1. What is GDPR

1.1 GDPR definition and purpose

GDPR stands for General Data Protection Regulation (GDPR), and it replaces the Data Protection Directive 95/46/EC.

GDPR constitutes European Union legislation and is designed to make data privacy laws more consistent across the European Union, and to grant more rights to individuals about how their personal data is handled by organizations.

1.2 When does GDPR come into effect?

The GDPR comes into effect on May 25, 2018. The policies and procedures detailed in this document will be effective from May 25, 2018 onwards.

1.3 What is personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.

Examples may include an individual's name, email address, bank details, medical information, computer IP address, etc.

1.4. Who does GDPR apply to

The GDPR affects organizations in the European Union, and any other organization holding personal data of EU residents, or offering goods/services to EU residents regardless of the location of the organization.

2. Data processors and controllers

2.1 Definition

GDPR Article 4 defines a data processor as:

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Most of NutriAdmin's users, including nutritionists, dietitians, health and fitness professionals will qualify as "data controllers" under GDPR.

One of the key aspects, from the point of view of a controller looking to comply with GDPR, is to partner with "data processors" in such a way that personal data is treated in a way compatible with the regulation.

At NutriAdmin, we are data processors for nutritionists and dietitians that work with client/patient data. Our main goal is to allow users of our software to securely store, access, manipulate, and (when required) delete client data.

According to GDPR article 28:

Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.

2.2 NutriAdmin's duties as a data processor

NutriAdmin helps users comply with GDPR by:

  • Enforcing technical and administrative security measures so that data is secure (e.g. data encryption at rest and transit, data backups, logging, etc). Click here to learn more.
  • Enabling the user to satisfy individuals' rights – client requests to:
    • Delete all their data in NutriAdmin (Right to be forgotten)
    • Download a copy of all their data in NutriAdmin in a computer format (csv and/or json)
    • Download a human-readable copy of their data (reports, meal plans)
  • Breach notification within 72 hours as specified by GDPR Art. 33. Read more below.
  • Other measures as detailed in this document.

Details of how NutriAdmin achieves/enables the points listed above are collected in this article

NutriAdmin will safeguard user data and not disclose it to third parties unless consent is given by the owner of the data, or unless it is in accordance to our policies. We keep the data on behalf of the user (e.g. nutritionist, dietitian, health professional) but we do not use it directly for any commercial purposes, research purposes, or for any other pursuit that would endanger the privacy/security of the data.

Processors/sub-processors can only process personal data on behalf of data controllers when authorized to do so by the controllers. That means there cannot be any initiatives for using personal data when NutriAdmin has no clear mandate (GDPR Article 29).

NutriAdmin, as a data processor, has the duty to cooperate with the supervisory authority (ICO) when asked to do so (GDPR Article 31).

Article 28 continues to underline the obligations of Processors in section 28.3(f):[The Processor is required to] assist the controller in ensuring compliance with the obligations pursuant to Article 32 – 36

2.3 NutriAdmin's subcontractors/partners

Another consideration with regards to GDPR compliance is that a "data processor" can outsource or delegate some of its work to yet another "data processor" (or subprocessor). The regulation mandates that this will only be permissible when the subprocessor also adheres to GDPR regulation.

At the moment, NutriAdmin partners mainly with Google, Amazon, and Microsoft, all compliant. We use Google for email, calendar, file storage, Analytics, Adwords, and we use Microsoft for hosting with Azure, and for code version control with Visual Studio Team Services. We use AWS to deliver phone verification sms codes and transactional emails. We also may use Twilio to deliver sms phone codes.

We also use Chime from AWS. This is a secure HIPAA-compliant service that enables videochat/videocalling in NutriAdmin.

Click here to read more about Google's compliance:
https://privacy.google.com/businesses/compliance
https://www.google.com/cloud/security/gdpr/

Click here to read more about Microsoft's compliance:
https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR

Click here to read about Amazon Privacy:
https://www.amazon.co.uk/gp/help/customer/display.html/ref=gss?nodeId=502584

Other partners of NutriAdmin that may have access to a small subset of user personal data include Stripe, and Adroll.

