and support.
Service Providers: To facilitate the operation of our services, we may share your data with trusted third-party providers such as payment processors, IT services or cloud storage providers.
Legal Compliance: We may disclose your information to comply with applicable laws and regulations or to respond to lawful requests from governmental authorities or regulatory bodies.
Health-Related Services: We may share information with authorized third parties as required to provide healthcare-related services or to meet our contractual obligations with you or your organization. We ensure that all third-party providers we engage with are compliant with privacy laws, including HIPAA, GDPR, and the Australian Privacy Act, as appropriate.
Cross-Border Transfers: Where personal data is transferred internationally, Summit implements appropriate safeguards, including standard contractual data protection obligations, and other legal safeguards with service providers. We ensure that all third-party providers we engage with comply with privacy frameworks, including NZPP and the Australian Privacy Act, as appropriate. Please visit our Trust Center for a current list of sub processors.
Data Retention & Accuracy
Retention Periods
We retain personal data only as long as necessary.
Call Recordings: Deleted upon termination of account subscription.
Call Transcripts: Deleted upon termination of account subscription.
Make.com Scenario Logs: Automatically deleted after 30 days.
Website Logs: Deleted after 90 days.
Account Information: Duration of active subscription plus 30 days after termination of subscription.
Ensuring Data Accuracy
We work with our customers and third-party providers to keep data accurate and up-to-date. Individuals can request updates or corrections by contacting us.
Your Rights
We respect your rights to access, rectify, erase, or restrict, port and object to the use of your personal data. Under applicable data protection laws, you have several rights regarding your personal data. These rights include:
Right of Access: You may request a copy and access your personal data that we hold.
Right to Rectification: You may ask us to correct any personal information that is inaccurate or incomplete.
Right to Erasure: You may request deletion of your personal data in certain circumstances, subject to applicable legal retention obligations.
Right to Restrict Processing: You may request that we limit how we process your personal data in specific situations.
Right to Data Portability: You may request your personal data in a structured, portable, and machine-readable format, and have it transferred to another provider where applicable.
Right to Object: You may object to certain processing activities of your personal data, including marketing.
To exercise these rights:
Contact us via email at contact@usesummitai.com.
We will verify your identity to protect your privacy.
We aim to process all requests within 30 calendar days, in collaboration with clinics and service providers.
Complaints & Escalations
If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation to our Privacy Officer:
Name: Rubin Saini
Email: contact@usesummitai.com
We will investigate and respond promptly. If you are not satisfied, you can escalate your complaint to the relevant data protection authority in New Zealand or Australia.
Privacy Policy Updates
We may review and update this Privacy Policy periodically. Customers will be notified of any material changes via email, and the updated policy will be published on our website with the effective date indicated. For minor updates, notifications may also be provided to our customers via our client portal.
If you have any questions or concerns about this Privacy Policy, please provide us with the full details of your concern along with any supporting documentation to our Privacy Officer:
Name: Rubin Saini
Email: contact@usesummitai.com
GDPR Addendum
If you are located in the United Kingdom (“UK”) or the European Union (“EU”), and wish to use our website and/or Services, the GDPR applies to you. These additional terms (“GDPR Addendum”) apply to this and make up part of our Privacy Policy.
The UK Data Protection Act 2018 (“DPA”) and the EU General Data Protection Regulation (“EU GDPR”) were set up to control the collection, processing and transfer of UK and EU individuals’ personal data (as defined in the GDPR). The personal information described in the Summit Privacy Policy comes under the personal data in the GDPR. It is important to us that we comply with the GDPR when dealing with the personal data of UK and EU-based visitors to our website.
This GDPR Addendum was drafted to be concise and easy to understand. It does not outline in exhaustive detail all aspects of our collection and use of personal data. If you wish to have more information or need an explanation, please contact us. Your request should be sent to Rubin Saini, CEO of Summit at contact@usesummitai.com.
For the purposes of the GDPR:
Summit is the data controller (as defined in the GDPR) when processing personal information.
Our third party vendors are the data processors when processing personal information.
Processing personal data
The personal information outlined in this Privacy Policy is the personal data that Summit may process. Any processing done will be to achieve the purposes set out in this Privacy Policy.
As permitted under the GDPR we can process your information for the purposes described in the body of the Privacy Policy by relying on one or more of the following lawful grounds:
You have agreed with us explicitly that we may process your information for a specific reason;
The processing of personal information is necessary to perform the agreement we have with you (or to take steps to enter into an agreement with you);
The processing is necessary for us to comply with our legal obligations; or
The processing is actually necessary for our legitimate interests, which include:
(i) to protect our business interests;
(ii) to ensure that complaints are appropriately investigated;
(iii) to evaluate, develop or improve products and services we offer; or
(iv) to keep you informed of relevant products and services, unless you indicate that you do not wish us to be kept updated. While we will generally rely on your specific consent to process special categories of personal data (i.e., ‘sensitive information’), in some cases (for example, relating to an alleged offence), we may need to use some information to comply with our legal obligations.
It is possible to use access and use our website without providing us with data. However some of our services will require you to provide us with your name and email address, for example if you sign up to any newsletters. If you choose not to divulge that information, we will be unable to provide you with our full services.
Your rights
The GDPR grants you certain rights in relation to your personal data. These include:
Right of access
Right to rectification
Right to erasure
Right to withdraw consent
Right to restrict processing
Right to object to processing
Rights related to automated decision making, including profiling
Right to data portability
The right to complain to a supervisory authority
If your personal data is used or obtained for direct marketing purposes, you have the right to object.
If you wish to exercise any of your rights listed above, please contact our Privacy Officer. If you are dissatisfied with how we deal with your request, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
Children
It is not our intention to collect personal data from children under the age of 16. If you believe that a child under 16 has given us their personal data either through our website and/or by using our Services, please contact our Privacy Officer. If they can access it, then it is your responsibility to obtain the consent of any Guardian of any children who can access the website or the Services and you agree to do so.
International transfer of data
As Summit is based in New Zealand, the personal information that we collect through our website and our Services will be transferred to, and stored in, a country operating outside the United Kingdom or the European Economic Area (EEA). According to the GDPR, this transfer may only take place if the European Commission has decided that the country maintains an adequate level of protection. If this adequacy status is not granted to us we may transfer the personal data, so long as there are suitable safeguards.
The Summit Privacy Policy states that some of the personal information we collect is processed by third party data processors in other countries, including Australia. We will only transfer this data outside the United Kingdom or the EEA if that country has been given the adequacy status mentioned above, or if we have approved transfer instruments set up to protect your personal data. If you wish to know more, please contact us using the details in our Privacy Policy.
Data Retention Privacy Policy
We will only keep personal information for as long as is needed to achieve its purpose, or to comply with relevant law, whichever is longer.
Contacting us
Please contact us via the details as set out in our Privacy Policy.
Ensuring Data Accuracy
We work with our customers and third-party providers to keep data accurate and up-to-date. Individuals can request updates or corrections by contacting us.
Your Rights
We respect your rights to access, rectify, erase, or restrict, port and object to the use of your personal data. Under applicable data protection laws, you have several rights regarding your personal data. These rights include:
Right of Access: You may request a copy and access your personal data that we hold.
Right to Rectification: You may ask us to correct any personal information that is inaccurate or incomplete.
Right to Erasure: You may request deletion of your personal data in certain circumstances, subject to applicable legal retention obligations.
Right to Restrict Processing: You may request that we limit how we process your personal data in specific situations.
Right to Data Portability: You may request your personal data in a structured, portable, and machine-readable format, and have it transferred to another provider where applicable.
Right to Object: You may object to certain processing activities of your personal data, including marketing.
To exercise these rights:
Contact us via email at contact@usesummitai.com.
We will verify your identity to protect your privacy.
We aim to process all requests within 30 calendar days, in collaboration with clinics and service providers.
Complaints & Escalations
If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation to our Privacy Officer:
Name: Rubin Saini
Email: contact@usesummitai.com
We will investigate and respond promptly. If you are not satisfied, you can escalate your complaint to the relevant data protection authority in New Zealand or Australia.
Privacy Policy Updates
We may review and update this Privacy Policy periodically. Customers will be notified of any material changes via email, and the updated policy will be published on our website with the effective date indicated. For minor updates, notifications may also be provided to our customers via our client portal.
