Public Documents

Privacy and Data Protection Policy

In force since:

This document explains, clearly and objectively, how Time Forte and its partner companies care for the personal data of everyone who interacts with the network: students, legal guardians, franchisees, candidates, employees, and visitors to our digital channels. We follow Brazil’s General Data Protection Law (LGPD, Lei nº 13.709/2018) and believe that protecting your data is an essential part of the respect we owe to every person.

Data controller: Time Forte Eventos Esportivos Ltda., CNPJ 08.746.659/0001-01
DPO: dpo@timeforte.com
Version: 2.0

1. Who we are

Time Forte Eventos Esportivos Ltda. is a franchisor of soccer and sports schools for children and adolescents. We operate through a network of franchised units throughout Brazil and in partnership with other companies (Beach Futebol, Fé na Bola, Soccer Concept, Thunderstorm, Time Now, and ZRC), with whom we share systems, operations, and the same commitment to the protection of personal data.

Time Forte and its partner companies act as joint controllers of personal data in shared operations, and are jointly and severally liable for the protection of the information processed in this context (Art. 42, §1º of the LGPD). The updated list of partner companies can be obtained upon request to the DPO.

2. Who this policy applies to

This policy applies to all individuals whose personal data is processed by Time Forte and its partner companies, including:

  • Students enrolled in or interested in the network’s schools, represented by their legal guardians, as they are children and adolescents;
  • Parents and legal guardians of students;
  • Franchise candidates and franchisees of the network;
  • Employees, service providers, and supplier representatives;
  • Visitors to the official websites of Time Forte and the network’s schools;
  • Participants in sporting events organized by Time Forte’s partner companies.

3. How this policy works

This policy sets out the general principles and commitments that guide the processing of personal data by Time Forte and its partner companies. It is the central reference document, the starting point for understanding how we take care of your information.

The details of each processing operation (what data is collected, for what purpose, with whom it is shared, and how long it is kept) are provided in the specific Privacy Notices, displayed at each point of collection: enrollment forms, trial class scheduling, franchise applications, employee recruitment, websites, and other channels.

These notices are always available at the time of completion and can be consulted at any time at:

www.timeforte.com/legal: Index of all privacy notices of Time Forte and the network, with current versions and change history.

This policy and the specific notices form an integrated set. Read the notice corresponding to your relationship with Time Forte to obtain complete information about the processing of your data.

4. Principles that guide data processing

Every time we collect or use personal data, we follow the principles established in Art. 6º of the LGPD. In practice, this means:

PrincipleWhat we guarantee
PurposeWe collect data only for legitimate, specific purposes that are disclosed before collection. No data is reused for other purposes without an appropriate legal basis.
NecessityWe ask only for what is truly necessary for each purpose. Nothing beyond the essential.
TransparencyYou always know what data we collect, what it is used for, and who can access it, through this policy and the specific notices at each point of collection.
SecurityWe adopt technical and administrative measures to protect your data against unauthorized access, loss, and leaks.
QualityWe keep data up to date and accurate. You can request corrections at any time.
Non-discriminationYour data is never used for discriminatory, unlawful, or abusive purposes.
AccountabilityWe document our practices and can demonstrate compliance with the LGPD whenever necessary.

5. On what authorization we process your data

All processing of personal data requires a valid legal basis. Depending on the situation, we rely on different grounds provided for in the LGPD:

Legal basisWhen it applies
Consent (Art. 7º, I)Sending promotional communications and newsletters, use of students’ image and voice for institutional or marketing purposes, and analytics cookies on the websites. You may withdraw your consent at any time, without penalty.
Performance of a contract (Art. 7º, V)Completing enrollment, managing the service contract, formalizing contracts with franchisees, employees, and suppliers.
Legal obligation (Art. 7º, II)Compliance with tax, labor, social security, and other legal obligations.
Protection of life (Art. 7º, III)Medical emergencies during sporting activities, in order to call health services or notify guardians.
Legitimate interest (Art. 7º, IX)Improvement of services, security of the premises, and fraud prevention, always in a proportionate manner and with respect for your rights.
Regular exercise of rights (Art. 7º, VI)Defense in judicial or administrative proceedings.

The legal basis applicable to each specific processing operation is identified in the Privacy Notice corresponding to your relationship with Time Forte.

Data of children and adolescents: the processing of data of students under 18 years of age may only be carried out with the specific and prominent consent of at least one of the parents or the legal guardian (Art. 14, §1º of the LGPD). This rule applies to all of the student’s data, including health data, image, and voice.

6. With whom we share your data

We share personal data only when necessary and with people or organizations that need the information for a specific purpose. We do not sell or transfer personal data for the commercial purposes of third parties.

In general, your data may be shared with:

  • Time Forte’s partner companies, for shared operations such as management systems, network support, and compliance, under the terms of the applicable Joint Controllership Agreement;
  • The network’s franchised units, for the provision of the contracted services;
  • Technology providers, management platforms, and payment and communication services, always under contractual obligations of security and data protection;
  • Marketing service providers, only with your authorization;
  • Public authorities, when required by law or court order.

The specific sharing arrangements for each operation (including the recipients, the purpose, and the safeguards adopted) are detailed in the corresponding Privacy Notices, available at www.timeforte.com/legal.

Every service provider that processes data on behalf of Time Forte signs a Data Processing Agreement (DPA) and undertakes to adopt security standards equivalent to ours. They may only use the data for the purposes we define.

7. International data transfer

Some of the tools we use, such as Google Analytics and Google Forms, may send data to servers located outside Brazil, mainly in the United States. These transfers are carried out on the basis of data processing contracts entered into with the providers, which include the safeguards required by Arts. 33 to 36 of the LGPD to ensure protection equivalent to that offered by Brazilian law.

8. How long we keep your data

We keep your personal data only for as long as necessary to fulfill the purpose that motivated its collection or to meet legal obligations. After the applicable periods expire, the data is securely deleted or anonymized.

The specific retention periods for each processing operation are indicated in the corresponding Privacy Notices, available at www.timeforte.com/legal.

9. How we protect your data

Protecting your data is a responsibility we take very seriously, especially because we serve children and adolescents every day. We adopt the following measures:

  • Access control: only authorized persons access personal data, with permissions limited to what is necessary for each role;
  • Secure authentication: critical systems use multi-factor authentication (MFA);
  • Encryption: data in transit is protected by encryption protocols;
  • Access logs: we keep logs for auditing purposes and for the investigation of incidents;
  • Training: employees and franchisees receive periodic training on data protection;
  • Security agreements: all third parties that process data on our behalf sign contractual obligations of confidentiality and security.

If we identify an incident that may affect your data, you will be notified and we will take all necessary measures to minimize the impact, as required by Art. 48 of the LGPD.

10. Special attention: data of children and adolescents

Our students are children and adolescents. For this reason, Art. 14 of the LGPD is one of our main references, and its application is at the center of everything we do with personal data.

What we guaranteeHow we do it
Consent of the legal guardianNo data of a student under 18 years of age is collected without the specific and prominent authorization of at least one of the parents or the legal guardian. Consent is requested clearly and separately from other authorizations.
Forms completed by the guardianAll forms for collecting students’ data are directed to the legal guardian, never directly to the child or adolescent.
Best interest of the minorThe processing of students’ data is assessed from the perspective of the direct benefit to the child. Minors’ data is not used for commercial purposes without the specific authorization of the guardian.
Health data with reinforced protectionMedical information, reports, and physical restrictions are accessed only by those who need them to ensure safety during activities, and are not shared beyond what is strictly necessary.
Image and voice with specific authorizationAny use of students’ image or voice (on social media, in institutional materials, or in campaigns) requires separate and specific authorization from the legal guardian.
Trained and committed franchiseesThe franchised units receive specific training on the protection of minors’ data and undertake contractual commitments to comply with the same standards as the franchisor.

If you are the legal guardian of a student and would like to know how your child’s data is being processed, withdraw an authorization, or exercise any right, contact us at dpo@timeforte.com or through the channel indicated in Section 11.

11. Your rights

You have rights guaranteed by the LGPD over your personal data. In the case of data of children and adolescents, these rights are exercised by the legal guardian. At any time, you may:

  • Know whether we process your data and access the stored information;
  • Request the correction of incorrect or outdated data;
  • Request the deletion of unnecessary data or data processed on the basis of consent that you have withdrawn;
  • Withdraw any authorization you have given, without penalty, which does not affect processing already carried out;
  • Know with whom we share your data;
  • Object to processing that you believe violates your rights;
  • Request the portability of your data to another provider, when technically feasible.

To exercise any right, use one of the channels below:

Data Subject Service Page (SATD)
Email: dpo@timeforte.com
Mail: Rua Barão de Ipanema, 56/301, Copacabana, Rio de Janeiro/RJ, CEP 22050-032

We respond within 15 calendar days of receiving the request.

12. Cookies

The websites of Time Forte and the network use cookies, small files saved in your browser. We use two types:

  • Essential cookies: necessary for the basic functioning of the website. Always active.
  • Analytics cookies: used to understand, in an aggregated and non-identified way, how visitors navigate the website. Activated only with your consent, obtained through the banner displayed on the first visit.

We do not use advertising cookies. You can change or withdraw your preferences at any time by clicking on “Cookie preferences” in the website footer.

13. Updates to this policy

This policy may be updated to reflect changes in legislation, in our operations, or in the ways we process personal data. Whenever there is a relevant change, we will publish the new version at www.timeforte.com/legal, with the update date indicated. The history of previous versions is available at the same address.

14. Contact our Data Protection Officer (DPO)

The Data Protection Officer (DPO) is the official channel for questions, requests, and complaints about the use of your data. The same DPO serves Time Forte and all of its partner companies.

Email: dpo@timeforte.com

Data Subject Service (SATD): Click here to access the form

Mail: Rua Barão de Ipanema, 56/301, Copacabana, Rio de Janeiro/RJ, CEP 22050-032

If you are not satisfied with our response, you can file a complaint directly with the National Data Protection Authority (ANPD).

← Back to the document index