Privacy Policy

1. OUR COMMITMENT

This Privacy Policy governs the usage, processing and managing of the personal data of users (hereinafter “User” or “Users”), collected in the context of their use of this website erakulis.com (hereinafter “Website”), and the mobile application available on the App Store and Google Play (hereinafter, “App”) by ERAKULIS, LDA. (“ERAKULIS®”).


ERAKULIS® is committed to helping you on your journey towards the perfect balance between physical health and well-being, improving the services (hereinafter “Services”) offered and ensuring compliance with the obligations under General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter “GDPR”) and other applicable legislation related to data protection.


The respect for your privacy, the protection of your personal data and the compliance with the legal obligations applicable in this area is a priority for us, which is why we are committed to only processing your personal data that is strictly necessary for us to provide you with the best service, ensuring lawfulness, fairness and transparency and applying the best practices in the field of security and protection of personal data.


The processing of personal data implies knowledge and acceptance of the Terms and Conditions of Use of the Website and App (hereinafter referred to as the “Terms and Conditions”).

2. DATA CONTROLLER

The Data Controller of your personal data is ERAKULIS, LDA., with a registered office at Rua de Gondarém, no. 867, 4150-374 Porto, registered at the Commercial Registry Office under the sole registration and tax identification number 516 503 219.

3. PURPOSES, LAWFULNESS OF THE PROCESSING AND RETENTION PERIOD

We hereby inform you about the purposes and lawfulness of processing your personal data:



I. Website/App Management

ERAKULIS® needs to process data such as IP, and location, to operate the Website/APP allowing the User to have access of the Services.


This data processing is based on your consent.


Your data will be stored for up to 6 (six) months after your last visit to the site and in accordance with the information provided in the Cookies Policy.



II. To provide you the Services

ERAKULIS® processes your personal data, such as your personal characteristics, preferences, and daily routines, to provide you, as User, with the functionalities that can best serve your personal goals within the scope of our Services.


We profile your preferences and fitness activity to monitor the degree of engagement in different features of our Services, so that we can offer Services more effectively and adapt features or content to match your individual usage patterns and preferences. We often decide how to improve the Service based on the results obtained from this processing.


To examine the usage patterns of visitors on the Service and evaluate the efficiency of certain advertisements, we employ Google Analytics, a web analysis program provided by Google. Through Google Analytics, we obtain information, especially regarding the data you input on our website and user interactions within the site. Google provides the option to impact the collection and processing of information generated by Google, primarily through the installation of a browser plug-in, which can be found here. Further details on how Google utilizes this information can be found here.


ActiveCampaign is a platform that we use that allows us to conduct research and analysis that enables us to make data-driven decisions, optimize our services, and enhance your overall experience. ActiveCampaign collects data related to your interactions with our email campaigns, website visits, and engagement with marketing materials. This data is instrumental in understanding your preferences, improving our targeting strategies, and refining our services to better meet your needs. You can find information specific to ActiveCampaign privacy here.


We use Facebook Analytics, a service offered by Facebook that provides us with a variety of analytical tools. Through Facebook Analytics, we access aggregated demographics and insights, including details on the number of app launches, user purchase frequencies, and other user interactions.


SEMrush is a leading marketing analytics platform that we use to collect data related to your interactions with our online content, advertising campaigns, and overall website engagement. This data is crucial for understanding your preferences, optimizing our content, and improving our marketing strategies to provide you with a more personalized and relevant experience. Privacy information regarding SEMrush can be found here.


Additionally, we make use of Firebase Analytics, an analytics service offered by Google. To gain insights into how Google handles data, please consult Google`s partner policy. For details specific to Firebase Privacy, you can find information here.


Providing you the Services also involves facilitating a smooth usage experience of the Service for you and addressing any service errors or technical issues that may arise.


For the hosting, operation, and distribution of our App, we employ Amazon Web Services, a hosting and backend service offered by Amazon, to manage personal data.


We also use AWS CloudWatch, a monitoring and observability service provided by Amazon Web Services (AWS) that allows us to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in AWS resources.


To oversee the infrastructure and assess the performance of the App, we utilize Crashlytics, a monitoring service provided by Google. Refer to its Data Collection Policy for further details.


Our monitoring services also encompass Firebase Performance Monitoring and Firebase Crash Reporting, both furnished by Google. For additional information, kindly explore Google's Privacy Policy and Privacy and Security within Firebase.


The processing of this data is based on pre-contractual measures or execution of the Services governed by the Terms and Conditions of Use and, in the omission, by the general principles right.


Your data will be kept for up to 2 (two) years after the Subscription cancellation or, if it has not been concluded, up to 6 (six) months after the start of the hiring process, without conclusion.



III. Push-up notifications and in-app messages

To keep User's motivation and focus on achieving their goals, ERAKULIS® may send "push-up" notifications or “in-app” messages with reminders and messages related to the Services that have been subscribed, being able to change the default setting in your device's settings.


The tools we employ for these objectives may gather information regarding the specific date and time when our Users viewed a message and their corresponding interactions, such as engaging with included links by clicking on them.


For communication purposes, we utilize Firebase Cloud Messaging and Firebase Notifications, both message-sending services supplied by Google. Through Firebase Cloud Messaging, we can send messages and notifications to users of our App on various platforms, including Android and iOS. Integrating Firebase Notifications with Firebase Analytics enables the creation of audiences based on analytics and tracking of opening and conversion events. Refer to Google's Privacy Policy for more information.


This data processing is based on your consent.



IV. Payments. Management of Subscription

If you ask us to indicate your tax identification number in our subscription, for the purposes of issuing invoices for the acquisition of goods and Services, we will need to register it and subsequently transmit it to the Tax Authority, basing this processing on compliance with a legal obligation.


ERAKULIS® uses third-party services to process payments. ERAKULIS® does not store or collect your payment card data, as this information will be provided directly to payment processors.


Your data will be kept, by legal obligation, for a period of 10 (ten) years.



V. Marketing

We process your personal data to send you communications with news, campaigns and offers, discounts or benefits, generic or targeted, via SMS and/or email.


This data processing is based on your consent and/or based on our legitimate interest if your contact has been collected in the context of a previous commercial transaction.


At any time, you may withdraw your consent or oppose the receipt of this type of communications, either through the settings of your personal account or through each communication we send you.


Your data will be kept until you withdraw your consent and/or 2 (two) years upon the last interaction.



VI. Processing of special categories of data

The User is the only responsible and mentor of his own physical and mental health.


ERAKULIS® processes special categories of data, eg. Health, to aggregate into your process in relation to the physical health and well-being goals you want to achieve.


For the sake of clarity, ERAKULIS® is not a medical entity and will not provide you with any diagnosis or medical advice. The main goal and scope of our Services is to help the User to achieve the best balance between physical health and well-being, being able to access our nutritional and training plans adapted to their needs and having a space where they can share their condition progress. As such, the information made available by our Services and our partners must be used exclusively for recreational and educational purposes, and you should always consult your doctor before starting a diet, a fitness monitoring program or if you experience any pain or discomfort.


This data processing is based on your previous consent.


Your data will be kept for up to 2 (two) years, after User`s last interaction.



VII. User support. Management of account, contacts and complaints

We also need to process your data to respond to your requests for specialized technical support, subscriptions support, information about our Services, suggestions, complaints, or any other communication initiated by the User.


To fulfill this objective, we may transmit notifications or emails to you concerning various aspects, such as the performance of our Services , security updates, payment transactions, as well as notifications related to our Terms and Conditions of Use or this Privacy Policy.


In this regard, we inform you that we use Amazon Simple Email Service, a cloud-based email sending service provided by Amazon Web Services. We use this tool to help us send marketing, notification and transactional emails in a secure and efficient manner. You can find more about Data protection in Amazon Simple Email Service here. We also encourage you to visit the Amazon Web Services Privacy Notice.


This processing is based on ERAKULIS®’s legitimate interest in following up on your requests.


Your data will be kept for a period of 2 (two) years after the last contact.



VIII. Personalised advertising

ERAKULIS® uses your personal data to customize ads and show those ads to you at a relevant time. However, we do not use your health, fitness and physical activity engagement data to personalize our ads.


Be aware that you can opt out or influence personalized advertising and you can find information about how to do so here.


We respect your ability to shape the advertisements you encounter. Therefore, we're informing you about the service providers we utilize for this purpose and explaining how some of them grant you control over your ad preferences.


We use Facebook Ads Manager and Facebook Custom Audience to select specific audiences for our ads on Facebook and its affiliated products, such as Instagram. Through Facebook Custom Audience, we can target ads to users based on specific criteria, such as actions taken within our App. This means you might see more of our ads on Facebook and related platforms.


Facebook provides additional tools for users to manage the ads they see on its platform. For details on adjusting your ad preferences on Facebook, visit this link or modify your settings directly on Facebook.


Google Ads, a service by Google, allows us to display ads to users based on their interactions with our App, such as making a purchase or completing a program. Google offers options to opt out of personalized ads and restrict data usage by Google Analytics for more privacy.


This processing is based on ERAKULIS®’s legitimate interest in providing relevant and targeted promotional content of our services to users.



IX. To enforce our Privacy Policy and Terms and Conditions and to prevent and combat any abuse of our services



We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies.


This processing is based on ERAKULIS®’s legitimate interest in preventing and combating the use of the Service in an abusive way, non-compliance with our Terms and Conditions and enforcing our legal rights.



X. To comply with legal obligations

Your data may also be communicated to authorities or third parties when the transmission is carried out to comply with a legal and/or contractual obligation, by requirement of the Supervisory Authority and/or by judicial order.



XI. Other relevant information

If the lawful basis for the processing of your personal data is consent or legitimate interest, you may withdraw consent or oppose the processing, at any time, without any consequences arising therefrom. The consent withdrawal, however, does not compromise the lawfulness of data processing in the meantime.


If consent is withdrawn or your express opposition is verified, we will immediately cease processing your personal data for the purpose in question, unless there is a need to process such data to comply with a legal and/or contractual obligation.


We only keep your personal data for the period strictly necessary to fulfil the purposes identified above.


Once the defined retention period has expired, we undertake to eliminate, destroy, or anonymize your personal data. Except for data that, by default must be kept to fulfill a legal obligation.



XII. Minors

ERAKULIS® does not intend to process personal data of people under 18 years old.


We encourage parents and guardians/legal representatives to monitor their children's use of the Internet and to help us enforce our Privacy Policy by instructing their children never to provide any personal data through our Services without their permission.


For the sake of clarity, it is not ERAKULIS® responsibility to verify that the child's parent/guardian/legal representative has consented to the processing of the child's personal data, beyond reasonable efforts given the available technology.


If you noticed that a minor has provided us with personal data without the consent of their parents or legal guardians/representatives, please contact our support team at the following email address: support@erakulis.com

4. CATEGORIES OF DATA

In the context of the purposes mentioned above, ERAKULIS® only processes data that is strictly necessary for the pursuit of these purposes. We namely collect: data that you voluntarily give us, data provided by third parties, data that we collect automatically.


4.1 Data you give us


When you register a new online profile account to use the Services, you provide us information about yourself that is included in the following table:


Identification and contact data

Eg. name; e-mail; phone number; address; country; tax number; birth; gender.



When you opt to use specific Services we offer, such as scheduling appointments with professionals, we will request your consent to collect the following information necessary to provide you with that service:


Sensory data

Eg. audio and visuals.



In addition, ERAKULIS® may process special categories of personal data, such as:


Physical features and data regarding physical activities engagement

Eg. height; weight; calories burned, number of steps, distance walked, duration of training.

Daily routines

Eg. physical exercise preferences and routines; diet preferences and routines;

Health data

Eg. medical records and historical (physical and psychological status).


Regarding this special category of personal data, we will strive to ask your consent for processing such data and provide you with an easy option to withdraw the consent.


4.2 Data provided by third parties


We use Apple Health Kit from Apple and Google Health Connect from Google in order to access the central storage location for health and fitness data on wearables. Both Health Kit and Google Health Connect allow apps to communicate with them in order to access and share this health and fitness data. Apple Health Kit allows us to receive health data stored on the iPhone or Apple Watch. Google Health Connect allows us to receive health data stored on an Android phone. Whether the User expressly consents on his/her device, ERAKULIS® may receive data, namely health and fitness data (as identified below) about his/her activity with GOOGLE HEALTH CONNECT and APPLE HEALTH KIT. We use this data to learn more about the user`s habits, optimize the customized plans, and above all help you achieve your fitness goals. It`s the sole User`s responsibility to read the privacy policies and terms and conditions of such applications.


Data regarding physical activities engagement

Calories burned; number of steps; distance walked; duration of training; types of exercises.

Daily routines

Water intake.

Health data

Heart rate; blood pressure; body fat; body water mass; bone mass; body measures; body temperature (Apple only).


4.3 Data we collect automatically

When you engage with our Services, we automatically gather specific information through methods such as cookies, web server logs, web beacons, and other technologies. These automated tools enable us to amass data about your devices, internet connection, browsing behavior, and usage tendencies. Additionally, insights into your interaction with our Services, encompassing visited features, pages, search queries, and download errors, are also acquired. You can see data we collect automatically in the following table:


Web browsing and App interaction data

Eg. electronic identifier, start or end date/time of connection, date/time when the User read the message/notification sent by ERAKULIS®, interaction history and host, username, and password and location.


The utilization of these technologies serves various purposes, including:


(i) Information Retention: We use these tools to remember your details, eliminating the need for you to repeatedly input them.


(ii)Tracking and Understanding Usage: To comprehend how you employ and engage with Services, aiding in refining and enhancing user experience.


(iii) Customization: Tailoring our products and services based on your preferences.


(iv) Usability Measurement: Assessing the effectiveness and usability of our products, along with the efficiency of our communications.


(v) Management and Enhancement: Overall administration and improvement of our products and services.


Initially, most web browsers are configured to accept cookies. You retain the option to disable or reject cookies through your browser preferences whenever you choose. For mobile devices, you can regulate how your device and browser share specific data by adjusting privacy and security settings. However, it's important to note that refusing cookies may result in certain parts of our sites malfunctioning or experiencing significant delays. Without cookies, setting personalized preferences and completing transactions may be challenging.


As of now, due to the absence of a consensus on how companies should address web browser-based do-not-track ("DNT") mechanisms, we do not respond to such signals. Deleting cookies does not guarantee the cessation of all tracking activities. For more information on Do Not Track, please visit www.allaboutdnt.org.



5. DATA PROCESSING BY THIRD PARTIES

The processing of the data collected is only carried out by internal staff, identified for this purpose, and authorized to process the data in accordance with specific instructions given in compliance with current legislation.


In certain cases, we may disclose your personal data to entities that provide Services to us ("Data Processors") for the purposes mentioned in section 3, under the terms of the agreements and data processing agreements entered with them.


In any other case, personal data will never be shared with other companies or brands for commercial purposes.


