Where the collection or handling of your personal information by Sharecare is subject to the Privacy Act, Sharecare must comply with the requirements of that Act. The Privacy Act regulates the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
2.Collection of personal information by Sharecare
The types of personal information that we may collect include:
- identifying and contact information such as your name, date of birth, phone number and residential, postal and email addresses;
- social and lifestyle information as it relates to your health and wellbeing;
- information about your physical activity (ie, activity tracking);
- complaint details;
- location data and browsing history;
- health information such as:
- information about your current health status (including your medications and health conditions);
- your medical history (including your history of any chronic diseases, disabilities, mental health, visits to your health service providers and any hospitalisations); and
- a history of your private health insurance claims; and
- sensitive information such as your racial or ethnic origin.
- not collect personal information about you unless that information is reasonably necessary for one or more of our functions or activities; and
- collect personal information only by lawful and fair means.
Sharecare will collect your personal information directly from you where it is reasonable and practicable to do so. Generally, we collect this information from you in a number of ways including:
- during telephone calls with you;
- from written or electronic correspondence you may have with us; or
- through our mobile phone applications, websites and health portals.
When Sharecare collects personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, and how to contact us.
We may also collect personal information from third parties such as:
- a person authorised to provide us this information on your behalf (such as your carer);
- organisations who engage us to provide you with our services (such as your private health insurer);
- your healthcare providers (such as your general practitioner); and
- persons or organisations who we engage with as reasonably necessary for us to administer and continue to develop and improve our programs and services (such as translation services and Sensis and similar providers to obtain your up-to-date contact details).
Where Sharecare collects information about you from a third party, we will still take reasonable steps to ensure that you are made aware of the key matters set out above.
3.Purposes for which Sharecare collects, holds, uses and discloses personal information
Generally, we collect, hold, use and disclose your personal information to: + assess your eligibility for, and provide you with information about, our programs and services; + provide you with our products and services including access to mobile phone health and wellbeing applications, care plans, health and wellbeing assessments (such as RealAge), telephonic and digital lifestyle intervention programs and health and wellbeing coaching, health and wellbeing portals, doctor/specialist directories, health and wellbeing tips/recommendations, activity tracking and other health and wellbeing tools;
- manage our relationship with you and contact you for follow up purposes;
- invoice organisations who engage us to provide programs and services;
- maintain, evaluate, audit, develop and improve our programs and services, as well as our business, operational and IT processes and systems;
- resolve any legal and/or commercial complaints or issues;
- undertake research and data analysis;
- comply with laws; and
- perform any of our other functions and activities relating to our business.
If Sharecare uses or discloses your personal information for a purpose (the “secondary purpose”) other the main reason for which it was originally collected (the “primary purpose”), to the extent required by the Privacy Act we will ensure that:
- the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that Sharecare would use or disclose your information in that way; or
- you have consented to the use or disclosure of your personal information for the secondary purpose; or
- the use or disclosure is required or authorised by or under law; or
- the use or disclosure is otherwise permitted by the Privacy Act. We may disclose your personal information to persons or organisations such as:
- your health service providers (such as your general practitioner);
- the entity that funds your participation in our programs (such as your private health insurer); and
- our service providers such as:
- a mail house and/or SMS exchange vendor to send you information;
- a translation service;
- Sensis and similar providers to obtain your up-to-date contact details;
- IT contractors;
- payroll service providers;
- compliance training providers;
- performance management solution providers; and
- our related bodies corporate:
- to provide technical support and help maintain, improve or develop our systems;
- where they form part of our IT infrastructure; and
- to provide data analytics services.
We may also disclose de-identified information to the entity that funds your participation in our programs and our related bodies corporate in order to evaluate our products and services and for research purposes.
We may also disclose personal information to parties involved in a prospective or actual transfer of Sharecare’s assets or business.
4.Transfer of personal information outside Australia
Some organisations to which we disclose personal information may be located, or may store information on computer servers, outside Australia. We may disclose your personal information to: + Our related body corporate located in the USA; + IT contractors in India; and + service providers in the USA (such as providers of compliance training and performance management solutions).
By way of example, all emails we receive from, or send to, you are routed through our related body corporate in the USA.
We may also disclose de-identified information to our related bodies corporate overseas in order to evaluate our products and services and for research purposes. We do not transfer information outside of Australia unless we take steps as are reasonable in the circumstances to ensure that the overseas recipient will not breach the privacy principles set out in the Privacy Act in relation to the information.
From time to time, Sharecare may provide you with marketing material about promotions, offers, products and services offered by Sharecare or other third parties who have a relationship with us (for example, private health insurers) that we believe may be of interest to you including by email, SMS and telephone call.
If you do not want to receive marketing information from Sharecare, you can withdraw your consent at any time by contacting the Privacy Officer, using the contact details below, or by unsubscribing using an unsubscribe facility in an email or SMS.
If you request not to receive marketing material from Sharecare, please note that Sharecare may still contact you to provide you with other types of information such as health reminders.
6.Data quality, storage and security
We may store personal information we hold in hard copy documents or as electronic data in our software IT systems. All of our electronic data and systems are stored in a secure Australian data centre.
Personal information that we collect about you is combined or linked to other personal information we hold about you.
To the extent required by the Privacy Act, Sharecare will take reasonable steps to:
make sure that the personal information that we collect, use and disclose is accurate, complete and up to date; and
protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure.
We generally retain personal information we hold for as long as it is necessary to perform the function in relation to which the information was collected. We may also retain personal information for longer periods to comply with legislative requirements for document retention.
Sharecare will generally provide individuals with the option of not identifying themselves when entering transactions when it is lawful and practicable to do so. However, we may not always be able to do this.
8.Use of Commonwealth government identifiers
Sharecare will not use Commonwealth government identifiers, such as Medicare numbers, as its own identifier of individuals.
We will only use or disclose such identifiers in the circumstances permitted by the law.
9.Access and correction of your personal information
You have the right to request access to your personal information and to request its correction under the Privacy Act.
Please contact Sharecare’s Privacy Officer (using the contact details below) if you would like to request access to and/or the correction of the personal information that we hold about you.
Sharecare will generally provide you with access to your personal information if practicable, and will take reasonable steps to amend any personal information about you which is inaccurate or out of date. In some circumstances, Sharecare may not permit access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision in accordance with law.
Please contact us if you have any queries about the personal information that Sharecare holds about you or the way we handle that personal information. Our contact details for privacy queries are set out below.
Sharecare Australia Pty Ltd
PO Box 331,
Telephone: (02) 8264 4800
Further information about the application of the Privacy Act to the private sector generally can be found at the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
Please contact us if you have any concerns or complaints about the manner in which your personal information has been collected or handled by Sharecare. Our contact details for this purpose are set out below.
Sharecare Australia Pty Ltd
PO Box 331,
Telephone: (02) 8264 4800
Your concern or complaint will be considered or investigated and we will endeavour to respond to your complaint within 30 days.
It is our intention to use our best endeavours to resolve any concern or complaint to your satisfaction.
However, if you are unhappy with our response, you may contact the Office of the Australian Information Commissioner (see the details above).