Data Security and Privacy Policy
1. Introduction
This Data Security and Privacy Policy has been developed to ensure compliance with the General Data Protection Law (LGPD), Law No. 13.709/2018, and the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679. The goal is to protect the personal data of our users and ensure transparency regarding how their information is processed in the personalized fitness consulting app.
Our commitment is to ensure that all personal data provided by users is processed with the highest security, in compliance with privacy rights and data protection principles.
2. Definitions
- Personal Data: Information that identifies or can identify a person, such as name, age, email address, among others.
- Data Processing: Any operation performed on personal data, such as collection, storage, alteration, deletion, etc.
- User: Any person who uses our app to access personalized fitness consulting services.
- Data Controller: The entity that determines the purposes and means of processing personal data. In this case, the company responsible for the app.
- Data Protection Officer (DPO): The professional responsible for data protection and communication with data subjects and data protection authorities.
3. Data Collection
We only collect the personal data necessary to provide personalized fitness consulting services throught our APP (Google Play: THEODEANGELIS / App Store: My PT Hub), including:
- Registration Information: name, email, age, gender, health/fitness goals.
- Health Data: weight, height, health history (when voluntarily provided by the user).
- Usage Data: interactions with the app, such as training plans, usage frequency, etc.
4. Purposes of Data Processing
The personal data collected is processed for the following purposes:
- Provision of personalized fitness consulting services.
- Improving user experience and personalizing training plans.
- Analytics and reports to optimize services.
- Communication with the user regarding updates, news, or issues related to the services offered.
- Compliance with legal and regulatory obligations.
5. Legal Basis for Data Processing
Our processing of personal data is based on the following legal grounds:
- Explicit consent of the data subject (art. 7, I, LGPD and art. 6, 1, a of GDPR), when the user accepts our privacy policy or provides data directly through the app.
- Contract performance (art. 7, V, LGPD and art. 6, 1, b of GDPR), when processing data is necessary to provide fitness consulting services.
- Compliance with a legal obligation (art. 7, II, LGPD and art. 6, 1, c of GDPR), in case of legal or regulatory requirements.
6. Rights of Data Subjects
Users have the following rights regarding their personal data:
- Access: To obtain confirmation about the existence of processing and access to their personal data.
- Correction: To request correction of incomplete, incorrect, or outdated data.
- Deletion: To request deletion of personal data, as applicable, especially when the data is no longer necessary for the original purpose.
- Portability: To request the transfer of their personal data to another service provider.
- Withdrawal of Consent: To withdraw previously given consent, when applicable, without affecting the legality of the processing carried out before the withdrawal.
- Objection: To object to the processing of personal data based on legitimate interests or for direct marketing purposes.
These rights can be exercised by submitting a request to our Data Protection Officer (DPO), as detailed in the "Contact" section.
7. Data Security
We adopt appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Data encryption for sensitive information.
- Restricted access control to personal data.
- Continuous monitoring of systems to identify potential vulnerabilities.
- Ongoing staff training on best practices for data security and protection.
8. Data Sharing
Personal data may be shared with third parties in the following situations:
- With service providers: To enable the functioning of the app (e.g., hosting servers, payment services, data analytics tools). These service providers are contractually obligated to protect personal data in accordance with this Policy.
- As required by law or regulation: When required by competent authorities, as per applicable laws.
We do not sell or share personal data for marketing purposes without the explicit consent of the user.
9. Data Retention
Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, and regulatory obligations. After this period, data will be deleted or anonymized, as permitted by applicable legislation.
10. International Data Transfers
In cases where personal data is transferred outside of Brazil or the European Union, we will take the necessary steps to ensure that the transfer complies with LGPD and GDPR provisions, including the execution of standard contractual clauses or other appropriate legal mechanisms.
11. Changes to This Privacy Policy
This Privacy Policy may be periodically updated. Any changes will be published in our app, and the most recent version will always be available for consultation. We recommend that users periodically review this document to stay informed about our data protection practices.
12. Contact
For questions or requests related to personal data protection, please contact us via email at theodeangelis@hotmail.com.br].
13. Compliance with LGPD and GDPR
This Policy has been drafted in compliance with the General Data Protection Law (LGPD) and the General Data Protection Regulation (GDPR), with the commitment to ensure transparency, security, and privacy of our users' personal data.
Last updated: October, 06 2024
---
This policy ensures that the collection and processing of personal data are carried out transparently, securely, and in accordance with both Brazilian and European data protection laws.