Privacy Policy
1. Who we are
TERAH, Lda NIPC 516595423, owner of the TERAH brand and respective website and application, is a Portuguese company that produces therapy management software.
TERAH is the Data Controller of Personal Data under Regulation (EU) 2016/679 (GDPR) and complementary legislation on personal data protection in force in the countries in which it operates.
TERAH and its employees are committed to using your personal data only for the purposes communicated to you and always in a secure and responsible manner.
We want to explain how we use your information (your ‘personal data’) when you use our services or apply for a job vacancy.
If you have any questions about this Privacy Policy, please contact our Data Protection Officer (DPO), through the email address dpo@terah.pt.
2. Personal Data
In this Privacy Policy, the term
Personal Datameans the set of information that relates to you and allows us to identify you, directly or indirectly. Your personal data may include, for example, your name, your tax identification number, your telephone contact or email address, and your interactions with us. We collect some of your personal data, for example, when you contact us. We may also receive your personal data from other companies, namely when these collect, process, or store it within the scope of the service they provide to us.
3. Personal Data that we process
3.1 When you register and use our application
What we do?
When the user registers in our application, we collect their telephone contact as identifying data for the account. During the use of the application, we may collect their name, date of birth, gender, email address and, optionally, their nationality. We will collect the name of the medication selected (by code or name) by the user and, at the user's option, we may also collect other personal data, such as blood pressure, weight and height (for BMI calculation), cholesterol and triglycerides. The data collected will allow TERAH to identify the user and notify them according to the therapy they previously defined. Should the user report a missing medication, the collected data will allow TERAH to contact the user and inform them that the medication has already been added to the database. The registration of health data and therapy also creates a history for the user's own consultation.
If you provide your consent, when a certain medication is running out, you may notify the pharmacy of your choice to reserve it. The pharmacy will collect your name, email, the name of the medication, quantity, and prescription information and will record a reservation request number. You may also, if you opt for home delivery, collect your address.
The user – as an informal caregiver, for example – may access, with authorization, the account(s) of other user(s). Access may be withdrawn at any time by the user who authorized it.
Where do we store the information and with whom do we share it?
We use service providers that allow us to create the necessary infrastructure to develop our activity, such as corporate cloud management solutions. The personal information we process will only be shared with the healthcare professional (e.g., doctor, pharmacist) or informal caregiver, with the user's own authorization.
Lawful Bases
When we collect information for registration and use of TERAH, we will rely on the lawful basis of ‘Contractual Performance’ to process the personal data necessary for account creation, under Article 6(1)(b) of the GDPR.
When we have to comply with certain legal requirements resulting from current legislation (e.g., mandatory communications to regulators or administrative authorities), we will rely on the lawful basis of ‘Legal Obligation’ to process the relevant information, under Article 6(1)(c) of the GDPR.
Regarding the processing of health data that the user decides to register on our platform, we will rely on the user's consent.
3.2 When you contact us through our contact form
What we do?
When you contact us, we will process your personal data to answer your questions or clarify our services. You can contact us through this website, using our contact form. If you do so, we will collect your first name, last name, email address and, optionally, your profession, so that you can be identified and we can provide accurate information tailored to your needs.
Where do we store the information and with whom do we share it?
We use service providers that allow us to create the necessary infrastructure to develop our activity, such as corporate case management and cloud management solutions.
Lawful Bases
When we collect information through our contact form, we will rely on the lawful basis of ‘Legitimate Interest’ to process the personal data you enter in the form, under Article 6(1)(f) of the GDPR.
3.3 When you apply for a job vacancy
What we do?
When you apply for one of our job vacancies or submit a spontaneous application, we process your information to analyze whether your professional profile is suitable for the position and the organization. The information in question may include your identification data, e.g., full name; contact details, e.g., telephone number and/or email address; and professional information that makes up your resume or cover letter.
Where do we store the information and with whom do we share it?
We rely on corporate cloud services to store information. We will not share your personal information with third parties, unless it is necessary to obtain references or confirm your professional history. If your application is unsuccessful, we will keep your information in our systems for 12 months.
Lawful Bases and automated decisions
To analyze your application, we will rely on the lawful basis of ‘Contractual Performance’, so that we can process the necessary personal data, under Article 6(1)(b) of the GDPR.
3.4 When you subscribe to our communications.
What we do?
By agreeing to subscribe to our communications, we will collect your name and email address, to which you will receive informative, commercial, or advertising content.
Where do we store the information and with whom do we share it?
The collected information will be stored in our systems as long as you maintain your consent so that we can ensure secure management of your personal data and a consequent efficient coordination of our electronic communications.
Lawful Basis
To process your personal data within the scope of your acceptance of our communications, we will rely on your consent, under Article 6(1)(a) of the GDPR.
4. Information Security
We will treat your personal information with the utmost care and respect for your rights. We implement appropriate security measures to prevent the loss, misuse or undue access, alteration, or disclosure of your personal data. Likewise, we limit access to your information only to employees, service providers, and other third parties who have an operational need to process the said information, and they will only process your personal data following TERAH's directions and will be subject, at all times, to a confidentiality obligation. Access to your personal data is encrypted in storage and in transit.
5. Information Retention
We will retain your information whenever we collect or process your personal data and until the purposes that motivated said collection are exhausted. After the respective retention period, your information will be completely deleted or anonymized, e.g., it may be aggregated with other data so that it can be used for statistical purposes without any personal identifiers.
6. How to exercise your Rights
6.1 You have the right to request:
To exercise any of the aforementioned rights, please contact our Data Protection Officer (DPO) through the email address dpo@terah.pt.
- Access to your information processed by us, free of charge
- The rectification of your personal data when it is incorrect, outdated, or incomplete
- The erasure of data we hold about you, in specific circumstances, namely, when you withdraw your consent and we have no predominant legitimate interest, or when the purpose that motivated the collection of the information is exhausted
- The portability of your data to another organization
- The restriction of processing your personal data, in specific circumstances, namely, when we are considering an objection you have raised
- Objection to the processing of your personal data, in specific circumstances, namely, when you withdraw your consent, or when you object for reasons related to your particular situation
- That we do not use your personal data for direct marketing activities
7. How to contact the Regulator
Should you be dissatisfied with our use of your personal data or with our response to your request to exercise your rights, you may lodge a complaint with the National Data Protection Commission (CNPD).
- Address: Av. D. Carlos I, 134 - 1.º, 1200-651 Lisboa
- Email address: geral@cnpd.pt
- Phone: +351 213 928 400
8. Questions?
Should you have any questions or require additional clarifications, please contact our Data Protection Officer (DPO) through dpo@terah.pt
This Privacy Policy may be updated opportunely, which will be subject to disclosure.
This policy was updated on 08/11/2024.