Privacy Policy – Nutrium's nutrition appointment service

Introduction

We care for your privacy and we want to share with you everything we do with your personal data. Throughout Nutrium's Privacy Policy you will be able to check what rights you have at your disposal, what data we process and with whom we share it, the period for which the personal data will be stored, and much more.

We made sure that this Policy is as transparent, clear and concise as possible. It is important that you read it carefully and calmly since the privacy we guarantee is only as complete as your knowledge of it.

We also recommend the full reading of the Regulation 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter GDPR), where you can learn more on privacy and protection of personal data.

Who are we?

Healthium - Healthcare Software Solutions, S.A. (hereinafter "Healthium"), based at Rua Andrade Corvo, n.º 242, Sala 106, 4700-204 Maximinos, Braga, registered under the unique registration and identification number of legal entity 513 624 503, is the Controller of your personal data within the scope of the online nutrition consultation scheduling service.

It is also the company responsible for the development of Nutrium software in its various dimensions. This software allows for the simplification of the most complex tasks of the nutrition Professionals, such as planning, analysis and creation of food plans, nutritional calculations, management and information analysis, among other functionalities.

Scope of this Privacy Policy

This Privacy Policy applies to all users of the website who use Nutrium's online appointment services from a patient's perspective ("User") via the web page https://nutrium.com/p/{professional}/schedule. Within this service, and exclusively within it, Healthium is considered, under the scope of the GDPR, to be the Controller of the personal data.

Purposes of processing and legal basis

The collection and processing of data is fundamental to the functioning of Nutrium and, in particular, to the online appointment service. It's based on that data that our project is built and it's that informational core that allows us to provide you with a quality service, putting you in touch with the best nutritionists on the market and simplifying the booking of nutrition consultations. In this context, Healthium treats your data with the following purposes and legal basis:

• User registration on the platform: registration on the Nutrium platform allows us to properly identify the User and correctly associate him/her with the professionals and consultations desired. In addition, these are the sets of data that we consider indispensable for the regular execution of the contractual relationship between the User and Healthium, under the scope of the provision of this service, and also the pre-contractual relationship between the User and the Professional that is formed with the appointment. The data we require at registration are: full name, gender, country of residence, date of birth, email and mobile phone number. The legal basis for this is the performance of the contract and the legitimate interest of Healthium, in accordance with Art. 6 (1) (b) and (f) of the GDPR.
• Provision of the appointment service: the primary objective of the service is to allow the User to schedule nutrition appointments, at a distance, with a Professional chosen from a list of professionals who are subscribed to the Nutrium service. In order to make this possible, Healthium makes available to the Professional the User's personal data relevant to the appointment making the connection between the parties and thus acting as an intermediary. The legal basis for this is the performance of the contract and the legitimate interest of Healthium, in accordance with Art. 6 (1) (b) and (f) of the GDPR.
• Direct communications: Healthium may send direct communications, by email or through notifications and text messages, such as: reminders regarding consultations; advertisement to specific professionals; dissemination of new services; newsletters, among other communications. The legal basis in this regard is the legitimate interest of Healthium under Art. 6 (1)(f) of the GDPR.
• Processing, support and analysis: this type of data collection is primarily intended to facilitate the work of our team whenever support and information regarding the use of the platform is needed. This information enables us to quickly resolve problems on our platforms or to improve them, and without it the normal operation of our service and its maintenance cannot be guaranteed. The legal basis here is consent (we refer specifically to cookies) and the legitimate interest of Healthium under art. 6(1)(a) and (f) of the GDPR.

For the purposes of processing that have as legal basis a legitimate interest of Healthium, you can request us our Legitimate Interests Assessment results at any time (only available for consultation in Portuguese and English).

Data retention period

Healthium will only store your data for as long as necessary to fulfill the purposes set out in this Policy or as long as required by applicable laws or regulations. User data is kept as long as the account is not deleted at his request. From that moment on all personal data is deleted permanently.

It is important to emphasize that Healthium is completely unrelated to the processing of personal data carried out by the Professional, therefore the deletion of data relating to the User's Nutrium account does not imply the simultaneous deletion of personal data processed by the Professional.

Transmission of data to third parties

Some of your personal data may be processed by third parties who are not part of our internal team. We have limited these operations to the bare minimum needed to continue to operate efficiently and, although in many of the cases listed below there is no real transfer of data in the classic sense of the term, we're making available to you the list of potential third parties and the respective categories of data to which they might have access.

• Nutrition Professionals: the personal data you provide to us as part of the appointment service is transferred to the Professional so that he can carry out the management and scheduling of the required appointments. The sets of data transferred are: full name, gender, country of residence, date of birth, email and mobile number.
• Analysis of the use of software: we resort to applications in order to analyze the use of our software, such as Google Analytics. These applications collect small pieces of information related to your mobile devices and browsers and the use of the platform in general. It is, therefore, a set of data that allows us to know precisely how you use the platform, the country, the date and time you enter the platform, among other information. We also collect data such as the I.P. address, the browser you access and its version, the language, your operating system, among others.
• Communications: our newsletters and contacts are sent, managed and processed by third parties specialized in mass mailing and advertising campaigns such as Mailjet.
• Support: we resort to external applications to provide support, for example, through chat.
• Data storage and processing: storage, processing and backup of your personal data is carried out securely in hosting and computing companies located mainly in Europe.
• Audits and maintenance: your data might be accessed within the scope of independent quality control and security audits of our services. All audits are subject to confidentiality and are closely monitored by the Healthium team. In addition, we use external software that helps us detect errors and debug the software.

Where the transmission of personal data to third parties involves an international transfer of personal data, Healthium:

• will carry out this transfer on the basis of a Commission adequacy decision, according to which the country or international organization in question guarantees a level of personal data protection equivalent to that under European Union law;
• if there is no Commission adequacy decision, it will ensure that such transfers are made in stringent compliance with the law and that appropriate guarantees are implemented to ensure the protection of your personal data.

The Rights of the User

We want to ensure that your rights are fully respected.In situations where the automatic mechanisms already implemented do not allow us to fully guarantee these rights you can contact us through privacy@nutrium.com or dpo@nutrium.com.

• Right of access: the data subject has the right to access information concerning him/her and to know the purposes for which his/her personal data is processed, the categories of data processed, among other information.
• Right to rectification: the data subject has the right to obtain correction of inaccurate or incomplete personal data, and where it is compatible with the purposes of processing, the right to rectify it.
• Right to erasure ("right to be forgotten"): the data subject has the right to have his personal data deleted without undue delay.
• Right to restriction of processing and right to object: these rights may be exercised, if applicable, by reaching us through the contacts provide above. In specific situations you may exercise this right automatically via the links provided for this purpose, e.g. in the case of email advertising communications.
• Right to data portability: the data subject has the right to receive, in a reusable digital format, all information concerning him, which he has provided to Healthium.
• Right to withdraw consent: where data processing is carried out on the basis of your consent, you may withdraw it at any time. Withdrawal of consent does not compromise the lawfulness of processing carried out on the basis of previously given consent.
• Opposition to automated individual decisions: automated individual decisions, including profiling, which have a significant effect on the legal impact on the Users legal sphere are not applied.

Security

The security of your data and the services we provide are one of our highest priorities. As such, we regularly review our platforms and servers to ensure that all measures are being taken to mitigate security risks, using the most current encryption, surveillance and auditing techniques. These measures may only reflect on our servers or, otherwise, have immediate impact on our platforms, such as increased password complexity, new SSL certificates, two-step verification, and more.

Use of cookies

Healthium resorts, through the web application and Nutrium software, under the web domain https://nutrium.com or/and any of its subdomains, to the use of cookies in order to improveand understand how the platform is used. They also allow to recognize when someone uses the platform as well as to offer the user a positive browsing experience. By using the platform, both Professional and Client, accept that Healthium, may use cookies for these purposes or others, as described in the Privacy Policy. Cookies consist of small text files that are placed inside the computer, tablet or phone of the Professional and the Client with their permission.

Our cookies have different functions:

Cookies strictly necessary (essential)

Allow navigation on the website and use of its applications as well as allowing access to secure areas of the website. Without these cookies, services you have requested cannot be provided. Some cookies are essential to access specific areas of our website.

Analytical cookies

These cookies are used to analyze how users use the website and monitor the performance it’s performance. This allows us to provide a high-quality experience by customizing our offer and quickly identifying and correcting any problems that arise. For example, we use performance cookies to find out what the most popular pages are, what method of connection between pages is more effective, or to determine why some pages are receiving error messages. These cookies are used only for the purpose of statistical creation and analysis, never collecting personal information in the process.

Functionality cookies

These keep the user preferences regarding the use of the website, so that it is not necessary to configure the website for each new visit.

Third party cookies

They measure the success of applications and the effectiveness of third-party advertising. They may also be used in order to customize a widget with the user data.

Cookies can be:

Permanent cookies

These remain stored, for a variable time, on the Internet browser of the devices you use to access it (PC, mobile and tablet) and they are used whenever the user makes a new visit to the website. They are typically used for direct navigation according to the user's interests, allowing us to provide a more customized service.

Session cookies

These are temporary and remain stored on your web browser until you exit the website. The information obtained allows us to identify problems and provide a better browsing experience.

How can you manage cookies?

As previously explained, cookies help you to get the most out of our site.

The vast majority of Internet browsers allow the user to accept, decline or delete cookies, in particular by selecting the appropriate settings in the software itself. This way, after authorizing the use of cookies, you can disable some or all of our cookies.

Changes and amendments to this Privacy Policy

Nutrium's Privacy Policy is subject to constant and periodic review. As a result of legal developments, recommendations issued by the control authorities, or changes to our business model, among others, we may have to amend this Policy. We recommend that you visit this page regularly and keep up with the latest updates. We will notify you whenever we make substantial changes to this Policy that might jeopardize your rights.

Data Protection Authority

Without prejudice to any claims that you may submit to Healthium or our Data Protection Officer through the contacts made available on this page, you may also submit a complaint to the Portuguese Data Protection Authority through the following contacts: