Information We Collect and Use
- Subscription and Account Profiles
- Use of Aduro Services
We may process your name, unique identifier(s), email, phone number, date of birth, and other applicable data you provide related to your activity or health information in order to provide Services that are associated with your wellness goals and use of the Service. Activity and health information may include specific information regarding medical conditions, health, lifestyle, diet, exercise habits, drug and alcohol usage, and workplace health data. We process and use this data in furtherance of providing you our Services, including, but not limited to, Personal Information offered through our coaching services, onsite events, screening forms and surveys, interactions with our digital platform, support calls, requests, and participation modules related to wellness program activities and goal tracking.
- Automatically Collected Information
We collect information about devices you use to access the Services, such as device manufacturer, operating system, domain name and IP address, from all website visitors and app users (“Automatically Collected Information”). We use Automatically Collected Information internally to help us improve your experience with the Services, including to create your profile and profiles of our users generally as well as to record internet protocol (“IP”) addresses, browser types, internet service provider (“ISP”), and product usage. We use the profiles and records to analyze trends, administer the Services, track movements in the aggregate, and gather broad aggregate demographic information. We may process your participant identification and usage statistics to measure the effectiveness of our websites or apps, diagnose problems, determine where website or app traffic originates, conduct analytics and internal analysis to better understand how you use our platform so that we can improve our Services, and provide you with recommendations on how to get the most out of our platform to accomplish your goals. We may also process this information to detect, prevent, and address fraudulent and illegal activities on our websites and apps.
- Community Forums and Activity Feeds
- Job Candidate Information
If you apply for a job with Aduro, we will collect your direct identifiers (such as your name and contact information), your employment and education history, and other information that you include in your application. We may also collect information from third parties (such as recruiters, background check providers, and references) to supplement your application. We use this information to evaluate your application, assess your candidacy for employment, and to contact you about the status of your application.
- Business Visitors
If you contact us on behalf of your employer to inquire about our services, sign up for events, or for other business purposes, we will collect your name, contact information, and information about your employment. We may also receive your Personal Information from event providers or other vendors. We use this information to respond to your inquiries and/or event registrations, send you information about our services, and for other internal business purposes.
Information We Share With Third Parties
We do not share or sell, your Personal Information with or to any third party not affiliated with or owned by Aduro for direct marketing purposes. We will only share your Personal Information at your direction, with your consent, or in the following circumstances.
- Provision of Services: In order to provide you with the services on the websites, we may disclose your Personal Information to our agents, contractors, or other service providers who perform services on our behalf, such as incentive fulfilment, web hosting, translation, evaluation and processing of job applications, or data storage. These third parties may also collect Personal Information on our behalf. In addition, Aduro may disclose your Personal Information to third parties that enable us to provide you with a product or service that you have requested from us, subject to contractual restrictions and conditions between Aduro and the third parties that obligate them to safeguard the Personal Information. Some of our service providers may be located outside of your country of residence and as a result, your Personal Information may be subject to applicable foreign laws regarding the collection, processing, and storage of your Personal Information.
- HIPAA Covered Entities: Aduro may disclose your Personal Information to entities subject to HIPAA (called “covered entities”) in certain instances. Covered entities include, for example, health care providers such as doctors and dentists. Covered entities also include health plans, such as group health plans sponsored by your employer and which may be administered by other employees of your employer. HIPAA and other laws prohibit these employees from further disclosing your Personal Information to the employer-sponsors or others for reasons other than administering the group health plan or as otherwise permitted by law.
- Participation, Incentives and Rewards: Aduro may disclose your Personal Information to your employer-administered health plan, health care providers, or your employer, in order for your employer or health plan to operate and maintain their wellness program and to provide you or your partner with incentives and rewards for your participation in the Services. At the direction and request of your employer, we may also share your Personal Information with third party wellness providers and other wellness program-related vendors selected and designated by your employer.
- De-Identified and Aggregated Information: Aduro may disclose aggregated and/or de-identified information derived from your Personal Information to third parties, including to our vendors, customers, and potential customers. Such de-identified and aggregated information cannot reasonably be used to identify you.
- Automatically Collected Information: Aduro may disclose automatically collected information (e.g., IP addresses, browser types, product usage) obtained from your use of the Services to our service providers to provide services to Aduro.
- Legal Obligations: Aduro may process your Personal Information in certain circumstances where it may be necessary to satisfy our legal obligations. This includes records containing your Personal Information that we may be required to retain for a period of time or may be legally required to disclose to a government authority or third party pursuant to governmental or regulatory investigation, court order, subpoena, or litigation.
Web Beacons: web beacons are tiny graphic image files embedded in a web page or email that allow website operators to check whether you have viewed a particular web page or email communication. We use the information collected by web beacons to statistically monitor how many people are using our Services or opening our emails.
“Do Not Track” signals: some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. Currently, our websites do not respond to “Do Not Track” signals and will continue to collect information about you even if your browser’s “Do Not Track” functionality is activated. Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information.
Aduro maintains administrative, physical, and technical safeguards aimed to protect against unauthorized use, disclosure, alteration, or destruction of the Personal Information we collect and maintain. However, no data transmission over the internet is ever 100% secure. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information you transmit to our websites.
Please note that your use of the Services may contain links to other third-party apps and sites, including links to sponsors and partners, including our corporate customers. Aduro is not responsible for the privacy practices or content of these other apps and websites. To the extent that you are accessing Services through an employer or health plan portal or other third party website, we strongly encourage you to review and understand the privacy policies of your employer or third party organization before providing sensitive personal information through the Services.
We offer you the ability to opt-out of certain uses of your Personal Information. During account registration and throughout your use of the Services, you may have the option of receiving emails, SMS texts, in-app messages, voice IVR messages and/or newsletters directly from Aduro. You may elect to opt-out of in-app communications by adjusting your settings in the app. You may opt-out of other communications (e.g., those that are necessary for your participation in your wellness program) by withdrawing from the Aduro Services or contacting your wellness program administrator.
Our Services are not intended for minors younger than 18 years of age, and we do not knowingly collect any Personal Information of minors through our Services. If you believe we have collected Personal Information from a minor younger than 18 years of age through the use of our Services, please contact us at the notice address provided below.
Notice to California Residents
If you are a California resident, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”). You have the right to request to know the specific pieces and categories of personal information that we collect about you and the right to request deletion of your Personal Information under certain circumstances. To honor your requests, we will verify your identity by asking you or your authorized agent to provide information necessary to verify your account. If you have an account with us, we may use existing account verification practices to verify your request. We will only use the Personal Information provided in the verification process for identity verification purposes. Please note that Aduro does not sell your Personal Information.
Please be advised that we limit the collection and processing of Personal Information of participants in our customers’ wellness programs at the request and direction of our customers, who maintain a business relationship with Aduro, and in accordance with our customer contracts. Aduro, acting as a service provider to its customers, collects health data and business contact information in order to perform contracted Services. As such, we may refer your CCPA request to your employer or provide you with information to contact your employer directly to exercise your consumer rights under the CCPA.
Notice to Canadian Residents
If you participate in our wellness programs, your Personal Information will be transferred to and processed in the United States, where the laws may not be as protective as the laws in Canada.
Please be advised that we limit the collection and processing of Personal Information of participants in our customers’ wellness programs at the request and direction of our customers, who maintain a business relationship with Aduro, and in accordance with our customer contracts. Therefore, Aduro, acting as a service provider to its customers, collects health data and business contact information in order to perform contracted Services. As such, we may, as permitted or required by applicable law, refer your inquiries and requests about your Personal Information to your employer or provide you with information to contact your employer directly.
Notice to European Economic Area (“EEA”) and United Kingdom (“UK”) Residents
If you are accessing the Services from the EEA or the UK, please note that your employer is the controller of your Personal Information. We process your Personal Information pursuant to agreement(s) with your employer and/or the sponsor of your wellness plan, and the terms of those agreements govern how we process your Personal Information. For avoidance of doubt, if you have questions regarding the processing of your Personal Information, please consult with your employer or the sponsor of your wellness plan as they are responsible for determining how we process your information.
Aduro as a Data Processor
Aduro processes Personal Information as a Data Processor for the purpose of providing services to our Data Controller customers (e.g., your employer). Our customers determine why and how the Personal Information submitted to our Services is processed. As such, it is necessary for us to process your Personal Information in order to provide the Services to you in accordance with both the applicable data processing terms under the contract between your employer and/or wellness plan sponsor and us and our Terms of Service, which may be reviewed at: https://adurolife.com/aduro-terms-of-service/. We process your Personal Information as a Data Processor as discussed above.
Special Categories of Data
We process special categories of Personal Information that you have provided to us where necessary for us to perform a contract with your employer or wellness plan sponsor to provide you with Services, and where you have given explicit consent for us to engage in such processing. Special categories of Personal Information may include information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life, or sexual orientation.
Withdrawal of Consent
Where you have given us valid consent to use your Personal Information in certain ways, we will rely on your consent. In instances in which we have based our processing of your Personal Information on your consent, you have the right to withdraw your consent in two ways. You may de-activate your account by managing your account settings and email firstname.lastname@example.org to request that your Personal Information be deleted from our systems. Please note that when you withdraw consent, we might not be able to provide you with the Services we offer. Also, please note that in certain situations, we may continue to process your Personal Information after you have withdrawn consent and requested that we delete your Personal Information, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with a legal obligation or if it is necessary to do so to pursue our legitimate interest in keeping the Services safe and secure.
Data Subject Rights
If you are a resident of the EEA or the UK, you have the right to request access to Personal Information we hold and to ask that your Personal Information be corrected, erased, or transferred. Please contact your employer to exercise these rights.
Data Transfers to Countries Outside the EEA and UK
Aduro stores your Personal Information for no longer than necessary for the purposes for which it is collected and processed in order to perform the Services, subject to our legal obligations under our contracts with our customers and applicable laws. Unless as otherwise required by applicable law, upon termination or expiration of the agreement with our customer, we will delete your Personal Information from our systems or return to it to your employer. However, please note that when we delete your Personal Information from our systems, copies of your Personal Information may exist on Aduro’s backup or archive media.
Questions or Complaints
If you are a resident of the EEA or the UK and have a concern about our processing of your Personal Information that we are not able to resolve, we will forward your complaint to the Aduro customer associated with your account, usually your employer or wellness plan sponsor, and work with the customer to address your concerns. You may choose to reach out to the customer (e.g., your employer), who is the data controller, first before contacting Aduro. Additionally, you have the right to lodge a complaint with the data protection authority where you reside.
Notification of Changes
17425 NE Union Hill Road, Suite 100
Redmond, WA 98052
Attention: Privacy Team