General Privacy Policy

Updated: August 19, 2021

Aduro, LLC (“Aduro,” “our,” “we” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy (“Privacy Policy”) informs users (“you” or “your”) how we collect, use, and disclose your Personal Information, as defined below. This Privacy Policy applies to the Personal Information we collect about you in the context of operating our business, including when you use our websites or mobile apps that link to this Privacy Policy and any related services (collectively, the “Services”). This Privacy Policy does not govern any of Aduro’s Return to Work website(s), mobile applications, products, or services.

Information We Collect and Use

We collect your Personal Information. “Personal Information” includes any information that we collect about you that, alone or in combination with other information, can be used to identify you, such as a personal identifier, an identification number, online identifiers, biometrics, or inferences about your preferences. For the purpose of this Privacy Policy, Personal Information also includes “Personal Data,” as defined under GDPR. Certain Personal Information provided by you or collected by us through the Services or the sponsor of your wellness plan may include Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Personal Information does not include publicly available information or information that is de-identified or aggregated so that it cannot be used to identify individuals who use the Services.

  1. Subscription and Account Profiles

    We collect and process your name, employee identification number and/or social security number (if provided), date of birth, postal address, email address, and other contact or eligibility information received from your employer. This information is used to onboard you as a user, verify your identity, service or maintain your account, to send you messages or updates (including via email and text), communicate with you regarding your account, respond to your inquiries, process or fulfill your requests related to your account, and other activities as part of our Services. Further, we use the Personal Information that you provide through registration to send you administrative notices about your registration or account, deliver relevant content, provide account support, and respond to questions from you, inform you of material changes to this Privacy Policy, and to contact you if required by applicable law.  You may also voluntarily submit certain Personal Information, such as your address, interest information, or a photo, in order to enhance your profile within the Services.

  2. Use of Aduro Services

    We may process your name, unique identifier(s), email, phone number, date of birth, and other applicable data you provide related to your activity or health information in order to provide Services that are associated with your wellness goals and use of the Service. Activity and health information may include specific information regarding medical conditions, health, lifestyle, diet, exercise habits, drug and alcohol usage, and workplace health data. We process and use this data in furtherance of providing you our Services, including, but not limited to, Personal Information offered through our coaching services, onsite events, screening forms and surveys, interactions with our digital platform, support calls, requests, and participation modules related to wellness program activities and goal tracking.

    In addition to direct collection from you, we may collect this information through active or passive third party data integrations with our Services. For example, you have the option to connect our Services with other technologies accessible through your mobile phone or desktop platforms, such as activity trackers. Depending on the brand and model of the activity tracker you use, the type of data that is collected may vary. Please review the privacy policy of the activity tracking device that you use to better understand the specific data that your activity tracking device collects about you. Please note that by voluntarily connecting our Services to such third party technology or service, you consent to our processing the data provided to us by that third party technology or service, as described in this Privacy Policy.

  3. Automatically Collected Information

    We collect information about devices you use to access the Services, such as device manufacturer, operating system, domain name and IP address, from all website visitors and app users (“Automatically Collected Information”). We use Automatically Collected Information internally to help us improve your experience with the Services, including to create your profile and profiles of our users generally as well as to record internet protocol (“IP”) addresses, browser types, internet service provider (“ISP”), and product usage. We use the profiles and records to analyze trends, administer the Services, track movements in the aggregate, and gather broad aggregate demographic information. We may process your participant identification and usage statistics to measure the effectiveness of our websites or apps, diagnose problems, determine where website or app traffic originates, conduct analytics and internal analysis to better understand how you use our platform so that we can improve our Services, and provide you with recommendations on how to get the most out of our platform to accomplish your goals. We may also process this information to detect, prevent, and address fraudulent and illegal activities on our websites and apps. 

  4. Community Forums and Activity Feeds

    Aduro may provide access to activity feeds and forums where users can share information or where users can post questions for other community members to answer. Please note that that any information shared in an activity feed or other community forum is public information and may be seen, disclosed to, or collected by third parties that are not subject to our Privacy Policy. You should think carefully before posting any Personal Information in any community forum. Do not post or share information in non-private areas of Aduro Services if you do not want the information to be shared with others.

  5. Job Candidate Information

    If you apply for a job with Aduro, we will collect your direct identifiers (such as your name and contact information), your employment and education history, and other information that you include in your application. We may also collect information from third parties (such as recruiters, background check providers, and references) to supplement your application. We use this information to evaluate your application, assess your candidacy for employment, and to contact you about the status of your application.

  6. Business Visitors

    If you contact us on behalf of your employer to inquire about our services, sign up for events, or for other business purposes, we will collect your name, contact information, and information about your employment. We may also receive your Personal Information from event providers or other vendors. We use this information to respond to your inquiries and/or event registrations, send you information about our services, and for other internal business purposes.

Information We Share With Third Parties

We do not share or sell, your Personal Information with or to any third party not affiliated with or owned by Aduro for direct marketing purposes. We will only share your Personal Information at your direction, with your consent, or in the following circumstances.

  • Provision of Services: In order to provide you with the services on the websites, we may disclose your Personal Information to our agents, contractors, or other service providers who perform services on our behalf, such as incentive fulfilment, web hosting, translation, evaluation and processing of job applications, or data storage. These third parties may also collect Personal Information on our behalf. In addition, Aduro may disclose your Personal Information to third parties that enable us to provide you with a product or service that you have requested from us, subject to contractual restrictions and conditions between Aduro and the third parties that obligate them to safeguard the Personal Information. Some of our service providers may be located outside of your country of residence and as a result, your Personal Information may be subject to applicable foreign laws regarding the collection, processing, and storage of your Personal Information.
  • HIPAA Covered Entities: Aduro may disclose your Personal Information to entities subject to HIPAA (called “covered entities”) in certain instances. Covered entities include, for example, health care providers such as doctors and dentists. Covered entities also include health plans, such as group health plans sponsored by your employer and which may be administered by other employees of your employer. HIPAA and other laws prohibit these employees from further disclosing your Personal Information to the employer-sponsors or others for reasons other than administering the group health plan or as otherwise permitted by law.
  • Participation, Incentives and Rewards: Aduro may disclose your Personal Information to your employer-administered health plan, health care providers, or your employer, in order for your employer or health plan to operate and maintain their wellness program, to provide you or your partner with incentives and rewards for your participation in the Services, and to use as otherwise permitted by law. At the direction and request of your employer, we may also share your Personal Information with third party wellness providers and other wellness program-related vendors selected and designated by your employer.
  • De-Identified and Aggregated Information: Aduro may disclose aggregated and/or de-identified information derived from your Personal Information to third parties, including to our vendors, customers, and potential customers. Such de-identified and aggregated information cannot reasonably be used to identify you.
  • Automatically Collected Information: Aduro may disclose automatically collected information (e.g., IP addresses, browser types, product usage) obtained from your use of the Services to our service providers to provide services to Aduro.
  • Business Transactions: In the event Aduro goes through a business transition, such as a merger, acquisition by another company, reorganization, or sale of a portion of its assets, your Personal Information may be transferred in connection with the proposed transaction. We will provide you with the option to opt out of the transfer of your Personal Information to the successor entity if that entity has not committed to comply with this Privacy Policy or a Privacy Policy that is, in all material respects, as protective of your Personal Information as this Privacy Policy.
  • Events & Business/Employment Inquiries: If you have registered for an event involving Aduro or requested that we contact you or provide you with information regarding a potential business relationship with Aduro, we may disclose your information to third parties involved in such event and/or who provide Aduro with services for its internal business operations.
  • Legal Obligations: Aduro may process your Personal Information in certain circumstances where it may be necessary to satisfy our legal obligations. This includes records containing your Personal Information that we may be required to retain for a period of time or may be legally required to disclose to a government authority or third party pursuant to governmental or regulatory investigation, court order, subpoena, or litigation.

Cookies

We utilize cookies to help us keep our Services secure, measure the performance of our websites and understand how visitors interact with them, and count numbers of visitors. Cookies help us understand how our websites are being used and improve your user experience. At any time, you may control how we use cookies and other similar technologies on our websites. Most browsers are set to accept cookies by default, but you can control and manage the use of cookies on your browser or device by deleting them from your browser history when you leave our site. If you do not wish to receive cookies, you may set your browser to reject cookies or alert you when a cookie is dropped on your computer. You can limit how cookies interact with your device or browser by enabling ad tracking functionality on both android and iOS devices. If you use a device to access our website(s), your device identification may be collected and used for purposes similar to other cookies. Please be aware, if you disable certain cookies, some of the features of our Services may not function properly or be available to you, such as those which require identification.

Web Beacons: web beacons are tiny graphic image files embedded in a web page or email that allow website operators to check whether you have viewed a particular web page or email communication. We use the information collected by web beacons to statistically monitor how many people are using our Services or opening our emails.

“Do Not Track” signals: some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. Currently, our websites do not respond to “Do Not Track” signals and will continue to collect information about you even if your browser’s “Do Not Track” functionality is activated. Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information.

Data Security

Aduro maintains administrative, physical, and technical safeguards aimed to protect against unauthorized use, disclosure, alteration, or destruction of the Personal Information we collect and maintain. However, no data transmission over the internet is ever 100% secure. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information you transmit to our websites.

Third-Party Websites

Please note that your use of the Services may contain links to other third-party apps and sites, including links to sponsors and partners, including our corporate customers. Aduro is not responsible for the privacy practices or content of these other apps and websites. To the extent that you are accessing Services through an employer or health plan portal or other third party website, we strongly encourage you to review and understand the privacy policies of your employer or third party organization before providing sensitive personal information through the Services.

User Choices

We offer you the ability to opt-out of certain uses of your Personal Information. During account registration and throughout your use of the Services, you may have the option of receiving emails, SMS texts, in-app messages, voice IVR messages and/or newsletters directly from Aduro. You may elect to opt-out of in-app communications by adjusting your settings in the app. You may opt-out of other communications (e.g., those that are necessary for your participation in your wellness program) by withdrawing from the Aduro Services or contacting your wellness program administrator.

Minors

Our Services are not intended for minors younger than 18 years of age, and we do not knowingly collect any Personal Information of minors through our Services. If you believe we have collected Personal Information from a minor younger than 18 years of age through the use of our Services, please contact us at the notice address provided below.

Notice to California Residents

If you are a California resident, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”). You have the right to request to know the specific pieces and categories of personal information that we collect about you and the right to request deletion of your Personal Information under certain circumstances. To honor your requests, we will verify your identity by asking you or your authorized agent to provide information necessary to verify your account. If you have an account with us, we may use existing account verification practices to verify your request. We will only use the Personal Information provided in the verification process for identity verification purposes. Please note that Aduro does not sell your Personal Information.

Please be advised that we limit the collection and processing of Personal Information of participants in our customers’ wellness programs at the request and direction of our customers, who maintain a business relationship with Aduro, and in accordance with our customer contracts. Aduro, acting as a service provider to its customers, collects health data and business contact information in order to perform contracted Services.  As such, we may refer your CCPA request to your employer or provide you with information to contact your employer directly to exercise your consumer rights under the CCPA.

Notice to Canadian Residents

If you participate in our wellness programs, your Personal Information will be transferred to and processed in the United States, where the laws may not be as protective as the laws in Canada.

Please be advised that we limit the collection and processing of Personal Information of participants in our customers’ wellness programs at the request and direction of our customers, who maintain a business relationship with Aduro, and in accordance with our customer contracts. Therefore, Aduro, acting as a service provider to its customers, collects health data and business contact information in order to perform contracted Services.  As such, we may, as permitted or required by applicable law, refer your inquiries and requests about your Personal Information to your employer or provide you with information to contact your employer directly.

Notice to European Economic Area (“EEA”) and United Kingdom (“UK”) Residents

If you are accessing the Services from the EEA or the UK, please note that your employer is the controller of your Personal Information. We process your Personal Information pursuant to agreement(s) with your employer and/or the sponsor of your wellness plan, and the terms of those agreements govern how we process your Personal Information. For avoidance of doubt, if you have questions regarding the processing of your Personal Information, please consult with your employer or the sponsor of your wellness plan as they are responsible for determining how we process your information.

Aduro as a Data Processor

Aduro processes Personal Information as a Data Processor for the purpose of providing services to our Data Controller customers (e.g., your employer). Our customers determine why and how the Personal Information submitted to our Services is processed. As such, it is necessary for us to process your Personal Information in order to provide the Services to you in accordance with both the applicable data processing terms under the contract between your employer and/or wellness plan sponsor and us and our Terms of Service, which may be reviewed at: https://adurolife.com/aduro-terms-of-service/. We process your Personal Information as a Data Processor as discussed above.

Special Categories of Data

We process special categories of Personal Information that you have provided to us where necessary for us to perform a contract with your employer or wellness plan sponsor to provide you with Services, and where you have given explicit consent for us to engage in such processing.  Special categories of Personal Information may include information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life, or sexual orientation.

Withdrawal of Consent

Where you have given us valid consent to use your Personal Information in certain ways, we will rely on your consent. In instances in which we have based our processing of your Personal Information on your consent, you have the right to withdraw your consent in two ways. You may de-activate your account by managing your account settings and email [email protected] to request that your Personal Information be deleted from our systems.  Please note that when you withdraw consent, we might not be able to provide you with the Services we offer. Also, please note that in certain situations, we may continue to process your Personal Information after you have withdrawn consent and requested that we delete your Personal Information, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with a legal obligation or if it is necessary to do so to pursue our legitimate interest in keeping the Services safe and secure.

Data Subject Rights

If you are a resident of the EEA or the UK, you have the right to request access to Personal Information we hold and to ask that your Personal Information be corrected, erased, or transferred. Please contact your employer to exercise these rights.

Data Transfers to Countries Outside the EEA and UK

Aduro is located in and operated from the United States. If you are outside of the United States and submit your Personal Information to us, your information will be transferred to, stored, and processed in the United States and other countries where Aduro or its vendors operate. Please be advised that U.S. and other countries’ law may not offer the same privacy protections as the law of your jurisdiction. If you visit our website(s) and app(s), use our Services, or contact us from outside of the United States, please be advised that (i) any Personal Information you provide to us or that we automatically collect will be transferred to the United States; and (ii) by using our website(s) or submitting Personal Information, you explicitly authorize its transfer to and subsequent processing in the United States and other countries in which Aduro and its vendors operate in accordance with this Privacy Policy. When required by applicable law, Aduro utilizes Standard Contractual Clauses in agreements with its customers to facilitate the transfer of Personal Information from EEA or UK data subjects, and may also transfer Personal Information subject to applicable derogations under GDPR Article 49.

Data Retention

Aduro stores your Personal Information for no longer than necessary for the purposes for which it is collected and processed in order to perform the Services, subject to our legal obligations under our contracts with our customers and applicable laws. Unless as otherwise required by applicable law, upon termination or expiration of the agreement with our customer, we will delete your Personal Information from our systems or return to it to your employer. However, please note that when we delete your Personal Information from our systems, copies of your Personal Information may exist on Aduro’s backup or archive media.

Questions or Complaints

If you are a resident of the EEA or the UK and have a concern about our processing of your Personal Information that we are not able to resolve, we will forward your complaint to the Aduro customer associated with your account, usually your employer or wellness plan sponsor, and work with the customer to address your concerns. You may choose to reach out to the customer (e.g., your employer), who is the data controller, first before contacting Aduro. Additionally, you have the right to lodge a complaint with the data protection authority where you reside.

Notification of Changes

We may change this Privacy Policy from time to time. If we make a material change to the way we intend to use your Personal Information, we will notify you by modifying the date updated at the beginning of this Privacy Policy. We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay information about our privacy practices.

Contact Us

If you have questions regarding our Privacy Policy, please contact us:

By mail:

Aduro, LLC
17425 NE Union Hill Road, Suite 100
Redmond, WA 98052
Attention: Privacy Team

By email:

[email protected]