Privacy Policy

Privacy policy

This Privacy Policy explains how Diaverum AB (hereinafter: “Diaverum”) collects, uses, and discloses personal data of medical facilities and platform users (collectively hereinafter:“User or Users”) using the d.HOLIDAY platform (hereinafter:the “Platform”). For the purpose of this policy, personal data means any information relating to a natural or legal person, even indirectly, by reference to any other information.

The data controller is Diaverum, reg. no. 559140-5344, Hyllie Boulevard 53, SE 215 37 Malmö, Sweden. Phone number: +46 46 287 3000. E-mail: holiday@diaverum.com.

Diaverum has appointed a Data protection officer who can be reached using the above contact information, or by e-mail: SE.DPO@diaverum.com.

1. COLLECTED INFORMATION

Provided Information

Diaverum collects information the User is sharing via the Platform. The following information provided by the Users is collected:

  • Account data: name, email and other data of the User according to the User account;
  • Profile data: Users’ profile data such as: name, email, telephone, name of the home medical facility and contact details, holder of European Health Insurance Card (EHIC) or not, serology status, medical documents, and similar;
  • Other data: otherwise provided information by the Users to Diaverum while filling in a form, conducting a search, by updating or adding information to the User account, responding to surveys, information from reviews and ratings, participating in promotions or using other features of the Platform.

Automatically Collected Information

Diaverum automatically collects from the Platform the following information about the services and how they are used:

  1. Usage: information about User’s interaction with the Platform - visited pages or other content viewed, searches, reservations, availability checks, bookings and other actions on the Platform;
  2. Location: general information about User’s location;
  3. Log Data: information on when the Platform is used, how it is used, IP address, access times, hardware and software information, device information and similar.

2. COOKIES

When you use our services, Diaverum can collect data about your devices using cookies and other similar technologies. The website may also include cookies and similar technologies from third parties. You can get more information and learn how to manage cookies by reading our cookie policy.

3. PURPOSE OF USE OF COLLECTED INFORMATION

Diaverum uses, stores and processes information about Users in order to enable treatment availability checks, reservation of bookings via the Platform and in order to improve the Platform, and in particular to:

  1. enable access and use of the Platform features;
  2. enable communication with Diaverum;
  3. operate, protect and improve the Platform and the User experience;
  4. personalize and customize User’s experience by rating search results, showing ads based on Users’ search, booking history and preferences;
  5. provide customer service;
  6. send service or support messages/emails such as updates, security alerts, account notifications, reservation, availability responses and booking confirmations;
  7. any other purpose authorized and consented to by the User.

Diaverum also uses, stores and processes information about Users in order to create and maintain a safe environment, and in particular to:

  1. detect and prevent fraud, spam, abuse, security incidents and any other harmful activity;
  2. comply with legal obligations;
  3. resolve disputes with any User;
  4. implement Terms and Conditions for Users, and other policies.

Diaverum uses, stores and processes information about Users for advertising and marketing purposes and in particular to:

  1. send to the Users promotional emails/messages, marketing, advertising and other information that may be of interest to the Users based on collected data on their preferences;
  2. personalize, measure and improve advertising;
  3. administer surveys, contests and other promotional activities or events sponsored and managed by Diaverum.

In general, the legal basis for the processing of personal data is informed consent. When the Platform is sharing User data with the medical facilities, the legal basis is to enable conclusion or performance of a contract in the interest of the User.

4. PERSONAL DATA STORAGE TIME

Personal data collected by Diaverum will be stored as long as it is necessary to provide services to the Users via the Platform and will be permanently deleted after deletion of the User account with the Platform (hereinafter: “Account”). Uploaded medical documents will be permanently deleted directly after completed treatment, based on booked dates in the platform. Personal data that has been shared with the medical facilities is under control of the medical facility and will follow their specific retention schedule.

5. SHARING & DISCLOSURE

Sharing between Users and medical facilities

When a User submits a booking request, certain data about her/him is shared with the medical facility, including name, contact data and uploaded medical documents of the User. When the medical facility has accepted and confirmed a booking, certain data is shared with the User, such as booking information, booking reminders and contact information.

Profiles and other Public Information

After completing a treatment, Users may publish ratings and written reviews about the medical facility. The reviews are displayed, together with the User’s initials, to other visitors of the website, regardless if the visitors are logged in or not.

Service Providers

Diaverum uses third party service providers to support the service provision related to the Platform. Service providers may:

  1. provide customer service and advertising;
  2. provide technical assistance, support, back-up and management of the Platform.

Above stated providers have limited access to User’s information to perform these tasks on Diaverum’s behalf, and are contractually obligated to use it consistent with this Privacy Policy.

Safety and Compliance with Law

In order to comply with the law, Diaverum will cooperate with government and law enforcement officials and private parties. Diaverum will disclose any information about Users to relevant state authorities and courts as it believes necessary or appropriate to respond to claims and legal process, to protect the property and rights of Diaverum or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity. Diaverum will endeavor to notify Users about these requests, if allowed.

Business Transfers

If Diaverum undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then it may sell, transfer or share some or all of its assets, including Users’ information for the same purpose of providing the services to the Users via the Platform. In the event that the User’s information is transferred and becomes subject to a different privacy policy with potentially different purpose of processing, Diaverum will notify in advance and ask the Users for consent.

Aggregated Data

Diaverum may also share aggregated and anonymized information (information about Users combined together so that it no longer identifies or references an individual User) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.

6. USER’S ACTIVITIES

Access and Editing

Users may review, update, or delete the information by logging into their Account and reviewing settings and profile.

Account Deletion, Data Erasure and Rectification

The User may at any time delete his/hers Account in the account section on the platform. User shall note that information shared with others (like reviews) may continue to be visible on the Platform in association with her/his initials, even after their Account is deleted.

If the User wishes for any personal information to be permanently erased from the Platform, any dissemination of the respective personal data to cease, or processing by third parties of the respective personal data to halt, she/he shall contact Diaverum at holiday@diaverum.com and file such request.
If the User wishes for any personal information, including the information provided at his/her User Account to be rectified, and she/he it is not able to successfully amend this information on his/her own, the respective User shall contact Diaverum at holiday@diaverum.com and file such request.
If a User account is not used it will be kept for three years after last login and then permanently deleted.

7. SECURITY

Diaverum is continuously implementing and updating organizational, technical, and physical security measures to help protect Users’ information against unauthorized access, loss, destruction, or alteration. However, the Internet is not an absolutely secure environment so Diaverum cannot guarantee the security of the transmission or storage of User’s information.

8. CONSENT AND CHANGES

User has to give a consent for processing, as well as for cross border transfers of his/her personal data according to this Privacy Policy. The Consent may be withdrawn at any time. The consequence of such consent withdrawal by the User would be inability to use the Platform.

Diaverum reserves the right to modify this Privacy Policy at any time in accordance with this provision. If Diaverum makes changes to this Privacy Policy, the revised Privacy Policy will be posted on the Platform with the notification appearing when User enters the account. If User disagrees with the revised Privacy Policy, she/he may cancel the d.HOLIDAY User Account.

9. YOUR RIGHTS

This is a summary of your rights as a registered User of the Platform:

  • You are entitled to know what Personal Data we are processing regarding you, and you can request a copy of such data.
  • You are entitled to have incorrect Personal Data regarding you corrected, and in some cases you may request that we delete your Personal Data (if, for example, the Personal Data is no longer necessary since the purpose of processing the data has been completed).
  • If you have given your consent to processing of your personal data for an explicit purpose you may always withdraw your consent. If you want to withdraw your consent.
  • You also have the right to object to certain processing of your Personal Data, and request that the processing of your Personal Data be limited.
  • You are entitled to extract your Personal Data in a machine-readable format and to transfer the Personal Data to another controller.

It is possible for you to exercise most of your rights by logging in to the platform. If this is not possible, please contact Diaverum at holiday@diaverum.com.

10. CONTACT

For any questions or complaints about this Privacy Policy & Consent to Personal Data Processing or Diaverum’s information handling practices as data controller of personal data stated here, you may contact Diaverum at:

Diaverum AB

Hyllie Boulevard 53, SE 215 37 Malmö, Sweden

Phone number: +46 46 287 3000

You may also email Diaverum at holiday@diaverum.com or SE.DPO@diaverum.com

11. COMPLAINTS

Your privacy is very important to us and we will always strive to protect and secure your personal information in the best possible way. If, in your opinion, we fail to do so, you have the right to file a complaint with the Data Protection Authority of your choice, e.g. one of the EU authorities, https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Consent to Personal Data Processing

A User (hereinafter: “Data Subject“) registering a User Account with the booking platform d.HOLIDAY (hereinafter: “Platform”), hereby provides an informed consent (hereinafter: “Consent”) to Diaverum AB, a company established and existing under the laws of Sweden, registration number 559140-5344 (hereinafter: “Diaverum”), to process his/her personal data (hereinafter: „Personal Data“) provided on the Platform, in accordance with Diaverum’s Privacy Policy and the following terms and conditions:

  1. The Consent hereof is given for processing of Personal Data with or without automated means.
  2. The Consent hereof is given for processing of the following Personal Data:
    • name, e-mail, telephone, name of the home medical facility and contact details, date of birth, information if Data Subject is holder of European Health Insurance Card (EHIC), serology status, medical documents;
    • other data entered to the User Account and otherwise provided information by the Data Subject to Diaverum while filling in a form, conducting a medical treatment search, by updating or adding information to the User Account,
    • information provided while responding to surveys, participating in promotions or using other features of the Platform;
    • information obtained by Data Subject upon request of Diaverum;
    • general information about Data Subject’s location and time of use of the Platform.
  3. Personal Data is not made publicly available, except where the Data Subject publishes ratings and reviews.
  4. Purposes of Personal Data processing:
    • enabling treatment availability checks, reservation of bookings and execution of bookings via the Platform;
    • improving the Platform;
    • creating and maintaining a safe environment at the Platform; and
    • advertising and marketing.
  5. Personal Data processing may involve the following actions: collection, recording, systematization, accumulation, storage, modification (updating, revision), retrieval, use, delete, destruction, blocking, transfer (dissemination, provision, access), as well as cross-border transfer.
  6. The cross-border transfer of Personal Data is carried out by forwarding certain Personal Data to the booked medical facility and optionally to third party service providers inside and outside of the European Economic Area (EEA) for the above stated purposes commissioned by Diaverum. The parties obtaining Personal Data via the cross-border transfer are bound by Diaverum’s Privacy Policy and Standard contractual clauses, having set up appropriate confidentiality and security measures. Nevertheless, the respective parties might be subject to lower personal data protection standards in their countries compare to the country of origin of the Data Subject, which represents a higher risk for misuse of the Personal Data.
  7. Personal Data is processed until the User Account is deleted or until the withdrawal of this Consent by the Data Subject is received, whichever comes first.
  8. The Personal Data is destroyed immediately after the withdrawal of this Consent or delete of the User Account.
  9. The Data Subject may also withdraw this Consent for processing of Personal Data by sending a written notice to Diaverum at holiday@diaverum.com.
  10. If Data Subject withdraws Consent for processing of Personal Data, the consequence of such consent withdrawal would be the delete of the User Account and the inability to use the Platform.
  11. This Consent shall be valid until the processing of the Personal Data is discontinued as indicated in clause 9 of the present Consent, or after three years of account inactivity.