We also recommend the full reading of the Regulation 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter, the “GDPR”), where you can learn more on privacy and protection of personal data.
Who we are:
Nutriapptech, dedicates itself to the development of software and in particular, the company responsible for the creation and development of the Nutriapptech specialised CRM software, in its various aspects. Aimed at Nutrition and/or Dietitian Professionals, nutriapptech software simplifies tasks performed by the professionals, such as management and analysis of nutritional information of their clients, meal planning, follow-up of the client's, and much more. Nutriapptech is, therefore, the entity that manages the processing of personal data collected through the Nutriapptech software, acting, mainly, as processor of the Professional, pursuant to the GDPR.
The use of the services provided by Nutriapptech is conditioned by the acceptance of the Terms and Conditions of Use and the reading of this Policy. In the event that you do not agree to these stipulations, please do not use our services.
What data do we collect?
The collection and processing of data is fundamental to the operation of Nutriapptech. It is based on that data that our project is built and it's that informational core that allows us to provide you with a service in the area of diet and/or nutrition and client management. We have reviewed and limited the data collection and the period of retention of the data to the minimum necessary.
There are various sets of information and data that we collect and process. To simplify, we’ll be dividing those sets of information in three large groups: Professionals, Clients and Secretaries.
- Data required from the Professional upon registration: all data entered by the Professional when registering on the platform is stored and processed. It is this registry that allows us to identify the Professional and give him access to the reserved area of query management as well as correctly connect him to the clients that he inserts. In addition, this is the data we deem indispensable, together with the billing data, so that the contractual relationship between Nutriapptech and the Professional is carried out regularly. The data we require when registering is Name, Surname, Email, Password, Company name, Company VAT, Address, Billing address, Telephone/mobile. In addition to these, all data voluntarily inserted by the Professionals during their use of the software is processed.
- Payment data: the payment data of your monthly payment are also processed by Nutriapptech, although for this purpose a processor is used. Only then can we debit the amounts associated with the monthly, quarterly, semi-annually, or yearly payment you have chosen. The data required for this purpose is: a credit or debit card number, an expiration date, and a security code.
- Billing data: to comply with our tax obligations, we must ask you for some billing information such as: name, tax number, address, city, postal code and country.
Clients’ data is directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the clients’ personal data. Having said that, besides a minimum set of legally required measures, Nutriapptech is not responsible for providing the information and guarantees imposed by the GDPR on the Professionals regarding their relationship with the Client.
A series of personal data might be requested by the Professional to the Client, or recorded by observation, which may range from “simple” personal data categories, such as: name complete, address, cell phone, email, and many more to data considered as “special”. Examples of this type of data include clinical history, food history, body measurements, among other information.
Nutriapptech only treats Client data as it is entered by the Professional, or directly through the mobile application. The use of the mobile application is intended for use by clients and is, optional and, in cases where it is used, we collect the following data:
- Data entered by the client: all data entered by the Client, be it when logging in into the mobile application or posterior, is stored and processed. It is this set of data that allows us to identify the Client, to give him access to their reserved area, to associate them correctly with the Professional who advised them and to give them access to their plans. Examples of such data include login credentials, but also other data such as weight, and other information.
- Location data: with the use of the mobile application, we may access information contained in the GPS of your mobile device. However, this operation is optional and must always be previously consented by the user.
- Local files, notifications, and other data: on certain occasions the mobile application may access, with the Client prior consent and by their order, to local files or information stored in other applications. All these operations are optional, serving only as a way of complementing and enhancing the usefulness of the service we provide. Get to know some of the features of our application:
- Notifications: for the convenience of the Client, the Nutriapptech application will send notifications about their food plans and appointments. These notifications are daily updated, automatically. This feature can be disabled at any time in the application settings.
- Health Apps: at the Client's request the Nutriapptech application may connect to other health applications such as Apple Health and Google Fit. In these cases, data on physical activity, namely, steps, distance and active calories will be collected.
Like the Clients’ data, Secretaries’ data is also directly collected, for the most part, by the Professional. He is the controller and the main responsible for the processing of the Secretaries' personal data and may lack consent in the context of their contractual relations to which Nutriapptech is unrelated.
However, when using the platform, and in addition to the treatment performed on the data entered directly by the Professional, Nutriapptech also collects some data which was already listed in relation to the Professional as "Automatically collected data", and so, we ask you to check this section.
Purposes of the processing
We use the data we collect for a series of purposes that we want to make known. Those purposes may be based on a legal obligation, the legitimate interests of Nutriapptech, the performance of the contract or consent, depending on the case.
- Provision of our service: we use most of the data entered, either by Professionals or Clients, so that we can provide our service as efficiently as possible within the contractual relationship established between Nutriapptech and the Professional.
- Maintenance and improvement of services: we conduct behavioural analysis of the use made by the Professionals and by the Clients of the website and the mobile application. It is fundamentally this type of analysis that allows us to determine the usefulness of certain functionalities and change or correct them depending on the result. In addition, we may use your non-anonymous data in the context of the communication of a bug or error in the software by the user and always with the purpose of solving it.
