Information We Collect
Where you have entered personal information, for example to sign up for marketing communications or as a subscriber of a Product, we may collect certain identifying information such as your name and contact information (“Personal Information”). We also may collect other information that, by itself, does not individually identify you such as browser type, operating system, technical data, and usage (“Other Information”). We may link together different types of Other Information or link Other Information to Personal Information, in the limited scenarios where we have any Personal Information relating to you.
How We Collect Information
We collect information in the following ways:
- Information You Give Us Upon Registration/Subscription. Some of our Products require or allow you to register or subscribe. You also may choose to provide contact information for marketing communications. When you do, we’ll ask for Personal Information like your name or email address.
- Information We Get from Your Use of Services. We may collect information about the Products that you use and how you use them. This information includes:
- Computer, Tablet, or Mobile Telephone information. We may collect device-specific information such as your hardware model, operating system version, unique device identifiers, device sensors and mobile network information. We will comply with the usage/license restrictions and requirements applicable to the device from which the information comes.
- Log Information. When you use the Products, we may automatically collect and store certain information in server logs. This may include:
- details of how you used our service, for instance, we may collect use metrics related to how long you spend watching a certain video or exploring a particular organ of the body, whether you use the drawing tool, etc.;
- Internet protocol address;
- device event information such as crashes, system activity, hardware settings; browser type, browser language, the date and time of your request and referral URL; and
- cookies that may uniquely identify your browser or your Sharecare Account.
- Unique Application Numbers. Certain Products include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Sharecare when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
How We Use Information We Collect
To Provide Products to You. We use the information that we collect about you to provide, maintain, protect and improve the Products that Sharecare provides to you.
Analytics. We use analytics tools and other third-party technologies, such as Google Analytics, to collect non-Personal Information in the form of various usage and user metrics when you use our site and Products. These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and software identifiers, referring and exit URLs, behavior and usage information, feature use metrics and statistics, usage and demographics, and other similar information. You can deactivate Google Analytics using a browser add-on if you do not wish the website analysis to take place.
What Information We Share
Because Sharecare only collects information regarding use metrics for our Products, it is unlikely that we would have a need or occasion to share such information with a third party. However, as Sharecare continues to develop our business, we might sell or buy companies, subsidiaries, or business units. In such transactions, data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing privacy statement. Also, in the unlikely event that Sharecare or all of its assets is acquired, your use data may be one of the transferred assets.
We may, from time to time, outsource some or all of the operations of our business to third-party service providers. In such cases, it may be necessary for us to disclose your information to those service providers. In some cases, the service providers may collect information directly from you on our behalf. We restrict how such service providers may access, use and disclose your information. These agents may have access to your information as needed to perform their functions, but they are not permitted to use it for other purposes.
In addition, we may share de-identified, aggregated use information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Products.
Sharecare does not sell or otherwise receive remuneration in exchange for your Personal Information.
How We Protect Your Information
Sharecare works hard to protect Sharecare and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of any and all information we hold. Sharecare is committed to using industry-leading security practices such as ISO27001 and HiTRUST. In particular:
- We encrypt many of our Products using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
Legal Grounds for Processing Your Personal Data
We rely on the following legal grounds to process your Personal Information:
Performance of Services. We may need to collect and use your Personal Information to enter into and perform under an agreement with you.
Legitimate Interests. We may use your Personal Information for our legitimate interests, including but not limited to provide our Products and to improve our Products and the content on our sites.
We use a third-party merchant of record for processing payment transactions, meaning Sharecare does not receive your financial information in connection with any purchase.
Sharecare is located in the United States. When you submit Personal Information to us, or when others provide Personal Information to us, we will receive it and process it in the United States, which currently lacks an adequacy decision with the European Commission.
As detailed above, we sometimes provide Personal Information to third parties to perform services. If we transfer Personal Information received from the EEA to a third party, the third party's access, use, and disclosure of the Personal Information must also be in compliance with our Data Processing Addendum, including but not limited to the Standard Contractual Clauses contained therein.
- Transparency and the right to information. Through this policy we explain how we use and share your Personal Information. However, if you have questions or need additional information you can contact us any time.
- Right of access, restriction of processing, erasure. You may contact us to request information about the Personal Information we have collected from you and to request the correction, modification or deletion of such Personal Information, which requests we will do our best to honor subject to any legal, ethical and contractual obligations. To make a request or to ask us a question about our data practices, please contact us via email at firstname.lastname@example.org or make use of the self-service tools in the “Settings” menu of your mobile app.
- Right to withdraw your consent at any time. When we process your Personal Information based on your consent, you have the right to withdraw your consent at any time.
- Right to object at any time. You have the right to object at any time to receiving marketing or promotional materials from us by either following the opt-out instructions in commercial e-mails or by contacting us, as well as the right to object to any processing of your Personal Information based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal, ethical and contractual obligations. Some non-marketing communications are not subject to a general opt-out, such as communications about transactions and disclosures to comply with legal or ethical requirements.
- Right to data portability. You have the right to data portability of your own personal data by contacting us.
- Right not to be subject to an automated decision, including profiling. We do not make automated decisions using your personal data that may negatively impact you.
- Right to lodge a complaint with the competent Personal Data supervisory authority, if you believe that the processing of your Personal Information does not comply with legal requirements.
If you reside or otherwise find yourself outside of the U.S., we are committed to facilitating the exercise of your rights granted by the European Data Protection law and/or the laws of your country. If you have any inquiries or complaints about our handling of your Personal Information or about our privacy practices generally, please contact us (including our Data Protection Officer) at email@example.com. We will respond to your inquiry promptly.
Our EEA representative is Sharecare France, 105 avenue Raymond Poincare, 75116 Paris, France.
We may require you to provide us with sufficient information such as your name, address, or any Other Information necessary for us to verify your identity. We reserve the right to request additional information from you, such as a photocopy of your passport or other identification card in order to verify your identity.
Residents of the U.S. State of California may have additional rights as set forth in our Privacy Notice for California Residents.
Last modified: February 24, 2021