The types of third parties we share information with include, in particular:



(i) Service Providers

Personal data is disclosed to third parties we enlist for service provision or to execute business operations on our behalf, adhering strictly to our directives. Your personal information is shared with service providers falling into the following categories:


  • Cloud storage providers (e.g., AWS)

  • Data analytics providers (e.g., Google Analytics, Big Query, Firebase App Analytics, Swonkie, Active Campaign, Google Ads, Google Search Console)

  • Measurement partners

  • Marketing partners, especially social media networks (Snapchat, Twitch, Youtube, Facebook, Instagram, Linkedin, Twitter, Tiktok), marketing agencies and email delivery services

  • Payment processing providers (e.g., Stripe, Apple Store, Google Play Store)

  • Communication services providers (e.g., Active Campaign, Firebase, AWS Chime SDK)



(ii) Law enforcement agencies and other public authorities

Personal data might be utilized and revealed for the enforcement of our Terms and Conditions of Use, safeguarding our rights, privacy, safety, or property, as well as those of our affiliates, yourself, or others. This extends to responding to requests from courts, law enforcement agencies, regulatory bodies, and other public or government authorities, or as stipulated by law in other instances.

6. INTERNATIONAL DATA TRANSFERS

ERAKULIS® does not proceed with international data transfers (outside European Union). If such transfer occurs, eg. by contracting with service providers located outside the European Union,ERAKULIS® will notice you, will ensure that your personal data receives a high level of protection under an adequacy decision of the European Commission or under the Standard Contractual Clauses (or similar) approved by the European Commission.

7. RIGHTS OF THE DATA SUBJECT

As a Data Subject, you may at any time exercise your right to request access to and rectification or erasure of your personal data. This means that you can request a copy of the data we process and review it, you can change the personal data that you had previously provided to us and you can request erasure of your personal data, as permitted by law.


You may also exercise your right to object to or restrict the processing of your personal data, by requesting us to stop using all or some of your personal data.


The exercise, in concrete terms, of these rights depends on the verification of certain legal and circumstantial requirements, and the invocation of any of them and the respective admissibility of exercise will be analyzed on a case-by-case basis by ERAKULIS®.


Where you have given consent for certain processing of your personal data, you may withdraw it at any time.


To exercise any of these rights, you should do so by sending a request to the following email address: support@erakulis.com.


ERAKULIS® will follow up on any exercise of rights as soon as possible and within the time limit set by the applicable legislation.


In accordance with GDPR, if you are an user based in the EEA you have the following rights in addition to the above:


  • You have the right to data portability. This means that you can request a copy of your personal data in a machine-readable format.

  • Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with the competent supervisory authority regarding matters related to the processing of your personal data, if you believe that the processing of your personal data by ERAKULIS® violates the legal regime in force. The competent data protection supervisory authority where you lodge a complaint must be located in particular in the EU Member State where you reside, work or where the alleged infringement has taken place. In Portugal, the competent supervisory authority is the Comissão Nacional de Proteção de Dados - CNPD. For more information, please visit www.cnpd.pt.



8. DATA PROTECTION OFFICER

A Data Protection Officer ensures that we are compliant with data protection laws, provides advice on data protection and acts as a point of contact for the Data Subjects and supervisory authorities.


As a Data Subject you may contact our Data Protection Officer on all matters relating to the processing of your data and to exercise the rights referred to in the previous section, through the following e-mail: dpo@erakulis.com.

9. COOKIES

We recommend you to read our Cookies Policy, which is an integral part of this Privacy Policy, for more information on how we process your personal data through this functionality.

10. SECURITY MEASURES

We have implemented security measures aligned with national and international best practices to protect your personal data, including technological controls, administrative, technical, and physical measures and procedures that ensure the protection of your personal data, preventing misuse, unauthorized access to data, disclosure, loss, improper or inadvertent alteration or destruction.


Given the constant technological evolution, we periodically review and improve the measures implemented and invest in regular training for our employees, respecting, without exception, the internal procedures defined and implemented.


Among others, we highlight the following measures:


  • I.Restricted access to your personal data;
  • II.Safe storage and transmission of your personal data;
  • III.Protection of information systems through devices that prevent unauthorised access to your personal data;
  • IV.Implementation of mechanisms that guarantee the safeguarding of the integrity and quality of your personal data;
  • V.Permanent monitoring of the information systems, with the objective of preventing, detecting and avoiding the improper use of your personal data;
  • VI.Protection of equipment for storage, processing, and communication of personal data, to avoid loss of availability.

It is, however, the responsibility of the Users to guarantee and ensure that the devices and equipment used to access this Website and App are adequately protected against harmful software, computer viruses and worms.

11. HYPERLINKS

We may provide hyperlinks to other websites and/or land pages of interest. However, we are not responsible for the privacy policy, cookie policy or terms of use of those websites.


By accessing other websites through the hyperlinks provided, the operators of these websites may collect information about you that will be used by them. We highly recommend that when accessing other websites, Users consult all the information and conditions mentioned above.


When you choose to follow us on social networks(Facebook, Twitter, Instagram, Linkedin, Youtube, Tiktok, Twitch, Snapchat), when you interact with us on them, or when you access the site through them, your personal data may be processed by the organizations managing the social networks or the functionalities provided, in accordance with their respective privacy policies, which we recommend you to read.

12. CALIFORNIA PRIVACY RIGHTS

This section presents additional insights into how we handle the personal data of California consumers and the rights afforded to them under the California Consumer Privacy Act ("CCPA") and California`s Shine the Light law. Consequently, this section exclusively pertains to residents of California, United States.


Refer to Section 4 above for comprehensive information on the personal data we have gathered, including source categories. The collection of this data aligns with the purposes outlined in Section 3 of this Privacy Policy. Furthermore, the sharing of your information with specific categories of third parties is elaborated in Section 5.


The CCPA grants California consumers the right, subject to specific constraints, to request detailed information about the categories or specific pieces of personal information we collect (including utilization and disclosure practices), to request the deletion of their personal information, to opt-out of any potential "sales," and to avoid discriminatory practices for exercising these rights.


California consumers can submit requests under the CCPA by contacting us at support@erakulis.com. We will verify your request and provide relevant information. Alternatively, you may appoint an authorized agent to act on your behalf for the exercise of these rights.



Access rights under California`s Shine the Light


California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for the third party's direct marketing purposes and the names and addresses of those third parties. These requests can only be made once a year and are free.


At present, we refrain from sharing Personal Data with third parties for their direct marketing endeavors. Should there be a shift in this practice and we opt to share your personal data for marketing purposes, you retain the right to opt out at any time by submitting a request to our support team: support@erakulis.com.


Please bear in mind that choosing to opt-out does not prevent disclosures made for purposes other than commercial gain or to assist our affiliated marketing partners.


13. BRAZILIAN GENERAL DATA PROTECTION LAW

This section provides additional details about Data Subject rights for Users located in Brazil, under the LGPD.


In addition to the rights mentioned above, under the GDPR, users located in Brazil have the following rights:


  • Right to anonymization, blocking or deletion of unnecessary or excessive data or data processed unlawfully. Anonymization refers to the use of reasonable and available technical means at the time of the processing, whereby the data loses the possibility of direct or indirect association with you.

  • Right to information about public and private entities with which ERAKULIS® has shared data through communication, dissemination, international transfer, interconnection of personal data or shared processing of banks of personal data by them.

  • Right no non-discrimination for exercising data protection rights.


To exercise any of these rights, you should do so by sending a request to the following email address: support@erakulis.com.

14. UPDATES TO THE PRIVACY POLICY

ERAKULIS® expressly reserves the right to review and amend this Privacy Policy at any time.


Such changes will be duly announced on the Website and in the App, so we advise you to read and consult it periodically.


If you continue to use our Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

15. CONTACT US

If you need to contact us to clarify any doubts or to obtain additional information about this Privacy Policy, you may contact us at any time. Please do it via the following e-mail address: support@erakulis.com.


Updated at: 24/05/2024