This Privacy Policy explains how Diaverum AB (hereinafter: “Diaverum”) collects, uses, and discloses personal data of medical facilities and platform users (collectively hereinafter:“User or Users”) using the d.HOLIDAY platform (hereinafter:the “Platform”). For the purpose of this policy, personal data means any information relating to a natural or legal person, even indirectly, by reference to any other information.
The data controller is Diaverum, reg. no. 559140-5344, Hyllie Boulevard 53, SE 215 37 Malmö, Sweden. Phone number: +46 46 287 3000. E-mail: holiday@diaverum.com.
Diaverum has appointed a Data protection officer who can be reached using the above contact information, or by e-mail: SE.DPO@diaverum.com.
Diaverum collects information the User is sharing via the Platform. The following information provided by the Users is collected:
Diaverum automatically collects from the Platform the following information about the services and how they are used:
When you use our services, Diaverum can collect data about your devices using cookies and other similar technologies. The website may also include cookies and similar technologies from third parties. You can get more information and learn how to manage cookies by reading our cookie policy.
Diaverum uses, stores and processes information about Users in order to enable treatment availability checks, reservation of bookings via the Platform and in order to improve the Platform, and in particular to:
Diaverum also uses, stores and processes information about Users in order to create and maintain a safe environment, and in particular to:
Diaverum uses, stores and processes information about Users for advertising and marketing purposes and in particular to:
In general, the legal basis for the processing of personal data is informed consent. When the Platform is sharing User data with the medical facilities, the legal basis is to enable conclusion or performance of a contract in the interest of the User.
Personal data collected by Diaverum will be stored as long as it is necessary to provide services to the Users via the Platform and will be permanently deleted after deletion of the User account with the Platform (hereinafter: “Account”). Uploaded medical documents will be permanently deleted directly after completed treatment, based on booked dates in the platform. Personal data that has been shared with the medical facilities is under control of the medical facility and will follow their specific retention schedule.
When a User submits a booking request, certain data about her/him is shared with the medical facility, including name, contact data and uploaded medical documents of the User. When the medical facility has accepted and confirmed a booking, certain data is shared with the User, such as booking information, booking reminders and contact information.
After completing a treatment, Users may publish ratings and written reviews about the medical facility. The reviews are displayed, together with the User’s initials, to other visitors of the website, regardless if the visitors are logged in or not.
Diaverum uses third party service providers to support the service provision related to the Platform. Service providers may:
Above stated providers have limited access to User’s information to perform these tasks on Diaverum’s behalf, and are contractually obligated to use it consistent with this Privacy Policy.
In order to comply with the law, Diaverum will cooperate with government and law enforcement officials and private parties. Diaverum will disclose any information about Users to relevant state authorities and courts as it believes necessary or appropriate to respond to claims and legal process, to protect the property and rights of Diaverum or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity. Diaverum will endeavor to notify Users about these requests, if allowed.
If Diaverum undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then it may sell, transfer or share some or all of its assets, including Users’ information for the same purpose of providing the services to the Users via the Platform. In the event that the User’s information is transferred and becomes subject to a different privacy policy with potentially different purpose of processing, Diaverum will notify in advance and ask the Users for consent.
Diaverum may also share aggregated and anonymized information (information about Users combined together so that it no longer identifies or references an individual User) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
Users may review, update, or delete the information by logging into their Account and reviewing settings and profile.
The User may at any time delete his/hers Account in the account section on the platform. User shall note that information shared with others (like reviews) may continue to be visible on the Platform in association with her/his initials, even after their Account is deleted.
If the User wishes for any personal information to be permanently erased from the Platform, any dissemination of the respective personal data to cease, or processing by third parties of the respective personal data to halt, she/he shall contact Diaverum at holiday@diaverum.com and file such request.
If the User wishes for any personal information, including the information provided at his/her User Account to be rectified, and she/he it is not able to successfully amend this information on his/her own, the respective User shall contact Diaverum at holiday@diaverum.com and file such request.
If a User account is not used it will be kept for three years after last login and then permanently deleted.
Diaverum is continuously implementing and updating organizational, technical, and physical security measures to help protect Users’ information against unauthorized access, loss, destruction, or alteration. However, the Internet is not an absolutely secure environment so Diaverum cannot guarantee the security of the transmission or storage of User’s information.
User has to give a consent for processing, as well as for cross border transfers of his/her personal data according to this Privacy Policy. The Consent may be withdrawn at any time. The consequence of such consent withdrawal by the User would be inability to use the Platform.
Diaverum reserves the right to modify this Privacy Policy at any time in accordance with this provision. If Diaverum makes changes to this Privacy Policy, the revised Privacy Policy will be posted on the Platform with the notification appearing when User enters the account. If User disagrees with the revised Privacy Policy, she/he may cancel the d.HOLIDAY User Account.
This is a summary of your rights as a registered User of the Platform:
It is possible for you to exercise most of your rights by logging in to the platform. If this is not possible, please contact Diaverum at holiday@diaverum.com.
For any questions or complaints about this Privacy Policy & Consent to Personal Data Processing or Diaverum’s information handling practices as data controller of personal data stated here, you may contact Diaverum at:
Diaverum AB
Hyllie Boulevard 53, SE 215 37 Malmö, Sweden
Phone number: +46 46 287 3000
You may also email Diaverum at holiday@diaverum.com or SE.DPO@diaverum.com
Your privacy is very important to us and we will always strive to protect and secure your personal information in the best possible way. If, in your opinion, we fail to do so, you have the right to file a complaint with the Data Protection Authority of your choice, e.g. one of the EU authorities, https://edpb.europa.eu/about-edpb/about-edpb/members_en.
A User (hereinafter: “Data Subject“) registering a User Account with the booking platform d.HOLIDAY (hereinafter: “Platform”), hereby provides an informed consent (hereinafter: “Consent”) to Diaverum AB, a company established and existing under the laws of Sweden, registration number 559140-5344 (hereinafter: “Diaverum”), to process his/her personal data (hereinafter: „Personal Data“) provided on the Platform, in accordance with Diaverum’s Privacy Policy and the following terms and conditions: