Privacy Policy

Effective as of 16 December 2019

This policy (‘Privacy Policy’) explains how SportsHero Limited (ABN 98 123 423 987) (ASX:SHO) (‘SportsHero’ or ‘SHO’) seeks to protect the Personal Information of individuals. SHO is committed to protecting the safety and security of the personal information of individuals whose information SHO has access to including users of the SHO Platform (defined below), and other persons with whom SHO interacts (each a ‘User’ or ‘you’).

The Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) (‘Act’) and the European Union General Data Protection Regulation (Regulation 2016/679) (‘GDPR’).

Under the Act, “Personal Information” is defined as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”

With respect only to residents of the European Union, Schedule 1 of this Privacy Policy provides additional terms for the protection of “Personal Data” under the GDPR. Personal Data should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

Please read this Privacy Policy carefully in order to understand how your Personal Information is collected, held, used, or otherwise processed by us.

SHO reserves the right to make changes or updates to this Privacy Policy from time to time. If this happens we will update this Privacy Policy and notify you of any changes, most likely via email or in- app notification. However, you should also periodically check this Privacy Policy for any updates.


SHO is the provider of a real time fantasy sports app, websites and social prediction platform (collectively ‘SHO Platform’) through which individual Users participate in dynamic, skill based predicting competitions related to specific sporting codes.

In providing the SHO Platform, we are sensitive to Users’ concerns about the safety of their Personal Information.

In essence, SHO will typically only:

  • collect, use or share your Personal Information with your consent (unless it is not reasonable in the circumstances to obtain your consent and it is legally permissible for us to do so) or when required by a legal obligation; and
  • interact with your Personal Information in order to: (a) provide you with the SHO Platform and (b) help us improve and develop the SHO Platform.

SHO has developed our privacy framework to assist Users, and to comply with privacy legislation and regulations applicable to us and our management of your Personal Information.


SHO collects Personal Information from individuals in one of three main ways:

  1. (a) Directly from Users, when they interact with SHO or the SHO platform (e.g. provide feedback or register a User account);
  2. (b) Passively from Users, when they interact with and use the SHO Platform;
  3. (c) From third-parties in certain, specific circumstances (e.g. if you sign up to the SHO Platform through a third-party service or platform we may be provided information that you have consented to being shared).

The specifics of Personal Information collected in each situation is discussed further below.


(a) Personal Information collected directly

When Users sign up and use the SHO Platform we collect the following types of Personal Information directly and consensually from you:

  • Basic User information, including your name, User name, email and date of birth;
  • Basic account information, including any User name or display picture you choose to associate with your account;
  • Your sporting preferences, including your favourite sporting leagues and teams; and
  • If you access the SHO Platform through a third-party service or platform (e.g. Facebook), we will collect information that is made available by to SHO by those services or platforms. You can generally control the information we receive from these sources by using through the privacy settings on the third-party services or platforms.

We will collect the following types of information from Users as they use the SHO Platform:

  • Basic account preferences, such as your language settings;
  • Prediction information regarding the competitions you enter and predictions that you make; and
  • Content that you post and submit to the SHO Platform and our social media pages.

If a User wins a competition we will collect the following types of Personal Information directly and consensually from you:

  • Prize delivery information, including your full address and contact number;
  • Winner’s interview information, including your answers to questions regarding your experience using the SHO Platform.

If you make an enquiry or sends us unsolicited feedback we may collect the following types of Personal Information directly and consensually from you:

  • Basic contact information, including your name and email; and
  • Feedback information and the details of your interactions with us, including communications with customer support or other SHO personnel (e.g. the contents of an email an email sent to or other information provided by you regarding your enquiry.

When you respond to a survey we may directly and consensually collect the Personal Information disclaimed on the survey form.

When you make an application for employment at SHO, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of your application.

(b) Personal Information collected passively

As you interact with the SHO Platform or advertisements, we may collect the following types of Personal Information about your usage:

  • Content that you post in-app, including in chat to other User or in threads relating to predictions or competitions, as well as similar content that is posted about you by others;
  • Background account information, such as your notification settings and SportsHero badges that you accrue; and
  • The following types of browser, system and device information regarding devices you use to access the SHO Platform:
    • Locational information, regarding which country you live in, for example in the form of the IP address from which you access the SHO Platform;
    • Web data tracking information, such as data from cookies stored on your device, including cookie IDs and settings, as well as logs of your usage of the SHO Platform;
    • System usage information, such as logs of User you have followed or are following you, and friends that you have added and been added by.

(c) Personal Information collected from third-parties

In certain specific situations, SHO will collect Personal Information about you from third-parties. The types of Personal Information collected include:

  • Third-party account information made available to us if you register with SHO through a third-party service or platform and
  • Web data tracking information that fit certain parameters of who we think could become SHO Users (e.g. heat maps developed through Google Analytics which track patterns of User interactions with our web pages).


Although SHO collects Personal Information from Users in a number of circumstances, SHO will only collect this information in order to provide and develop the SHO Platform. Here are the main ways we use Personal Information to achieve these objectives:

Communicating with Users

SHO will use basic User, account and contact to communicate with individuals about their feedback or issues with the SHO Platform.

SHO will also use prize delivery information to verify the identity of competition winners, and winner’s interview information to congratulate winners of our competitions over the SHO Platform.

If Users have consented, SHO will also use these types of Personal Information to share relevant news and updates about SHO and the SHO Platform.

Administration and delivery of SHO Platform

SHO will use basic User and account information, as well as other basic preferences to provide you with the baseline experience over the SHO Platform (e.g. allowing you to participate in competitions).

If you have registered using third-party service or platform information SHO will also use this for the same reasons.

SHO will use your basic User information for simple administrative tasks, such as resetting account passwords.

SHO will use your sporting preferences to tailor your in-app experience in using the SHO Platform.

Ensuring User safety

SHO will also use any type of information collected to prevent and address risks to all Users (e.g. SHO will use information to investigate suspicious or threatening activity).

Research and development

SHO will use the following types of information to develop, test and improve the SHO Platform:

  • Survey and feedback information, as well as any content that is submitted in relation to competitions or features of the SHO Platform;
  • Basic account and sporting preferences;
  • Prediction information;
  • Background account, browser, system and device information; and
  • Third-party web tracking information.

Together these types of Personal Information are used to provide us with an overview of how the SHO Platform is being used, any shortcomings it may have, and subsequently to highlight what will be the best means of improving the experience for all Users.

SHO’s preference will be to de-identify these types information first, and then use it for this purpose in conjunction with de-identified browser and device information (see section 6 below for an explanation of what we mean by “de-identified”).


Where Users have expressly consented, SHO will use basic contact, enquiry and account information to provide Users with relevant marketing materials and offers. Users can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).

Where applicable SHO will use winner’s interview information to encourage continued participation in our competitions.


Generally, SHO does not disclose Personal Information to any third-parties except:

  • Service providers SHO engages to help us provide and develop the SHO Platform (e.g. cloud service providers or consultants);
  • In some specific jurisdictions, marketing and product development partners to help us provide local offerings of the SHO Platform (e.g. to help us provide engaging prizes and competitions formats outside of Australia); and
  • Law enforcement agencies, or another party that has a legitimate legal right to access the information.

The above disclosures will only be made in circumstances where the recipient has provided an undertaking that they will maintain the confidentiality of the information and that they recognise the appropriate limitations placed on the use of the information. Disclosures will also always be in accordance with this Privacy Policy.

Overseas Disclosure

Some of the third-parties SHO discloses Personal Information to are located overseas. This is particularly the case for our third-party software and cloud service providers which are currently located in the United States and China.

Sometimes we may also disclose the Personal Information of Users to our third-party partners located in specific jurisdictions such as Indonesia. Typically, the Personal Information disclosed in these circumstances will only relate to Users who access and use the SHO Platform from the relevant jurisdiction.

As with disclosures to third-party service providers, overseas disclosures are always made once SHO has taken all reasonable steps to determine the information will be treated at least as favourably under the Act and other applicable privacy laws.


SHO’s general approach

SHO will keep your Personal Information confidential and not sell or knowingly divulge User information to any external third-parties, unless:

  • We believe, in good faith, that we are required to share the Personal Information with a third party in order to comply with legitimate legal obligations;
  • The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to develop and deliver the SHO Platform (e.g. a cloud service provider or local marketing and development partner);
  • Other entities acquire ownership or operation of SHO or the SHO Platform; and/or
  • We need to protect the safety of Users, and the security our SHO Platform.

SHO seeks the informed and voluntary consent of individuals whenever it collects their information, or as soon as possible after.

Users can always refuse or revoke this consent, but sometimes this will affect SHO’s ability to provide them with the SHO Platform. SHO will advise Users if this is the case.


De-identified information refers to information that cannot reasonably be used to identify a particular individual.

De-identified information that will never be able to personally identify particular individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with the SHO Platform). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. account ID numbers).

Where possible SHO will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.

However, sometimes it will be impractical for User information to be de-identified or treated in this way, and in this case, SHO will continue to use and hold the information in a personally identifiable state. For example, if SHO needs to reply to a User enquiry we will have to use the contact information provided.


SHO is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached (e.g. SHO has developed an extensive Data Breach Response Plan which we use to prepare and respond to data breaches).

When information collected or used by SHO is stored on third-party service providers (e.g. Azure or AWS cloud servers), SHO takes reasonable steps to ensure these third-parties use industry standard security measures that meet the level of information security SHO owes Users.

As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.

Data Breaches

In the circumstances where SHO suffers a data breach that contains Personal Information, we will endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the Act.


SHO retains Personal Information until it is no longer needed to provide or develop the SHO Platform, or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.

However, SHO will retain:

  • Personal Information in circumstances where we have legal and regulatory obligations to do so (e.g. for law enforcement purposes, employment law, corporate or tax record keeping, or where the information is relevant to legitimate legal proceedings); and
  • Anonymised information for analytic and service development purposes.

The information we retain will be handled in accordance with this Privacy Policy.


Users who are habitually located in the European Union (‘EU Residents’) have additional rights in respect of their Personal Data (a term that is fundamentally interchangeable with Personal Information).

Users who are EU Residents should refer to Schedule 1 for more information regarding SHO’s privacy practices in relation to their Personal Data.


Accessing and ensuring the accuracy of Personal Information

SHO takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.

Users have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. SHO will grant access to the extent required or authorised by the Act and applicable laws, and will take all reasonable steps to correct the relevant Personal Information where appropriate.

There may be circumstances in which SHO cannot provide Users with access to information. We will advise you of these reasons if this is the case.

Contacting SHO

SHO has appointed a Privacy Officer to be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.

Privacy Officer

Privacy Officer

SportsHero Limited (ABN 98 123 423 987)
29 Brookside Place
Lota, Queensland 4179

If you have any queries or wish to make a complaint about a breach of this policy or the Act you can contact or lodge a complaint to our Privacy Officer using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

The Privacy Offer will respond to your query or complaint as quickly as possible. SHO will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via

This Privacy Policy was last updated on 20 June 2018.


SHO is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).

Although our Privacy Policy explains how SHO meets all of its’ obligations for Australian Users, SHO also has some Users who are habitually located in the European Union (‘EU Residents’) that have additional rights in respect of their Personal Data.

Personal Data is defined as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

Under the GDPR, SHO is primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of its’ GDPR compliance, SHO provides the SHO Platform in a way that ensures:

  • Personal Data (i.e. Personal Information) is:
    • processed fairly, lawfully and in a transparent manner; and
    • collected and processed only for specified and lawful purposes.

(NB see sections 2 – 5 of this Privacy Policy).

  • Processed Personal Data (i.e. Personal Information that is used, held or disclosed by SHO) is:
    • adequate, relevant and not excessive;
    • accurate and, where necessary, kept up to date;
    • kept secure, and not longer than necessary;
    • not transferred to countries outside the European Union without adequate protection; and
    • treated in accordance with individuals’ legal rights.

Whilst SHO strives to provide all Users with appropriate access and control over their data, individuals covered by the GDPR are also able to:

  • Prescriptively restrict, limit or otherwise provide instructions to SHO regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
  • Verbally request the erasure (i.e. deletion) of their information; and
  • Request SHO provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Users who exercise this right to data portability are also able to direct SHO to transmit this data to other entities who they intend to allow to process their Personal Data.

SHO will allow and assist Users that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).