Privacy Policy – OmniaLuce

Effective Date: 17 July 2025
Last Updated: 17 July 2025

Introduction

OmniaLuce (“we,” “us,” or “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or participate in our volunteer collective.

Information We Collect

Information You Provide Directly

Contact Information: Name, email address, phone number when you join our collective or contact us
Profile Information: Professional background, skills, interests, and experience when you create a volunteer profile
Communication Data: Messages sent through our contact forms, community platforms, or direct communications
Contribution Information: Details about your volunteer work, project contributions, and participation in our initiatives

Information Collected Automatically

Website Analytics: IP address, browser type, device information, pages visited, time spent on site
Performance Data: System logs, error reports, and usage statistics for our platforms and tools
Cookies and Tracking: We use cookies to improve site functionality and user experience (see Cookie Policy for details)

Information from Third Parties

Social Media: Information from social media platforms if you choose to connect your accounts
Partner Organizations: Information shared by NGOs or organizations we collaborate with (with appropriate consent)
Public Sources: Publicly available information relevant to our mission and projects

Sensitive Data

We do not intentionally collect sensitive personal data as defined by LGPD Article 5, II (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or sexual orientation). If such data is inadvertently collected, we will delete it immediately upon discovery.

Legal Basis for Processing (GDPR/LGPD)

We process your personal data based on the following legal bases:

Under GDPR (for EU data subjects):

Consent: For marketing communications and optional services (Article 6(1)(a))
Legitimate Interest: For volunteer coordination, security, and organizational operations (Article 6(1)(f))
Contractual Necessity: For providing services you’ve requested (Article 6(1)(b))
Legal Obligation: For compliance with applicable laws (Article 6(1)(c))

Under LGPD (for Brazilian data subjects):

Consent: For marketing communications and optional services (Article 7, I)
Legitimate Interest: For volunteer coordination and organizational operations (Article 7, IX)
Contract Performance: For providing services you’ve requested (Article 7, V)
Legal Obligation: For compliance with applicable laws (Article 7, II)
Exercise of Rights: For protection of life, physical safety, and exercise of rights (Article 7, III and IV)

How We Use Your Information

Primary Uses

Volunteer Coordination: Matching volunteers with appropriate projects and opportunities
Communication: Sending updates about projects, opportunities, and organizational news
Platform Operation: Providing access to our tools, platforms, and collaborative spaces
Project Development: Coordinating work on technology solutions and social impact initiatives

Secondary Uses

Analytics and Improvement: Understanding how our services are used to improve effectiveness
Security: Protecting our systems and users from fraud, abuse, and security threats
Legal Compliance: Meeting legal obligations and responding to legal requests
Research: Analyzing aggregate data to improve our impact and share learnings with the broader community

Information Sharing and Disclosure

We Share Information With:

Fellow Volunteers: Within project teams and working groups, as necessary for collaboration
Partner Organizations: With NGOs and organizations we work with, when relevant to shared projects
Service Providers: With trusted third-party services that help us operate (hosting, analytics, communication tools)
Legal Authorities: When required by law or to protect rights and safety

We Do Not:

Sell personal information to third parties
Share information for commercial marketing purposes
Provide information to data brokers or advertising networks
Use information for purposes unrelated to our mission

Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption of data in transit and at rest
Access controls limiting who can view personal information
Regular security audits and updates
Secure development practices for our technology platforms

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our abilities.

Your Rights and Choices

Under GDPR (for EU data subjects):

Access (Article 15): Request a copy of the personal information we have about you
Rectification (Article 16): Update or correct inaccurate information
Erasure (Article 17): Request deletion of your personal information
Restriction (Article 18): Request limitation of processing in certain circumstances
Portability (Article 20): Request your data in a portable format
Object (Article 21): Object to processing based on legitimate interests
Withdraw Consent (Article 7): Withdraw consent for consent-based processing

Under LGPD (for Brazilian data subjects):

Confirmation and Access (Article 18, I and II): Confirm processing and access your data
Correction (Article 18, III): Correct incomplete, inaccurate, or outdated data
Anonymization or Deletion (Article 18, IV and VI): Request anonymization or deletion
Portability (Article 18, V): Request data portability to another service provider
Information (Article 18, VII): Information about public and private entities with whom we share data
Consent Withdrawal (Article 18, IX): Withdraw consent when processing is based on consent
Objection (Article 18, §2): Object to processing when not in compliance with LGPD

Communication Preferences

Opt-out: Unsubscribe from promotional communications at any time
Preferences: Choose which types of communications you receive
Frequency: Adjust how often you receive updates

Account Management

Profile Control: Update your volunteer profile and preferences
Activity History: View your contribution history and project involvement
Deactivation: Temporarily or permanently deactivate your account

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@omnialuce.tech or legal@omnialuce.tech
Subject Line: “Data Subject Rights Request”
Include: Your name, email address, and specific request

We will respond within:

30 days for GDPR requests
15 days for LGPD requests (may be extended by 15 additional days if complex)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Retention Periods

Active Volunteer Data: While you remain an active volunteer plus 2 years after last activity
Communication Records: 5 years from last communication
Project Contributions: Indefinitely for open source projects (anonymized where possible)
Legal Compliance: As required by applicable Brazilian and international laws
Dispute Resolution: Until resolution of any disputes plus applicable limitation periods

Deletion Criteria

Data is deleted when:

The purpose for collection has been fulfilled
You withdraw consent (where consent is the legal basis)
You exercise your right to erasure
We determine the data is no longer necessary for our legitimate interests
Required by law or regulatory authority

International Data Transfers

Transfers from Brazil

When transferring personal data from Brazil to other countries, we ensure adequate protection through:

Adequacy Decisions: Transfers to countries with adequate protection as recognized by ANPD
Standard Contractual Clauses: Approved by ANPD for international transfers
Binding Corporate Rules: Internal policies ensuring adequate protection
Consent: Explicit consent for specific transfers when appropriate
Other Legal Mechanisms: As permitted under LGPD Article 33

Transfers from EU

For transfers from the EU, we use:

Adequacy Decisions: Transfers to countries with adequate protection as recognized by European Commission
Standard Contractual Clauses: Approved by European Commission
Binding Corporate Rules: Approved by relevant supervisory authorities
Consent: Explicit consent for specific transfers when appropriate

Countries We Transfer To

We may transfer data to volunteers and service providers in various countries. Current primary locations include:

Brazil (headquarters)
European Union member states
Other countries where our volunteers are located (with appropriate safeguards)

Children’s Privacy

Our services are not intended for individuals under 18 years of age in Brazil or under 16 years of age in the EU. We do not knowingly collect personal information from children under these ages. If we become aware of such collection, we will take steps to delete the information promptly and notify parents/guardians as required by law.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting updates on our website
Sending email notifications to active volunteers
Providing notice in our community channels

Data Breach Notification

In the event of a data breach that may result in risk to your rights and freedoms:

To Authorities

ANPD (Brazil): Within 72 hours of becoming aware of the breach
EU Supervisory Authorities: Within 72 hours for EU data subjects
Other Authorities: As required by local laws

To Data Subjects

High Risk Breaches: We will notify affected individuals without undue delay
Notification Content: Nature of breach, likely consequences, and measures taken
Communication Method: Email, website notice, or other appropriate means

Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us at privacy@omnialuce.tech.

Supervisory Authority Contacts

Brazil: ANPD (Autoridade Nacional de Proteção de Dados) – https://www.gov.br/anpd/
EU: Your local supervisory authority – https://edpb.europa.eu/about-edpb/board/members_en