PRIVACY POLICY

Updated to: May 25, 2018

Sprout Wellness Solutions Inc. ("Sprout") is committed to transparency in the collection, use and disclosure of your personal information.

By accepting our Privacy Policy and Terms of Service in registering to use our service, you consent to our collection, storage, use and disclosure of your personal information as described in this Privacy Policy.

If you have questions or complaints regarding our privacy policy or practices, please contact us as described in the section titled ‘Contact Us’.

Introduction

Sprout’s online tool enables you to better manage your health and wellbeing (the "Service"). In this policy, "Sprout" refers to Sprout Wellness Solutions Inc. and its Affiliates, which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership. We may also refer to Sprout as "We" or "Us".

This Privacy Policy describes:

  • The information We collect, how We do so and the purposes of our collection
  • How We use and with whom We share such information
  • How you can access and update such information
  • The choices you can make about how We collect, use and share your information
  • How We protect the information We store about you

If you access our Services from a third party site, you may be required to also read and accept the third party’s terms of service and privacy policy.

Information We Collect

Information We Receive about You

Sprout may request and store some or all of the following information, as allowed by you and your preferences:

  • your first and last name
  • your profile picture or its URL
  • your user ID number, which is linked to publicly available information such as name, profile photo, groups you belong to, events you are attending, challenges you are participating in, badges you have received and actions you choose to share
  • the login e-mail you provided at the time you registered
  • your physical location and that of your access devices
  • your gender if provided
  • your birthday if provided
  • your interests if provided
  • your wellness objectives if provided
  • your health concerns if provided
  • your vital stats such as height, weight, waist circumference, heart rate, blood pressure and cholesterol if provided
  • device type
  • browser type
  • operating system type
  • IP address
  • your medical history, family medical history and lifestyle habits
  • any other information that you may share with Us through communications with Us via email, telephone, fax, and/or any letters

By using the Service you are authorizing Sprout to collect, store, and use in accordance with this Privacy Policy any and all information that you agreed the third party could provide to Sprout. Your agreement takes place when you "accept" or "allow" (or similar terms) one of our applications.

Information We Collect from You Directly

When you interact with the Service (whether or not on a third party site) We may collect and store information from you directly as described below:

Registration Information

We may allow you to "register" with Us by using our Service directly and not through a third party site. We may provide a typical registration flow where you may be required to provide the following information: your age or birthday; your first and last names; your e-mail address; a password and other information that helps Us confirm that it is you accessing your account.

During the registration flow, we may provide you with the option to provide us with information related to your medical history, family medical history and/or lifestyle habits. We will use this information to provide you with customized content for your user profile, such customized content may include a calculated risk score, information about risk factors and recommendations based on the your risk score.

We may also offer you the option to complete a user profile that is visible to other users in your company of our Service. Your user profile may include: a profile photo; one or more Service username(s); your gender; your interests, details about your nutrition and fitness activity; and a user ID number that we create which is used to identify your profile.

The Sprout user ID number used to identify your account and profile will be public to users in your company and will appear in the URL of your profile page, but will only permit access to information that is considered public or that you have designated as public in your settings.

Your first and last names, profile picture and interests are considered "public" to users of the Service in your company.

Information We Receive or Collect When You Access Sprout Services on a Mobile Device.

If you use the Services on your mobile telephone or other mobile device, including iPads and tablets, We collect your mobile device identifier and IP Address. In certain Services, We will create and assign to your device an identifier that is similar to an account number. We may collect the name you have associated with your device, device type, country, and any other information you choose to provide, such as user name, character name or e-mail address.

Payment Information

If a third party is not paying for the Service on your behalf, We will collect the billing and financial information necessary to process your charges for the Services which require payment. Sprout may also receive the billing and payment information that you provide when your purchase is processed by a third party payment service provider, such as PayPal. We do not retain any payment processing information or any financial information such as credit card numbers. All such information is provided directly to our third party service provider processors, who use of your personal information will be subject to the respective payment processors’ Privacy Policy and Terms of Service.Technical and Usage Information.

When you access our websites or use our Services, We collect (i) certain technical information about your mobile device or computer system, including IP Address and mobile device ID; and (ii) usage statistics about your interactions with the Service. This information is typically collected through the use of server log files or web log files ("Log Files"), mobile device software development kits and tracking technologies like browser cookies to collect and analyze certain types of technical information. Some of the cookies the Service places on your computer are linked to your user ID number(s). For more information on how We utilize cookies and other tracking technologies please review the "Cookies and Automated Information Collection" portion of Section 3 ("How We Collect Information about You").

How We Collect Information about You

We may collect information about you in any one or more of the following ways:

Most personal information collected by Us is voluntarily supplied by you when you sign up for the Services. Therefore, it is important for you to understand that when you supply your information to Us you will give Us your consent to use your information according to this Policy. You may, at any time, withdraw your consent; however this may impede Our ability to fulfill the Service. Also, we only collect, use and disclose any of your Personal Information according to your settings and as absolutely required to provide the Service and to comply with any applicable law.

Information about Users and the Services they use

When you use one of our Services, Sprout collects and stores certain information that you provide directly or through the third party website that is offering our Service(s). To provide a richer experience, We also collect information about your interaction with the Service. The bulk of this information is collected and stored through the use of Log Files, which are files on our web servers that record actions taken on our Services and websites.

Share With a Friend Function

You have the ability to share your results and / or other data or information from the Services with your friends through email or social media. By sharing your results and / or other data through social media, you are authorizing us to share information we collect from and about you with the social media service provider, other users, and your network of contacts on the social media service, and you understand that the social media service's use of the shared information will be governed by the social media service's privacy policy and terms of use.

If you choose to share your results or other data or information from the Services through email, we will collect your name and email address, as well as the name and email address of your friend (the recipient). We do not use the names or email addresses submitted in these circumstances for any other purpose without the consent of you or the email recipient to do so. To fulfill our obligations under the Canadian Anti-Spam Legislation ("CASL"), please ensure that you only submit email addresses of individuals with whom you have a personal or family relationship and who would want to receive the message from you.

Communications Features

You may be able to take part in certain activities on our websites that give you the opportunity to communicate or share information not just with Sprout, but also with other users of our Service. These include:

  • tracking activities that appear in streams and leaderboards
  • participating in forums and message boards
  • posting public comments to other users' profiles or on a stream
  • sending private messages or invitations to other users, either directly on our websites or to their e-mail accounts
  • chat with other users
  • posting photos
  • linking certain actions to other social media outlets such as Facebook, Twitter, LinkedIn, etc.

We may record and store archives of these communications on Sprout's servers or alternatively on a third party service provider’s servers, to protect the safety and wellbeing of our users and Sprout's rights and property in connection with the Service. If your activities take place on third party sites then your communications may be stored on those sites and is subject to the privacy policies of those third party sites. You acknowledge and consent to the recording and storage of such communications for these purposes.

We give you the ability to opt out of the following by disabling in Privacy Settings:

  • show your name in the main leaderboard
  • show your name in the leaderboards for challenges
  • show in stream when you post some activities
  • show in stream when you post to a message board
  • show in stream when you join a challenge/event/group
  • show in stream when you create a challenge
  • show in stream when you create an event
  • show in stream when you create a group
  • show in stream when you change position on the leaderboard

Cookies and Automated Information Collection

When you access the Service, We collect certain technical information in order to (i) analyze the usage of our sites and services; (ii) provide a more personalized experience; and (iii) manage testimonials.

You can set your web browser to warn you about attempts to place cookies on your computer or limit the type of cookies you allow.

Other Sources

We may collect or receive information from other sources including third party information providers. This information will be used to supplement your profile - primarily to help you and your friends connect. It will be combined with other information We collect.

How We Use the Information We Collect

In general, We collect, store and use your information to provide you with a safe, smooth, efficient, and customized experience. For example, We may use information collected from you in any one or more of the following ways:

  • to create your user accounts and allow you to use our Services
  • to identify and suggest connections with other Sprout users
  • to suggest relevant activities and events
  • to enable user-to-user communications
  • to provide technical support and respond to user inquiries
  • to prevent fraud or potentially illegal activities, and enforce our Terms of Service
  • to deliver and target resources
  • to notify users of updates
  • to solicit input and feedback to improve Sprout products and services and customize your user experience

Social Media

We may offer you the opportunity to engage with our content on or through third-party social networking websites, plug-ins and applications. When you engage with our content on or through third-party social networking websites, plug-ins and applications, you may allow us to have access to certain information associated with your social media account (e.g., name, username, email address, profile picture, gender) to deliver the content or as part of the operation of the website, plug-in or application. For example, if you chose to sign-in to the Services through Facebook, you may authorize us to collect certain information from your Facebook profile. When you provide information from your social media account, we may use this information to personalize your experience on the website and on the third-party social networking websites, plug-ins and applications, and to provide you with other Services you may request.

