This Data Processing Agreement ("DPA") forms part of the agreement between Vetnio AB, company registration number 559494-6807, with its registered address at Grev Magnigatan 10, 114 55 Stockholm, Sweden ("Vetnio", "Processor"), and the customer or organization using Vetnio's products or services ("Customer", "Controller").

By creating an account or otherwise using Vetnio's services, the Customer agrees to this DPA, which supplements and forms an integral part of the Vetnio Terms & Conditions and Privacy Policy.

1. Subject Matter and Duration

Vetnio provides an AI-driven documentation service that records, transcribes, and processes audio interactions between veterinary professionals and animal owners to generate clinical notes and related data.

This DPA governs Vetnio's processing of personal data on behalf of the Customer for the duration of the Customer's active Vetnio subscription and any data retention period necessary for compliance or support.

2. Roles of the Parties

• Customer acts as the Data Controller and determines the purposes and means of processing personal data.
• Vetnio acts as the Data Processor and processes such data solely on behalf of the Customer and in accordance with this DPA, the Privacy Policy, and applicable data protection laws.

3. Nature and Purpose of Processing

Vetnio processes personal data in order to:

• record and transcribe consultations and other audio files,
• generate, structure, and store medical notes,
• provide and improve Vetnio's products and related support,
• ensure system security, integrity, and availability, and
• analyze aggregated and anonymized usage data to improve and develop Vetnio's technology and AI models.

Vetnio may process basic identification data (e.g., names, professional details of veterinarians), voice data, and textual information contained in clinical notes. Vetnio does not intentionally process special categories of personal data relating to the pet owners unless such information is incidentally provided by the Customer during use of the Service.

4. Authorized Processing and Vetnio's Rights

Vetnio shall:

1. process personal data only in accordance with the Customer's documented instructions and applicable law;
2. maintain appropriate technical and organizational measures as required by Article 32 GDPR; and
3. ensure confidentiality of all personnel who access personal data.

Vetnio may use aggregated, pseudonymized, or anonymized data derived from the Customer's use of the services for legitimate business purposes such as analytics, service optimization, AI training, and product development, provided that no individual natural person is identifiable.

5. Sub-Processors

Vetnio uses carefully selected sub-processors to deliver its services.

A current list of sub-processors, including processing locations and purposes, is maintained at vetnio.com/sub-processors.

Vetnio shall:

• ensure each sub-processor is bound by a written contract meeting GDPR Article 28 requirements,
• inform Customers of material changes to sub-processors, and
• remain responsible for the acts and omissions of sub-processors.

6. International Data Transfers

Vetnio primarily processes and stores all personal data within the European Economic Area (EEA).

Where data is transferred to or accessed by sub-processors located outside the EEA, such transfers are governed by Data Processing Agreements (DPAs) that include the European Commission's Standard Contractual Clauses (SCCs) or other approved transfer mechanisms ensuring an adequate level of protection in accordance with Chapter V of the GDPR.

Vetnio only engages sub-processors that meet strict security and compliance requirements and provides full transparency through its public list of sub-processors at vetnio.com/sub-processors.

7. Security Measures

Vetnio maintains industry-standard security controls, including but not limited to: encryption in transit and at rest, access control restrictions, regular audits, employee confidentiality agreements, and incident-response procedures.

In the event of a personal-data breach, Vetnio will notify the Customer without undue delay and provide all relevant information to support compliance with Articles 33–34 GDPR.

8. Assistance and Cooperation

Vetnio will assist the Customer, to the extent reasonably possible, in:

• responding to data-subject requests,
• performing data-protection impact assessments (DPIAs), and
• complying with notification obligations to supervisory authorities or data subjects.

Reasonable administrative costs may apply for extensive assistance requests not directly related to Vetnio's own compliance obligations.

9. Data Retention, Deletion, and Return

Vetnio retains Customer Data for as long as necessary to provide and improve the services, ensure system integrity, and comply with applicable legal, regulatory, and technical obligations.

Upon termination of the Customer's account, Vetnio may continue to store Customer Data for a reasonable period for backup, security, auditing, or product-improvement purposes, after which it may be archived.

Vetnio is not required to delete data that it is legally entitled or required to retain, or data that has been anonymized or aggregated so that no individual is identifiable.

Anonymized and aggregated data may be stored and used by Vetnio indefinitely for legitimate business purposes, including analytics, product development, and the training and improvement of Vetnio's AI models.

10. Audits and Demonstration of Compliance

Vetnio shall make available to the Customer, upon reasonable written request, all information necessary to demonstrate compliance with this DPA.

Formal on-site audits may be conducted no more than once per year and only where legally required or agreed in writing, subject to reasonable notice and confidentiality.

11. Limitation and Modification

This DPA reflects Vetnio's standard data-processing terms and applies to all Customers unless a separate, signed DPA has been executed with different terms.

Large corporate or group customers may negotiate amendments or supplementary clauses as part of their master agreements with Vetnio.

Vetnio may update this DPA to reflect legal or operational changes. Updated versions will be posted at vetnio.com/dpa, and continued use of the Service constitutes acceptance of the latest version.

12. Governing Law and Jurisdiction

This DPA is governed by Swedish law. Any disputes shall be subject to the exclusive jurisdiction of the courts of Stockholm, Sweden, unless otherwise required by mandatory data-protection law.

Contact

For privacy or data-protection matters, please contact:

📧 info@vetnio.com

📧 Vetnio AB, Grev Magnigatan 10, 114 55 Stockholm, Sweden

By using Vetnio's services, the Customer acknowledges and agrees to this Data Processing Agreement.