Introduction

At Vetnio AB, company registration number: 559494-6807, our business customers ("you" or "your") privacy is important to us, and we want you to feel secure when you entrust us with your personal data. We have established this Privacy Policy so that you can understand how we process and protect your personal data. This Privacy Policy describes what Personal Data we collect when you visit our website or use our services and for what purposes your Personal Data is processed.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services, including recording conversations between veterinary professionals and pet owners to generate clinical notes. This Privacy Policy applies to all users of Vetnio's website and services and is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, California Consumer Privacy Act (CCPA), as well as all other Applicable Data Protection Laws.

This Privacy Policy does not apply to personal data or any other information collected, stored and processed by you in relation to the provision of your veterinary services to animal/pet owners. Such data and information shall be subject to your own privacy policy and shall not be controlled by Vetnio.

By accessing the website and using the services, you accept the terms and conditions of Vetnio's Privacy Policy, and you consent to Vetnio's collection, storage, use and disclosure of your Personal Data as described in this Privacy Policy.

You acknowledge that it is in your best interest to read this Privacy Policy carefully and to ensure that you understand the terms and conditions contained herein. Your acceptance of Vetnio's Privacy Policy is deemed to occur upon your first use of our website and/or services. If you do not accept and agree with this Privacy Policy, please refrain from using and/or accessing our website and services immediately.

Definitions

"Personal Data" means any information that relates to an identified or identifiable natural person ("data subject").

"Processing" means any activities involving your Personal Data including collection, handling, storage, sharing, access, use, transfer and deletion or destruction of information.

"Applicable Data Protection Laws" include, but are not limited to, the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK Data Protection Act 2018 and UK GDPR, the Swiss Federal Act on Data Protection (FADP), the Swedish Data Protection Act (2018:218), the German Federal Data Protection Act (BDSG), the Austrian Data Protection Act (DSG), California Consumer Privacy Act (CCPA), Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), and other relevant data protection laws and regulations applicable to the processing of Personal Data.

"Controller" means the entity that determines the purposes and means of Personal Data processing.

"Processor" is a third party that processes Personal Data on behalf of the Controller.

Who is responsible for collecting and processing your personal data?

Vetnio AB acts as the Data Controller for the processing of personal data under this Privacy Policy. For inquiries, contact us at email: info@vetnio.com

What personal data do we process?

The overall purpose of our processing of your Personal Data is to manage your access to, and your use of, our services and to develop and improve our business and your customer experience.

We primarily collect Personal Data directly from you when you use our services to record and store audio files that are transcribed and processed into medical records. We always strive not to process more Personal Data than is required for each purpose and we never sell your Personal Data to other companies.

We may process your Personal Data for the following purposes:

• Register user account and receive payment;
• Provide our services;
• Communicate with you personally or inform you about our services;
• Provide customer service and handle any questions or complaints;
• Collect and analyze statistics;
• Comply with our legal obligations, resolve disputes or enforce our obligations;
• Marketing;
• In other ways as stated at or around the time when the data is collected.

What personal data do we process?

Vetnio collects and processes the following categories of personal data about you as a User when you register a user account, use our services or when you visit our website.

• When registering a customer;
• When registering a user;
• When uploading audio files;
• Processing and transcription of audio files;
• AI-generated medical records;
• Service development;
• To provide customer support;
• To fulfill our legal obligations.

We do not process sensitive Personal Data.

From what sources do we collect personal data about you as a customer?

Vetnio collects Personal Data directly from customers when you register a customer account and provide information about your Users, upload audio files, contact our customer service, and when you otherwise interact with Vetnio and provide information about yourself.

If a User is employed by a Vetnio customer, we may also process your data to provide the agreed service. However, in this context, Vetnio is not the data controller, so this Privacy Policy does not further describe such processing. For more information about such processing of your data, please ask your employer.

We also collect information when you visit our website. We use cookies and analytics tools to improve the user experience for our visitors. We handle this data as we have a legitimate interest in offering the best possible user experience. You can choose to disable these services in your browser.

Cookies and Tracking Technologies

A cookie is a small text file that is stored on your computer when you visit a website. Vetnio uses cookies primarily to improve your user experience on our website. Some of these cookies are necessary for functionality, while others are used to optimize and improve your experience. We use different types of cookies, including essential cookies necessary for the operation of the website, analytics cookies to track and analyze user behavior, functionality cookies to remember user preferences, and marketing cookies used for advertising purposes. You can manage your cookie preferences through your browser settings or our cookie consent management tool. Under applicable privacy laws, including GDPR, we obtain explicit consent before using non-essential cookies. Users have the right to withdraw their consent at any time by adjusting their settings. Disabling cookies may affect certain functionalities of our website.

Your rights under the GDPR

Vetnio will, at your request or on our own initiative, correct, delete or supplement information that is found to be incorrect, incomplete or misleading.

You have the right to object to processing of Personal Data that is carried out based on a balance of interests. If you object to such processing, we will only continue to process your Personal Data if there are legitimate reasons for the processing that outweigh your interests.

Some processing of Personal Data is based on consent. You can withdraw your consent at any time by contacting us and we will then cease such processing.

You also have the right to request:

• Access to your Personal Data: This means you have the right to request a registry extract of the Personal Data being processed about you. You have the right once per calendar year, through written request, to receive a printout of what Personal Data is being processed, the purpose of the processing, and information about who we have shared your information with.
• Correction of your Personal Data: We will correct any incorrect or incomplete information we have stored about you as soon as possible at your request.
• Deletion of your Personal Data: This means you have the right to request that your Personal Data be deleted if it is no longer necessary to store them for the purpose they were collected for. However, this right is limited by the fact that there may be legal requirements that prevent us from immediately deleting your Personal Data, such as accounting and tax rules. In such cases, we will stop processing your Personal Data for purposes other than complying with applicable legislation.
• Restriction of data processing: This means that your Personal Data may only be used for specific purposes that you have approved. For example, you can request a restriction when you believe your information is incorrect and you have requested a correction according to this Privacy Policy. While the accuracy of the data is being investigated, the processing will be restricted.
• Data portability: This means that you have the right, under certain conditions, to extract and transfer your Personal Data in a structured, commonly used and machine-readable format to another data controller.
• Right to Lodge a Complaint: this allows you to file a complaint with a relevant data protection authority if you believe your rights have been violated. However, we encourage you to contact us first so that we can attempt to resolve your concerns directly.

Requests to exercise your rights can be made by contacting us at info@vetnio.com. We will respond to your request in accordance with Applicable Data Protection Laws.

Your rights under the California Consumer Privacy Act and California Privacy Regulation Act (CPRA)

To the extent that the California Consumer Privacy Act (CCPA) and California Privacy Regulation Act (CPRA) is applicable to either Vetnio or you: both parties agree to comply with all of its obligations under the CCPA and CPRA; and in relation to any communication of 'Personal Information' as defined by the CCPA and CPRA, the parties agree that no monetary or other valuable consideration is being provided for such Personal Information and therefore neither party is 'selling' (as defined by the CCPA and CPRA) Personal Information to the other party.

The principal rights you have under the CCPA and CPRA include but are not limited to:

• Right to know: You have the right to request that we provide you with details of the Personal Information (pertaining to you specifically) that we collect, use, disclose and sell. To submit a request, please submit an email request to info@vetnio.com and include 'CCPA Right to Know' in the subject line. In your email, please specify the details you would like to know, and specify the Personal Information you would like to access. You will be asked to provide sufficient information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the Personal Information at issue. We will respond to your request in accordance with the CCPA and CPRA. In the event we deny your request, we will provide you with an explanation.
• Right to delete: You may request the deletion of Personal Information that we collect or hold about you. To submit a request to delete Personal Information, email your request to info@vetnio.com and include 'CCPA Request to Delete' in the subject line. Please make sure you specify in your request what Personal Information you would like us to have deleted.
• Right to non-discrimination: You have the right not to be denied access to our website just because you exercised your rights under the CCPA and CPRA. However, should such Personal Information be necessary for us to provide you with access to our website or other services, we may not be able to complete the provision of the services/transaction.
• Right to opt out: You may request us to stop collecting your Personal Information ('opt-out' by sending us an email to info@vetnio.com. However, please note that we must wait at least twelve (12) months before asking you to opt back into the collection of your Personal Information, unless you provide us with prior authorization.

