Introduction

At Vetnio™ AB, company registration number: 559494-6807, our business customers' privacy is important to us, and we want you to feel secure when you entrust your personal data to us. We have established this Privacy Policy so that you can understand how we process and protect your personal data. This Privacy Policy describes what personal data we collect when you visit our website or use our services, and for what purposes your personal data is processed.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services, including the recording of conversations between veterinary professionals and pet owners to generate clinical notes. This Privacy Policy applies to all users of Vetnio's website and services, and is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and all other Applicable Data Protection Laws.

This Privacy Policy does not apply to personal data or any other information collected, stored, and processed by you in connection with the provision of your veterinary services to animal/pet owners. Such data and information shall be subject to your own privacy policy and shall not be controlled by Vetnio.

By accessing the website and using the services, you agree to the terms and conditions of Vetnio's Privacy Policy, and you consent to Vetnio’s collection, storage, use, and disclosure of your personal data as described in this Privacy Policy.

You acknowledge that it is in your best interest to carefully read this Privacy Policy and ensure that you understand the terms and conditions contained herein. Your acceptance of Vetnio's Privacy Policy is deemed to occur upon your first use of our website and/or services. If you do not accept and agree with this Privacy Policy, you must stop using our website and services immediately.

Definitions

"Personal data" means any information relating to an identified or identifiable natural person ("data subject").

"Processing" means any activity involving your personal data, including the collection, handling, storage, sharing, accessing, use, transfer, deletion, or destruction of information.

"Applicable Data Protection Laws" include, but are not limited to, the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK Data Protection Act 2018 and UK GDPR, the Swiss Federal Act on Data Protection (FADP), the Swedish Data Protection Act (2018:218), the German Federal Data Protection Act (BDSG), the Austrian Data Protection Act (DSG), the California Consumer Privacy Act (CCPA), the Connecticut Data Privacy Act (CTDPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act (UCPA) and other data protection laws and regulations applicable to the processing of personal data.

"Controller" means the entity that determines the purposes and means of the processing of personal data.

"Processor" is a third party that processes personal data on behalf of the Controller.

Who is responsible for collecting and processing your personal data?

Vetnio AB acts as the Data Controller of personal data under this Privacy Policy. For inquiries, please write to us at email: info@vetnio.com

What personal data do we process?

The general purpose of our processing of your personal data is to manage your access to and use of our services, as well as to develop and improve our business and your customer experience.

We primarily collect personal data directly from you when you use our services to record and store audio files that are transcribed and processed into medical records. We always strive not to process more personal data than necessary for each purpose, and we never sell your personal data to other companies.

We may process your personal data for the following purposes:

• Register user account and receive payment;
• Provide our services;
• Communicate with you personally or inform you about our services;
• Provide customer service and handle any questions or complaints;
• Collect and analyze statistics;
• Comply with our legal obligations, resolve disputes, or enforce our obligations;
• Marketing;
• In other ways indicated at the exact or approximate time data is collected.

What personal data do we process?

Vetnio collects and processes the following categories of personal data about you as a user when you register an account, use our services, or visit our website.

• When registering a customer;
• When registering a user;
• When uploading audio files;
• Processing and transcription of audio files;
• AI-generated medical records;
• Service development;
• To provide customer support;
• To comply with our legal obligations.

We do not process sensitive personal data.

From which sources do we collect personal data about you as a customer?

Vetnio collects personal data directly from customers when you register a customer account or provide information about your users, upload audio files, communicate with our customer service, and when you otherwise interact with Vetnio and provide information about yourself.

If a User is an employee of a Vetnio client, we may also process their data to provide the agreed-upon service. However, in this context, Vetnio is not the data controller, so this Privacy Policy does not further describe such processing. For more information about such processing of your data, please consult your employer.

We also collect information when you visit our website. We use cookies and analysis tools to improve our visitors' experience. We handle these based on a legitimate interest in offering the best possible user experience. You can choose to disable these services in your browser.

Cookies and Tracking Technologies

A cookie is a small text file that is stored on your computer when you visit a website. Vetnio primarily uses cookies to enhance your experience on our website. Some of these cookies are necessary for functionality, while others are used to optimize and improve the experience. We use different types of cookies, including those essential for website operation, analytics cookies to track and analyze user behavior, functionality cookies to remember user preferences, and marketing cookies used for advertising purposes. You can manage your cookie preferences through your browser settings or our cookie consent management tool. Under applicable privacy laws, including GDPR, we obtain explicit consent before using non-essential cookies. Users have the right to withdraw their consent at any time by adjusting their settings. Disabling cookies may affect certain functionalities of our website.

Your rights under GDPR

Vetnio, at your request or on its own initiative, will correct, delete, or supplement information found to be incorrect, incomplete, or misleading.

You have the right to object to the processing of personal data that is carried out based on a balancing of interests. If you object to such processing, we will only continue to process your personal data if there are legitimate reasons for doing so that outweigh your interests.

Some processing of personal data requires consent. You can withdraw your consent at any time by contacting us, and in such cases, we will cease such processing.

You also have the right to request:

• Access to your personal data: This means you have the right to request a register extract of the personal data being processed. You have the right, once per calendar year, by written request, to receive a printout of what personal data is being processed, the purpose of the processing, and information about who we have shared your information with.
• Correction of your personal data: We will correct any incorrect or incomplete information we have stored about you as soon as possible after your request.
• Deletion of your personal data: This means you have the right to request that your personal data be deleted if it is no longer necessary to store it for the purpose for which it was collected. However, this right is limited by the fact that there may be legal requirements that prevent us from immediately deleting your personal data, such as accounting and tax rules. In such cases, we will stop processing your personal data for purposes other than compliance with applicable law.
• Restriction of data processing: This means that your personal data may only be used for specific purposes that you have approved. For example, you can request a restriction when you believe your information is incorrect and have requested a correction as stated in this Privacy Policy. While the accuracy of the data is being investigated, processing will be restricted.
• Data portability: This means you have the right, under certain conditions, to extract and transfer your personal data in a structured, commonly used, and machine-readable format to another data controller.
• Right to file a complaint: This allows you to file a complaint with a relevant data protection authority if you believe your rights have been violated. However, we encourage you to contact us first so that we can try to resolve your concerns directly.

Requests to exercise your rights can be made by contacting us at info@vetnio.com. We will respond to your request in accordance with the Applicable Data Protection Laws.

Your rights under the California Consumer Privacy Act and the California Privacy Regulation Act (CPRA)

To the extent that the California Consumer Privacy Act (CCPA) and the California Privacy Regulation Act (CPRA) are applicable to Vetnio or you, both parties agree to comply with all of their obligations under the CCPA and CPRA. In connection with any communication of 'personal information' as defined in the CCPA and CPRA, the parties agree that no monetary or other valuable consideration will be provided for such personal information, and therefore neither party is 'selling' (as defined in the CCPA and CPRA) personal information to the other party.

The main rights you have under the CCPA and CPRA include, but are not limited to:

• Right to know: You have the right to request from us details of the personal information (that which concerns you specifically) we collect, use, disclose, and sell. To submit a request, send an email to info@vetnio.com and include 'CCPA Right to Know' in the subject line. Specify the details you would like to know and the personal information you would like to access. You will be asked to provide sufficient information to verify your identity. The information we ask you to verify your identity will depend on your previous interactions with us and the sensitivity of the personal information in question. We will respond to your request in accordance with the CCPA and CPRA. Should we deny your request, we will provide you with an explanation.
• Right to delete: You may request the deletion of personal information we collect or hold about you. To submit a request to delete personal information, email your request to info@vetnio.com and include 'CCPA Deletion Request' in the subject line. Please make sure to specify in your request which personal information you would like us to delete.
• Right to non-discrimination: You have the right not to be denied access to our website solely because you exercised your rights under the CCPA and CPRA. However, if such personal information is necessary for us to provide you with access to our website or other services, we may not be able to complete the provision of services/transaction.
• Right to opt-out: You may request us to stop collecting your personal information ('opt-out') by emailing us at info@vetnio.com. However, please note that we must wait at least twelve (12) months before asking you to opt-in again for the collection of your personal information, unless you provide us with prior authorization.

Under the CCPA, personal information does not include:

• publicly available information from government records;
• deidentified or aggregated consumer information; or
• information excluded from the CCPA's scope, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data; or
• personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Both parties agree to immediately notify the other if they receive any complaint, notice, or communication that directly or indirectly relates to either party's compliance with the CCPA. Specifically, Vetnio will notify you before ten (10) business days have passed if we receive a verifiable consumer request under the CCPA.

"Do Not Track" Policy as Required by the California Online Privacy Protection Act (CALOPPA)

"Do Not Track" is a web browser setting that, when enabled, allows you not to have your actions monitored online and stops all tracking activities. The "Do Not Track" feature was first introduced in 2010 by the U.S. Federal Trade Commission. By late 2011, it was adopted by most web browsers.

Vetnio does not track its users over time or across third-party websites to provide targeted advertising, and therefore does not respond to "Do Not Track" signals. Third parties cannot collect any other personally identifiable information from the Vetnio website, unless you directly provide it to them.

Your rights under the Connecticut Data Privacy Act (CTDPA)

The Connecticut Data Privacy Act (CTDPA) will affect individuals doing business in Connecticut or those providing products and/or services to Connecticut residents. Under the CTDPA, you have the following rights regarding your personal information:

• Right of confirmation and access: You have the right to confirm whether your personal information is being processed and to access such personal information, with some limited exceptions, such as when such disclosure would reveal a trade secret.
• Right to correct inaccurate data: You have the right to request the correction of any inaccurate personal information we hold about you.
• Right to delete personal information: You have the right to request that your personal information be deleted.
• Right to data portability: You have the right to request that your personal information be provided to you in a portable and readily usable format, subject to technical feasibility and trade secret limitations.
• Right to opt-out: You have the right to opt out of the processing of your personal information for certain purposes, including targeted advertising, the sale of personal information (with some limited exceptions), or profiling for the purpose of solely automated decisions that produce legal or similarly significant effects concerning you.

To exercise the rights described above, you must submit your request to us using the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and what right you wish to exercise. We will not respond to any request if we cannot verify your identity using commercially reasonable efforts, and therefore confirm that the personal information in our possession is indeed yours. In such cases, we may ask you to provide additional information that is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and no later than forty-five (45) days after its receipt. If we need more time, we will explain the reasons and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

If we deny your request, we will explain the reasons for our denial without undue delay, but in all cases and no later than forty-five (45) days after receipt of the request. It is your right to appeal such a decision by sending us a request using the data provided in this Privacy Policy. Before forty-five (45) days after receiving the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may contact the Attorney General to file a complaint.

We do not charge a fee for responding to your request, up to two requests per year.

Your rights under the Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act (VCDPA) will affect individuals doing business in Virginia or those providing products and/or services to residents of the Commonwealth of Virginia. The VCDPA grants users the right to access their data and requests that organizations delete their personal information. It also obliges companies to complete data security assessments when processing personal information, among other purposes, for targeted advertising and sales.

Virginia residents have the following rights under the VCDPA:

• the right to know whether their personal information is being collected or processed;
• obtain access to your personal information collected or processed by the controller;
• obtain a portable and usable copy of your personal information held by a controller;
• not be discriminated against because you exercised your rights;
• have inaccurate personal information corrected; and
• have personal information deleted; and
• not allow your personal information to be collected or processed for targeted advertising, sales, and profiling purposes.

To exercise the rights described above, you must submit your request by contacting us using the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and what right you wish to exercise. We will not respond to any request if we cannot verify your identity using commercially reasonable efforts, and thus confirm that the personal information in our possession is indeed yours. In such cases, we may ask you to provide additional information that is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and no later than forty-five (45) days after its receipt. If we need more time, we will explain the reasons and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

If we deny your request, we will explain the reasons for our denial without undue delay, but in all cases and no later than forty-five (45) days after receipt of the request. It is your right to appeal such a decision by sending us a request using the data provided in this Privacy Policy. Before forty-five (45) days after receiving the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may contact the Attorney General to file a complaint.

We do not charge a fee for responding to your request, up to two requests per year.

Your rights under the Colorado Privacy Act (CPA)

This section applies to all Users who are consumers residing in the State of Colorado, in accordance with the Colorado Privacy Act (CPA). You may exercise certain rights regarding your data processed by Vetnio. In particular, you have the right to do the following:

• opt out of the processing of your Personal Information for targeted advertising purposes, the sale of Personal Information, or profiling for the purpose of decisions that produce legal or similarly significant effects concerning you.
• access Personal Information: You have the right to request that we confirm whether or not we are processing your Personal Information. You also have the right to access such Personal Information.
• correct inaccurate Personal Information: You have the right to request that we correct any inaccurate Personal Information we hold about you, taking into account the nature of the Personal Information and the purposes of the Personal Information processing.
• request the deletion of your Personal Information: You have the right to request that we delete any of your personal data.
• obtain a copy of your Personal Information. We will provide your Personal Information in a portable and usable format that allows you to easily transfer data to another entity, provided this is technically feasible.

To exercise the rights described above, you must submit your request by contacting us using the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and what right you wish to exercise. We will not respond to any request if we cannot verify your identity using commercially reasonable efforts, and thus confirm that the personal information in our possession is indeed yours. In such cases, we may ask you to provide additional information that is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and no later than forty-five (45) days after its receipt. If we need more time, we will explain the reasons and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

If we deny your request, we will explain to you the reasons behind our denial without undue delay, but in all cases and at the latest within forty-five (45) days of the receipt of the request. It is your right to appeal such a decision by sending us a request using the data provided in this Privacy Policy. Before forty-five (45) days after the receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact the Attorney General to submit a complaint.

We do not charge a fee for responding to your request, up to two requests per year.

Your rights under the Utah Consumer Privacy Act (UCPA)

This section applies to all users who are consumers residing in the State of Utah, in accordance with the Utah Consumer Privacy Act (UCPA). You may exercise certain rights with respect to your data processed by Vetnio. In particular, you have the right to do the following:

• access Personal Information: You have the right to request that we confirm whether or not we are processing your Personal Information. You also have the right to access such Personal Information.
• request the deletion of your Personal Information: You have the right to request that we delete any of your personal data.
• obtain a copy of your Personal Information: We will provide your Personal Information in a portable and usable format that allows you to easily transfer data to another entity, provided this is technically feasible.
• opt out of the processing of your Personal Information for targeted advertising purposes or the sale of Personal Information.

To exercise the rights described above, you must submit your request by contacting us using the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and what right you wish to exercise. We will not respond to any request if we cannot verify your identity using commercially reasonable efforts, and thus confirm that the personal information in our possession is indeed yours. In such cases, we may ask you to provide additional information that is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and at the latest within forty-five (45) days of its receipt. If we need more time, we will explain the reasons and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

If we deny your request, we will explain to you the reasons behind our denial without undue delay, but in all cases and at the latest within forty-five (45) days of the receipt of the request. It is your right to appeal such a decision by sending us a request using the data provided in this Privacy Policy. Before forty-five (45) days after the receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact the Attorney General to submit a complaint.

We do not charge a fee for responding to your request, up to two requests per year.

Security and information transfer

We maintain procedures and working methods to ensure that your personal data is handled securely. The basic principle is that only employees and individuals within the organization who need access to personal data to perform their job duties should be able to access it.

We implement reasonable security measures, including encryption of stored and transmitted data, access control restrictions to limit data access, regular security audits and compliance checks, and employee training on data protection obligations. Despite our efforts, no system is 100% secure. In the event of a data breach, we will notify users and regulatory authorities in accordance with Applicable Data Protection Laws.