- Customer support: it is essential for the quality of our service that we can answer efficiently to all the questions you ask us, using for that purpose any personal data that we deem necessary for the contact and resolution of the question that may arise, which may be, depending on the case, your full name, your email, your mobile phone number, or your address, among other information. In addition to this data and with the same purpose, we may collect usage statistics of our platforms.
- Billing: For us to comply with our legal and tax obligations if we need to address the processing of billing information. It is only for this purpose that we collect, at the time of payment, personal data such as the tax identification number, among others already listed above.
- Legal matters: we may use your personal data to comply with court orders and tax and administrative inspections, among other legal requirements. In the eventuality of a court order, all personal data, be it from a simple or special category, of the Professionals’ or Clients’, may be, if our legal team agrees with the legal basis of the warrant, made available in full to the administrative or judicial authority in question.
- Marketing: we may use your data to send you email, notifications, text messages and postal mail. We will never do it, however, without your express authorization and you can freely choose to unsubscribe and continue enjoying the rest of our services. To provide you with a tailor-made experience, the processing of such communications may be subject to automated individual decision-making, including profiling.
- Security and contractual purposes: we use your data to perform behaviour analysis to prevent or address suspicious or fraudulent conducts and to ensure that the contractual relationship between Nutriapptech and the Professional is timely met.
Data retention period
Retention of Your Personal Information nutriapptech retains your personal information for as long as is necessary to fulfil the purpose for which it was collected. We may retain your personal information for longer if it may be the subject of a legal claim, or may otherwise be relevant for future litigation. Where you tell us that you no longer wish to receive marketing messages about nutriapptech’s services, we will keep this information about you until you tell us otherwise. This is to ensure that we don’t send you any further marketing communications in error.
Some of your personal data may be processed by third parties who are not part of our services. We have limited these operations to the bare minimum we need to continue to operate efficiently.
- Analysis of the use of software: we resort to applications to analyze the use of our software, such as Google Analytics.
- Payment Details: payment data is fully processed by external payment services such as Paypal and braintree.
- Email marketing: our newsletters and contacts are sent, managed, and processed by third parties specialized in mass mailing and advertising campaigns such as Mailchimp.
- Advertising: we use analysis tools for marketing and advertising purposes.
- Support: we use external applications to provide support, for example, through chat.
- Data storage and processing: storage, processing and backup of your personal data is carried out securely in hosting and computing companies located mainly in Europe.
- Audits and maintenance: your data might be accessed within the scope of independent quality control and security audits of our services. All audits are subject to confidentiality and are closely monitored by the Nutriapptech team. In addition, we use external software that helps us detect errors and debug the software.
- Other processors and services: in addition to the services listed above we may interconnect with social networks like Linkedin, Twitter, Facebook, Instagram and other services like Outlook, Google Fit, Apple Health among others.
We want to ensure that your rights are fully respected. In those situations where the automatic mechanisms already implemented do not allow us to fully guarantee these rights.
Right of access: the data subject has the right to access the information concerning him/her, namely the purposes of the processing, the categories of personal data processed, and other information. You are already able to instantly access most of this information in your profile area.
- Right to rectification: the data subject has the right to obtain correction of inaccurate or incomplete personal data, and where it is compatible with the purposes of processing, the right to rectify it. You are already able to correct and rectify most of your personal data in your profile area.
- Right to erasure (“right to be forgotten”): the data subject has the right to obtain the erasure of personal data concerning him without undue delay. Starting from this request the countdown for the total and definitive deletion of the data of all the servers begins.
- Right to restriction of processing and right to object: these rights may be exercised, if applicable, by reaching us through email.
- Right to data portability: the data subject has the right to receive, in a reusable digital format, all information concerning him, which he has provided to Nutriapptech.
We are constantly working to make the relationship between the Professional and the Client as easy as possible. As processor of the Professional Nutriapptech recognizes and assists the Professional in the realization of the clients’ rights, as far as is technically possible and legally required, namely, by implementing the technical and administrative measures that appear to be most appropriate. For all those situations where there are no automated mechanisms for compliance with the Regulation, we recommend that you contact our team or our Data Protection Officer.
We remind you that it is the responsibility of the Professional to collect the data subject consent, in the cases where the processing of the personal data is carried on that basis, as well as guarantee the rights of access, opposition, rectification, erasure, portability and limitation of the processing of the Client data, whenever applicable to the specific treatment, among other obligations arising from the Regulation. It is the responsibility of the Professional to guarantee the Client access to all rights and information to be provided under the General Data Protection Regulation.
The security of your data and the services we provide are one of our highest priorities. As such, we regularly review our platforms and servers to ensure that all measures are being taken to mitigate security risks, using the most current encryption, surveillance and auditing techniques. These measures may only reflect on our servers or, otherwise, have immediate impact on our platforms, such as increased password complexity, new SSL certificates, two-step verification, and more.