We made sure that this Policy is as transparent, clear and concise as possible. It is important that you read it carefully and calmly since the privacy we guarantee is only as complete as your knowledge of it.
We also recommend the full reading of the Regulation 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter GDPR), where you can learn more on privacy and protection of personal data.
Healthium – Healthcare Software Solutions, S.A., (hereinafter, “Healthium”), dedicates itself to the development of software, namely in the health area, being, in particular, the company responsible for the creation and development of the Nutrium software, in its various aspects. Aimed at Nutrition Clinics and Professionals, Nutrium, enables the simplification of complex tasks such as planning, analysis and creation of food plans, nutritional measurements and calculations, information management and analysis, and much more. Healthium is, therefore, the entity that manages the processing of personal data collected through the Nutrium software, acting, mainly, as processor of the Professional, pursuant to the GDPR.
The use of the services provided by Healthium is conditioned by the acceptance of the Terms and Conditions of Use and the reading of this Policy. In the event that you do not agree to these stipulations, please do not use our services.
The collection and processing of data is fundamental to the operation of Nutrium. It's based on that data that our project is built and it's that informational core that allows us to provide you with a service in the area of nutrition and patient management that is known for its excellence. We have reviewed and limited the data collection and the period of retention of the data to the minimum necessary.
There are various sets of information and data that we collect and process. To simplify, we’ll be dividing those sets of information in three large groups: Professionals, Patients and Secretaries.
Patients’ data is directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the patients’ personal data. Having said that, besides a minimum set of legally required measures, Healthium is not responsible for providing the information and guarantees imposed by the GDPR on the Professionals in regard to their relationship with the Patient.
A series of personal data might be requested by the Professional to the Patient, or recorded by observation, which may range from “simple” personal data categories (such as: billing data, user identification number, among others, such as name complete, address, cell phone, and many more) to data considered as “special” (examples of this type of data include race, personal and social history, clinical history, food history, body measurements, among other information).
Healthium only treats Patient data as it is entered by the Professional, or directly through the mobile application. The use of the mobile application is intended for use by patients and is, of course, optional and, in cases where it is used, we collect the following data:
Like the Patients’ data, Secretaries’ data is also directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the Secretaries' personal data, and may lack consent in the context of their contractual relations to which Healthium is unrelated.
However, when using the platform, and in addition to the treatment performed on the data entered directly by the Professional, Healthium also collects some data which was already listed in relation to the Professional as "Automatically collected data", and so, we ask you to check this section.
We use the data we collect for a series of purposes that we want to make known. Those purposes may be based on a legal obligation, the legitimate interests of Healthium, the performance of the contract or consent, depending on the case.
Personal data may be retained for different periods of time depending on its legal relevance or the duration of the contractual relationship. In general, following the request for deletion of the user, the data is encrypted and securely stored for the same legal period required for the retention of tax data in Portugal, that is, 10 years, pursuant to Article 130 (1), of the Decree-law no. 442-B/88, with the changes introduced by Law no. 7-A/2016, of March 30, being definitively eliminated from all our servers at the end of this period.
Some of your personal data may be processed by third parties who are not part of our services. We have limited these operations to the bare minimum we need to continue to operate efficiently. To know more about our subprocessors contact us to firstname.lastname@example.org or email@example.com.
We want to ensure that your rights are fully respected. In those situations where the automatic mechanisms already implemented do not allow us to fully guarantee these rights you can contact us through firstname.lastname@example.org or email@example.com.
We are constantly working to make the relationship between the Professional and the Patient as easy as possible to expedite. As processor of the Professional, Healthium recognizes and assists the Professional in the realization of the patients’ rights, as far as is technically possible and legally required, namely, by implementing the technical and administrative measures that appear to be most appropriate. For all those situations where there are no automated mechanisms for compliance with the Regulation we recommend that you contact our team or our Data Protection Officer.
We remind you that it is the responsibility of the Professional to collect the data subject consent, in the cases where the processing of the personal data is carried on that basis, as well as guarantee the rights of access, opposition, rectification, erasure, portability and limitation of the processing of the Patient data, whenever applicable to the specific treatment, among other obligations arising from the Regulation. It is the responsibility of the Professional to guarantee the Patient access to all rights and information to be provided under the General Data Protection Regulation.
The security of your data and the services we provide are one of our highest priorities. As such, we regularly review our platforms and servers to ensure that all measures are being taken to mitigate security risks, using the most current encryption, surveillance and auditing techniques. These measures may only reflect on our servers or, otherwise, have immediate impact on our platforms, such as increased password complexity, new SSL certificates, two-step verification, and more.
If at the end of this reading you still have doubts or to exercise your rights, please contact us to:
Without prejudice to any claims that you may submit to Healthium or our Data Protection Officer through the contacts made available on this page, you may also submit a complaint to the Portuguese Data Protection Authority through the following contacts: