PRIVACY NOTICE

OtoImmune Ltd ("we", "us", or "our") respects your privacy and we are committed to keeping your personal data and other data confidential and secure.

‘mOI’ and ‘mOI Health’ are trading names of OtoImmune for the provision of products and services described in this Privacy Notice.

‍
OtoImmune operates the following platforms (together referred to in this Privacy Notice as the “Platform”): the website www.moihealth.com (“Website”); the mOI web application, accessible via the Website (the “Web App”); and the mOI mobile application, available on iOS and Android (the “App”).

‍
For the purposes of this Privacy Notice, the following defined terms have the meanings given to them in our Terms and Conditions of Sale: “Membership”, “Services” and “Test Kits”. Our Terms and Conditions of Sale are available on the Platform (but can be provided on request by emailing dataprotection@moihealth.com) and should be read alongside this Privacy Notice. In the event of any conflict between a definition in this Privacy Notice and the same term as defined in our Terms and Conditions of Sale, the Terms and Conditions of Sale shall prevail.

1. Who we are

We are the controller responsible for the personal data we collect and use about you. Our full details are OtoImmune Ltd (company number 15799123), a private company limited by shares and registered in England and Wales. Our registered office is located at 20 Wenlock Road, London, N1 7GU.

This Privacy Notice tells you the types of personal data we collect about you when you visit or use any part of our Platform (comprising our Website at www.moihealth.com, our Web App and our App), purchase a Membership, use our products and services, interact with us offline, or where we otherwise obtain personal data either directly from you or from another party.

We aim to comply with the highest applicable data protection and healthcare standards, including the UK GDPR, all other applicable UK data protection legislation and, where relevant, HIPAA-equivalent principles.

Our Platform may include links to third-party websites, plug-ins, applications or other services and products. Clicking on those links or enabling those connections may allow third parties to collect or share data about you in accordance with their own privacy notices. These third parties are separate and independent from us and we are not responsible for their privacy notices. When you leave our Platform, we encourage you to read the privacy notice of every website or service you visit.

2. Data we collect and use about you

Personal data, or personal information, means any information about an individual from which that person can be identified.

We have grouped together the different types of personal data we collect and use about you into the following categories:

Health Data including information derived from or related to autoantibody testing, complete blood counts (CBC) and related blood panels, faecal immunochemical tests (FIT), calprotectin levels, Secretory Immunoglobin A and gut microbiome analyses (which may include incidental human genetic material) and digital and other health data, including medical history, symptoms, diagnoses, medication, appointments, mental health, activity, biometric and other vital sign data, allergies and intolerances and your unique patient identification number. Health Data also includes data derived from wearable devices and health monitoring technology connected to the Platform (such as Apple Health, Fitbit, Google Health and similar devices), including but not limited to heart rate, heart rate variability (HRV), sleep patterns, activity levels and other physiological measurements passively collected through such integrations. Such wearable-derived data may constitute health data or biometric data for the purposes of UK GDPR and is treated accordingly as special category personal data.
Lifestyle Data including information you input or that is passively collected relating to diet and food intake, fluid and alcohol consumption, exercise and physical activity, stress levels, mood, weather exposure and other environmental or behavioural factors that may influence your health. Lifestyle Data is collected through the Platform's tracking features and through connected wearable devices and third-party applications where applicable.
Genetic Data such as data derived from whole genome sequencing (WGS), transcriptome sequencing and/or other analyses of biological samples that reveal inherited or acquired genetic characteristics including data concerning chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis composition and/or variation.
Identity Data including full name, date of birth, nationality, gender, username or similar identifier, title and ID documentation.
Contact Data including billing address, delivery address, email address and telephone numbers.
Financial Data including bank account details, payment methods and identifiers, Membership subscription payments and history, gift vouchers, credits and monies that you may have pooled or wish to pool to pay for our products and/or services. Please note that payment card details are processed directly by our third-party payment processors (including Stripe and PayPal) and are not stored by us. Those processors operate under their own privacy notices and PCI DSS compliance frameworks. We receive only limited transaction confirmation data from those processors, not your full payment card details.
Transaction Data including details about payments to and from you and other details of products and services you have purchased or wish to purchase from us.
Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Profile Data including your username and password, account credentials, purchases or orders made by you, your feedback and survey responses, plus your interest in being part of our wider activities, including clinical trials (and participation therein), research and development activities (including drug discovery) and partnerships and joint ventures.
Usage Data including information about how you use our website (including websites and/or services integrated with the same (e.g. Stripe)), our app, products and services, your interests and preferences.
Communications Data including communications you send to us, such as customer service inquiries, product reviews and other feedback regarding our products, services and the website, and your communications with other users of the website. Given the free text nature of some of our forms and methods of communication, you may, at your option, provide us with additional forms of personal data not listed above.
Marketing and Related Data including your preferences in receiving marketing from us and our selected third parties, your communication preferences, and the segment(s) we assign to you for online marketing purposes.