How We Use the Information We Collect

We may use information collected from you, as described above, in any one or more of the following ways:

  • to create your user accounts and allow you to use our Services;
  • to identify and suggest connections with other Sprout users;
  • to suggest relevant activities and events;
  • to enable user-to-user communications;
  • to provide technical support and respond to user inquiries;
  • to prevent fraud or potentially illegal activities, and enforce our Terms of Service;
  • to deliver and target resources;
  • to notify users of updates;
  • to solicit input and feedback to improve the Services and customize your user experience;
  • to provide customized content to the users, such as the calculated risk factors, information about the risk factors and recommendations and goals based on the calculated risk factors; and
  • to comply with legal and regulatory requirements

One important use of your information is communication. If you have provided your e-mail address to Sprout, We'll use it to respond to (i) customer support inquiries, and (ii) keep you informed of your activity, including comments and invites from friends. Some messages, such as invites for friends to join you, may include your name and profile photo.

We may use information for any purpose if we anonymize it so that it no longer reasonably identifies you.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us using the contact details set out below.

Sharing of Your Information

We may transfer or disclose information as follows:

Third Party Service Providers

Your information may be disclosed, stored and / or transferred (or otherwise made available) to our affiliates and other third parties who provide services on our behalf. Our service providers are given the information they need to perform their designated functions, and are not authorized to use or disclose personal information for their own marketing or other purposes.

Your information may be stored and processed by us, our affiliates and other third party service providers in the United States, European Union or other foreign jurisdictions. In the event that personal information is transferred to the United States, European Union or other foreign jurisdiction, it will be subject to the laws of that jurisdiction and may be disclosed to or accessed by the courts, law enforcement and governmental authorities in accordance with those laws.

Partners

From time to time, we may partner with third parties to enhance our Services. With your consent, we may exchange certain personal information with these third parties.

Third Parties that Have Purchased Sprout on Your Behalf

We will provide information for aggregate reporting to third party companies who have purchased Sprout Services on your behalf, including aggregate participation in events, aggregate interests, aggregate health conditions, aggregate wellness objectives, improvements in aggregate health statistics. Our collection, use, and disclosure of anonymous aggregated information are not subject to any of the restrictions in this Privacy Policy.

Legal and Compliance We and our service providers may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise required or permitted by applicable Canadian, US or other law or legal process. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.Sale or Merger.

Personal information may be provided to third parties in connection with a business transaction, including a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Sprout or as part of a corporate reorganization, or stock or asset sale, or other change in corporate control, including for the purpose of determining whether to proceed or continue with such transaction or business relationship.

Aggregated Data

Sprout may share or sell aggregated data that does not identify you with third parties and the public in a variety of ways. When we provide this information, we take technical measures to ensure that the data does not identify you and cannot be associated back to you.

Our Policies Concerning Children

Our Services are not intended for children under the age of 16 and We do not knowingly collect any personal information from such children. Children under the age of 16 should not use our Services at any time. In the event that We learn that We have inadvertently gathered personal information from children under the age of 16, We will take reasonable measures to promptly erase such information from our records.

How to Access and Update Your Information

Information We Receive From a third party site when You use Our Service

To manage the information Sprout receives about you from a third party site where you use our Services, you will need to follow the instructions at that site for updating your information and changing your privacy settings. You can manage certain aspects of information collection and use by going to the settings of your (mobile) device and reviewing the permissions of each application.

Once Sprout receives your information from a third party site, that information is stored and used by Sprout in accordance with this Privacy Policy, and you may access and update that information as described below. User accounts created with Sprout are considered active until We receive a user request to delete them or deactivate them.

Other Methods of Accessing and Controlling your Information

If you no longer want Sprout to make active use of your information, you may send an e-mail to privacy@Sproutatwork.com. Place "Delete My Account" in the subject line and include your first name, last name, e-mail address and user ID number for the third party site from which you access our Services (if applicable) in the body of the e-mail. We will respond to your request within thirty (30) days. Please note that certain records, for example those pertaining to payments or customer service matters, will be retained for legal and accounting purposes. If you have sent or posted content on the Service, We may not be able to delete it.

If you wish to review or change the information Sprout has about you, and are not able to do so in your Sprout account, e-mail Us at the address provided herein.

If you have additional questions about this Privacy Policy, contact Us at privacy@Sproutatwork.com.

Your Sharing and Messaging Options

Information We Receive from Third Party Sites Where You use a Sprout Service

If you use our Services at a third-party site, Sprout will be able to access and store profile and other information about you as described above. The categories of information you share with Us will depend, in part, on the permissions you grant Us and the privacy settings you have established at the third party site where you access the application. Sprout does not offer an "opt out" option for specific fields that are shared by the third party site where you access and use the Service(s).

Opting Out of Other Communications

When you install our apps on your mobile device you can choose to receive push notifications. You can turn off push notifications by visiting the "options" or "settings" page within the relevant Service. You may also receive local notifications. You can turn off local notifications by visiting the "options" or "settings" page within the relevant Service.

We may e-mail or communicate with you from time to time if We need to provide you with information or if We need to request information from you with respect to a transaction initiated by you or for other legitimate non-marketing reasons.

Cookies and Additional Information about our Website

Visiting our Website: In general, you can visit our website ("Website") without telling us who you are or submitting any personal information. However, we collect the IP (Internet protocol) addresses of all visitors to our Website and other related information such as page requests, browser type, operating system and average time spent on our Website. We use this information to help us understand activity on our Website and to monitor and improve our Website.

Cookies: Our Website use a technology called "cookies". A cookie is a tiny element of data that our Website can send to your browser, which may then be stored on your hard drive so we can recognize you when you return. We use cookies on the pages on our Website where you are prompted to log in or that are customizable. If you have registered with our Website, these cookies (1) may let us know who you are, (2) may be necessary to access your account information (stored on our computers) in order to provide personalized services, and (3) will provide us and our service providers with information that we will use to personalize our Website in accordance with your preferences and interests. We and our service providers (such as Google Analytics) also use cookies to help us understand our website activity, to improve our Website and provide better customer service. For more information about Google Analytics, see www.google.com/policies/privacy/partners/. You may set your web browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our Website, you may not be able to take advantage of all of the features of our Website.

Tracer Tags & Web Beacons: Our Website may also use a technology called "tracer tags" or "Web Beacons". This technology allows us to understand which pages you visit on our Website. These tracer tags are used to help us optimize and tailor our Website for you and other future visitors to our Website.

Third Party Websites

Our Website may contain links to other websites that are not owned or controlled by us. We have no control over, do not review and are not responsible for the privacy policies of or content displayed on such other websites. When you click on such a link, you will leave our service and go to another site. During this process, another entity may collect personal information from you.

Safeguarding and Retention of Your Information

We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to your personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.

We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated above or to otherwise meet legal requirements.

Changes to Our Privacy Policy

We may update this Privacy Policy to reflect changes to our privacy practices. We encourage you to periodically review this page for the latest information on our privacy practices. Contact Us

Please contact our Privacy Officer if:

  • you have any questions or comments about this Privacy Policy,
  • you wish to access, update, and/or correct inaccuracies in your personal information, or
  • you otherwise have a question or complaint about the manner in which we or our service providers treat your personal information.

You may contact our Privacy Officer by email at privacy@Sproutatwork.com.

Security of Your Information

Sprout implements reasonable security measures to protect the security of your information both online and offline, and We are committed to the protection of customer information. In the event that We are aware of a breach of information We will inform you and your employer of the breach.

For user accounts registered directly with Sprout profile information is protected by the password each member uses to access their online account. It is important that you protect and maintain the security of your account and that you immediately notify Us of any unauthorized use of your account. If you forget the password to your Sprout account, the website allows you to request that instructions be sent to you that explain how to reset your password. When you sign into your account or enter payment information (such as a credit card number when purchasing virtual currency), We encrypt the transmission of that information using secure socket layer technology (""SSL"").

While We take reasonable precautions against possible security breaches of our websites and our customer databases and records, no website or Internet transmission is completely secure, and We cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your personal information safe (including your account password), and to log out of your account after use. If your third party site account is hacked, this may lead to unauthorized use of Sprout Service you have registered to use, so be careful to keep your account information secure. If you have questions about the security of our websites, please contact Us at privacy@Sproutatwork.com.

Unfortunately, the transmission of information over the Internet is not completely secure. Although We strive to protect your personal data, We cannot guarantee the security of your data while it is being transmitted to our site; any transmission is at your own risk. Once We have received your information, We have procedures and security features in place to try to prevent unauthorized access.

Personal information collected by Sprout may be transferred to, stored and/or processed in the United States or Canada. While in such other jurisdiction, the information may be accessed by the courts, law enforcement, and national security authorities of that jurisdiction.

Changes to Our Privacy Policy

If We decide to make material changes to our Privacy Policy, We will notify you and other users by placing a notice on Sproutatwork.com or by sending you a notice to the e-mail address We have on file for you. We may supplement this process by placing notices in our Services and on other Sprout websites. You should periodically check Sproutatwork.com and this privacy page for updates.

Right to Access

Users in certain jurisdictions have a right to access personal information held about themselves. Your right of access can be exercised in accordance with applicable law. Please submit any requests for access to your personal data in writing to privacy@Sproutatwork.com.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal information. You may have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information's accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us using the details set out below.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Contact Us

If you have any questions, comments or concerns regarding our Privacy Policy and/or practices, please send an e-mail to privacy@Sproutatwork.com. All other inquiries should be directed to Sprout's Feedback Page or support@Sproutatwork.com.