Effective as of 20 June 2018
Under the Act, “Personal Information” is defined as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”
SHO is the provider of a real time fantasy sports app, websites and social prediction platform (collectively ‘SHO Platform’) through which individual Users participate in dynamic, skill based predicting competitions related to specific sporting codes.
In providing the SHO Platform, we are sensitive to Users’ concerns about the safety of their Personal Information.
In essence, SHO will typically only:
SHO has developed our privacy framework to assist Users, and to comply with privacy legislation and regulations applicable to us and our management of your Personal Information.
SHO collects Personal Information from individuals in one of three main ways:
The specifics of Personal Information collected in each situation is discussed further below.
(a) Personal Information collected directly
When Users sign up and use the SHO Platform we collect the following types of Personal Information directly and consensually from you:
We will collect the following types of information from Users as they use the SHO Platform:
If a User decides to purchase SportsHero Coins or other virtual tokens we will collect:
If a User wins a competition we will collect the following types of Personal Information directly and consensually from you:
If you make an enquiry or sends us unsolicited feedback we may collect the following types of Personal Information directly and consensually from you:
When you respond to a survey we may directly and consensually collect the Personal Information disclaimed on the survey form.
When you make an application for employment at SHO, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of your application.
(b) Personal Information collected passively
As you interact with the SHO Platform or advertisements, we may collect the following types of Personal Information about your usage:
(c) Personal Information collected from third-parties
In certain specific situations, SHO will collect Personal Information about you from third-parties. The types of Personal Information collected include:
Although SHO collects Personal Information from Users in a number of circumstances, SHO will only collect this information in order to provide and develop the SHO Platform. Here are the main ways we use Personal Information to achieve these objectives:
Communicating with Users
SHO will use basic User, account and contact to communicate with individuals about their feedback or issues with the SHO Platform.
SHO will also use prize delivery information to verify the identity of competition winners, and winner’s interview information to congratulate winners of our competitions over the SHO Platform.
If Users have consented, SHO will also use these types of Personal Information to share relevant news and updates about SHO and the SHO Platform.
Administration and delivery of SHO Platform
SHO will use basic User and account information, as well as other basic preferences to provide you with the baseline experience over the SHO Platform (e.g. allowing you to participate in competitions and accrue points and SportsHero Coins).
If you have registered using third-party service or platform information SHO will also use this for the same reasons.
SHO will use your basic User information for simple administrative tasks, such as resetting account passwords.
SHO will use your payment related information to allow you to purchase SportsHero Coins (or other virtual tokens when applicable).
SHO will use your sporting preferences to tailor your in-app experience in using the SHO Platform.
Ensuring User safety
SHO will also use any type of information collected to prevent and address risks to all Users (e.g. SHO will use information to investigate suspicious or threatening activity).
Research and development
SHO will use the following types of information to develop, test and improve the SHO Platform:
Together these types of Personal Information are used to provide us with an overview of how the SHO Platform is being used, any shortcomings it may have, and subsequently to highlight what will be the best means of improving the experience for all Users.
SHO’s preference will be to de-identify these types information first, and then use it for this purpose in conjunction with de-identified browser and device information (see section 6 below for an explanation of what we mean by “de-identified”).
Where Users have expressly consented, SHO will use basic contact, enquiry and account information to provide Users with relevant marketing materials and offers. Users can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).
Where applicable SHO will use winner’s interview information to encourage continued participation in our competitions.
Generally, SHO does not disclose Personal Information to any third-parties except:
Some of the third-parties SHO discloses Personal Information to are located overseas. This is particularly the case for our third-party software and cloud service providers which are currently located in the United States and China.
Sometimes we may also disclose the Personal Information of Users to our third-party partners located in specific jurisdictions such as Indonesia. Typically, the Personal Information disclosed in these circumstances will only relate to Users who access and use the SHO Platform from the relevant jurisdiction.
As with disclosures to third-party service providers, overseas disclosures are always made once SHO has taken all reasonable steps to determine the information will be treated at least as favourably under the Act and other applicable privacy laws.
SHO’s general approach
SHO will keep your Personal Information confidential and not sell or knowingly divulge User information to any external third-parties, unless:
SHO seeks the informed and voluntary consent of individuals whenever it collects their information, or as soon as possible after.
Users can always refuse or revoke this consent, but sometimes this will affect SHO’s ability to provide them with the SHO Platform. SHO will advise Users if this is the case.
De-identified information refers to information that cannot reasonably be used to identify a particular individual.
De-identified information that will never be able to personally identify particular individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with the SHO Platform). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. account ID numbers).
Where possible SHO will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.
However, sometimes it will be impractical for User information to be de-identified or treated in this way, and in this case, SHO will continue to use and hold the information in a personally identifiable state. For example, if SHO needs to reply to a User enquiry we will have to use the contact information provided.
SHO is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached (e.g. SHO has developed an extensive Data Breach Response Plan which we use to prepare and respond to data breaches).
When information collected or used by SHO is stored on third-party service providers (e.g. Azure or AWS cloud servers), SHO takes reasonable steps to ensure these third-parties use industry standard security measures that meet the level of information security SHO owes Users.
As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.
In the circumstances where SHO suffers a data breach that contains Personal Information, we will endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the Act.
SHO retains Personal Information until it is no longer needed to provide or develop the SHO Platform, or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.
However, SHO will retain:
Users who are habitually located in the European Union (‘EU Residents’) have additional rights in respect of their Personal Data (a term that is fundamentally interchangeable with Personal Information).
Users who are EU Residents should refer to Schedule 1 for more information regarding SHO’s privacy practices in relation to their Personal Data.
Accessing and ensuring the accuracy of Personal Information
SHO takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.
Users have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. SHO will grant access to the extent required or authorised by the Act and applicable laws, and will take all reasonable steps to correct the relevant Personal Information where appropriate.
There may be circumstances in which SHO cannot provide Users with access to information. We will advise you of these reasons if this is the case.
SHO has appointed a Privacy Officer to be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.
SportsHero Limited (ABN 98 123 423 987)
29 Brookside Place
Lota, Queensland 4179
If you have any queries or wish to make a complaint about a breach of this policy or the Act you can contact or lodge a complaint to our Privacy Officer using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.
The Privacy Offer will respond to your query or complaint as quickly as possible. SHO will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via www.oaic.gov.au.
SHO is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).
Under the GDPR, SHO is primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of its’ GDPR compliance, SHO provides the SHO Platform in a way that ensures:
Whilst SHO strives to provide all Users with appropriate access and control over their data, individuals covered by the GDPR are also able to:
SHO will allow and assist Users that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).