Nutrium's Privacy Policy - Professional

1. Introduction

We care for your privacy and we want to share with you everything we do with your personal data. Throughout Nutrium's Privacy Policy you will be able to check what rights you have at your disposal, what data we treat and with whom we share it, the period for which the personal data will be stored, and much more.

We made sure that this Policy is as transparent, clear and concise as possible. It is important that you read it carefully and calmly since the privacy we guarantee is only as complete as your knowledge of it.

We also recommend the full reading of the Regulation 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter GDPR), where you can learn more on privacy and protection of personal data.

2. Who are we?

Healthium - Healthcare Software Solutions, S.A., (hereinafter, “Healthium”), dedicates itself to the development of software, namely in the health area, being, in particular, the company responsible for the creation and development of the Nutrium software, in its various aspects. Aimed at Nutrition Clinics and Professionals, Nutrium enables the simplification of complex tasks such as planning, analysis and creation of food plans, nutritional measurements and calculations, information management and analysis, and much more. Healthium is, therefore, the entity that manages the processing of personal data collected through the Nutrium software, acting, mainly, as processor of the Professional, pursuant to the GDPR.

3. Scope of this Privacy Policy

This Privacy Policy applies to all users of the website https://nutrium.com and its subdomains, whether or not they register, to all users of the mobile application, from the moment they install it on their device mobile, to all users of the platform who register for the trial period as well as for all those who actually contract our services after the trial period ends.

The application of this Privacy Policy is irrelevant to the territorial scope, applying to all users from the moment they open our website or our mobile application, no matter where they are located.

The use of the services provided by Healthium is conditioned by the acceptance of the Terms and Conditions of Use and the reading of this Policy. In the event that you do not agree to these stipulations, please do not use our services.

4. What Data do we Collect?

The collection and processing of data is fundamental to the operation of Nutrium. It's based on that data that our project is built and it's that informational core that allows us to provide you with a service in the area of nutrition and client management that is known for its excellence. We have reviewed and limited the data collection and the period of retention of the data to the minimum necessary.

There are various sets of information and data that we collect and process. To simplify, we'll be dividing those sets of information in three large groups: Professionals, Clients and Secretaries.

5. Professionals' Data

Data required from the Professional upon registration: all data entered by the Professional when registering on the platform is stored and processed. It is this registry that allows us to identify the Professional and give him access to the reserved area of query management as well as correctly connect him to the clients that he inserts. In addition, this is the data we deem indispensable, together with the billing data, so that the contractual relationship between Healthium and the Professional is carried out regularly. The data we require when registering is: the full name, the name of the primary place of work, the gender, country of residence, email and, of course, a password. In addition to these, all data voluntarily inserted by the Professionals during their use of the software is processed.

Payment data: the payment data of your monthly payment are also processed by Nutrium, although for this purpose a processor is used. Only then can we debit the amounts associated with the monthly payment you have chosen. The data required for this purpose is: a credit or debit card number, an expiration date and a security code.

Billing data: in order to comply with our tax obligations, we must ask you for some billing information such as: name, tax number, address, city, postal code and country.

Automatically collected data: in addition to the data mentioned above, we also automatically collect, through cookies and other methods and services, a set of data that allows us to know precisely how you use the platform, the country, the date and time of the login, among other information. In addition to this information we also collected other data such as the I.P. address, the browser you use to access and its version, the language, your device operating system, among others. We would like to emphasize that this type of data collection is mainly intended to facilitate the work of our team whenever you need our support. It's the collection of these groups of information that allows the quick resolution of problems on our platforms, without it we wouldn't be able to guarantee the normal operation of our service and its maintenance. For more information please check our section on how we disclose and share data with third parties (subprocessors) and our cookie policy.

6. Clients' Data

Clients' data is directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the clients' personal data. Having said that, besides a minimum set of legally required measures, Healthium is not responsible for providing the information and guarantees imposed by the GDPR on the Professionals in regard to their relationship with the Client.

A series of personal data might be requested by the Professional to the Client, or recorded by observation, which may range from “simple” personal data categories (such as: billing data, user identification number, among others, such as name complete, address, cell phone, and many more) to data considered as “special” (examples of this type of data include race, personal and social history, clinical history, food history, body measurements, among other information).