Transfer of personal data to third parties

We may share your personal data with trusted third parties for the purposes described in this Privacy Policy. Such third parties include service providers who help operate our platform, such as cloud hosting providers, payment processors, IT security companies, analytics providers, and customer support tools. Any third party processing personal data on our behalf is contractually obligated to do so in accordance with GDPR and other applicable Data Protection Laws. We ensure that adequate safeguards, including Standard Contractual Clauses (SCCs) or adequacy decisions, are in place when transferring personal data outside the European Economic Area (EEA). We do not sell, trade, or rent your personal data to any third party for marketing purposes. If required by law, we may disclose personal data to regulatory authorities, law enforcement agencies, or other parties in response to valid legal requests.

Data Processors

We engage carefully selected external data processors to process personal data on our behalf, solely for the purpose of providing and improving our services. These data processors include cloud storage providers, payment processors, analytics services, and customer support platforms. Each data processor is subject to a legally binding Data Processing Agreement (DPA) that ensures compliance with GDPR and other Applicable Data Protection Laws. We require our data processors to implement appropriate technical and organizational measures to safeguard personal data and prohibit them from using the data for any other purpose. Where data processors are located outside the European Economic Area (EEA), we ensure adequate levels of protection through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

Data uploaded to our Service is transferred and stored on encrypted Amazon servers located in Frankfurt, Germany.

Partners who are independent data controllers

In certain cases, we cooperate with external partners who act as independent data controllers. These partners process personal data in accordance with their own privacy policies and legal obligations, independently determining the purposes and means of such processing. One such partner is Stripe, our payment service provider. When you make a payment through Vetnio, Stripe processes your payment information as an independent data controller under its own Stripe Privacy Policy. We do not have access to your full payment details, such as your credit card number, and Stripe is solely responsible for processing this data.

When you interact with or use the services provided by these partners in connection with Vetnio's services, their respective privacy policies will govern the processing of your personal data. We recommend that you review their privacy policies to understand how they collect, use, and protect your data.

While we take reasonable steps to ensure that our partners comply with Applicable Data Protection Laws, we are not responsible for their processing activities.

Data Retention

Vetnio will only retain your personal data for as long as reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation regarding our relationship with you. When your personal data is no longer necessary for the purpose for which it was collected, we will take reasonable steps to permanently destroy, delete, or de-identify your personal data.

Our policy towards minors

Our services are not directed at individuals under eighteen (18) years of age. We do not collect personal data from minors under eighteen (18) years of age. Therefore, we encourage you to seek the assistance and consent of a parent/legal guardian when accessing our website and using the services. A parent/legal guardian who becomes aware that their child has provided us with personal data without their consent should write to us at info@vetnio.com, and we will endeavor to delete the relevant data.

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes, we will notify you by posting the updated Privacy Policy on our website and indicating the date of the last revision at the top of the page. In some cases, we may also provide additional notifications, such as email updates, depending on the nature of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.

Right to file a complaint

If you believe that we have processed your personal data in a way that violates Applicable Data Protection Laws, you have the right to file a complaint with a data protection authority.

You can contact the data protection authority in your country of residence, place of work, or where the alleged infringement occurred.

If you are located in the European Economic Area (EEA), you can find the contact details of your local data protection authority here: European Data Protection Board – National Authorities

If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO): ICO Website

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC): FDPIC Website

If you are located in California, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs.

If you are located in another jurisdiction, we recommend that you check with your local data protection authority for further guidance.

We encourage you to contact us first, so that we may try to resolve your concerns before you escalate the matter to a regulatory authority.

Opt-out rights

You can stop all collection of personal data/information by Vetnio by not accessing our website and services, or by requesting to opt-out by email to info@vetnio.com.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you can write to us using the following details:

Email: info@vetnio.com

Company Name: Vetnio AB

Registered address: Grev Magnigatan 10, 114 55, Stockholm

contact details: Arman Karégar, info@vetnio.com