Sharecare Privacy Policy

This Privacy Policy explains how Sharecare Australia Pty Ltd ABN 14 131 979 694 (Sharecare) manages the personal information that we collect, hold, use and disclose and how to contact us if you have any further queries about our management of your personal information.

Background

Sharecare operates and maintains an online and mobile application (Sharecare Platform). Sharecare provides both a Consumer version of the Sharecare Platform, free to anybody to download and use, and an Enterprise version of the Sharecare Platform, for organisations who partner with Sharecare to make available a tailored service to their populations (Enterprise Organisations). Users eligible to register and use the Enterprise platfrorm may have access to additional features.

No identifiable personal information will shared with a third party other than in accordance with this Privacy Policy. We believe you deserve to be in control of your own personal information and choices on your health journey.  We aim to be transparent with you as we respect it’s your information. 

Under Australian privacy law, personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. Under New Zealand privacy law, personal information is information about an identifiable individual.

Special provisions apply under Australian privacy law to the collection of personal information which is sensitive information. This includes health information, biometric information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history. Special provisions also apply under New Zealand privacy law to the collection of health information.

In this Privacy Policy, a reference to personal information includes sensitive information (and health information).

The Sharecare Platform which is used by Australian and New Zealand users is hosted in Sydney, Australia.

What personal information does Sharecare collect?

In the course of our business, Sharecare may collect personal information about you that is necessary for us to perform our functions and activities, such as to provide you with access to the Sharecare Platform and tailor it so as to offer you a better experience. The types of personal information we may collect and hold about you may vary depending on the nature of our interaction with you and may include:

  • identifying and contact information such as your name, phone number and email address;

  • social and lifestyle information as it relates to your health and wellbeing;

  • information about your physical activity;

  • when you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology (Wearable) with the Sharecare Platform, information about your steps, fitness activities, exercise frequency, sleep, information about nutrition such as calorie intake and nutritional statistics, blood pressure, and other biometric data;

  • health information such as:

    • information about your current health status (including your medications and health conditions); and

    • your medical history (including your history of any chronic diseases, disabilities, mental health, visits to your health service providers and any hospitalisations);

  • sensitive information such as your racial or ethnic origin;

  • location data and browsing history;

  • computer, tablet and/or mobile phone device-specific information (such as your hardware model, operating system version, unique device identifiers, device sensors and mobile network information) which may then be associated with your Sharecare Platform account; and

  • complaint details.

Sharecare may collect personal information about:

  • users of the Sharecare Platform and their use of the Sharecare Platform; and

  • third parties providing a service to Sharecare.

How does Sharecare collect personal information?

Sharecare may collect your personal information in a number of ways including through the Sharecare Platform.

Sharecare typically collects your personal information directly from you. However, Sharecare may also collect your personal information from third parties such as through any Wearables. In particular, Sharecare may offer an Enterprise version of the Sharecare Platform to you based on your relationship with an Enterprise Organisation. If you have registered to a version of the Sharecare Platform made available through an Enterprise Organisation, Sharecare may collect your personal information from:

  • the relevant Enterprise Organisation; and

  • any other organisation that has engaged Sharecare to provide, and that is funding the provision of, that Enterprise version to you (Funding Partner).

Sharecare may also collect your personal information from other organisations with whom Sharecare, the relevant Enterprise Organisation and/or the relevant Funding Partner has contracted with in relation to the Sharecare Platform (Corporate Partners).

With your consent, Sharecare may collect personal information (including sensitive/health information) from the relevant Enterprise Organisation, Funding Partner and/or Corporate Partners.

We may combine the personal information we obtain from third parties with personal information that we have collected from you.

For what purposes does Sharecare collect, hold, use and disclose your personal information?

In general, Sharecare collects, holds, uses and discloses personal information for the following purposes:

  • to provide you with, maintain, protect, develop and continue to improve, the Sharecare Platform, products and services, including to provide you with health and wellbeing assessments (such as the RealAge test), health and wellbeing tips/recommendations, activity tracking and other health and wellbeing tools;

  • to provide you with services, including services commissioned or made possible by an Enterprise Organisation (if applicable);

  • to deliver you tailored content while you are using the Sharecare Platform;

  • to send you notifications with respect to the Sharecare Platform;

  • to manage our relationship with you;

  • to verify and update personal information held by us;

  • to review, develop and improve our products and services, as well as our business, operational and IT processes and systems;

  • to resolve any complaints or issues;

  • to undertake research and data analysis including to compare people who are demographically similar to you;

  • to invoice Enterprise Organisations and/or Funding Partners in relation to the provision of the Sharecare Platform;

  • to comply with legal or regulatory obligations; and

  • for other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent.

Our functions and activities may change from time to time.

If you provide your email address, telephone and/or mobile phone number, you also consent to Sharecare using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.

To whom may Sharecare disclose your personal information within Australia and New Zealand?

In order to carry out the above purposes, Sharecare may disclose your personal information within Australia and New Zealand to:

  • if you have registered to an Enterprise version of the Sharecare Platform, the relevant Enterprise Organisation, Funding Partner and/or Corporate Partners (this may include sensitive/ health information with your consent);

  • persons or organisations engaged by Sharecare to assist Sharecare in carrying out the above purposes such as IT support;

  • related bodies corporate; and

  • parties involved in a prospective or actual transfer of our assets or business or as required by law.

This means that your personal information collected by Sharecare in Australia may be disclosed to persons or organisations in New Zealand and vice versa.

The persons and organisations which Sharecare may disclose your personal information to will handle your personal information in accordance with their privacy policies.

Sharecare may also disclose aggregate and de-identified information relating to users of the Sharecare Platform publicly and to our related bodies corporate, Enterprise Organisations, Funding Partners and Corporate Partners.

Many of our services let you share your personal information with others. When you share your personal information publicly, it may be indexable by search engines. Our services provide options on sharing and removing content within the Sharecare Platform only.

Will Sharecare transfer my personal information outside Australia and New Zealand?

Sharecare uses secure authentication/authorisation pathways, application programming interfaces and other security measures to provide access to your personal information within the Sharecare Platform (hosted on servers in Sydney) to persons or organisations located outside Australia and New Zealand who are engaged by Sharecare to assist Sharecare to administer and deliver the Sharecare Platform, such as to IT support and our related bodies corporate and organisations we contract with to provide you with features and benefits. Our related bodies corporate and some of our service providers who may access your personal information are located in the US, Germany and India.

In some circumstances, Sharecare may also deem it necessary to disclose your personal information to these same persons or organisations located outside Australia and New Zealand for limited purposes, including to facilitate the maintenance of, and to resolve technical issues within, the Sharecare Platform. We may also disclose your personal information to parties located overseas involved in a prospective or actual transfer of our assets or business or as required by law.

As mentioned above, we may also disclose aggregate and de-identified information to our related bodies corporate overseas in order to evaluate our products and services and for research purposes.

We do not disclose personal information outside of Australia unless we take steps as are reasonable in the circumstances to ensure that the overseas recipient, as applicable, will not breach the relevant Australian privacy principles or provides comparable safeguards to those under New Zealand privacy law in relation to the information.

What happens if you don’t provide Sharecare with your personal information?

If you do not provide personal information requested of you to Sharecare, we may be unable to provide the products and services you or others request of us.

How does Sharecare hold your personal information and manage the data quality and security of your personal information?

Sharecare stores your personal information on servers located in Sydney, Australia with access only available by password. We use industry-leading security practices such as ISO27001 and HiTRUST and we encrypt many of our services using SSL.

To the extent required by applicable privacy laws, Sharecare will take reasonable steps to:

  • make sure that the personal information that we collect, hold, use and disclose is accurate, complete and up to date; 

  • protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;

  • review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems; and

  • restrict access to personal information to Sharecare employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

On termination by you or Sharecare of your Sharecare Platform account, Sharecare will retain your personal information for a period up to 7 years, or any other period mandated by law, before de-identifying that information. If you have subscribed to a version of the Sharecare Platform made available through an Enterprise Organisation and the Enterprise Organisation ceases to engage Sharecare to provide the Sharecare Platform, you may continue to use the Consumer version of the Sharecare Platform and your personal information will be transferred by Sharecare to that version.

Sharecare may also collect and store personal information locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches. We also use various technologies to collect and store information when you visit a Sharecare service, and this may include sending one or more cookies or anonymous identifiers to your device. You may also set your browser to block all cookies, including cookies associated with Sharecare’s services or to indicate when a cookie is being set by us. However, many of our services may not function properly if your cookies are disabled (for example, we may not remember your location preferences).

Transparency and your choices

Sharecare understands that people have different privacy concerns. Our goal is to be clear about what information we collect, so you can make meaningful choices about how it is used. For example, you can:

  • update your sharing preferences and control who you share information with through your privacy settings; and

  • ask us any privacy related questions via the Sharecare Support in the Sharecare Platform link at any time.

Communication channels and marketing

In addition to the purposes for which Sharecare collects, holds, uses and discloses you personal information (described above), Sharecare may also use your personal information to contact you (including by telephone call, SMS,email or within the Sharecare Platform) in relation to products, services or other offers we think may be of interest to you and which we consider may support and personalise your health journey. This may include the products, services and other offers of Sharecare or third parties, and may include the use of your sensitive/health information.

You may opt-out of receiving marketing emails and notifications from Sharecare at any time by changing your preferences in the Sharecare Platform, using your device’s Setting options or by contacting us using the contact details in the section below. However, if you opt-out of receiving marketing emails and notifications, Sharecare may still send you marketing messages within the Sharecare Platform to let you know about products and services we think may help you in your health journey. This is an integral feature of the Sharecare Platform and we are unable to offer the Sharecare Platform without providing this service. If you do not wish to receive any marketing messages within the Sharecare Platform, you must stop using the Sharecare Platform.

If you request not to have Sharecare send marketing emails or notifications, please note that Sharecare may also still contact you to provide you with other types of non-marketing information.

How can you access or correct your personal information and contact Sharecare?

Please contact us if you would like to seek access to or request that we correct the personal information we hold about you:

  • By mail: Attn: Privacy Officer, PO Box 331 St Leonards 1590, New South Wales

  • By email: Privacyofficer-anz@sharecare.com

  • By contacting us via the Sharecare Support link in the Sharecare Platform

Sharecare will generally provide you with access to your personal information if practicable, and will take reasonable steps to amend any personal information about you which is inaccurate or out of date. In some circumstances and in accordance with applicable privacy laws, Sharecare may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you reasons for this decision.

How Sharecare handles complaints

If you have any concerns or complaints about the manner in which your personal information has been collected or handled by Sharecare, please advise us of your concern or complaint in writing and send it to us using the contact details in the section above. Your concern or complaint will be considered or investigated and we will endeavour to respond to your complaint within 5 business days.

It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response, you may contact the Office of the Australian Information Commissioner (for Australia) or the Office of the Privacy Commissioner (for New Zealand) who may investigate your complaint further

Further information

Further information about the application of the Privacy Act 1988 (Cth) can be found at the website of the Office of the Australian Information Commissioner at www.oaic.gov.au. For New Zealand, the Privacy Act 1993 (as may be replaced or amended) can be found at www.privacy.org.nz/the-privacy-act-and-codes/the-privacy-act/

Changes to our Privacy Policy

This Privacy Policy is effective from 1st February 2020.  As this Privacy Policy is updated from time to time, to obtain a copy of the latest version at any time, you should visit our website at www.sharecare.com.au/privacy or www.sharecarenz.co.nz/privacy