Nutrium’s Privacy Policy

Introduction

We care for your privacy and we want to share with you everything we do with your personal data. Throughout Nutrium's Privacy Policy you will be able to check what rights you have at your disposal, what data we treat and with whom we share it, the period for which the personal data will be stored, and much more.

We made sure that this Policy is as transparent, clear and concise as possible. It is important that you read it carefully and calmly since the privacy we guarantee is only as complete as your knowledge of it.

We also recommend the full reading of the Regulation 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter GDPR), where you can learn more on privacy and protection of personal data.

Who are we?

Healthium – Healthcare Software Solutions, S.A., (hereinafter, “Healthium”), dedicates itself to the development of software, namely in the health area, being, in particular, the company responsible for the creation and development of the Nutrium software, in its various aspects. Aimed at Nutrition Clinics and Professionals, Nutrium, enables the simplification of complex tasks such as planning, analysis and creation of food plans, nutritional measurements and calculations, information management and analysis, and much more. Healthium is, therefore, the entity that manages the processing of personal data collected through the Nutrium software, acting, mainly, as processor of the Professional, pursuant to the GDPR.

Scope of this Privacy Policy

This Privacy Policy applies to all users of the website https://nutrium.io and its subdomains, whether or not they register, to all users of the mobile application, from the moment they install it on their device mobile, to all users of the platform who register for the trial period as well as for all those who actually contract our services after the trial period ends.

The application of this Privacy Policy is irrelevant to the territorial scope, applying to all users from the moment they open our website or our mobile application, no matter where they are located.

The use of the services provided by Healthium is conditioned by the acceptance of the Terms and Conditions of Use and the reading of this Policy. In the event that you do not agree to these stipulations, please do not use our services.

What data do we collect?

The collection and processing of data is fundamental to the operation of Nutrium. It's based on that data that our project is built and it's that informational core that allows us to provide you with a service in the area of nutrition and patient management that is known for its excellence. We have reviewed and limited the data collection and the period of retention of the data to the minimum necessary.

There are various sets of information and data that we collect and process. To simplify, we’ll be dividing those sets of information in three large groups: Professionals, Patients and Secretaries.

Professionals’ data

Patients’ data

Patients’ data is directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the patients’ personal data. Having said that, besides a minimum set of legally required measures, Healthium is not responsible for providing the information and guarantees imposed by the GDPR on the Professionals in regard to their relationship with the Patient.

A series of personal data might be requested by the Professional to the Patient, or recorded by observation, which may range from “simple” personal data categories (such as: billing data, user identification number, among others, such as name complete, address, cell phone, and many more) to data considered as “special” (examples of this type of data include race, personal and social history, clinical history, food history, body measurements, among other information).

Healthium only treats Patient data as it is entered by the Professional, or directly through the mobile application. The use of the mobile application is intended for use by patients and is, of course, optional and, in cases where it is used, we collect the following data:

Secretaries’ data

Like the Patients’ data, Secretaries’ data is also directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the Secretaries' personal data, and may lack consent in the context of their contractual relations to which Healthium is unrelated.

However, when using the platform, and in addition to the treatment performed on the data entered directly by the Professional, Healthium also collects some data which was already listed in relation to the Professional as "Automatically collected data", and so, we ask you to check this section.

Purposes of the processing

We use the data we collect for a series of purposes that we want to make known. Those purposes may be based on a legal obligation, the legitimate interests of Healthium, the performance of the contract or consent, depending on the case.

Data retention period

Personal data may be retained for different periods of time depending on its legal relevance or the duration of the contractual relationship. In general, following the request for deletion of the user, the data is encrypted and securely stored for the same legal period required for the retention of tax data in Portugal, that is, 10 years, pursuant to Article 130 (1), of the Decree-law no. 442-B/88, with the changes introduced by Law no. 7-A/2016, of March 30, being definitively eliminated from all our servers at the end of this period.

Subprocessors

Some of your personal data may be processed by third parties who are not part of our services. We have limited these operations to the bare minimum we need to continue to operate efficiently. To know more about our subprocessors contact us to privacy@nutrium.io or dpo@nutrium.io.

Professionals’ rights

We want to ensure that your rights are fully respected. In those situations where the automatic mechanisms already implemented do not allow us to fully guarantee these rights you can contact us through privacy@nutrium.io or dpo@nutrium.io.

Patients’ rights

We are constantly working to make the relationship between the Professional and the Patient as easy as possible to expedite. As processor of the Professional, Healthium recognizes and assists the Professional in the realization of the patients’ rights, as far as is technically possible and legally required, namely, by implementing the technical and administrative measures that appear to be most appropriate. For all those situations where there are no automated mechanisms for compliance with the Regulation we recommend that you contact our team or our Data Protection Officer.

We remind you that it is the responsibility of the Professional to collect the data subject consent, in the cases where the processing of the personal data is carried on that basis, as well as guarantee the rights of access, opposition, rectification, erasure, portability and limitation of the processing of the Patient data, whenever applicable to the specific treatment, among other obligations arising from the Regulation. It is the responsibility of the Professional to guarantee the Patient access to all rights and information to be provided under the General Data Protection Regulation.

Security

The security of your data and the services we provide are one of our highest priorities. As such, we regularly review our platforms and servers to ensure that all measures are being taken to mitigate security risks, using the most current encryption, surveillance and auditing techniques. These measures may only reflect on our servers or, otherwise, have immediate impact on our platforms, such as increased password complexity, new SSL certificates, two-step verification, and more.

Changes and amendments to this Privacy Policy

Nutrium’s Privacy Policy is subject to constant and periodic review. As a result of legal developments, recommendations issued by the control authorities, or changes to our business model, among others, we may have to amend this Policy. We recommend that you visit this page regularly and keep up with the latest updates. We will notify you whenever we make substantial changes to this Policy that might jeopardize your rights.

Contacts

If at the end of this reading you still have doubts or to exercise your rights, please contact us to:

Diogo Alves
Privacy department
Pedro Bacelar
Data Protection Officer

or

Edifício GNRATION nº 123, Praça Conde de Agrolongo
4700-312 Braga
+351 935 455 758

Data Protection Authority

Without prejudice to any claims that you may submit to Healthium or our Data Protection Officer through the contacts made available on this page, you may also submit a complaint to the Portuguese Data Protection Authority through the following contacts:

Comissão Nacional de Proteção de Dados
Rua de São Bento n.º 148-3º 1200-821 Lisboa
Number: +351 213 928 400 — Fax: +351 213 976 832
e-mail: geral@cnpd.ptwww.cnpd.pt