ADURO Privacy Policy

ADURO, Inc. (“ADURO,” “our,” “we” or “us”) respects your privacy. This Privacy Policy informs users (“you” or “your”) about what information we collect about you and how we may use or disclose your information. This Privacy Policy applies to information collected through the website adurolife [dot] com, and those sites sub-domains (individually a “Site” and collectively “Sites”), private labeled product variants, and the ADURO mobile applications for iPhone OS and Android OS (each an “App” and together the “Apps”) and information collected through third party health, fitness, productivity or other applications (including from wearable devices), and from or through your health plan and its contractors.  The Products, Sites, and Apps are collectively referred to in this policy as “ADURO Services” or “Services” and covers the following areas:

What personally identifiable information ADURO, or a third party acting on ADURO’s behalf, collects through our Services and how we use it;

To whom ADURO may disclose this information;

Choices available to you with respect to collection, use and distribution of your information;

Security procedures in place to protect the confidentiality, availability, and integrity of your information; and

How to request access to, or correct inaccuracies of, your information.

We have designed ADURO Services to be compliant with laws applicable to the jurisdiction of your usage. In the event our Privacy Policy may conflict with applicable law, the applicable legal requirements will apply to our collection, use, disclosure or transfer of your information.

By using ADURO Services, you agree to the terms of this Privacy Policy.

Important Information about Our Privacy Practices

Personally Identifiable Information (“Personal Information”).  Personally Identifiable Information (or “Personal Information”) is information that we collect about you that can be used to identify or contact you, as well as other personal data.

In the United States, some of the Personal Information provided by you or collected by us through may be health information. Although ADURO is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), ADURO is subject to some aspects of HIPAA when ADURO performs services on behalf of covered entities, including health plans sponsored by employers for their employees (“Corporate Customers”). ADURO is considered a “Business Associate” under HIPAA when providing services to “covered entities.” ADURO will comply with applicable HIPAA requirements under those circumstances.

Information Collection and Use

  1.   Automatically Collected Information

We collect information about devices you use to access ADURO Services (such as device manufacturer, operating system, domain name and IP address) from all visitors (“Automatically Collected Information”). We use this information internally to help us improve your experience on ADURO Services, including to create your profile and profiles of our users generally as well as to record internet protocol (IP) addresses, browser types, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, product usage and number of clicks. We use the profiles and records to analyze trends, administer ADURO Services, track movements in the aggregate, and gather broad aggregate demographic information.

For example, ADURO uses “cookies” and “web beacons” to collect information about your use of our Services and emails we may send you. Cookies are small computer files that we transfer to your computer’s hard drive that allow us to know how often you use ADURO Services and what activities you conduct on our Services platform.  Internet browser software generally can be set to reject all cookies, and most browsers offer instructions on how to reset the browser to reject cookies. If you reject our cookie, certain functions and conveniences we automatically provide for you on ADURO Services may not work, but you do not have to accept our cookie to use ADURO Services. Similarly, web beacons are tiny graphic image files embedded in a web page or email that send information from your browser back to ADURO’s, or its service provider’s, server. We use the information cookies and web beacons collect to statistically monitor how many people are using our Services or opening our emails.

Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information. To completely “opt out” of the collection of any information through cookies or other tracking technology, you must manage the settings on your browser to delete and disable cookies and other tracking/recording tools. However, getting a “Do Not Track” signal to work as you might want is difficult. For example, not all tracking technologies can be controlled by browsers, and unique aspects of your browser might be recognizable even if you disable a tracking technology. In addition, not all settings will necessarily last or be effective, and even if a setting is effective for one purpose, data still may be collected for another. Even if one website observes a “Do Not Track” signal, that website usually will not be able to control other websites.

  1.   Subscription and Account Profiles

We require the submission of a working email address and mobile phone for you to register to use ADURO Services or receive notices about ADURO Services. In certain cases, we may ask for other Personal Information such as name and date of birth. We use the Personal Information that you provide through registration to deliver relevant content, provide account support, and respond to questions from you and/or inform you of material changes to this Privacy Policy. You can opt-out of receiving email or text messages at the time you register within the ADURO mobile applications or at any other time by clicking settings tab within the ADURO mobile application.

You may also voluntarily submit additional Personal Information, for example your address, interests or photo, in order to enhance your profile within ADURO Services. Submission of this Personal Information is strictly voluntary. Do not post information in public areas of the Services if you do not want the information to be shared with others.

  1.   Voluntary information

You may voluntarily provide other information to ADURO, some of which may be Personal Information, when you register for and use ADURO Services, such as wellness assessments and goal tracking, or when you respond to our surveys and questionnaires. This information may include, but is not limited to, specific information regarding medical conditions, health, lifestyle, diet, exercise habits, drug and alcohol usage, workplace matters and other relevant Personal Information relating to your wellness.  It might also include active or passive 3rd party data integrations which are approved by you for ADURO to access.

  1.   Community Forums and Activity Feeds

ADURO may provide access to activity feeds and similar forums where users can share information or where users can post questions for other community members to answer. You should be aware that any information shared in an activity feed or other community forum is public information and may be seen, disclosed to or collected by third parties that do not adhere to and are not subject to our Privacy Policy. You should think carefully before posting any Personal Information in any community forum. Do not post information in public areas of ADURO Services if you do not want the information to be shared with others.

Personal Information of Children Under 13

ADURO Services are not directed to children, and we do not knowingly collect any Personal Information from children under 13 years of age through ADURO Services. If you think we have collected Personal Information from a child under 13 years of age for whom you are the parent or guardian, please contact us at the notice address provided below.

Disclosure of Your Personal Information to Third Parties

Unless we receive your permission, ADURO will not sell, rent, or share your Personal Information to or with any third party not affiliated with or owned by ADURO, with the following exceptions:

Third Party Wellness Providers: ADURO may disclose your relevant Personal Information to third parties who we have engaged on your behalf to provide disease management, health management, behavioral coaching, or similar wellness-related services (“Third Party Wellness Providers”) and who may contact you to offer their services in support of your health and well-being management goals. ADURO and the Third Party Wellness Providers, as well as other ADURO business partners, may also share your Personal Information to administer activities and challenges you select (“Partner Challenges”) and to award you with incentives and other rewards you earn through participation in Partner Challenges. ADURO contractually obligates Third Party Wellness Providers, and other ADURO business partners, to safeguard your Personal Information in substantially the same manner that ADURO safeguards it. If you accept the services offered by a Third Party Wellness Provider, or decide to participate in a Partner Challenge, such agreement is solely between you and the Third Party Wellness Provider or applicable ADURO business partner because they are separate and distinct entities from ADURO. ADURO is not responsible for the privacy practices or services of the Third Party Wellness Providers or other ADURO business partners.

Provision of Services: ADURO may disclose your Personal Information to third parties that enable us to provide you with a product or service that you have requested from us. We will disclose Personal information to these third parties as necessary to enable them to provide the product or service, subject to contractual restrictions and conditions between ADURO and the third parties that obligate them to safeguard the Personal Information.

Participation, Incentives and Rewards: ADURO may disclose your Personal Information to your health plan, which may be administered by your employer, in order for your employer or health plan to provide you or your spouse/same-sex domestic partner with incentives and rewards for participation in the ADURO service. We will limit the amount of Personal Information we share to the minimum necessary for you to receive the incentives and rewards.

Agents, Contractors, and Other Service Providers: In order to provide you with the services on the Site, we may disclose your Personal Information to our agents, contractors, or other service providers who perform services on our behalf, such as incentive fulfilment, web hosting, translation or data storage. These third parties may also collect Personal Information on our behalf. ADURO will ensure that any agent, contractor, or other service provider with whom we share Personal Information agrees to safeguard it in substantially the same manner as ADURO has described in this Privacy Policy, but in any event in accordance with all applicable laws and regulations. Some of our service providers may be located outside of your country of residence, including in the United States of America, Canada, New Zealand, Australia and other countries from time to time. While outside of your country or residence, Personal Information will be subject to applicable foreign laws which may permit government, national security and regulatory authorities to access your Personal Information in certain circumstances.

HIPAA Covered Entities: ADURO may disclose your Personal Information to entities subject to HIPAA (called “covered entities”) in certain instances. Covered entities include, for example, health care providers such as doctors and dentists. Covered entities also include health plans, such as group health plans sponsored by your employer and which may be administered by other employees of your employer. HIPAA and other laws prohibit these employees from further disclosing your Personal Information to the employer-sponsors or others for reasons other than administering the group health plan or as otherwise permitted by law.

Aggregate Information: ADURO may provide to third parties, including to our corporate customers who sponsor group health plans for their employees, with information about you and other users from which we have removed all identifiers and that can no longer be used to identify you (“Aggregate Information”). For example, we might inform third parties regarding the number of users of ADURO Services and the services they used while on ADURO Services. We may not limit the third parties’ use of the Aggregate Information, except that we do require third parties to whom we disclose Aggregate Information to agree that they will not attempt to make this information personally identifiable by combining it with other databases.

Business Transitions: In the event ADURO goes (or proposes to go) through a business transition, such as a merger, acquisition by another company, reorganization, or sale of a portion of its assets, your Personal Information may be shared with parties connected with the proposed transaction as part of the due diligence process, and may be part of the assets acquired by and transferred to a new party taking over the business. The information transferred or shared remains subject to the promises made in our then-current Privacy Policy, unless you agree to new terms.

Disclosure of Automatically Collected Information: ADURO may provide to third parties, including to our corporate customers, Automatically Collected Information that is combined with the Automatically Collected Information of other users or Aggregate Information.

Additional Uses of Your Personal Information

Administrative Notices: ADURO reserves the right to send you specific administrative notices about your registration or subscription or to contact you if required by law. You may not opt-out of these kinds of communications.

Emails and Newsletters: During program registration and at various times as you use ADURO Services, you may have the option of receiving emails, SMS texts, voice IVR messages and/or newsletters directly from ADURO. You may elect to opt-out of these communications by placing a check mark beside a statement stating you do not want to receive these communications or to participate in these activities.  These preferences can be changed within the ADURO mobile application.

Links

ADURO Services contain links to other apps and sites, including links to sponsors and partners (including our corporate customers). ADURO is not responsible for the privacy practices or content of these other apps and websites. We encourage you to be aware when you leave ADURO Services and to read the privacy statements of each and every website or app you visit regardless of whether you access it through ADURO Services. This Privacy Policy applies solely to information collected by ADURO Services.

Security

ADURO maintains administrative, physical, and technical safeguards to reasonably and appropriately protect the confidentiality, availability, and integrity of your Personal Information. For example, the file containing your Personal Information will be maintained in secure locations at our offices or on our servers (or those maintained by our service providers) with access limited to authorized employees, representatives and agents. Our employees receive training on our security practices and obligations. While we encrypt sensitive data, such as Personal Information, using SSL or VPN when it is transmitted over the Internet and when it is stored on our servers and backup systems, we cannot completely ensure the privacy of certain communications such as email to and from ADURO Services because they are not encrypted.

Given the nature of the Internet and the fact that network security measures are not infallible, we cannot guarantee the security of your Personal Information. In the event we become aware of a data security breach, we will provide you with notice as required by applicable federal, provincial and state laws. To the extent permitted by applicable law, ADURO will provide any such notice to you at the email address you provide with your registration, as updated from time to time. By using ADURO Services, you agree to accept such notice electronically.

Compliance with our security policies is periodically audited by our Chief Technology Officer and we continually assess the adequacy of, and where appropriate improve, our security controls and procedures. ADURO employees and our third party service providers must abide by this policy and those who violate it are subject to corrective action, up to and including termination of employment or other legal action as permitted by law.

To the extent that you are accessing ADURO Services through an employer or health plan portal or other third party website, we strongly encourage you to review and understand the privacy policies of such organizations prior to providing information to us or them that you consider to be sensitive or personal in nature.

When registering for access to a secure area of ADURO Services, you will need to select a username and password. As explained above, your “username” is a unique set of characters (alphabetic, numeric, and special characters) that you choose to identify you on ADURO Services upon registration. We encourage you to select a username that does not, by itself, identify you to others and to keep the username confidential because we use the username to make various communications to individuals participating in programs available through ADURO Services (such as leaderboards, activity feeds and community forums). We likewise recommend you do not divulge your password to anyone so that others cannot access your Personal Information. We will never ask you for your password in an unsolicited phone call or in an unsolicited email.

You should sign out of the registered ADURO Services and close your browser window when you have finished using the Services so others cannot access your Personal Information and correspondence by using your desktop or laptop computer. If you access ADURO Services through the use of a smartphone or other mobile device, we expect you to use the security controls available on your device (such as setting a confidential password) to prevent unauthorized individuals from accessing your information. We further recommend that you terminate each session to reduce the risk of inappropriate access. If you remain continuously logged in, you assume the risk that unauthorized individuals may be able to access your information.

You should notify us promptly if you suspect someone has obtained unauthorized access to your Personal Information.

If you have any questions about the security at our Site, you can send a message to member support at support@adurolife.com

Correcting, Updating, and Deleting Personal Information

You can self-administer key privacy settings via ADURO Services in order to keep your Personal Information private. You can always contact us in order to request that we change or delete your Personal Information if you believe the Personal Information on ADURO Services is incorrect. We will review your request but may be restricted in our ability to change or delete your Personal Information. If ADURO Services were made available to you by a corporate customer that is sponsoring your usage of ADURO Services, your eligibility to receive Incentives and Rewards from such parties, if any such benefits are offered, may be adversely affected by your election to remove your Personal Information from our service. You must contact the corporate customer or paying sponsor directly for further information.

CALIFORNIA SHINE THE LIGHT LAW

California Civil Code Section 1798.83 permits California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed personal information (as defined under that statute) of that California resident, for direct marketing purposes in the preceding calendar year and the categories of personal information that was disclosed to them. If you are a California resident and you wish to make such a request, you may contact us by using the contact information in the “Contact Information” section at the bottom of this Privacy Policy.

CALIFORNIA MINORS

We may provide you the ability to post information on ADURO Services. If you are a California resident who is under 18 and a registered user of ADURO Services and you are unable to remove content or information you posted in a public area of ADURO Services by following the instructions provided on ADURO Services, you may request removal by using the contact information provided in the “Privacy Questions” section at the bottom of this Privacy Policy. When requesting removal please be specific about the information or content you want removed and provide the mobile app page or URL for each page on ADURO Services where it is located. We are not required to remove any content or information that: (a) federal or state law requires us or a third party to maintain the content or information; (b) the content or information was not posted by you, the registered user; (c) we anonymize the content or information so that you cannot be identified; (d) you don’t follow our instructions for removing or requesting removal; or (e) you received compensation or other consideration for providing the content or information. REMOVAL OF YOUR POSTED CONTENT OR INFORMATION FROM THE SITE DOES NOT ENSURE COMPLETE OR COMPREHENSIVE REMOVAL OF THAT CONTENT OR INFORMATION FROM OUR SYSTEMS OR THE SYSTEMS OF OUR SERVICE PROVIDERS. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public. Also, some content and information you post that has been copied or reposted by a third party is outside of our control and will not be removed.

CANADIAN RESIDENTS

If you are a resident of Canada, you may request access to your Personal Information in our custody or control by writing to us using the contact information in the “Contact Information” section below. We may take reasonable steps to verify your identity before providing access.

Notification of Changes

If we change our Privacy Policy, we will post the updated Privacy Policy and its effective date on this page, and we may post a notice on the Site’s main page and other pages to alert you about the change.

If the Privacy Policy changes materially so that we are going to use your Personal Information in a manner different from that stated at the time of collection, we will notify you by either sending you an email or by posting a notice on the Site’s main page. We reserve the right to make the changes to the Privacy Policy applicable to all previously collected Personal Information.

Contact Information – Questions, Accessing, Correcting and Updating your Personal Information, Direct Marketing

If you:

Have a query or concern about this Privacy Policy or our Personal Information handling processes;

Wish to make a complaint in relation to a breach of your privacy by ADURO;

Would like to access your Personal Information held by us;

Would like to opt out of direct marketing; or

Would like to correct your Personal Information held by us,

please contact us using the contact information set out below in this Privacy Policy. We will promptly investigate and respond.

ADURO, Inc.
17425 NE Union Hill Road, Suite 100
Redmond, WA 98052
Attention: CTO/CPO
support@adurolife.com

ADURO will seek specific permission from you for any uses or disclosures not specified in this Privacy Policy. If you have not opted into receiving direct marketing from ADURO, ADURO will not send you direct marketing.