The law considers certain data about your health and data about your genetic characteristics to be sensitive data which is subject to stricter rules.

3. How we collect personal data about you

When you use our website, apps, products or services, or otherwise interact with us, we collect and use the following personal data about you.

You may provide your personal data to us when you fill in forms on our website and app, order health tests from our website and/or app, download our app or correspond with us, whether by social media, chat platforms, post, phone, email or otherwise. This includes personal data you provide when you:

register with us and create an account via the Web App;
purchase or manage a Membership subscription;
undertake and complete onboarding, post-onboarding and other exercises via the Platform;
order and/or use our products or services;
subscribe to any part of our services or publications;
make a purchase through the Platform;
use any part of the Platform, including health tracking, symptom logging, treatment logging, appointment logging, cycle tracking and any other features available as part of your Membership;
connect a wearable device or third-party health application to the Platform;
request marketing to be sent to you;
contact our support team at support@moihealth.com, including by raising a support ticket; and
give us feedback or contact us. register with us and create an account.

As you interact with our website or app, we will automatically collect certain technical data about your equipment, browsing actions and patterns.

We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. Please see below for further details.

If you choose not to provide certain personal data to us, we may not be able to provide you with access to and/or use of (in whole or in part) our products and services.

We may receive personal data about you from certain third parties and public sources including:

social media sites;
from your other healthcare providers (including the NHS and other private and/or non- or quasi-governmental healthcare providers);
from our own or our partners’ laboratories, research centres, pharmaceutical and/or biotech partners and/or other engaged third parties (e.g. analysis providers, phlebotomist providers, etc) if you purchase one of our products and/or otherwise wish to use any of our services; and
our marketing partners, pharma and biotech partners, advertising networks and analytics providers.

4. The purposes for which we use your personal data and the lawful bases

We will only use your personal data when the law allows us to. We set out below the purposes for which we use your personal data and the relevant lawful bases that we rely on:

Clinical Trials and Research

With your explicit consent, we may use your health and genetic data, together with information you provide about your medical history, symptoms and treatments, mood, appointments and preferences, to identify and recommend potential clinical trials or similar trials and opportunities that may be relevant to you.

Where appropriate, we may facilitate introduction between you and pharmaceutical partners, clinical research organisations or trial sponsors or otherwise provide your details to them. Where data is shared with such parties and for such purposes(s), we will take suitable steps to anonymise or pseudonymise your data wherever possible.

Biobanking

We may, with your explicit consent, retain and securely store your biological samples or any parts of such samples (for example, blood, serum, stool or other specimens) for future testing (“Biobanking”).

These samples may be re-analysed by us or on our behalf to:

provide to you future goods and/or services;
provide to your existing and future healthcare providers your samples and/or provide to them on your behalf future goods and/or services;
provide to you recommendations on future goods and/or services;
validate or improve existing assays and/or create novel assays or workflows;
develop new intellectual property, including antibodies, autoantibodies, new signatures and/or diagnostic or monitoring tests;
support quality assurance or product development, and
conduct internal research or collaborative projects with trusted academic, research or commercial partners, including pharmaceutical, biotech and nutraceutical organisations.

Any such use will be governed by applicable law and subject to appropriate contractual and other safeguards.

Biobanking consent is separate from and in addition to the consent you provide at Membership sign-up. It will be sought from you at a specific point in the Platform journey — clearly identified and presented as a standalone consent request — and will set out in plain terms what biobanking involves, how your samples will be used, who may have access to them, and how long they will be retained. Providing or withholding biobanking consent will not affect your ability to purchase a Membership or order Services. You may withdraw your biobanking consent at any time by contacting us at dataprotection@moihealth.com. Withdrawal of biobanking consent will result in the destruction of your stored biological samples in accordance with the sample destruction provisions of our Terms and Conditions of Sale.

Collaborative Research and Development Activities

We may partner with academic institutions, research consortia, healthcare providers, pharmaceutical, biotech, or nutraceutical companies to advance research in immune health, population and/or general health and related areas.

Where data is shared with such parties and for such purposes(s), we will take suitable steps to anonymise or pseudonymise your data wherever possible.

We will only share identifiable information where you have provided explicit consent or where another lawful basis applies, and all partners will be contractually required to protect your data and use it only for the agreed purposes.

Membership Health Tracking

Where you hold an active Membership and use the Platform's health tracking features — including symptom logging, treatment logging, appointment tracking, cycle tracking, family history recording, lifestyle logging and wearable device integration — we process the health data, lifestyle data and other personal data you input for the purpose of providing and improving those features and generating insights from your data. The lawful basis for this processing is your consent, given at the point of Membership sign-up and onboarding. You may withdraw consent at any time by contacting us at dataprotection@moihealth.com, though withdrawal may affect our ability to provide some or all Membership features.

AI-Generated Insights (via Oto)

Our Platform incorporates an integrated AI insights engine called Oto, which analyses Health Data, Genetic Data, Lifestyle Data, wearable data, test results and other personal data you have inputted into the Platform to generate personalised informational insights, trend summaries and discoveries. These outputs are presented to you within the Platform to support your understanding of your own health and to facilitate more informed engagement with your healthcare team.

Oto operates as a core analytical function of the Platform. It does not collect new or additional data — it analyses data you have already provided under your core Platform consent. Oto-generated outputs are informational and educational only. They do not constitute medical diagnosis, clinical advice or treatment recommendations. They do not involve solely automated decision-making with legal or similarly significant effects on you within the meaning of UK GDPR Article 22 — all outputs are informational in nature and clinical interpretation remains the responsibility of a qualified healthcare professional.

The lawful basis for Oto's processing of your personal data is your core (i.e. required) Platform consent. The lawful basis for processing special category health and genetic data through Oto is Article 9(2)(h) of UK GDPR, which permits processing of health data where necessary for the provision of health-related services and to support informed engagement with healthcare professionals.

Clinician/GP Letter Feature

The GP letter feature generates a structured summary of your health data at your explicit request, for your personal use and sharing with healthcare professionals of your choosing. The data used to generate a GP letter — including symptoms, treatments, test results, wearable data and major life events — is data you have already provided to the Platform and which is processed under your core Platform consent. GP letter generation does not involve any additional or new processing of your personal data beyond what is covered by that consent. It is a feature of the Platform that presents your existing data in a structured format at your direction. The lawful basis for any processing involved in generating a GP letter is your core (i.e. required) Platform consent together with Article 9(2)(h) of UK GDPR, which permits processing of health data where necessary for the provision of health-related services and to support informed engagement with healthcare professionals.

Further Purposes

The following table sets out the purposes for which we use your personal data, the lawful bases we rely on, and the basis for processing sensitive data:

Purpose	Lawful basis	Basis for sensitive data
Processing of Health Data, Lifestyle Data, wearable data and other personal data input through Membership health tracking features (symptom logging, treatment logging, cycle tracking, lifestyle logging etc).	Consent / Legitimate interest in improving our products and services	Explicit consent
Use of Health Data and Genetic Data for genetic analysis and re-analysis purposes	Consent / Legitimate interest in improving our products and services	Explicit consent
Retention and biobanking of biological samples for future testing, validation or research	Consent / Legitimate interest in improving our products and services	Explicit consent
Use of Identity Data and Contact Data for registration and account management	Legitimate Interest to facilitate your registration and account
Use of Financial Data and Contact Data to manage payments and transactions for our products	Legitimate interest to process your payment for our product
Use of Identity Data and Contact Data to manage our relationship with you and respond to your queries/ concerns	Legitimate interest to manage our relationship with you
Use of Usage Data to customise the user experience	Legitimate interest to ensure that your experience is relevant for you
Use of Usage Data in data analytics to improve our website, products/services, marketing user relationships and experiences	Legitimate interest to improve our products and services and learn from analysis what to change
Use of Communications Data and Identity Data to monitor the effectiveness of our products	Legitimate interest to respond to any concerns you raise about our products
Use of Marketing and Communications Data to deliver relevant marketing communications (e.g. newsletters), website content and advertising to you, and measure and understand the effectiveness of the advertising we serve to you	Legitimate interest to provide you with relevant marketing content and understand how effective it is
Use of Contact Data and Profile Data to make recommendations to you about clinical trials/research that we think may be of interest to you	Consent	Explicit consent
Facilitation of introductions to clinical trial sponsors, CROs, or research organisations	Consent	Explicit consent
Use of Technical Data to administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, hosting data)	Legitimate interest to protect our business and website
Use of all data types to detect, prevent and prosecute crime, fraud or other unlawful activity	Legitimate interest to prevent, detect and prosecute any illegal or unlawful activity	To prevent or detect unlawful acts for reasons of substantial public interest
Use of all data types to comply with applicable laws or regulations	Compliance with our legal obligations	For reasons of public interest in the area of public health
Use of all data types to take steps to protect our interests or the interests of a third party	Legitimate interest to protect our or a third party's interests	To establish, exercise or defend legal claims
Use of anonymised and/or pseudonymised Health and Genetic Data for research, product, service and model development (including collaborations with third party organisations) and product or service improvement	Legitimate interest advancing scientific research and innovation	N/A – data anonymised/pseudonymised
Collaboration with third-party organisations (e.g. academic institutions, pharma, biotech, or nutraceutical partners) for research, co-development or partnership opportunities in immune health and related areas	Legitimate interest in advancing scientific research and innovation / explicit consent (where required)	Explicit consent (where required).
Sharing of anonymised or aggregated insights for scientific, statistical, or public-health purposes	Legitimate interest / Public interest in the area of public health	N/A – data anonymised

Where we rely on (explicit) consent as a lawful basis for processing your personal data (such as in relation to the processing of your Health Data or for direct marketing), you have the right to withdraw such consent at any time by contacting us at dataprotection@moihealth.com.

5. Security Tokens and Cookies

We use cookies and similar technologies on our Platform. This section explains what cookies we use, why we use them and your choices in relation to them.

What are cookies?

Cookies are small text files placed on your device when you visit a website or use an online service. They are widely used to make websites work efficiently, to improve user experience, and to provide information to website operators.

Cookies we currently use

We currently use the following cookies on our Platform:

#	Cookie Name	Provider	Type	Purpose	Duration	Consent Required
1	__cf_bm / _cfuvid	Cloudflare	Strictly necessary	Maintains session consistency, optimises Platform performance and protects systems against unauthorised access and malicious traffic. Tracks users across sessions solely for security and user experience purposes.	Session / as set by Cloudflare	No — strictly necessary. Cannot be disabled without affecting Platform functionality.
2	Google Analytics (_ga, _gid, _gat)	Google	Analytics / performance	Tracks user interactions on the Platform, assigning a unique client ID to distinguish users and measure site engagement, page views and sessions. Helps us understand how our Platform is being used so we can improve it.	Up to 2 years	Yes — will only be placed with your consent, given or withdrawn via our cookie consent tool.
3	CookieYes (cky-consent, cky-action)	CookieYes	Strictly necessary / functional	Stores cookie consent preferences — including which categories of cookies have been accepted or rejected — so that choices are remembered on subsequent visits. Does not collect personal data beyond consent preferences.	1 year	No — strictly necessary to implement and record cookie consent choices in compliance with UK GDPR and PECR.

Managing your cookie preferences

You will be presented with a cookie banner on your first visit to the Platform that allows you to accept or reject non-essential cookies. You will be able to update your preferences at any time via the cookie settings on our Platform.

Please note that disabling certain cookies may affect the functionality of the Platform or your experience of using it. Strictly necessary cookies cannot be disabled as they are essential to the secure and proper operation of the Platform.

Third party cookies

Some cookies on our Platform are set by third parties (such as Cloudflare and Google). We do not control the operation of these third-party cookies and you should refer to the relevant third party's privacy and cookie notices for further information:

Cloudflare: https://www.cloudflare.com/privacypolicy/
Google: https://policies.google.com/privacy
CookieYes: https://www.cookieyes.com/privacy-policy/

Changes to our use of cookies

We will update this section of our Privacy Notice whenever we introduce new cookies or change our use of existing cookies. Where any new cookies require your consent, we will present you with an updated cookie notice and seek your consent before placing them.

6. Disclosing your personal data to third parties

When using your personal data, depending on the type of personal data and the purposes of processing, we may disclose it to:

third party service providers, subcontractors, agents and other organisations who provide services to us in connection with the operation of our business or to you on our behalf such as payment service providers and other financial service providers, laboratories, kit providers, phlebotomy providers, third party CRM providers, automation software providers, third party services providing genetic analysis services (including variant calling) IT and cloud hosting providers, administrative services, and software providers;
professional advisers including lawyers, bankers, auditors, accountants and insurers;
anyone authorised by you, as specified by you or in any contract with you;
third parties, where we choose to raise private finance and other monies and/or sell, transfer or merge parts of our business or our assets;
regulators who regulate how we operate;
any person or organisation to whom disclosure is required or permitted under applicable laws and regulations;
In limited circumstances, and only with your explicit consent (or where otherwise permitted by law/a lawful basis):
- research institutions, universities, and NHS or non-NHS healthcare organisations;
- commercial research and development partners, including pharmaceutical, biotechnology and nutraceutical companies; and/or
- clinical trial sponsors and contract research organisations (CROs) for the purpose of matching you with potential trials or facilitating introductions.

We will ensure that any third parties receiving such data are bound by appropriate contractual terms to maintain confidentiality, data security and regulatory compliance, and are prohibited from using your data for any unauthorised purposes. Wherever feasible, data shared with these parties will be anonymised or pseudonymised before transfer. Biological samples will only ever be shared under appropriate material-transfer agreements and ethical governance procedures.

Where third party service providers act as processors on our behalf, we do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions

7. International data transfers

We may transfer your personal data outside of the UK and European Economic Area (EEA). Where we transfer your personal data outside of the UK / EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

We transfer your personal data to countries that have been deemed to provide an adequate level of protection by the UK Secretary of State or the European Commission.
We implement certain standard contractual clauses with the recipients of your personal data to safeguard transfers to countries outside of the UK / EEA. These are standard contractual clauses approved by the UK Government and/ or European Commission as relevant.

Please contact us at dataprotection@moihealth.com if you would like further information about the specific mechanism used by us when transferring your personal data out of the UK / EEA.

8. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it, and in any event for no longer than the periods set out below. These retention periods are based on our internal Records Retention Policy, applicable legal and regulatory requirements, and business need. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and applicable legal, regulatory, tax, accounting or other requirements.

As at the date of this Privacy Notice, we apply the following retention periods by data category:

Health Data (including symptom logs, treatment logs, cycle data, appointment data, test results, interpretive summaries and wearable-derived health data): retained for up to 8 years from the date of collection, or such longer period as is needed for analysis or research purposes, unless the data is anonymised for longer-term use in accordance with applicable law. This reflects the standard health record retention period and our obligations as a regulated digital health platform.
Genetic Data and biological sample data derived from testing services: retained in accordance with the sample retention and destruction provisions set out in our Terms and Conditions of Sale, applicable laboratory standards (including UKAS requirements) and your explicit instructions. You may request destruction of stored biological samples at any time by contacting dataprotection@moihealth.com. Genetic Data derived from samples will be retained for up to 8 years unless you request earlier deletion or destruction.
Lifestyle Data (including diet, fluid and alcohol consumption, exercise, stress, mood and environmental tracking data): retained only for as long as is needed to provide the relevant Membership features and generate insights, and in any event for up to 8 years from collection, unless anonymised for longer-term research or service improvement purposes.
Account and transaction data (including Identity Data, Contact Data, Financial Data, Transaction Data and contract records): retained for 6 years from the date of formal account closure or from the date of the last transaction where no account closure request has been made, in accordance with the standard limitation period under the Limitation Act 1980.
App and Platform usage data (including Technical Data, Usage Data and session data): retained for 24 months after you cease to be a registered user.
Marketing and newsletter data (including Marketing and Related Data and Communications Data used for marketing purposes): retained for 12 months after you cease to be a registered user or opt out of communications, whichever is the earlier.
Technical and security data (including IP addresses, login data and security logs): retained for a maximum of 12 months from collection unless required for longer for security, fraud prevention or legal compliance purposes.

Where your Membership has lapsed and your account has become dormant (no formal account closure request having been made), your personal data will be retained in accordance with the applicable category periods above, running from the date of Membership lapse. Please refer to our Terms and Conditions of Sale for details of our dormant account provisions.

Where you use our Website without an account, we will generally retain any personal data collected for a period of 24 months from our last record of activity from you, in accordance with our Records Retention Policy.

In some circumstances you can ask us to delete your personal data — see your rights below. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

All personal data is reviewed before destruction to determine whether there are special factors that mean destruction should be delayed, such as potential litigation, complaints or regulatory investigations. Hard copy documents are disposed of by secure shredding. Electronic records are securely deleted at the end of the applicable retention period.

9. Your rights

You have other rights regarding the processing of your personal data. Under certain circumstances, you have the right: to make a request to access, correct, erase or restrict the use of, or to object to the way in which we process, the personal data we hold about you, or to make a request to withdraw any consent previously given. If you would like to exercise any of these rights, you can contact us at: dataprotection@moihealth.com.

We do not undertake solely automated decision-making which has a legal or similarly significant effect on you.

10. Contacting us

If you have questions, concerns or complaints about this privacy notice or our processing of your personal data more generally, please contact us at:

dataprotection@moihealth.com; or
OtoImmune, 20 Wenlock Road, London, England, N1 7GU.

Please note that dataprotection@moihealth.com is the correct address for all formal data subject rights requests — including subject access requests, requests for erasure, objections to processing and withdrawal of consent. Requests sent to any other address may be delayed.

If you have a general query about your account, Membership, orders or use of the Platform that does not constitute a formal data subject rights request, please contact our support team at support@moihealth.com. Emails to that address will automatically generate a support case in our customer management system and will be triaged and responded to by the appropriate member of our team. Please do not send formal data subject rights requests to the support address as these require separate handling by our data protection function.

Please always address any concerns to us in the first place so that we have the opportunity to resolve your concerns.

You also have the right to complain to the applicable data protection authority. The data protection authority in the UK is the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint).

11. Changes to this privacy notice and your duty to inform us of changes

We update this Privacy Notice from time to time. Where we make a significant change — including any change to the purposes for which we process your personal data, the lawful bases we rely on, or the categories of third parties with whom we share your data — we will provide you with written notice before that change takes effect, using the contact details held in your account. Your continued use of the Platform after the expiry of that notice period will constitute your acknowledgement of the updated Privacy Notice.

If any significant change affects processing for which we rely on your explicit consent as the lawful basis, we will seek fresh consent from you before the change takes effect. You have the right to withdraw consent or close your account before any such change takes effect, without penalty, in accordance with our Terms and Conditions of Sale.

For minor changes that do not materially affect your rights — such as corrections, clarifications or updates to reflect new Platform features — we may update this Privacy Notice without prior notice and will indicate the date of the most recent update at the foot of this page.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

This privacy notice was last updated on 23 April 2025.