- What personally identifiable information Aduro, or a third party acting on Aduro’s behalf, collects through our Services and how we use it;
- To whom Aduro may disclose this information;
- Choices available to you with respect to collection, use and distribution of your information;
- Security procedures in place to protect the confidentiality, availability, and integrity of your information; and
- How to request access to, or correct inaccuracies of, your information.
Important Information about Our Privacy Practices
Personally Identifiable Information (or “Personal Information”) is information that we collect about you that can be used to identify or contact you, as well as other personal data that is identifiable to you. Aduro de-identifies and aggregates information collected through the Services such that, in each case, it does not identify individual users and cannot be used to identify individuals who use the Services. Because that information is not personally identifiable to you or any other individual it is not Personal Information.
In the United States, some of the Personal Information provided by you or collected by us through the Aduro Services or the sponsor of your wellness plan may consist of or include health information. Although Aduro is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Aduro is subject to some aspects of HIPAA when Aduro performs services on behalf of covered entities, including health plans sponsored by employers for their employees (“Corporate Customers”). Aduro is considered a “Business Associate” under HIPAA when providing services to “covered entities.” Aduro will comply with applicable HIPAA requirements under those circumstances.
Information Collection and Use
1. Automatically Collected Information
We collect information about devices you use to access Aduro Services (such as device manufacturer, operating system, domain name and IP address) from all visitors (“Automatically Collected Information”). We use any Personal Information included in this Automatically Collected Information internally to help us improve your experience on Aduro Services, including to create your profile and profiles of our users generally as well as to record internet protocol (IP) addresses, browser types, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, product usage and number of clicks. We use the profiles and records to analyze trends, administer Aduro Services, track movements in the aggregate, and gather broad aggregate demographic information.
For example, Aduro uses “cookies” and “web beacons” to collect information about your use of our Services and emails we may send you. Cookies are small computer files that we transfer to your computer’s hard drive that allow us to know how often you use Aduro Services and what activities you conduct on our Services platform. Internet browser software generally can be set to reject all cookies, and most browsers offer instructions on how to reset the browser to reject cookies. If you reject our cookie, certain functions and conveniences we automatically provide for you on Aduro Services may not work, but you do not have to accept our cookie to use Aduro Services. Similarly, web beacons are tiny graphic image files embedded in a web page or email that send information from your browser back to Aduro’s, or its service provider’s, server. We use the information cookies and web beacons collect to statistically monitor how many people are using our Services or opening our emails.
Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information. To completely “opt out” of the collection of any information through cookies or other tracking technology, you must manage the settings on your browser to delete and disable cookies and other tracking/recording tools. However, getting a “Do Not Track” signal to work as you might want is difficult. For example, not all tracking technologies can be controlled by browsers, and unique aspects of your browser might be recognizable even if you disable a tracking technology. In addition, not all settings will necessarily last or be effective, and even if a setting is effective for one purpose, data still may be collected for another. Even if one website observes a “Do Not Track” signal, that website usually will not be able to control other websites.
2. Subscription and Account Profiles
You may also voluntarily submit additional Personal Information, for example your address, interests or photo, in order to enhance your profile within Aduro Services. Submission of this Personal Information is strictly voluntary. Do not post information in public areas of the Services if you do not want the information to be shared with others.
3. Voluntary information
You may voluntarily provide other information to Aduro, some of which may be Personal Information, when you register for and use Aduro Services, such as wellness assessments and goal tracking, or when you respond to our surveys and questionnaires. This information may include, but is not limited to, specific information regarding medical conditions, health, lifestyle, diet, exercise habits, drug and alcohol usage, workplace matters and other relevant Personal Information relating to your wellness. It might also include active or passive 3rd party data integrations which are approved by you for Aduro to access.
4. Community Forums and Activity Feeds
Personal Information of Children Under 18
Aduro Services are not directed to children, and we do not knowingly collect any Personal Information from children under 18 years of age through Aduro Services. If you think we have collected Personal Information from a child under 18 years of age for whom you are the parent or guardian, please contact us at the notice address provided below.
Disclosure of Your Personal Information to Third Parties
Unless we receive your permission, Aduro will not sell, rent, or share your Personal Information to or with any third party not affiliated with or owned by Aduro, with the following exceptions:
Third Party Wellness Providers: Aduro may disclose your relevant Personal Information to third parties who we have engaged on your behalf to provide disease management, health management, behavioral coaching, or similar wellness-related services (“Third Party Wellness Providers”) and who may contact you to offer their services in support of your health and well-being management goals. Aduro and the Third Party Wellness Providers, as well as other Aduro business partners, may also share your Personal Information to administer activities and challenges you select (“Partner Challenges”) and to award you with incentives and other rewards you earn through participation in Partner Challenges. Aduro contractually obligates Third Party Wellness Providers, and other Aduro business partners, to safeguard your Personal Information in substantially the same manner that Aduro safeguards it. If you accept the services offered by a Third Party Wellness Provider, or decide to participate in a Partner Challenge, such agreement is solely between you and the Third Party Wellness Provider or applicable Aduro business partner because they are separate and distinct entities from Aduro. Aduro is not responsible for the privacy practices or services of the Third Party Wellness Providers or other Aduro business partners.
Provision of Services: Aduro may disclose your Personal Information to third parties that enable us to provide you with a product or service that you have requested from us. We will disclose Personal information to these third parties as necessary to enable them to provide the product or service, subject to contractual restrictions and conditions between Aduro and the third parties that obligate them to safeguard the Personal Information.
Participation, Incentives and Rewards: Aduro may disclose your Personal Information to your health plan, which may be administered by your employer, in order for your employer or health plan to provide you or your spouse/same-sex domestic partner with incentives and rewards for participation in the Aduro service. We will limit the amount of Personal Information we share to the minimum necessary for you to receive the incentives and rewards.
HIPAA Covered Entities: Aduro may disclose your Personal Information to entities subject to HIPAA (called “covered entities”) in certain instances. Covered entities include, for example, health care providers such as doctors and dentists. Covered entities also include health plans, such as group health plans sponsored by your employer and which may be administered by other employees of your employer. HIPAA and other laws prohibit these employees from further disclosing your Personal Information to the employer-sponsors or others for reasons other than administering the group health plan or as otherwise permitted by law.
Disclosure of Automatically Collected Information: Aduro may provide to third parties, including to our corporate customers, Automatically Collected Information that is combined with the Automatically Collected Information of other users or other aggregated and/or de-identified information.
Additional Uses of Your Personal Information
Administrative Notices: Aduro reserves the right to send you specific administrative notices about your registration or subscription or to contact you if required by law. You may not opt-out of these kinds of communications.
Emails and Newsletters: During program registration and at various times as you use Aduro Services, you may have the option of receiving emails, SMS texts, voice IVR messages and/or newsletters directly from Aduro. You may elect to opt-out of these communications by placing a check mark beside a statement stating you do not want to receive these communications or to participate in these activities. These preferences can be changed within the Aduro mobile application.
Aduro maintains administrative, physical, and technical safeguards to reasonably and appropriately protect the confidentiality, availability, and integrity of your Personal Information. For example, the file containing your Personal Information will be maintained in secure locations at our offices or on our servers (or those maintained by our service providers) with access limited to authorized employees, representatives and agents. Our employees receive training on our security practices and obligations. While we encrypt sensitive data, such as Personal Information, using SSL or VPN when it is transmitted over the Internet and when it is stored on our servers and backup systems, we cannot completely ensure the privacy of certain communications such as email to and from Aduro Services because they are not encrypted.
Given the nature of the Internet and the fact that network security measures are not infallible, we cannot guarantee the security of your Personal Information. In the event we become aware of a data security breach, we will provide you with notice as required by applicable federal, provincial and state laws. To the extent permitted by applicable law, Aduro will provide any such notice to you at the email address you provide with your registration, as updated from time to time. By using Aduro Services, you agree to accept such notice electronically.
Compliance with our security policies is periodically audited by our Chief Security Officer and we continually assess the adequacy of, and where appropriate improve, our security controls and procedures. Aduro employees and our third-party service providers must abide by this policy and those who violate it are subject to corrective action, up to and including termination of employment or other legal action as permitted by law.
To the extent that you are accessing Aduro Services through an employer or health plan portal or other third party website, we strongly encourage you to review and understand the privacy policies of such organizations prior to providing information to us or them that you consider to be sensitive or personal in nature.
When registering for access to a secure area of Aduro Services, you will need to select a username and password. As explained above, your “username” is a unique set of characters (alphabetic, numeric, and special characters) that you choose to identify you on Aduro Services upon registration. We encourage you to select a username that does not, by itself, identify you to others and to keep the username confidential because we use the username to make various communications to individuals participating in programs available through Aduro Services (such as leaderboards, activity feeds and community forums). We likewise recommend you do not divulge your password to anyone so that others cannot access your Personal Information. We will never ask you for your password in an unsolicited phone call or in an unsolicited email.
You should sign out of the registered Aduro Services and close your browser window when you have finished using the Services so others cannot access your Personal Information and correspondence by using your desktop or laptop computer. If you access Aduro Services through the use of a smartphone or other mobile device, we expect you to use the security controls available on your device (such as setting a confidential password) to prevent unauthorized individuals from accessing your information. We further recommend that you terminate each session to reduce the risk of inappropriate access. If you remain continuously logged in, you assume the risk that unauthorized individuals may be able to access your information.
You should notify us promptly if you suspect someone has obtained unauthorized access to your Personal Information.
If you have any questions about the security at our Site, you can send a message to us at firstname.lastname@example.org.
Correcting, Updating, and Deleting Personal Information
You can self-administer key privacy settings via Aduro Services in order to keep your Personal Information private. You can always contact us in order to request that we change or delete your Personal Information if you believe the Personal Information on Aduro Services is incorrect. We will review your request but may be restricted in our ability to change or delete your Personal Information. If Aduro Services were made available to you by a corporate customer that is sponsoring your usage of Aduro Services, your eligibility to receive Incentives and Rewards from such parties, if any such benefits are offered, may be adversely affected by your election to remove your Personal Information from our service. You must contact the corporate customer or paying sponsor directly for further information.
Our Services are not intended to be offered or provided to minors younger than 18 years of age, and we do not knowingly collect any Personal Information of minors through our Services. If you think we have collected Personal Information from a minor younger than 18 years of age for whom you are the parent or guardian, please contact us at the notice address provided below.
Limited Application of California Consumer Privacy Act.
The Aduro Services are limited to the collection and processing of Personal Information of participants in our clients’ wellness programs (“Health & Employee Personal Information”), as part of the provision of services to and requests and direction of our clients, and of individuals who have a business relationship with Aduro (“B2B Personal Information”). Because the information collected through our Services is limited to Health & Employee Personal Information and B2B Personal Information, certain provisions of the California Consumer Privacy Act (“CCPA”) do not apply to the collection and use of personal information through our Services. Accordingly, this Policy does not include explanations of certain rights and procedures provided in the CCPA.
Notification of Changes
Contact Information – Questions, Accessing, Correcting and Updating your Personal Information, Direct Marketing
Wish to make a complaint in relation to a breach of your privacy by Aduro;
Would like to access your Personal Information held by us;
Would like to opt out of direct marketing; or
Would like to correct your Personal Information held by us,
17425 NE Union Hill Road, Suite 100
Redmond, WA 98052
Attention: Privacy Team