Privacy Policy

Last updated: March 13, 2020

Your privacy is important to Onmi. We developed this Privacy Policy so you understand how we collect, use, share, transfer and store your personal information. This policy applies to Onmi’s services like the Flex programme, the Ampersand ecosystem, and the Vire app.

By using our service, you agree to the collection and use of information in accordance with this policy.

We recommend that you take a moment to familiarise yourself with our privacy practices. If you have any questions about this Privacy Policy or Onmi’s data collection, please contact us at info@onmi.design.

Collection and use of Personal Information

Personal information is data that can be used to identify or contact an individual.

Before using some of our services, we may ask you to provide us with certain Personal Information. We may also combine it with other information to provide and improve our products, services and content. 

You are not required to provide the personal information that we request. But, if you choose not to do so, in many cases we are not able to provide you with our products or services or respond to any queries you may have.

What Personal Information do we collect

 

When you sign up for Onmi’s behaviour change programmes, we may collect a variety of information through the programme’s intake questionnaires. This can include your age, gender and a variety of questions about your personality, habits and wellbeing. 

For example:

  • How often do you spend most evenings watching TV or in front of a screen? 

  • How often do you feel stressed or worry a lot?

When you first use Onmi’s Vire smartphone application, it will ask you to create an account. You will create this account with Auth0, a third-party identity provider. Auth0 stores your email address and provides Onmi with a pseudonym, Onmi uses this pseudonym to identify you in the database. The app will ask for your name to personalise the experience. Vire only stores your name locally on your device. Your name is not stored in Onmi’s database or combined with other Personal Information.

We will not request any personal information when you start using Onmi’s Ampersand service.

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

How we use your personal information

 

We use personal information to help us create, develop, operate, deliver, and improve our products, services and content. We may also use your personal information for account and network security purposes, in order to protect our services for the benefit of all our users. 

We may use your personal information, including age, to verify identity, assist with identification of users, and to determine appropriate services. For example, we may analyse the age of Onmi account holders.

From time to time, we may send important notices through Vire app, such as communications about changes to our terms, conditions, and policies. Because this information is important to your interaction with Onmi, you may not opt out of receiving these communications.

We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Onmi’s products, services, and customer communications.

Collection and Use of Non-Personal Information

 

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

  • We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Onmi service is used so that we can better understand customer behaviour and improve our products and services.

  • We may collect information regarding customer activities on our website. We aggregate this information and use it to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non‑personal information for the purposes of this Privacy Policy.

  • We may collect and store details of how you use our services, including how often you access our services, or how often you open an application. We use this information to improve the quality of our services.

Location-Based Services

 

In order to provide location-based services such as the Flex programme, we may collect and use precise location data, including the real-time geographic location of your device. We collect this location data pseudonymously (A pseudonym is a name that a person assumes for a particular purpose, which does not include any personal reference) in a form that does not personally identify you directly. This is considered a best practice for this type of application.

If we do combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.

Cookies and Other Technologies

 

Onmi’s websites, online services, interactive applications, email messages, and advertisements do not use ‘cookies’ or other technologies such as pixel tags and web beacons. 

As is true of most internet services, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole. Onmi may use this information to determine appropriate marketing strategies.

Disclosure to Third Parties

 

As a rule, we do not share your Personal Information with any third-party. However, we may share your data in the following cases:

  1. Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

  2. As Required By Law and Similar Disclosures. We may also share information to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public.

  3. With Your Consent. We may share information with your consent.

Non-Personal information will only be shared (pseudonymously) by Onmi to provide or improve our products and services; it will not be shared with third parties for their marketing purposes.

Protection of Personal Information

 

Onmi takes the security of your personal information very seriously. Onmi uses encryption such as Transport Layer Security (TLS) to protect your personal information during transit between services. We use JSON WebTokens (signed and encrypted using RS256) for authentication of the user at different services.

When Onmi stores your personal data, we use computer systems with limited access housed in facilities using physical security measures.

However, no method of transmission over the Internet or method of electronic storage is 100% secure.

Automated Decision-Making, Including Profiling

 

Onmi’s Flex programme sends out Data Driven Do’s (behavioural prompts based on real-time behavioural data) to help users achieve a healthier and more active lifestyle. 

The appropriate Do’s are automatically selected through statistical analysis of GPS and activity data. The algorithms are developed to help each individual make relative improvements.

None of Onmi’s other services apply algorithms or profiling to take any decisions that significantly affect you.

Integrity, Retention and Deletion of Personal Information

 

Onmi enables you to keep your personal information accurate, complete, and up to date. If you would like to make any changes to your Personal Information, for example a change of email address, please send a request to info@onmi.design 

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

If you no longer wish to use any of Onmi’s services and would like us to delete your Personal Information, please send a deletion request to info@onmi.design.

Access to Personal Information

 

For any Personal Information we hold, we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if Onmi is not required to retain it by law or for legitimate business purposes. 

We may decline to process requests that are frivolous/vexatious, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

 

We may also decline aspects of deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes as described earlier. 

Children under 18

 

Our services are not directed to children under eighteen and we do not knowingly collect personally identifiable information from children under the age of eighteen.

If we learn that we have collected personal information of a child under eighteen, we will take the appropriate steps to delete such information from our files as soon as possible.  

If you learn that a child has provided us with personal information in violation of this Privacy Policy, you can alert us at info@onmi.design. 

Third‑Party Sites and Services

 

Onmi websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties. We use the following third-party services: 

  • Google Cloud hosts our cloud computing services.

  • Typeform is used for the Flex programme intake questionnaires. Typeform stores data outside the EU in the US, but does this in compliance with the GDPR.

  • Auth0 is used as identity provider for Ampersand, Vire, and our behaviour change programmes.

  • Twillio is used for sending SMS texts to programme users who do not use Vire to interact with our system.

  • MS App Center is used to collect usage metrics about Vire and the behaviour change programmes. In case of errors you may be asked to agree with sharing error reports.

  • MongoDB Atlas is used as cloud database to securely store data.

Information collected by third parties, which may include such things as activity data, location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

International Users

 

As a Dutch enterprise serving users across the world and delivering Onmi services through the use of Third-Party processors, we may transfer personal information to countries other than the country in which the data was originally collected. When possible we setup cloud clusters in the country where your data is collected and processed. However, if we have to transfer your personal information to other countries, we will apply the following principles:

  1. Data is kept in an EU country. Whenever possible/ feasible, we select data processors or specific options inside the data processors’ services in order to keep data inside the EU.

  2. Transfer data to countries with similar data privacy rules. We try to select data processors that resides or store data in one of the countries from EU clear listed as it may be updated from time to time. In case of US data processors, we verified their Privacy Shield certification before engaging them.

Our Company wide Commitment to Your Privacy

 

To make sure your personal information is secure, we communicate our privacy and security guidelines to Onmi employees and strictly enforce privacy safeguards within the company.

Your Data Protection Rights

 

Please be advised that in case you allow Onmi to collect and process certain Personal Information from you, you have the following rights:

  1. Right of Access. You have the right to obtain from us confirmation as to whether or not personal data concerning you are processed, and, where that is the case, you have the right to request and get access to that personal data.

  2. Right to Rectification. You have the right to obtain from us the rectification of inaccurate personal data and you have the right to provide additional personal data to complete any incomplete personal data.

  3. Right to Erasure (“Right to be Forgotten”). In certain cases, you have the right to obtain from us the erasure of your personal data.

  4. Right to Restriction of Processing. You have the right to obtain from us restriction of processing, applicable for a certain period and/or for certain situations.

  5. Right to Data Portability. You have the right to receive from us in a structured format your personal data and you have the right to (let) transmit such personal data to another controller.

  6. Right to Object. In certain cases, you have the right to object to processing of your personal data, including with regards to profiling. You have the right to object at further processing of your personal data in so far as such data have been collected for direct marketing purposes.

  7. Right to be Not Subject to Automated Individual Decision-Making. You have the right to not be subject to a decision based solely on automated processing.

  8. Right to Filing Complaints. You have the right to file complaints with the applicable data protection authority on our processing of your personal data.

  9. Right to Compensation of Damages. In case we breach applicable legislation on processing of your personal data, you have the right to claim damages from us for any damages such breach may cause with you.

Contact us

 

If you have any questions or concerns about Onmi’s Privacy Policy or data processing, you can contact our European Data Protection Officer at idowu@onmi.design. If you would like to make a complaint about a possible breach of local privacy laws, please contact us at info@onmi.design.

Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. If you ask us, we will endeavour to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

Onmi may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

© 2020 by Onmi B.V.

  • Black Twitter Icon