If you have any questions or concerns about this Privacy Policy, please provide us with the full details of your concern along with any supporting documentation to our Privacy Officer:
Name: Rubin Saini
Email: contact@usesummitai.com
GDPR Addendum
If you are located in the United Kingdom (“UK”) or the European Union (“EU”), and wish to use our website and/or Services, the GDPR applies to you. These additional terms (“GDPR Addendum”) apply to this and make up part of our Privacy Policy.
The UK Data Protection Act 2018 (“DPA”) and the EU General Data Protection Regulation (“EU GDPR”) were set up to control the collection, processing and transfer of UK and EU individuals’ personal data (as defined in the GDPR). The personal information described in the Summit Privacy Policy comes under the personal data in the GDPR. It is important to us that we comply with the GDPR when dealing with the personal data of UK and EU-based visitors to our website.
This GDPR Addendum was drafted to be concise and easy to understand. It does not outline in exhaustive detail all aspects of our collection and use of personal data. If you wish to have more information or need an explanation, please contact us. Your request should be sent to Rubin Saini, CEO of Summit at contact@usesummitai.com.
For the purposes of the GDPR:
Summit is the data controller (as defined in the GDPR) when processing personal information.
Our third party vendors are the data processors when processing personal information.
Processing personal data
The personal information outlined in this Privacy Policy is the personal data that Summit may process. Any processing done will be to achieve the purposes set out in this Privacy Policy.
As permitted under the GDPR we can process your information for the purposes described in the body of the Privacy Policy by relying on one or more of the following lawful grounds:
You have agreed with us explicitly that we may process your information for a specific reason;
The processing of personal information is necessary to perform the agreement we have with you (or to take steps to enter into an agreement with you);
The processing is necessary for us to comply with our legal obligations; or
The processing is actually necessary for our legitimate interests, which include:
(i) to protect our business interests;
(ii) to ensure that complaints are appropriately investigated;
(iii) to evaluate, develop or improve products and services we offer; or
(iv) to keep you informed of relevant products and services, unless you indicate that you do not wish us to be kept updated. While we will generally rely on your specific consent to process special categories of personal data (i.e., ‘sensitive information’), in some cases (for example, relating to an alleged offence), we may need to use some information to comply with our legal obligations.
It is possible to use access and use our website without providing us with data. However some of our services will require you to provide us with your name and email address, for example if you sign up to any newsletters. If you choose not to divulge that information, we will be unable to provide you with our full services.
Your rights
The GDPR grants you certain rights in relation to your personal data. These include:
Right of access
Right to rectification
Right to erasure
Right to withdraw consent
Right to restrict processing
Right to object to processing
Rights related to automated decision making, including profiling
Right to data portability
The right to complain to a supervisory authority
If your personal data is used or obtained for direct marketing purposes, you have the right to object.
If you wish to exercise any of your rights listed above, please contact our Privacy Officer. If you are dissatisfied with how we deal with your request, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
Children
It is not our intention to collect personal data from children under the age of 16. If you believe that a child under 16 has given us their personal data either through our website and/or by using our Services, please contact our Privacy Officer. If they can access it, then it is your responsibility to obtain the consent of any Guardian of any children who can access the website or the Services and you agree to do so.
International transfer of data
As Summit is based in New Zealand, the personal information that we collect through our website and our Services will be transferred to, and stored in, a country operating outside the United Kingdom or the European Economic Area (EEA). According to the GDPR, this transfer may only take place if the European Commission has decided that the country maintains an adequate level of protection. If this adequacy status is not granted to us we may transfer the personal data, so long as there are suitable safeguards.
The Summit Privacy Policy states that some of the personal information we collect is processed by third party data processors in other countries, including Australia. We will only transfer this data outside the United Kingdom or the EEA if that country has been given the adequacy status mentioned above, or if we have approved transfer instruments set up to protect your personal data. If you wish to know more, please contact us using the details in our Privacy Policy.
Data Retention Privacy Policy
We will only keep personal information for as long as is needed to achieve its purpose, or to comply with relevant law, whichever is longer.
Contacting us
Please contact us via the details as set out in our Privacy Policy.
© 2026 Summit AI Limited. All rights reserved.
© 2026 Summit AI Limited. All rights reserved.