1. Introduction and Commitment to Privacy

This Privacy Policy describes how Spevo Sport & Health Club (“Spevo”) collects, uses, processes, stores, shares, and protects users’ personal data and sensitive personal data, in accordance with the Hong Kong General Data Protection Law (LGPD). By using Spevo, the user acknowledges and agrees to the data processing practices described in this Policy.

2. Data Collected

Spevo may collect personal data provided directly by the user, such as name, email, date of birth, weight, height, gender, profile information, and login credentials. Spevo may also automatically collect usage data, activity metrics, sensor information, geolocation data, heart rate, estimated calories, and performance-related information, which may be considered sensitive data under the LGPD.

Additional data may include device identifiers, IP address, cookies, app interactions, and integrations with third-party services.

3. Purposes of Data Processing

Data is processed for contractual execution, technical operation of the platform, user experience personalization, statistical analysis, metric generation, fraud detection, user communication, service improvement, compliance with legal obligations, and fulfillment of requests related to data subject rights.

Sensitive data is processed strictly within the limits authorized by the user and only as necessary for the proper functioning of Spevo’s sports-related features.

4. Data Sharing

Spevo may share information with technology partners, cloud service providers, payment processors, data analytics providers, authentication services, and public authorities when required.

All sharing activities comply with the appropriate legal bases, LGPD principles, and contractual safeguards necessary to ensure data protection.

5. Storage, Security, and Retention

Data is stored on secure servers protected by technical safeguards, encryption, access controls, and administrative practices appropriate to the level of risk and type of information processed.

Spevo retains data for as long as necessary to fulfill the purposes described in this Policy, and may retain it for additional periods for legal compliance, audits, litigation defense, and fraud prevention.

6. User Rights under the LGPD

Users may exercise all rights provided by the LGPD, including access, confirmation of processing, correction, anonymization, portability, deletion, information about data sharing, and withdrawal of consent.

Requests must be submitted to the Data Protection Officer (DPO) at: [insert].

7. Legal Bases Used

Processing may occur based on consent, contractual performance, the controller’s legitimate interest, compliance with legal obligations, credit protection, or other lawful grounds, always observing proportionality, transparency, and necessity.

8. International Transfers

If international data transfers occur, Spevo will ensure they comply with the LGPD through appropriate safeguards, contractual clauses, or adherence to recognized international standards.

9. Policy Updates

This Policy may be updated periodically. Continued use of the platform after such updates constitutes full acceptance of the new version.