Healthium only treats Client data as it is entered by the Professional, or directly through the mobile application. The use of the mobile application is intended for use by clients and is, of course, optional and, in cases where it is used, we collect the following data:

• Data entered by the client: all data entered by the Client, be it when logging in into the mobile application or posteriorly, is stored and processed. It's this set of data that allows us to identify the Client, to give him access to their reserved area, to associate them correctly with the Professional who advised them and to give them access to their plans. Examples of such data include login credentials, but also other data such as the amount of water ingested, weight, and other information.
• Location data: with the use of the mobile application we may access information contained in the GPS of your mobile device. However, this operation is optional and must always be previously consented by the user.
• Local files, notifications and other data: on certain occasions the mobile application may access, with the Client prior consent and by their order, to local files or information stored in other applications. All these operations are optional, serving only as a way of complementing and enhancing the usefulness of the service we provide. Get to know some of the features of our application:
• Notifications: for the convenience of the Client, the Nutrium application will send notifications about their food plans, amounts of water, messages and appointments. These notifications are daily updated, automatically. This feature can be disabled at any time in the application settings.
• Health Apps: at the Client's request the Nutrium application may connect to other health applications such as Apple Health. In these cases, data on physical activity, namely, steps, distance and active calories will be collected.
• Camera and Gallery: at the Client's request, the application can access the camera and the image gallery of the mobile device, allowing the Client to take pictures and send them through message to their Professional or send images already stored in the gallery.
• Automatically collected data: in addition to the data mentioned above, we also automatically collect, through cookies and other methods and services, a set of data that allows us to know precisely how you use the platform, the country, the date and time of the login, among other information. In addition to this information we also collected other data such as the I.P. address, the browser you use to access and its version, the language, your device operating system, among others. We would like to emphasize that this type of data collection is mainly intended to facilitate the work of our team whenever you need our support. It's the collection of these groups of information that allows the quick resolution of problems on our platforms, without it we wouldn't be able to guarantee the normal operation of our service and its maintenance. For more information please check our section on how we disclose and share data with third parties (subprocessors) and our cookie policy.

7. Secretaries' Data

Like the Clients' data, Secretaries' data is also directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the Secretaries' personal data, and may lack consent in the context of their contractual relations to which Healthium is unrelated.

However, when using the platform, and in addition to the treatment performed on the data entered directly by the Professional, Healthium also collects some data which was already listed in relation to the Professional as "Automatically collected data", and so, we ask you to check this section.

8. Purposes of the Processing

We use the data we collect for a series of purposes that we want to make known. Those purposes may be based on a legal obligation, the legitimate interests of Healthium, the performance of the contract or consent, depending on the case.

• Provision of our service: we use the vast majority of the data entered, either by Professionals or Clients, so that we can provide our service as efficiently as possible within the contractual relationship established between Healthium and the Professional.
• Maintenance and improvement of services: we conduct behavioral analysis of the use made by the Professionals and by the Clients of the website and the mobile application. It is fundamentally this type of analysis that allows us to determine the usefulness of certain functionalities and change or correct them depending on the result. In addition, we may use your non-anonymized data in the context of the communication of a bug or error in the software by the user and always with the purpose of solving it. We can also, for example, at the request of the user, copy data between accounts.
• Customer support: it is essential for the quality of our service that we can answer efficiently to all the questions you ask us, using for that purpose any personal data that we deem necessary for the contact and resolution of the question that may arise, which may be, depending on the case, your full name, your email, your mobile phone number or your address, among other information. In addition to this data and with the same purpose, we may collect usage statistics of our platforms.
• Billing: it would be impossible for us to comply with our legal and tax obligations if we did not address the processing of some billing information. It is only for this purpose that we collect, at the time of payment, personal data such as the tax identification number, among others already listed above.
• Legal matters: we may use your personal data to comply with court orders and tax and administrative inspections, among other legal requirements. In the eventuality of a court order, all personal data, be it from a simple or special category, of the Professionals' or Clients', may be, if our legal team agrees with the legal basis of the warrant, made available in full to the administrative or judicial authority in question.
• Marketing: we may use your data to send you emails, notifications, text messages and postal mail. We will never do it, however, without your express authorization and you can freely choose not to subscribe and continue enjoying the rest of our services. In order to provide you with a tailor-made experience, the processing of such communications may be subject to automated individual decision-making, including profiling.
• Security and contractual purposes: we use your data to perform behavior analysis in order to prevent or address suspicious or fraudulent conducts and to ensure that the contractual relationship between Healthium and the Professional is timely met.

The processing of Google user data, collected in integrations such as Google Calendar and Google Fit, is used only to provide and improve the functionality of the services provided by Healthium, in accordance with the terms of the Google Privacy Policy.

