Terah - Privacy Policy

1. Who We Are

TERAH, Lda (Tax ID No. 516595423), owner of the TERAH brand and its respective website and application, is a Portuguese software company specializing in therapeutic management solutions. TERAH is the Data Controller under Regulation (EU) 2016/679 (GDPR) and applicable data protection laws in the countries where it operates. TERAH and its employees are committed to using your personal data solely for the purposes communicated to you and in a secure and responsible manner. This Privacy Policy explains how we use your personal information when you use our services or apply for a job. If you have any questions about this Privacy Policy, please contact our Data Protection Officer (DPO) at dpo@terah.pt.

2. Personal Data

In this Privacy Policy, Personal Data means any information that relates to you and enables us to identify you, directly or indirectly. Your personal data may include, for example, your name, tax identification number, phone number, email address, and your interactions with us. We collect some of your personal data when you contact us, and we may also receive personal data from other companies that collect, process, or store it on our behalf as part of the services they provide to us.

3. Personal Data that we process

3.1 When You Register and Use Our Application

What do we do?

When you register in our app, we collect your phone number as an account identifier. While using the application, we may collect your name, date of birth, gender, email address, and optionally your nationality. We also collect the name of the medication selected (by code or name), and optionally, other personal data such as blood pressure, weight and height (for BMI calculation), cholesterol, and triglyceride levels. This information enables TERAH to identify and notify you according to the treatment you have set. If you report a missing medication, we will use this data to contact you once it has been added to the database. The recorded health and therapeutic data will also create a history for your own reference. If you give your consent, when a medication is about to run out, we may notify a pharmacy of your choice to reserve it. In this case, the pharmacy will collect your name, email, medication name, quantity, prescription information, and may register a reservation number. If you choose home delivery, your address may also be collected. You may grant access to your account to another user (e.g. an informal caregiver), and that access can be revoked at any time by you.

Where is the data stored and with whom is it shared?

We use service providers that support our business infrastructure, such as enterprise cloud management solutions. Personal data is only shared with healthcare professionals (e.g., doctors, pharmacists) or informal caregivers with your explicit authorization.

Legal Bases

For account registration and usage, we rely on the legal basis of Contract Performance, under Article 6(1)(b) of the GDPR.

For fulfilling legal obligations (e.g., mandatory reporting to regulators), we rely on Legal Obligation, under Article 6(1)(c) of the GDPR.

For processing health-related data, we rely on your Consent.

3.2 When You Contact Us via Our Contact Form

What do we do?

When you contact us, we process your personal data to respond to your inquiries or clarify information about our services. If you use our website’s contact form, we will collect your first and last name, email address, and optionally your profession so we can provide tailored and accurate responses.

Where is the data stored and with whom is it shared?

We use enterprise service providers for infrastructure such as case management and cloud systems.

Legal Bases

We rely on our Legitimate Interest to process the data entered in the contact form, under Article 6(1)(f) of the GDPR.

3.3 When You Apply for a Job

What do we do?

When you apply for a job or submit an unsolicited application, we process your information to assess your suitability for the role and for our organization. This may include your name, contact details (e.g., phone number, email), and any professional information provided in your CV or cover letter.

Where is the data stored and with whom is it shared?

We store this information using cloud-based enterprise services. We do not share your personal information with third parties unless necessary for reference checks or to verify your professional background. If your application is not successful, we will retain your data for 12 months.

Legal Basis and Automated Decisions

To assess your application, we rely on Contract Performance under Article 6(1)(b) of the GDPR.

3.4 When You Subscribe to Our Communications

What do we do?

If you subscribe to our communications, we collect your name and email address to send you informational, commercial, or promotional content.

Where is the data stored and with whom is it shared?

Your data is stored securely in our systems for as long as you consent to receive our communications, ensuring proper management and coordination.

Legal Basis

We rely on your Consent, under Article 6(1)(a) of the GDPR.

4. Information Security

We treat your personal data with care and respect. We implement appropriate security measures to prevent loss, unauthorized use or access, alteration, or disclosure of your personal information. Access to your data is limited to employees, service providers, and third parties who need it for operational purposes. All such parties are bound by confidentiality obligations and will only process your data under TERAH’s instructions. All personal data is encrypted both at rest and in transit.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. After the retention period ends, your data will be deleted or anonymized—e.g., aggregated for statistical purposes without personal identifiers.

6. Your Rights

You have the right to request:

Access to your personal data, free of charge

Rectification of inaccurate, outdated, or incomplete data

Erasure of your data under certain conditions, such as when you withdraw your consent or when the purpose for collection is no longer valid

Data portability to another organization

Restriction of processing in specific circumstances, such as while a challenge to accuracy or processing is being resolved

Objection to processing, particularly when based on consent or your particular situation

That your data not be used for direct marketing purposes

To exercise any of these rights, please contact our Data Protection Officer at dpo@terah.pt.

7. Contacting the Regulator

If you are dissatisfied with our handling of your personal data or our response to a rights request, you may file a complaint with the Portuguese Data Protection Authority (CNPD):

Address: Av. D. Carlos I, 134 - 1.º, 1200-651 Lisbon

Email: geral@cnpd.pt

Phone: +351 213 928 400

8. Questions?

If you have any questions or need further clarification, please contact our Data Protection Officer at dpo@terah.pt. This Privacy Policy may be updated periodically, and any changes will be communicated. Last updated: 27/06/2025