Last updated: March 13, 2020
By using our service, you agree to the collection and use of information in accordance with this policy.
Collection and use of Personal Information
Personal information is data that can be used to identify or contact an individual.
Before using some of our services, we may ask you to provide us with certain Personal Information. We may also combine it with other information to provide and improve our products, services and content.
You are not required to provide the personal information that we request. But, if you choose not to do so, in many cases we are not able to provide you with our products or services or respond to any queries you may have.
What Personal Information do we collect
When you sign up for Onmi’s behaviour change programmes, we may collect a variety of information through the programme’s intake questionnaires. This can include your age, gender and a variety of questions about your personality, habits and wellbeing.
How often do you spend most evenings watching TV or in front of a screen?
How often do you feel stressed or worry a lot?
When you first use Onmi’s Vire smartphone application, it will ask you to create an account. You will create this account with Auth0, a third-party identity provider. Auth0 stores your email address and provides Onmi with a pseudonym, Onmi uses this pseudonym to identify you in the database. The app will ask for your name to personalise the experience. Vire only stores your name locally on your device. Your name is not stored in Onmi’s database or combined with other Personal Information.
We will not request any personal information when you start using Onmi’s Ampersand service.
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
How we use your personal information
We use personal information to help us create, develop, operate, deliver, and improve our products, services and content. We may also use your personal information for account and network security purposes, in order to protect our services for the benefit of all our users.
We may use your personal information, including age, to verify identity, assist with identification of users, and to determine appropriate services. For example, we may analyse the age of Onmi account holders.
From time to time, we may send important notices through Vire app, such as communications about changes to our terms, conditions, and policies. Because this information is important to your interaction with Onmi, you may not opt out of receiving these communications.
We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Onmi’s products, services, and customer communications.
Collection and Use of Non-Personal Information
We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Onmi service is used so that we can better understand customer behaviour and improve our products and services.
We may collect and store details of how you use our services, including how often you access our services, or how often you open an application. We use this information to improve the quality of our services.
In order to provide location-based services such as the Flex programme, we may collect and use precise location data, including the real-time geographic location of your device. We collect this location data pseudonymously (A pseudonym is a name that a person assumes for a particular purpose, which does not include any personal reference) in a form that does not personally identify you directly. This is considered a best practice for this type of application.
If we do combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.
Cookies and Other Technologies
Onmi’s websites, online services, interactive applications, email messages, and advertisements do not use ‘cookies’ or other technologies such as pixel tags and web beacons.
As is true of most internet services, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole. Onmi may use this information to determine appropriate marketing strategies.
Disclosure to Third Parties
As a rule, we do not share your Personal Information with any third-party. However, we may share your data in the following cases:
Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
With Your Consent. We may share information with your consent.
Non-Personal information will only be shared (pseudonymously) by Onmi to provide or improve our products and services; it will not be shared with third parties for their marketing purposes.
Protection of Personal Information
Onmi takes the security of your personal information very seriously. Onmi uses encryption such as Transport Layer Security (TLS) to protect your personal information during transit between services. We use JSON WebTokens (signed and encrypted using RS256) for authentication of the user at different services.
When Onmi stores your personal data, we use computer systems with limited access housed in facilities using physical security measures.
However, no method of transmission over the Internet or method of electronic storage is 100% secure.
Automated Decision-Making, Including Profiling
Onmi’s Flex programme sends out Data Driven Do’s (behavioural prompts based on real-time behavioural data) to help users achieve a healthier and more active lifestyle.
The appropriate Do’s are automatically selected through statistical analysis of GPS and activity data. The algorithms are developed to help each individual make relative improvements.
None of Onmi’s other services apply algorithms or profiling to take any decisions that significantly affect you.
Integrity, Retention and Deletion of Personal Information
Onmi enables you to keep your personal information accurate, complete, and up to date. If you would like to make any changes to your Personal Information, for example a change of email address, please send a request to
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
If you no longer wish to use any of Onmi’s services and would like us to delete your Personal Information, please send a deletion request to firstname.lastname@example.org.
Access to Personal Information
For any Personal Information we hold, we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if Onmi is not required to retain it by law or for legitimate business purposes.
We may decline to process requests that are frivolous/vexatious, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
We may also decline aspects of deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes as described earlier.
Children under 18
Our services are not directed to children under eighteen and we do not knowingly collect personally identifiable information from children under the age of eighteen.
If we learn that we have collected personal information of a child under eighteen, we will take the appropriate steps to delete such information from our files as soon as possible.
Third‑Party Sites and Services
Onmi websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties. We use the following third-party services:
Google Cloud hosts our cloud computing services.
Typeform is used for the Flex programme intake questionnaires. Typeform stores data outside the EU in the US, but does this in compliance with the GDPR.
Auth0 is used as identity provider for Ampersand, Vire, and our behaviour change programmes.
Twillio is used for sending SMS texts to programme users who do not use Vire to interact with our system.
MS App Center is used to collect usage metrics about Vire and the behaviour change programmes. In case of errors you may be asked to agree with sharing error reports.
MongoDB Atlas is used as cloud database to securely store data.
Information collected by third parties, which may include such things as activity data, location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
As a Dutch enterprise serving users across the world and delivering Onmi services through the use of Third-Party processors, we may transfer personal information to countries other than the country in which the data was originally collected. When possible we setup cloud clusters in the country where your data is collected and processed. However, if we have to transfer your personal information to other countries, we will apply the following principles:
Data is kept in an EU country. Whenever possible/ feasible, we select data processors or specific options inside the data processors’ services in order to keep data inside the EU.
Transfer data to countries with similar data privacy rules. We try to select data processors that resides or store data in one of the countries from EU clear listed as it may be updated from time to time. In case of US data processors, we verified their Privacy Shield certification before engaging them.
Our Company wide Commitment to Your Privacy
To make sure your personal information is secure, we communicate our privacy and security guidelines to Onmi employees and strictly enforce privacy safeguards within the company.
Your Data Protection Rights
Please be advised that in case you allow Onmi to collect and process certain Personal Information from you, you have the following rights:
Right of Access. You have the right to obtain from us confirmation as to whether or not personal data concerning you are processed, and, where that is the case, you have the right to request and get access to that personal data.
Right to Rectification. You have the right to obtain from us the rectification of inaccurate personal data and you have the right to provide additional personal data to complete any incomplete personal data.
Right to Erasure (“Right to be Forgotten”). In certain cases, you have the right to obtain from us the erasure of your personal data.
Right to Restriction of Processing. You have the right to obtain from us restriction of processing, applicable for a certain period and/or for certain situations.
Right to Data Portability. You have the right to receive from us in a structured format your personal data and you have the right to (let) transmit such personal data to another controller.
Right to Object. In certain cases, you have the right to object to processing of your personal data, including with regards to profiling. You have the right to object at further processing of your personal data in so far as such data have been collected for direct marketing purposes.
Right to be Not Subject to Automated Individual Decision-Making. You have the right to not be subject to a decision based solely on automated processing.
Right to Filing Complaints. You have the right to file complaints with the applicable data protection authority on our processing of your personal data.
Right to Compensation of Damages. In case we breach applicable legislation on processing of your personal data, you have the right to claim damages from us for any damages such breach may cause with you.
Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. If you ask us, we will endeavour to provide you with information about relevant complaint avenues which may be applicable to your circumstances.