Stripe is used mainly for proccessing payments for the use of NutriAdmin's software, and it can hold the user's billing information. Stripe is secure and we require it for billing.

Adroll is used for advertising via the use of cookies. More information below.

NutriAdmin subcontracts some development work to RECOM - Cedzynska 35 PL-25-362 Kielce, Poland. Recom's staff has security training and does not have direct access to any personal information – just to some components of our software's application code.

3. What data does NutriAdmin hold and how it is used

This section describes what data NutriAdmin stores, where the data is shared, what is the lawful basis (Art. 5-6 GDPR) for using the data, and which third-parties may have access to it.

NutriAdmin stores, transmits, created or manages the following kinds of data:

  1. Nutritional information and other non-personal data
  2. User data
  3. User's clients' data
  4. Data stored in third-party services
  5. Cookies data
  6. Web visitor data

NutriAdmin's servers and data are located in West Europe and managed by Microsoft Azure.

3.1. Non-personal data

This includes food nutrition data, recipes, meal plans, and other nutrition related data, as well as admin-related data that is not considered "personal data" under GDPR.

NutriAdmin also may use a Microsoft product called Application Insights. This is a software that may use cookies to anonymously report software errors, glitches, and performance data for the application. Diagnostic and quality tools like Application Insights are used for the sole purpose of improving the quality of the software, and they never record or process personal data.

3.2. User data

When a user signs up to use NutriAdmin, we store the following data:

  • User's full name
  • user's email address
  • user password (hashed)
  • user payment token*
  • user phone number, company address, company logo (if optionally provided by user)
  • user settings (e.g. timezone, layout preferences, calendar preferences, and other non-personal data)

*payment token: We use Stripe in order to bill our clients for the use of our software service, NutriAdmin. Stripe is a leading online payments processing company that is PCI compliant and has strict security standards.

When a user enters their billing information in NutriAdmin, this data is send securely to Stripe. Then, Stripe stores this data securely and returns a payment token to NutriAdmin. This payment token is a unique identifier that links the user at NutriAdmin with their corresponding Stripe account.

Using the payment token system means that NutriAdmin does not have access to a user's card number, or CVC/CVV code. This sensitive information is stored securely by Stripe.

All user data mentioned above is provided explicitly by the user when they register to use NutriAdmin. The user provides this information directly, by filling a form.

The user's name, email, password, and billing information (payment token) are required to use the service and manage billing - this constitutes the lawful basis for collecting this information. On the other hand, the phone number, company address, and logo are optionally provided by the user in a form. A user's company address may be used in invoices if necessary.

We only use the phone of the user if there is a need to communicate an urgent concern regarding their account (e.g. if we suspect there has been a security incident), for occasional technical support if required, or to verify a user's identity in some instances when the user requests an important change to their account (e.g. changing their email). Crucially, we do not use phone numbers/addresses for marketing purposes, such as cold-calling or mailing offers to users unless we have gained explicit permission from the user. A user's phone number can be provided optionally.

We share the user's name, email address, billing information, and company address with Stripe in order to manage the user's billing. For more information about Stripe's security policies, please check https://support.stripe.com/

Data held in Stripe is also used for accounting purposes and to comply with tax laws. In the event of sharing billing information with an accountant or financial advisor, we will always share the minimum amount of information required for the purposes of accounting/tax or other financial-related tasks to be carried out by a professional.

We don't share a user's data with any other third parties, unless explicit permission is provided by the user or unless the specific case is covered in our policies. Some of our subcontractors may delegate some of their tasks/services to yet other subcontractors, but our subcontractors are contractually bound to maintain security and data privacy.

Users can access their data by login in with their email/password at any time. Users can also download all their data in bulk at any time (check this article for more information), or request the permanent deletion of all their data as specified in this article.

3.3. User's clients' data

NutriAdmin allows users (typically nutritionists and dietitians) to store data about their own clients or patients.

NutriAdmin users have the freedom to create and manage any kind of data in the system. Mostly, data will be entered in the form of plain text, formatted text, images, or links to websites, although it could include voice recordings and media in some instances.

The above said, the most noteworthy kinds of personal data users typically create in NutriAdmin will include:

  • patient name, gender, date of birth
  • patient height, weight, and other anthropometric measurements
  • contact numbers, addresses, email
  • medical history, medication data
  • in some cases, genetic analysis or biometric data.
  • records of payments/transactions

NutriAdmin has security measures and processes in place to ensure data entered by users is secure. Some of these measures include encryption, data backups, redundancy, firewalls, etc. The following page provides more details on security at NutriAdmin: https://nutriadmin.com/docs/hipaa-and-hitech-compliance-nutriadmin/

NutriAdmin acts as a processor and stores data entered by the user on their behalf. NutriAdmin does not use personal client/patient data entered by users of any ends other that safely storing the data and making it available to the user. NutriAdmin staff can only access a user's clients' data when permission is given by the user so that a technical support issue can be investigated (e.g. a particular client record or component of the software is not loading properly, or a data backup must be restored for a particular client).

It is the responsibility of the user to obtain proper consent from their own clients/patients to enter their data into NutriAdmin (or any other system for that matter). In the case of children, the user should receive consent from the parents or legal guardian before processing a child's data. In case of doubt, the user should seek professional legal advice and consult the GDPR legislation.

One way a user can obtain consent from their clients/patients, is by using a NutriAdmin custom questionnaire. The following article provides suggestions: https://nutriadmin.com/docs/how-to-add-a-disclaimer-or-legal-information-to-a-questionnaire/

To facilitate the user's compliance with GDPR, NutriAdmin easily allows users to access, create, edit, and delete their client's data. For instance, NutriAdmin software easily allows users to amend or edit any of their client's details if they are incorrect or if the client requests it. The user can also readily download a copy of all of their client's data (click here to learn more) or permanently delete all data associated with a particular client (click here to learn more – this is typically referred to as the right to be forgotten).

NutriAdmin allows users to process online payments from their clients/patients. This is achieved by using Stripe Connect. NutriAdmin provides an interface for a client to enter their billing information and pay the user online. When a client pays for services online using Stripe Connect, NutriAdmin only transmits the data securely to the user's Stripe account, and does not store the client's billing information.

NutriAdmin also allows users to optionally sync their calendar in NutriAdmin with Google Calendar. Users should review the security/privacy implications of taking this action. To learn more about Google and GDPR, please check https://www.google.com/cloud/security/gdpr/

3.4 Data stored in third-party services

3.4.1 Google Analytics and Adwords

We use "Google Analytics", a web analytics service provided by Google LLC. (“Google”). NutriAdmin uses Google Analytics in most of the web pages under the nutriadmin.com domain. Google Analytics collects statistical information about the website by using cookies. This data is used by NutriAdmin to learn about how users interact with the website, e.g.:

  • which pages receive more traffic
  • which buttons in the website are clicked more often
  • from which countries does the traffic come from
  • etc

NutriAdmin also uses Google Adwords to show Google Search ads for specific keywords. E.g. when someone searches in Google for "software for nutritionists", NutriAdmin may show up as an ad in the Google search results. NutriAdmin only keeps track of anonymized data via Analytics and Adwords:

  • websites visited
  • countries where the traffic originates
  • conversion tracking (when certain webpages are visited an anonymous conversion is recorded)
  • etc

NutriAdmin uses Google Analytics and Adwords in a way that is compliant with GDPR because NutriAdmin does not collect any personally identifiable (PII) data via Google Analytics or Adwords. Since GDPR grants rights to individuals with regards to their PII, these rights do not apply in the case of Google Analytics or Adwords data for NutriAdmin.

What this means is that, if a Google employee or a NutriAdmin employee where to analyze the data stored in NutriAdmin's Google Analytics or Adwords accounts, it wouldn't be possible to identify an individual or to link a particular set of data with a specific person. This is in accordance to Google Analytic's terms of use.

NutriAdmin ensures IP anonymization is enabled before sending data from NutriAdmin to Google Analytics. This is a process where the IP address of a visitor to NutriAdmin's website (which could constitute PII) is modified so that it cannot be used to identify an individual. The following page explains this process in detail:
https://support.google.com/analytics/answer/2763052?hl=en

NutriAdmin is the sole operator of the Google Analytics and Adwords accounts we use to keep track of the data described in this section. We do not work with any agencies to take care of our Google Analytics or Adwords accounts. The only personnel that has access to the Google Analytics and Adwords accounts is NutriAdmin's top management.

You can prevent the installation of cookies by changing the settings of your browser. Please note, however, that this may prevent some of our services’ feature from working correctly. Alternatively you can prevent the collection of the cookie data and your website usage data (including your IP address) by Google and the processing of such data by Google by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout.

You can also disable Google Analytics in NutriAdmin specifically by clicking the button in our cookies policy at https://nutriadmin.com/docs/cookies-policy/

Other ways in which we ensure there is no PII sent to Google Analytics and Adwords are:

  • We periodically audit the data in Google Analytics and Adwords to ensure no personal information is being collected
  • We keep it simple, we mostly just track statistical information such as the number of visits to pages within NutriAdmin and the number of times some buttons in the page are clicked
  • We don't send names, emails, usernames, user ids, phone numbers to Google Analytics or Adwords or any other pieces of data that could constitute PII.

NutriAdmin has accepted all relevant data protection agreements and contracts related to GDPR with Google.

Google Analytics' Data Collection for Advertising Features options are switched off for NutriAdmin's Google Analytics account. This means Google Analytics is configured to not track remarketing data in our account.

Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The data collected by Google associated to cookies, user IDs oder advertising IDs will be deleted automatically after 14 months.

Finally, you can check Google's privacy policy, which is available at: http://www.google.com/privacypolicy.html.

You can also learn about online advertising in this website: http://www.youronlinechoices.com/

3.4.2 Youtube

NutriAdmin websites can contain embedded Youtube videos, typically for providing demos of the software. Whenever NutriAdmin embeds a Youtube video, the privacy-enhanced mode is always enabled.

Quoting from Google:

When you turn on privacy-enhanced mode, YouTube won’t store information about visitors on your website unless they play the video.

For more information, please check:
https://support.google.com/youtube/answer/171780

If you play any Youtube video in NutriAdmin's website, Google may collect some of your data following their privacy policy (https://policies.google.com/privacy).

Youtube is owned and operated by Google. As mentioned previously, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

3.4.3 Microsoft Azure

NutriAdmin uses Microsoft Azure for hosting its servers, databases, and other application components. Microsoft receives NutriAdmin data, including personal data, just to enable the performance of their services. Microsoft and any of Microsoft's partners are contractually obliged not to disclose personal data or to use personal data for any purposes other than the intended ones.

In the event data processing results in the data being sent outside of the European Union, this transmission will be based on the privacy shield (https://www.privacyshield.gov/welcome) or on the EC model contracts. You can learn more about EC model contracts here: https://ec.europa.eu/info/law/law-topic/data-protection_en

3.4.4 Adroll

NutriAdmin uses Adroll for retargeting advertising. The way this works is that NutriAdmin includes a small snippet of javascript code in most of the websites of the domain (a tag). Then this tag collects web visitor data that allows Adroll to show NutriAdmin ads to the visitor on other third-party websites.

When you visit NutriAdmin, Adroll can place a cookie in your computer to track the fact you have visited NutriAdmin so that you can see NutriAdmin ads in other websites. It should be noted that even if you disable tracking for Adroll retargeting in NutriAdmin, you will still see the same number of ads in other websites. The difference will be that NutriAdmin will not be amongst the ads in third-party websites collaborating with Adroll.

Retargeting tracking is done using pseudonymous identifiers, and Adroll does not collect any personally identifying data about you. We do not send Adroll any of the other personal data you use in our site, e.g. your name or email are not sent to Adroll. That said, it is technically possible for Adroll to identify you by aggregating data they may hold about you from other web usage and from other sources.

You can read Adroll's privacy notice at:
https://www.nextroll.com/privacy

You can read about how Adroll complies with GDPR here:
https://www.nextroll.com/trust-center/gdpr

When you visit NutriAdmin's website and GDPR applies, you will be asked for consent so that we can track you with Adroll. You can give or withhold your consent. In the case you do not provide consent for Adroll, we won't be able to track you with Adroll.

You can learn more about retargeting and what options are available to you at: http://www.youronlinechoices.com/

You can also check our cookies policy at https://nutriadmin.com/docs/cookies-policy/ to disable adroll tracking on NutriAdmin's website

3.4.5 Amazon Web Services (AWS)

NutriAdmin uses AWS to send sms codes in order to verify the phone number of clients invited to the client portal. We also use AWS Amazon may receive, store, and log clients' phone numbers when they use the client portal. Amazon may receive other basic web data for debugging/security purposes (e.g. the clients' browser version, operating system, time of the day, preferred language, ip address, etc). We share the minimum amount of information needed with Amazon for phone verification to work (e.g. just the phone number, no names or emails of clients).

We may also use AWS SES (simple email service) to deliver transactional emails from the application to clients. The minimum required amount of data for this functionality to work is sent over to Amazon.

We use Chime from AWS to provide secure videocall capabilities so that users of NutriAdmin can videoconference with their clients.

3.4.6 Twilio

Twilio is a cloud communications platform. We use Twilio to deliver sms codes for client portal verification in the same way as we use AWS listed above. The reason we use both Twilio and AWS is that one of the services can serve as a backup if the other fails. Twilio will only receive clients' phone numbers, and basic web information, and no other private data.

3.4.7 Drip

Drip (getdrip.com) is a cloud email marketing/communication platform. We use Drip to deliver transactional emails to our users (e.g. notifications when a subscription is canceled, or a free trial is about to expire). We also use Drip to send onboarding emails with useful tips to our users based on their usage (e.g. links to tutorials explaining how to use the software and get the most out of it based on the user's stated preferences). The user can unsubscribe from these emails (other than transactional emails) at any time.

3.4.8 Microsoft's Power BI

NutriAdmin will use aggregated data from Google Analytics, Drip, NutriAdmin, and Stripe and use a business insights platform (Power BI) provided by Microsoft and covered under their privacy/security policies for guiding business decisions.

3.5 Cookies data

Cookies are small files stored on a user's computer/device. When you visit most websites, your device will automatically download and store cookies.

In the context of a website, the purpose of cookies is to hold data that is specific to the visitor. Typically, this will allow servers to send a tailored website to each user, or to show/hide relevant information automatically based on the data contained in the cookies.

Cookies can be separated into essential and non-essential. Essential cookies are required in order to provide the user with the information they have requested from the website. For example, in order to login for most online services, cookies will typically be required.

You can check our cookies policy at https://nutriadmin.com/docs/cookies-policy/ to learn more.

3.6 Web visitor data

When any user visits NutriAdmin's websites, our systems automatically record some data that the web browser sends us, including:

  • IP address
  • browser used
  • language
  • operative system
  • date
  • pages visited
  • referrer website
  • time spent in website

This data is automatically logged and stored securely in NutriAdmin's systems. We typically only use web visitor data to investigate technical support issues upon request. We also need to track this data to investigate potential cyberattacks, spam attacks, or any other harmful/suspicious activity that may happen in our website.

Log data is automatically deleted at regular intervals as specified by our retention policy. You can check https://nutriadmin.com/docs/retention-policy/ to learn more.

4. Individuals' Rights and requests

GDPR grants individuals the following rights (Art. 15-21 GDPR) with regards to their personal data:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • the right not to be subject to automated decision-making including profiling.

NutriAdmin informs its users via its public policies and documents, as well as other information in its website. Details on how to download or delete data can be found in our docs at https://nutriadmin.com/docs/

Almost all data access, rectification, deletion, and portability can be achieved in a self-service manner by the use of the NutriAdmin software. For those instances where the user cannot take one of the actions listed above regarding their data, the user can always contact support@nutriadmin.com to ask for help. The user can expect to obtain a reply within 72 hours (GDPR allows a period longer than this), and for their query to be addressed in a timely manner.

When it comes to a user's clients' data, NutriAdmin acts as a data processor on behalf of the user. It is the responsibility of the user to grant their own clients/patients rights in compliance with GDPR. NutriAdmin provides tools so that the user can easily rectify, download, erase and access any particular client's data.

So, for example, if a user's client asks for all their data in NutriAdmin to be deleted (a right that GDPR grants individuals) the user can click a few buttons in their NutriAdmin dashboard to achieve this task.

When data is downloaded/exported from NutriAdmin, it is typically in a common computer format. Currently, csv, json, and/or html.

NutriAdmin will provide the right for download/erasure of data as described in this section free of charge, as long as requests are not excessive or abusive from part of an individual or organization.

NutriAdmin will not comply with any requests for handling data as described in this section unless the identity of the person requesting the data can be verified (typically by email sender, or by the user being authenticated to the software). This is to prevent unauthorized access/modification of data by third parties.

Finally, the user has the right to complain to the ICO (in the UK) or to the corresponding organization in their own country or the corresponding European body if there are any concerns in the way NutriAdmin handles data, or if there are any suspicions that NutriAdmin may be using the data it collects in an unfair way. More details below.

5. Consent

It is the responsibility of the user to obtain proper consent from their clients/patients when entering their data in NutriAdmin.

When it comes to children data, it is the user's responsibility to obtain consent from the child's parents or legal guardian(s) before entering their data in NutriAdmin.

As a general rule, data can only be accessed with explicit consent from the individual.

6. Data Protection Officer

The data protection officer at NutriAdmin is Diego Oliveira Sanchez. Diego can be contacted at diego@nutriadmin.com for any queries regarding GDPR.

7. Data breaches

NutriAdmin will endeavor to its best efforts to make sure the right procedures are in place to detect,
report and investigate a personal data breach.

Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay (GDPR Art. 33).

Some examples of a data breach that could pose a risk to individuals include: a breach that could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.

You can read NutriAdmin's GDPR breach policy at the following link:
https://nutriadmin.com/docs/gdpr-breach-policy/

8. Data Protection by Design and by Default

Data protection, privacy, and security, are priorities for our software development team. Whenever a new feature or improvement is designed or planned, data protection implications are considered first.

For example, there has been a few instances in the past where some practical features for the software were considered, but there were not implemented due to lack of enough guarantee of security. Even if a feature would be nice to have in NutriAdmin, we won't implement it unless we have enough certainty that it will protect data privacy and security.

Prior to GDPR, many companies failed to prioritize security and privacy, and thought of privacy considerations aftwards. This approach can lead to many more security incidents, breaches, and policy violations.

At NutriAdmin, we consider security and privacy first when introducing any substantial change or new feature to the software.

NutriAdmin shall take measures to ensure sufficient level of security processing (GDPR Article 32). To read more about some of our security measures, including encryption, data backup, redundancy, etc, please check the following link:
https://nutriadmin.com/docs/hipaa-and-hitech-compliance-nutriadmin/

9. Complaints and queries

If you have any question about your data, your privacy rights, or the contents of this article, you can contact support@nutriadmin.com to ask.

If you have any complaints about the way your data is handled, or about your privacy rights with regards to NutriAdmin, you have the right to file a complaint with the Information Commissioner's Office (ICO) (Art. 77 GDPR). NutriAdmin is a registered organization with ICO.

NutriAdmin carries out activities on several EU member states, but our main establishment is in the United Kingdom. As such, our lead data protection supervisory authority is the UK's ICO.

ICO's website: https://ico.org.uk/
ICO's contact page: https://ico.org.uk/global/contact-us
ICO's phone numbers (quoting from their website):

Call our helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).

If you're calling from outside the UK, you may not be able to use our 03 number, so please call +44 1625 545 700.

Our normal opening hours are Monday to Friday between 9am and 4:30pm (excluding bank holidays).

10. Data Retention

Check our retention policy at https://nutriadmin.com/docs/retention-policy/

11. Security and privacy training

NutriAdmin staff and subcontractors undergo security and privacy training upon joining the company.