Privacy Policy and Statement of Personal Data Protection

 

1.                  Presentation

 

OMNI SOLUÇÕES EM DESENVOLVIMENTO E REPRESENTAÇÕES LTDA ("Omni"), legal entity under private law, registered in the brazilian register of legal entities (CNPJ) under n. 30.320.357/0001-18, with address at 581, room 402, Ouro Preto Street, Barro Preto neighborhood, zip code 30.170-044, in Belo Horizonte/MG, Brazil, has as a priority the security and personal data protection of its customers and other holders with whom it relates, which is why it digitally signs this instrument in the following terms:

 

Based on the above assumptions, Omni commits to respect the privacy and to protect the information that are trusted to it, under the terms of this Statement of Privacy Policy and Personal Data Protection (“Policy” or “Privacy Policy” or “Instrument”) and, naturally, Law n. 13.709 (“General Personal Data Protection Law” or “LGPD”) and other applicable rules.

 

2.                  Which expressions are important and what do they mean?

 

In order to provide clear and accessible information to data subject and third parties, Omni registers below the definition of certain expressions used in this instrument:

 

ANPD	ANPD is the acronym that represents the National Data Protection Authority in Brazil, which is the governmental institution responsible for supervising and regulating personal data processing, especially within the scope of the General Personal Data Protection Law.
Anonymization	Anonymization is the process in which, through the use of reasonable and available techniques at the time of processing, personal data loses the possibility of direct or indirect association with an individual. Therefore, after the anonymization process, the information ceases to be Personal Data and becomes Anonymized Data, which can also be called just Information or Quantitative Data.
Apollo	APOLLO is a multiparameter system that uses thermograms and biomarkers to calculate the fatigue index of athletes through an algorithm, in order to allow professionals from club’s health and performance department, based on more assertive quantitative and qualitative analyses, balance their players' training and recovery loads, minimizing, so, the probability of muscle injuries.
Apollo App	The APOLLO application, together with the APOLLO system, offers an interface for mobile devices of some of the functionalities existing in the APOLLO software itself, allowing the Client to monitor information and data entered into the system by the User.
Client	Omni's Customer is usually a club that intends to improve the training loads and recovery of its athletes through Apollo.
Controller	Controller is the natural or legal person who owns and processes the personal data of the data subject, having, over such data, the power to decide on how the treatment will be done and for what purpose. Example: Omni when collecting personal data from the club's legal representative and professionals from the health department.
Cookies	Cookies are small text files stored in your browser or device and are used to recognize preferences, access information, identify the Internet terminal, record access and activities on the page etc.
Anonymized data	Anonymized data are data related to the data subject that cannot be identified, considering the use of reasonable and available techniques at the time of processing, therefore, they are not considered personal data, under the terms of the legislation. Example: injury statistics.
Personal data	Personal data is all information that directly identifies a natural person or makes them identifiable. Examples: name, CPF, address, phone, email, etc.
Sensitive personal data	Sensitive personal data are more intimate data that, due to their nature, require more rigorous protection. These are those data concerning racial or ethnic origin, religious conviction, political opinion, trade union or religious, philosophical or political organization membership,, data concerning health or sex life, genetic or biometric data. Examples: blood type, BMI, race, gender etc.
Data Protection Officer	Data protection officer (DPO) is the person named by the controller and processor to act as a communication channel between the controller, the subjects and the National Data Protection Authority (ANPD).
LGPD	LGPD is the acronym used to refer to the General Data Protection Law, Federal Law n. 13.709/2018, from Brazil, which regulates the processing of personal data.
Processor	Processor is the natural person or legal entity that processes the data, but always in the name and asked by a controller. The processor, therefore, actually processes the personal data, but does not have the power to decide on such treatment, which competes to the controller. Example: Omni when storing data inserted into Apollo.
Data subject	The data subject is the individual, always a natural person, identified or identifiable from the personal data. He is, therefore, the one to whom the personal data that are the object of processing refer to and who, in this way, has the rights regulated by law. Examples: clubs athletes, whose data is inserted into Apollo.
Processing	Processing of personal data is any operation carried out with personal data, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination or extraction. Example: inserting data into Apollo.
User	User will be the natural person or legal entity who has a login in the system developed and marketed by Omni. Example: clubs professionals, who have access to Apollo.

 

3.                  When does this Policy apply?

 

This Privacy Policy applies to treatments carried out by Omni within the Apollo mobile app.

 

The terms of this Privacy Policy does not apply, however, to the legal relationship maintained between Omni Customers and their respective athletes, whose personal data may be inserted, carried and processed, or stored and hosted at Apollo, and the treatment of these will be governed by the respective rules and Privacy Policies of the clubs.

 

4.                  How do we treat personal data?

 

For the effective offer of solutions marketed by Omni and as a result of their use, personal data may be inserted into Apollo mobile app. Thereby, such data will be processed by Omni for the purpose of executing the respective contract and providing the contracted services.

 

The personal data that will be inserted into Apollo will depend on the Client's contract, according to their needs, and may include, but not limiting, the following data: 1) athletes' identification data (name, age, sex, height, position etc); 2) athletes' medical data (history of injuries, imaging exams, thermograms, biomarkers, body composition data etc.); 3) athletes' performance data (including athletes' pre-workout and post-workout data, hours slept, location and intensity of muscle pain, nutritional information); 4) capture of images of heat and movement of athletes, when using a thermographic camera.

 

Data, whether anonymized, personal or personally sensitive, will be entered into the Apollo mobile application by both the Customer and the User, and, however, that Omni will not be responsible for the legality of the processing of personal data of athletes or other data subjects inserted into Apollo app, and, in this case, it will be considered a Personal Data Processor and, therefore, will act according to the guidelines of the Client.

 

5.                  How will the data be used?

 

Data inserted into Apollo app will only be used for the purpose of providing and developing the system's functionalities, which may include the following: information from thermograms and biomarkers, allowing the athletes' fatigue index to be calculated; more assertive quantitative and qualitative analysis of anatomical regions more prone to the incidence of muscle injuries; recovery curves for athletes, individualized training and recovery loads, with the purpose of reducing the incidence and severity of muscle injuries.

 

Omni will be able to use the information collected by Apollo app for the purposes of research and scientific publications, carry out tests, implement improvements in the platform and develop new projects that are of its scientific and commercial interest, guaranteeing, whenever possible, the anonymization of the data, in respect to the rules of the LGPD.

 

6.                  When can data be shared?

 

Omni only shares personal data with service providers, under the terms of the signed contracts, with the safeguards of confidentiality and protection of these, in addition to as a result of legal obligation or judicial order.

 

The personal data collected or processed by Omni can only be used by the respective suppliers or service providers for the specific purposes of the contracting perspective, being responsible for the security of the data processing, for the access to this data and for the processing within the strict limit authorized by Omni, in the terms of this Privacy Policy and supported by the LGPD.

 

7.                  What are the data subjects' rights?

 

All data subjects, of which and when Omni appears as Controller, have the following rights:

 

a)      Confirmation of the processing of your personal data;

b)      Access to personal data;

c)      Correction of incomplete, inaccurate or outdated personal data;

d)     Anonymization, blocking or deletion of unnecessary, excessive or incorrectly processed personal data;

e)      Data portability, if applicable;

f)       Deletion of personal data processed with the consent of the subject;

g)      Information about the possibility of not providing consent and the consequences of the refusal;

h)     Revocation of consent previously given; and

i)       Opposition to certain processing of personal data, when carried out in one of the cases of dismissal of consent.

 

For any hypothesis described above, the data subject must contact Omni through the email dps@fonsecabraz.com.br, so that his request is analyzed and answered.

 

8.                  How can the international transfer of Personal Data happen?

 

Omni may transfer Personal Data collected in other countries to Brazil, depending on the country in which the customer is located.

 

Also, the third party services we use, especially regarding cloud storage, may be based abroad or have part of their operations in other countries, which may configure international data transfer. In any case, we use third party services that seek to adopt adequate standards in privacy and protection of Personal Data, particularly in harmony with General Regulation 2016/679 (“General Data Protection Regulation” or “GDPR”), and Cal. Civ. Code Title 1.81.5, § 1798.100 et seq. (“California Consumer Privacy Act” or “CCPA”).

 

9.                  How long will Personal Data be stored?

 

We will only keep Personal Data for as long as is necessary to fulfill the contractual purposes, including for the purposes of complying with any legal obligations, accountability or requests from competent authorities.

 

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the purpose of processing and applicable legal requirements.

 

10.             What are the measures of Information Security adopted?

 

Omni's priority is to ensure the security, confidentiality and secrecy of personal data handled by Omni, as well as inserted into its platforms, so that the systems used for the personal data  processing are structured to attend security requirements, good practices and governance, in addition to the other provisions set forth in the LGPD.

 

Omni works hard to protect data subjects from any unauthorized access, alteration, disclosure or destruction of the information it holds, adopting technical and administrative security measures, which include:

 

i)     Continuous backup of systems and data stored in the cloud;

ii)   Use of Firewall to prevent unauthorized access to Omni and Apollo app servers;

iii) Use of encryption to keep your data private;

iv) System access records (access logs);

v)   Analysis of information collection, storage and processing practices, including physical security measures, to prevent unauthorized access to systems; and

vi) the restriction of access to the database.

 

The guidelines established in this policy and in the other norms and procedures for the protection of personal data are not exhausted due to the continuous technological evolution, current legislation and the constant emergence of new threats and requirements, and may be periodically updated by Omni.

 

11.             Important informations

 

Omini is always looking to improve its processes, for this reason, this Privacy Policy may pass by updates at any time, without prior notice, so we recommend periodically visiting this page to check for any updates.

 

For the purposes of establishing communication between Omni, data subjects and the National Data Protection Authority (ANPD), Fonseca Braz Sociedade de Advogados is appointed as the Data Protection Officer, available via email dpo@fba.legal.

 

In case of doubts related to this Policy or exercise of the rights provided to data subjects, interested parties may contact us through our Data Protection Officer, at the e-mail address indicated above.

 

This Policy was last updated on February 14, 2024.