9. Data Retention Period

Personal data may be retained for different periods of time depending on its legal relevance or the duration of the contractual relationship. In general, following the request for deletion of the user, the data is encrypted and securely stored for the same legal period required for the retention of tax data in Portugal, that is, 10 years, pursuant to Article 130 (1), of the Decree-law no. 442-B/88, with the changes introduced by Law no. 7-A/2016, of March 30, being definitively eliminated from all our servers at the end of this period.

10. Subprocessors

Some of your personal data may be processed by third parties who are not part of our services. We have limited these operations to the bare minimum we need to continue to operate efficiently. To know more about our subprocessors contact us through privacy@nutrium.com or dpo@nutrium.com or see our Data Processing Agreement.

• Analysis of the use of software: we resort to applications in order to analyze the use of our software, such as Google Analytics.
• Payment Details: payment data is fully processed by external payment services such as Paypal.
• Email marketing: our newsletters and contacts are sent, managed and processed by third parties specialized in mass mailing and advertising campaigns such as Mailjet.
• Advertising: we use analysis tools for marketing and advertising purposes.
• Support: we use external applications to provide support, for example, through chat.
• Data storage and processing: storage, processing and backup of your personal data is carried out securely in hosting and computing companies located mainly in Europe.
• Audits and maintenance: your data might be accessed within the scope of independent quality control and security audits of our services. All audits are subject to confidentiality and are closely monitored by the Healthium team. In addition, we use external software that helps us detect errors and debug the software.
• Other processors and services: in addition to the services listed above we may interconnect with social networks like Linkedin, Twitter, Bing and other services like Outlook, Google Fit, among others.

11. Professionals' Rights

We want to ensure that your rights are fully respected. In those situations where the automatic mechanisms already implemented do not allow us to fully guarantee these rights you can contact us through privacy@nutrium.com or dpo@nutrium.com.

• Right of access: the data subject has the right to access the information concerning him, namely the purposes of the processing, the categories of personal data processed, and other information. You are already able to instantly access most of this information in your profile area.
• Right to rectification: the data subject has the right to obtain correction of inaccurate or incomplete personal data, and where it is compatible with the purposes of processing, the right to rectify it. You are already able to correct and rectify most of your personal data in your profile area.
• Right to erasure (“right to be forgotten”): the data subject has the right to obtain the erasure of personal data concerning him without undue delay. Starting from this request the countdown for the total and definitive deletion of the data of all the servers begins.
• Right to restriction of processing and right to object: these rights may be exercised, if applicable, by reaching us through the contacts provide above.
• Right to data portability: the data subject has the right to receive, in a reusable digital format, all information concerning him, which he has provided to Healthium.

12. Clients' Rights

We are constantly working to make the relationship between the Professional and the Client as easy as possible to expedite. As processor of the Professional, Healthium recognizes and assists the Professional in the realization of the clients' rights, as far as is technically possible and legally required, namely, by implementing the technical and administrative measures that appear to be most appropriate. For all those situations where there are no automated mechanisms for compliance with the Regulation we recommend that you contact our team or our Data Protection Officer.

We remind you that it is the responsibility of the Professional to collect the data subject consent, in the cases where the processing of the personal data is carried on that basis, as well as guarantee the rights of access, opposition, rectification, erasure, portability and limitation of the processing of the Client data, whenever applicable to the specific treatment, among other obligations arising from the Regulation. It is the responsibility of the Professional to guarantee the Client access to all rights and information to be provided under the General Data Protection Regulation.

13. Security

The security of your data and the services we provide are one of our highest priorities. As such, we regularly review our platforms and servers to ensure that all measures are being taken to mitigate security risks, using the most current encryption, surveillance and auditing techniques. These measures may only reflect on our servers or, otherwise, have immediate impact on our platforms, such as increased password complexity, new SSL certificates, two-step verification, and more.

14. Changes and Amendments to this Privacy Policy

Nutrium's Privacy Policy is subject to constant and periodic review. As a result of legal developments, recommendations issued by the control authorities, or changes to our business model, among others, we may have to amend this Policy. We recommend that you visit this page regularly and keep up with the latest updates. We will notify you whenever we make substantial changes to this Policy that might jeopardize your rights.

Data Protection Authority

Without prejudice to any claims that you may submit to Healthium or our Data Protection Officer through the contacts made available on this page, you may also submit a complaint to the Portuguese Data Protection Authority through the following contacts: