Effective as of 16 December 2019
Under the Act, “Personal Information” is defined as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”
1. ABOUT SHO
SHO is the provider of a real time fantasy sports app, websites and social prediction platform (collectively ‘SHO Platform’) through which individual Users participate in dynamic, skill based predicting competitions related to specific sporting codes.
In providing the SHO Platform, we are sensitive to Users’ concerns about the safety of their Personal Information.
In essence, SHO will typically only:
- collect, use or share your Personal Information with your consent (unless it is not reasonable in the circumstances to obtain your consent and it is legally permissible for us to do so) or when required by a legal obligation; and
- interact with your Personal Information in order to: (a) provide you with the SHO Platform and (b) help us improve and develop the SHO Platform.
SHO has developed our privacy framework to assist Users, and to comply with privacy legislation and regulations applicable to us and our management of your Personal Information.
2. HOW SHO COLLECTS YOUR PERSONAL INFORMATION
SHO collects Personal Information from individuals in one of three main ways:
- (a) Directly from Users, when they interact with SHO or the SHO platform (e.g. provide feedback or register a User account);
- (b) Passively from Users, when they interact with and use the SHO Platform;
- (c) From third-parties in certain, specific circumstances (e.g. if you sign up to the SHO Platform through a third-party service or platform we may be provided information that you have consented to being shared).
The specifics of Personal Information collected in each situation is discussed further below.
3. WHEN SHO COLLECTS INFORMATION FROM USERS AND WHAT WE COLLECT
(a) Personal Information collected directly
When Users sign up and use the SHO Platform we collect the following types of Personal Information directly and consensually from you:
- Basic User information, including your name, User name, email and date of birth;
- Basic account information, including any User name or display picture you choose to associate with your account;
- Your sporting preferences, including your favourite sporting leagues and teams; and
- If you access the SHO Platform through a third-party service or platform (e.g. Facebook), we will collect information that is made available by to SHO by those services or platforms. You can generally control the information we receive from these sources by using through the privacy settings on the third-party services or platforms.
We will collect the following types of information from Users as they use the SHO Platform:
- Basic account preferences, such as your language settings;
- Prediction information regarding the competitions you enter and predictions that you make; and
- Content that you post and submit to the SHO Platform and our social media pages.
If a User wins a competition we will collect the following types of Personal Information directly and consensually from you:
- Prize delivery information, including your full address and contact number;
- Winner’s interview information, including your answers to questions regarding your experience using the SHO Platform.
If you make an enquiry or sends us unsolicited feedback we may collect the following types of Personal Information directly and consensually from you:
- Basic contact information, including your name and email; and
- Feedback information and the details of your interactions with us, including communications with customer support or other SHO personnel (e.g. the contents of an email an email sent to firstname.lastname@example.org) or other information provided by you regarding your enquiry.
When you respond to a survey we may directly and consensually collect the Personal Information disclaimed on the survey form.
When you make an application for employment at SHO, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of your application.
(b) Personal Information collected passively
As you interact with the SHO Platform or advertisements, we may collect the following types of Personal Information about your usage:
- Content that you post in-app, including in chat to other User or in threads relating to predictions or competitions, as well as similar content that is posted about you by others;
- Background account information, such as your notification settings and SportsHero badges that you accrue; and
- The following types of browser, system and device information regarding devices you use to access the SHO Platform:
- Locational information, regarding which country you live in, for example in the form of the IP address from which you access the SHO Platform;
- Web data tracking information, such as data from cookies stored on your device, including cookie IDs and settings, as well as logs of your usage of the SHO Platform;
- System usage information, such as logs of User you have followed or are following you, and friends that you have added and been added by.
(c) Personal Information collected from third-parties
In certain specific situations, SHO will collect Personal Information about you from third-parties. The types of Personal Information collected include:
- Third-party account information made available to us if you register with SHO through a third-party service or platform and
- Web data tracking information that fit certain parameters of who we think could become SHO Users (e.g. heat maps developed through Google Analytics which track patterns of User interactions with our web pages).
4. WHY SHO COLLECTS YOUR PERSONAL INFORMATION AND WHAT WE USE IT FOR
Although SHO collects Personal Information from Users in a number of circumstances, SHO will only collect this information in order to provide and develop the SHO Platform. Here are the main ways we use Personal Information to achieve these objectives:
Communicating with Users
SHO will use basic User, account and contact to communicate with individuals about their feedback or issues with the SHO Platform.
SHO will also use prize delivery information to verify the identity of competition winners, and winner’s interview information to congratulate winners of our competitions over the SHO Platform.
If Users have consented, SHO will also use these types of Personal Information to share relevant news and updates about SHO and the SHO Platform.
Administration and delivery of SHO Platform
SHO will use basic User and account information, as well as other basic preferences to provide you with the baseline experience over the SHO Platform (e.g. allowing you to participate in competitions).
If you have registered using third-party service or platform information SHO will also use this for the same reasons.
SHO will use your basic User information for simple administrative tasks, such as resetting account passwords.
SHO will use your sporting preferences to tailor your in-app experience in using the SHO Platform.
Ensuring User safety
SHO will also use any type of information collected to prevent and address risks to all Users (e.g. SHO will use information to investigate suspicious or threatening activity).
Research and development
SHO will use the following types of information to develop, test and improve the SHO Platform:
- Survey and feedback information, as well as any content that is submitted in relation to competitions or features of the SHO Platform;
- Basic account and sporting preferences;
- Prediction information;
- Background account, browser, system and device information; and
- Third-party web tracking information.
Together these types of Personal Information are used to provide us with an overview of how the SHO Platform is being used, any shortcomings it may have, and subsequently to highlight what will be the best means of improving the experience for all Users.
SHO’s preference will be to de-identify these types information first, and then use it for this purpose in conjunction with de-identified browser and device information (see section 6 below for an explanation of what we mean by “de-identified”).
Where Users have expressly consented, SHO will use basic contact, enquiry and account information to provide Users with relevant marketing materials and offers. Users can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).
Where applicable SHO will use winner’s interview information to encourage continued participation in our competitions.
5. SHO’S DISCLOSURE OF PERSONAL INFORMATION
Generally, SHO does not disclose Personal Information to any third-parties except:
- Service providers SHO engages to help us provide and develop the SHO Platform (e.g. cloud service providers or consultants);
- In some specific jurisdictions, marketing and product development partners to help us provide local offerings of the SHO Platform (e.g. to help us provide engaging prizes and competitions formats outside of Australia); and
- Law enforcement agencies, or another party that has a legitimate legal right to access the information.
Some of the third-parties SHO discloses Personal Information to are located overseas. This is particularly the case for our third-party software and cloud service providers which are currently located in the United States and China.
Sometimes we may also disclose the Personal Information of Users to our third-party partners located in specific jurisdictions such as Indonesia. Typically, the Personal Information disclosed in these circumstances will only relate to Users who access and use the SHO Platform from the relevant jurisdiction.
As with disclosures to third-party service providers, overseas disclosures are always made once SHO has taken all reasonable steps to determine the information will be treated at least as favourably under the Act and other applicable privacy laws.
6. SHO’S TREATMENT AND STORAGE OF INFORMATION
SHO’s general approach
SHO will keep your Personal Information confidential and not sell or knowingly divulge User information to any external third-parties, unless:
- We believe, in good faith, that we are required to share the Personal Information with a third party in order to comply with legitimate legal obligations;
- The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to develop and deliver the SHO Platform (e.g. a cloud service provider or local marketing and development partner);
- Other entities acquire ownership or operation of SHO or the SHO Platform; and/or
- We need to protect the safety of Users, and the security our SHO Platform.
SHO seeks the informed and voluntary consent of individuals whenever it collects their information, or as soon as possible after.
Users can always refuse or revoke this consent, but sometimes this will affect SHO’s ability to provide them with the SHO Platform. SHO will advise Users if this is the case.
De-identified information refers to information that cannot reasonably be used to identify a particular individual.
De-identified information that will never be able to personally identify particular individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with the SHO Platform). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. account ID numbers).
Where possible SHO will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.
However, sometimes it will be impractical for User information to be de-identified or treated in this way, and in this case, SHO will continue to use and hold the information in a personally identifiable state. For example, if SHO needs to reply to a User enquiry we will have to use the contact information provided.
SHO is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached (e.g. SHO has developed an extensive Data Breach Response Plan which we use to prepare and respond to data breaches).
When information collected or used by SHO is stored on third-party service providers (e.g. Azure or AWS cloud servers), SHO takes reasonable steps to ensure these third-parties use industry standard security measures that meet the level of information security SHO owes Users.
As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.
In the circumstances where SHO suffers a data breach that contains Personal Information, we will endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the Act.
7. SHO’S RETENTION OF INFORMATION
SHO retains Personal Information until it is no longer needed to provide or develop the SHO Platform, or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.
However, SHO will retain:
- Personal Information in circumstances where we have legal and regulatory obligations to do so (e.g. for law enforcement purposes, employment law, corporate or tax record keeping, or where the information is relevant to legitimate legal proceedings); and
- Anonymised information for analytic and service development purposes.
8. SPECIFIC RIGHTS OF EUROPEAN RESIDENTS
Users who are habitually located in the European Union (‘EU Residents’) have additional rights in respect of their Personal Data (a term that is fundamentally interchangeable with Personal Information).
Users who are EU Residents should refer to Schedule 1 for more information regarding SHO’s privacy practices in relation to their Personal Data.
9. MANAGING PERSONAL INFORMATION YOUR INFORMATION
Accessing and ensuring the accuracy of Personal Information
SHO takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.
Users have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. SHO will grant access to the extent required or authorised by the Act and applicable laws, and will take all reasonable steps to correct the relevant Personal Information where appropriate.
There may be circumstances in which SHO cannot provide Users with access to information. We will advise you of these reasons if this is the case.
SHO has appointed a Privacy Officer to be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.
SportsHero Limited (ABN 98 123 423 987)
29 Brookside Place
Lota, Queensland 4179
If you have any queries or wish to make a complaint about a breach of this policy or the Act you can contact or lodge a complaint to our Privacy Officer using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.
The Privacy Offer will respond to your query or complaint as quickly as possible. SHO will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via www.oaic.gov.au.
SPECIFIC RIGHTS OF EUROPEAN RESIDENTS
SHO is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).
Under the GDPR, SHO is primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of its’ GDPR compliance, SHO provides the SHO Platform in a way that ensures:
- Personal Data (i.e. Personal Information) is:
- processed fairly, lawfully and in a transparent manner; and
- collected and processed only for specified and lawful purposes.
- Processed Personal Data (i.e. Personal Information that is used, held or disclosed by SHO) is:
- adequate, relevant and not excessive;
- accurate and, where necessary, kept up to date;
- kept secure, and not longer than necessary;
- not transferred to countries outside the European Union without adequate protection; and
- treated in accordance with individuals’ legal rights.
Whilst SHO strives to provide all Users with appropriate access and control over their data, individuals covered by the GDPR are also able to:
- Prescriptively restrict, limit or otherwise provide instructions to SHO regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
- Verbally request the erasure (i.e. deletion) of their information; and
- Request SHO provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Users who exercise this right to data portability are also able to direct SHO to transmit this data to other entities who they intend to allow to process their Personal Data.
SHO will allow and assist Users that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).