Regresar

GLOBAL PRIVACY POLICY

POLÍTICA DE PRIVACIDAD INTERNACIONAL

ARA-Training & ARA-Training SMART

Last Updated: february 15  2025

1. INTRODUCTION

This Privacy Policy describes how ARA-Training (“Company”, “We”, “Us”) collects, processes, stores, transfers, and protects personal data when you access:

  • ara-training.com

  • ara-training.com/smart

  • Any affiliated digital platform or service (collectively, the “Platform”).

By using the Platform, you consent to the practices described herein.

2. CONTROLLER INFORMATION

For international purposes, ARA-Training acts as:

Data Controller for:

  • Account information

  • Training data

  • Performance metrics

  • Psychological evaluation results

  • Payment information

Primary governing jurisdiction: Republic of Guatemala.

For users in jurisdictions with mandatory data protection laws (e.g., European Union), this Policy shall be interpreted in compliance with such applicable regulations.

3. CATEGORIES OF DATA COLLECTED

ARA-Training may collect and process:

3.1 Identity Data

  • Name

  • Date of birth

  • Gender (if provided)

  • Nationality (if required)

3.2 Contact Data

  • Email address

  • Phone number

  • Address (if required for billing)

3.3 Account Data

  • Username

  • Encrypted password

  • Role (athlete, coach, admin, guardian)

3.4 Performance & Training Data

  • Workout logs

  • Metrics (distance, time, HR, load, etc.)

  • Performance scores

  • Training analytics

  • Competition results

3.5 Psychological & Mental Performance Data

  • Evaluation results

  • Self-reported psychological indicators

  • Performance mindset assessments

These may constitute sensitive data depending on jurisdiction.

3.6 Payment Data

  • Billing information

  • Transaction history

  • Subscription records

ARA-Training does not store full credit card data; payments may be processed by third-party providers.

3.7 Technical Data

  • IP address

  • Device type

  • Browser information

  • Log data

  • Usage analytics

4. PURPOSE OF PROCESSING

We process data to:

  • Provide and maintain the Platform

  • Deliver training and performance services

  • Generate analytics and dashboards

  • Enable coach-athlete interaction

  • Process payments

  • Improve system performance

  • Prevent fraud and misuse

  • Comply with legal obligations

We do not sell personal data.

5. LEGAL BASIS (INTERNATIONAL FRAMEWORK)

Depending on jurisdiction, processing may rely on:

  • Contractual necessity

  • Legitimate interest

  • Explicit user consent (especially for psychological data)

  • Legal compliance obligations

Where required (e.g., GDPR), explicit consent may be requested for sensitive data.

6. SENSITIVE DATA DISCLAIMER

Users acknowledge that:

Performance metrics and psychological evaluations may indirectly relate to health.

ARA-Training:

  • Does not provide medical treatment.

  • Processes such data only to deliver platform services.

  • Applies reasonable safeguards.

Users voluntarily provide such data.

7. DATA RETENTION

We retain data:

  • As long as your account is active.

  • As necessary for legal compliance.

  • For legitimate business purposes.

  • In anonymized form for analytics beyond account termination.

Upon request, data may be deleted unless legal retention is required.

8. INTERNATIONAL DATA TRANSFERS

Data may be stored or processed in:

  • Guatemala

  • United States

  • Cloud service provider locations

By using the Platform, you consent to international data transfers where necessary.

For EU users, transfers rely on appropriate safeguards such as:

  • Contractual protections

  • Secure cloud infrastructure

  • Industry-standard encryption

9. DATA SECURITY

We implement reasonable technical and organizational measures including:

  • Encrypted transmission (HTTPS)

  • Access control by role

  • Encrypted password storage

  • Firewalls and infrastructure security

  • Backup procedures

However, no system is 100% secure.

Users accept inherent digital risks.

10. USER RIGHTS (INTERNATIONAL)

Depending on jurisdiction, users may have the right to:

  • Access personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Object to certain processing

  • Request data portability

  • Withdraw consent

Requests may be submitted through official contact channels.

Identity verification may be required.

11. MINORS & SCHOOL PROGRAMS

For minors:

  • Guardian consent is required.

  • Schools are independent entities.

  • Coaches act independently unless formally contracted.

ARA-Training is not responsible for supervision failures.

12. THIRD-PARTY PROCESSORS

We may use third-party service providers for:

  • Hosting

  • Payment processing

  • Analytics

  • Cloud storage

These providers are contractually bound to maintain confidentiality.

ARA-Training is not responsible for independent third-party misuse beyond our control.

13. AUTOMATED DECISION-MAKING

The Platform may use automated analytics and scoring systems.

These:

  • Do not constitute legal decisions.

  • Do not produce legally binding effects.

  • Are performance-based estimations only.

Users assume interpretative responsibility.

14. DATA BREACH RESPONSE

In the event of a significant data breach:

  • We will investigate.

  • Implement mitigation measures.

  • Notify affected users when legally required.

15. CORPORATE RESTRUCTURING

In case of:

  • Merger

  • Acquisition

  • Asset sale

  • Corporate restructuring

User data may be transferred as a business asset.

Continued use implies consent to such transfer.

16. ANTI-SCRAPING & DATA MISUSE

Users may not:

  • Extract bulk data

  • Use bots

  • Repurpose athlete data externally

  • Use data for AI model training

Violations may result in legal action.

17. LIMITATION OF LIABILITY (PRIVACY CONTEXT)

ARA-Training shall not be liable for:

  • Indirect damages

  • Emotional distress claims

  • Loss of opportunity

  • Consequential damages

Maximum liability cap applies as defined in the Terms and Conditions.

18. GOVERNING LAW

Primary governing law: Republic of Guatemala.

Where mandatory consumer protections apply, local laws may prevail.

19. MODIFICATIONS

This Privacy Policy may be updated.

Continued use after updates constitutes acceptance.

20. CONTACT

Users may contact ARA-Training via official support channels for:

  • Privacy requests

  • Data access requests

  • Data deletion requests

DATA PROCESSING AGREEMENT (DPA)

GDPR-Compliant Template

ARA-Training – Data Processing Agreement

1. Parties

This Data Processing Agreement (“DPA”) forms part of the Terms between:

  • ARA-Training (“Processor” or “Controller”, depending on context)

  • The Client/User (Coach, School, Organization, or Athlete acting as Controller where applicable)

2. Scope

This DPA applies when:

  • EU/EEA personal data is processed.

  • A Coach or Institution uploads athlete data.

  • A School uses the platform for minors.

3. Roles Under GDPR

Depending on context:

  • ARA-Training acts as Data Processor when processing data on behalf of coaches or schools.

  • ARA-Training acts as Data Controller for account, billing, and system administration data.

4. Categories of Data

Data may include:

  • Identity data

  • Contact data

  • Training metrics

  • Psychological assessments

  • Performance analytics

  • Technical logs

Special categories (if applicable):

  • Health-related metrics

  • Psychological indicators

5. Purpose of Processing

Data is processed solely to:

  • Provide training management services

  • Generate analytics

  • Enable coach-athlete interaction

  • Maintain platform integrity

  • Prevent fraud

6. Security Measures

ARA-Training implements:

  • Encryption in transit

  • Access control by role

  • Password hashing

  • Infrastructure-level protections

  • Regular backups

7. Subprocessors

ARA-Training may use:

  • Cloud hosting providers

  • Payment processors

  • Analytics providers

All subprocessors are contractually obligated to maintain confidentiality.

8. Data Subject Rights

ARA-Training shall assist Controllers in responding to:

  • Access requests

  • Rectification

  • Deletion

  • Restriction

  • Portability

Requests must be verified before processing.

9. Data Breach Notification

In case of breach affecting EU data:

  • ARA-Training shall notify the Controller without undue delay.

  • Cooperation will be provided to fulfill GDPR obligations.

10. International Transfers

Data may be stored outside the EU.

Safeguards include:

  • Contractual protections

  • Industry-standard encryption

  • Reputable cloud providers

11. Data Deletion

Upon termination:

  • Data may be deleted or anonymized unless retention is legally required.

COACH DATA CONFIDENTIALITY AGREEMENT

COACH CONFIDENTIALITY & DATA USE AGREEMENT

By using ARA-Training, Coaches agree:

1. Confidential Use

Athlete data is confidential.

Coaches may not:

  • Export data for external commercial use

  • Share psychological results publicly

  • Sell athlete performance data

  • Use data for AI training models

2. Independent Status

Coaches act independently.

ARA-Training is not liable for:

  • Training decisions

  • Athlete injuries

  • Psychological interpretations

3. Data Security Obligations

Coaches must:

  • Protect login credentials

  • Avoid public sharing of sensitive data

  • Report unauthorized access

4. Termination

Violation may result in:

  • Immediate suspension

  • Legal action


SCHOOL & INSTITUTION DATA AGREEMENT

This agreement applies when schools use ARA-Training.

1. Guardian Consent

Schools must ensure:

  • Written guardian consent for minors.

  • Compliance with local child data laws.

2. Institutional Responsibility

Schools acknowledge:

  • They supervise minors.

  • They manage training environment safety.

  • ARA-Training is a digital tool only.

3. Liability Allocation

ARA-Training is not liable for:

  • Physical injuries

  • Supervision failures

  • Psychological distress caused by training intensity

4. Data Handling

Schools must:

  • Limit internal access

  • Avoid external data distribution

  • Delete local exports securely

INVESTOR LEGAL COMPLIANCE SUMMARY

ARA-TRAINING LEGAL COMPLIANCE OVERVIEW

Prepared for investors / due diligence purposes.

Platform Type

Technology SaaS – Sports Performance Management

Risk Mitigation Structure

  • Arbitration clause

  • Class action waiver

  • Liability cap

  • Trade secret protection

  • Anti-scraping protections

  • Minor protection framework

  • GDPR-aware DPA

  • Independent coach model

  • Force majeure protections

IP Protection

All proprietary algorithms, scoring engines, and psychological models are protected as trade secrets.

Data Compliance

  • GDPR-aware DPA

  • Explicit consent model for sensitive data

  • Encryption practices

  • Role-based access

Corporate Flexibility

Terms allow:

  • Asset transfer

  • Merger

  • Acquisition

  • International expansion

Legal Exposure Assessment

Low-to-moderate litigation risk due to:

  • Explicit risk assumption

  • Waiver clauses

  • Liability caps

  • Arbitration requirement

 INTERNAL DATA GOVERNANCE MANUAL (Executive Version)

ARA-TRAINING INTERNAL DATA GOVERNANCE POLICY

1. Data Classification Levels

Level 1 – Public
Level 2 – Internal
Level 3 – Confidential
Level 4 – Sensitive (psychological & performance)

2. Access Control

  • Admin access limited

  • Role-based permissions enforced

  • No shared credentials

3. Incident Response Protocol

Step 1: Contain
Step 2: Assess
Step 3: Mitigate
Step 4: Notify (if required)
Step 5: Document

4. Data Minimization

Collect only necessary data.

5. Data Retention

  • Active accounts: retained

  • Terminated accounts: anonymized after defined period

  • Backups retained per technical policy

6. Employee Confidentiality

All internal collaborators must:

  • Sign confidentiality clause

  • Avoid data export

  • Follow password policy

7. Security Review

Annual internal review recommended.