Under the CCPA, Personal Information does not include:

• publicly available information from government records;
• de-identified or aggregated consumer information;
• information excluded from the CCPA's scope, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
• Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Both parties agree to notify the other immediately if it receives any complaint, notice, or communication that directly or indirectly relates to either party's compliance with the CCPA. Specifically, Vetnio shall notify you within ten (10) business days if we receive a verifiable consumer request under the CCPA.

"Do not track" policy as required by California Online Privacy Protection Act (CALOPPA)

Do-Not-Track (DNT) is a web browser setting that, when turned on, allows you to not have your actions monitored online and stops all tracking activities. The DNT feature was first introduced in 2010 by the US Federal Trade Commission. By the end of 2011, it was adopted by most web browsers.

Vetnio does not track its users over time and access third party websites to provide targeted advertising, and therefore Vetnio does not respond to DNT signals. Third parties cannot collect any other personally identifiable information from Vetnio's Website unless you provide it to them directly.

Your rights under the Connecticut Data Privacy Act (CTDPA)

The Connecticut Data Privacy Act (CTDPA) will affect persons that do business in Connecticut or persons who provide products and/or services to residents of Connecticut. Under the CTDPA you have the following rights in respect of your Personal Information:

• Right to confirmation and access: You have the right to confirm whether your Personal Information is being processed and to access such Personal Information, with some limited exceptions such as when such disclosure would reveal a trade secret.
• Right to correct inaccurate data: You have the right to request the correction of any inaccurate Personal Information we have about you.
• Right to delete Personal Information: You have the right to request that your Personal Information be deleted.
• Right to data portability: You have the right to request that your Personal Information be provided to you in a portable and easily accessible format, subject to technical feasibility and trade secret limitations.
• Right to opt out: You have the right to opt out of the processing of your Personal Information for certain purposes, including targeted advertising, sale of Personal Information (with some limited exceptions), or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you.

To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and which right you wish to exercise. We will not respond to any request if we are unable to verify your identity using commercially reasonable efforts and therefore confirm that the Personal Information in our possession actually relate to you. In such cases, we may request that you provide additional information which is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and at the latest within forty-five (45) days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfil your request.

Should we deny your request, we will explain to you the reasons behind our denial without undue delay, but in all cases and at the latest within forty-five (45) days of receipt of the request. It is your right to appeal such decision by submitting a request to us via the details provided in this Privacy Policy. Within forty-five (45) days of receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact the Attorney General to submit a complaint.

We do not charge a fee to respond to your request, for up to two requests per year.

Your rights under the Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act (VCDPA) will affect persons that do business in Connecticut or persons who provide products and/or services to residents of the Commonwealth of Virginia. The VCDPA grants users the right to access their data and requests that organizations remove their Personal Information. It also compels businesses to complete data security assessments when processing Personal Information for, among other reasons, targeted advertising and sales.

Residents of Virginia have the following rights under the VCDPA:

• the right to know if your Personal Information is being collected or processed;
• to gain access to your Personal Information collected or processed by the controller;
• to obtain a portable and usable copy of your Personal Information kept by a controller;
• to not face discrimination because you exercised their rights;
• to have inaccurate Personal Information corrected;
• to have Personal Information deleted; and
• to opt out of having your Personal Information collected or processed for the purposes of targeted advertising, sale, and profiling.

To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and which right you wish to exercise. We will not respond to any request if we are unable to verify your identity using commercially reasonable efforts and therefore confirm that the Personal Information in our possession actually relate to you. In such cases, we may request that you provide additional information which is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and at the latest within forty-five (45) days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

Should we deny your request, we will explain to you the reasons behind our denial without undue delay, but in all cases and at the latest within forty-five (45) days of receipt of the request. It is your right to appeal such decision by submitting a request to us via the details provided in this Privacy Policy. Within forty-five (45) days of receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact the Attorney General to submit a complaint.

We do not charge a fee to respond to your request, for up to two requests per year.

Your rights under the Colorado Privacy Act (CPA)

This section applies to all Users who are consumers residing in the State of Colorado, according to the Colorado Privacy Act (CPA). You may exercise certain rights regarding your data processed by Vetnio. In particular, you have the right to do the following:

• opt out of the processing of your Personal Information for the purposes of targeted advertising, the sale of Personal Information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
• access Personal Information: You have the right to request that we confirm whether or not we are processing your Personal Information. You also have the right to access such Personal Information.
• correct inaccurate Personal Information: You have the right to request that we correct any inaccurate Personal Information we maintain about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.
• request the deletion of your Personal Information: You have the right to request that we delete any of your Personal Information.
• obtain a copy of your Personal Information. We will provide your Personal Information in a portable and usable format that allows you to transfer data easily to another entity – provided that this is technically feasible.

To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and which right you wish to exercise. We will not respond to any request if we are unable to verify your identity using commercially reasonable efforts and therefore confirm that the Personal Information in our possession actually relate to you. In such cases, we may request that you provide additional information which is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and at the latest within forty-five (45) days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

Should we deny your request, we will explain to you the reasons behind our denial without undue delay, but in all cases and at the latest within forty-five (45) days of receipt of the request. It is your right to appeal such decision by submitting a request to us via the details provided in this Privacy Policy. Within forty-five (45) days of receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact the Attorney General to submit a complaint.

We do not charge a fee to respond to your request, for up to two requests per year.

Your rights under the Utah Consumer Privacy Act (UCPA)

This section applies to all users who are consumers residing in the State of Utah, according to the Consumer Privacy Act (UCPA) of Utah. You may exercise certain rights regarding your data processed by Vetnio. In particular, you have the right to do the following:

• access Personal Information: You have the right to request that we confirm whether or not we are processing your Personal Information. You also have the right to access such Personal Information.
• request the deletion of your Personal Information: You have the right to request that we delete any of your Personal Information.
• obtain a copy of your Personal Information: We will provide your Personal Information in a portable and usable format that allows you to transfer data easily to another entity – provided that this is technically feasible.
• opt out of the processing of your Personal Information for the purposes of targeted advertising or the sale of Personal Information.

To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this Privacy Policy.

For us to respond to your request, we need to know who you are and which right you wish to exercise. We will not respond to any request if we are unable to verify your identity using commercially reasonable efforts and therefore confirm that the Personal Information in our possession actually relate to you. In such cases, we may request that you provide additional information which is reasonably necessary to authenticate you and your request.

We will respond to your request without undue delay, but in all cases and at the latest within forty-five (45) days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to ninety (90) days to fulfill your request.

Should we deny your request, we will explain to you the reasons behind our denial without undue delay, but in all cases and at the latest within 45 days of receipt of the request. It is your right to appeal such decision by submitting a request to us via the details provided in this Privacy Policy. Within forty-five (45) days of receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact the Attorney General to submit a complaint.

We do not charge a fee to respond to your request, for up to two requests per year.

Security and Information Transfer

We maintain procedures and working methods to ensure your Personal Data is handled securely. The basic principle is that only employees and persons within the organization who need access to Personal Data to perform their work duties should be able to access them.

We implement reasonable security measures, including encryption of stored and transmitted data, access control restrictions to limit data access, regular security audits and compliance checks, and employee training on data protection obligations. Despite our efforts, no system is 100% secure. In case of a data breach, we will notify users and regulatory authorities in compliance with Applicable Data Protection Laws.

Transfer of Personal Data to Third Parties

We may share your Personal Data with trusted third parties for the purposes outlined in this Privacy Policy. Such third parties include service providers that assist in operating our platform, such as cloud hosting providers, payment processors, IT security firms, analytics providers, and customer support tools. Any third party that processes Personal Data on our behalf is contractually obligated to do so in accordance with GDPR and other Applicable Data Protection Laws. We ensure that appropriate safeguards, including Standard Contractual Clauses (SCCs) or adequacy decisions, are in place when transferring Personal Data outside the European Economic Area (EEA). We do not sell, trade, or rent your Personal Data to any third party for marketing purposes. If required by law, we may disclose Personal Data to regulatory authorities, law enforcement agencies, or other parties in response to valid legal requests.

Data Processors

We engage carefully selected third-party data processors to process Personal Data on our behalf, solely for the purposes of providing and improving our services. These data processors include cloud storage providers, payment processors, analytics services, and customer support platforms. Each data processor is subject to a legally binding Data Processing Agreement (DPA) that ensures compliance with the GDPR and other Applicable Data Protection Laws. We require our data processors to implement appropriate technical and organizational measures to safeguard personal data and prohibit them from using the data for any other purpose. Where data processors are located outside the European Economic Area (EEA), we ensure adequate levels of protection through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

The data uploaded to our Service is transferred to and stored on encrypted Amazon servers located in Frankfurt, Germany.

Partners who are Independent Data Controllers

In certain cases, we cooperate with third-party partners who act as independent data controllers. These partners process Personal Data in accordance with their own privacy policies and legal obligations, independently determining the purposes and means of such processing. One of such partners is Stripe, our payment service provider. When you make a payment through Vetnio, Stripe processes your payment information as an independent data controller under its own Stripe Privacy Policy. We do not have access to your full payment details, such as your credit card number, and Stripe is solely responsible for the processing of this data.

When you interact with or use services provided by these partners in connection with Vetnio services, their respective privacy policies will govern the processing of your Personal Data. We recommend that you review their privacy policies to understand how they collect, use, and protect your data.

While we take reasonable steps to ensure that our partners comply with Applicable Data Protection Laws, we are not responsible for their processing activities.

Data Retention

Vetnio will only retain your Personal Data for as long as is reasonably necessary to fulfil the purposes we collected such Personal Data for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When your Personal Data is no longer needed for the purpose for which such Personal Data was collected, we will take reasonable steps to destroy, delete or permanently de-identify your Personal Data.

Our Policy Toward Children

Our services are not directed to persons under the age of eighteen (18) years. We do not collect Personal Data from children under the age of eighteen (18) years. We therefore encourage you to obtain the assistance and consent of a parent/legal guardian when accessing our website and using the services. A parent/legal guardian who becomes aware that his or her child has provided us with Personal Data without their consent, should contact us at info@vetnio.com and we will endeavour to delete the relevant data.

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes, we will notify you by posting the updated Privacy Policy on our website and indicating the date of the latest revision at the top of the page. In some cases, we may also provide additional notifications, such as email updates, depending on the nature of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your Personal Data.

Right to Lodge a Complaint

If you believe that we have processed your Personal Data in a manner that violates Applicable Data Protection Laws, you have the right to lodge a complaint with a data protection authority.

You may contact the data protection authority in your country of residence, place of work, or where the alleged infringement has occurred.

If you are located in the European Economic Area (EEA), you can find the contact details of your local data protection authority here: European Data Protection Board – National Authorities

If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO): ICO Website

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC): FDPIC Website

If you are located in California, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs.

If you are located in another jurisdiction, we recommend checking with your local data protection authority for further guidance.

We encourage you to first contact us, so we can attempt to resolve your concerns before you escalate the matter to a regulatory authority.

Opt-out rights

You can stop all collection of Personal Date/Information by Vetnio by not accessing our website, and services, or by requesting to opt-out via email at info@vetnio.com.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your Personal Data, you can contact us using the details below:

Email: info@vetnio.com

Company name: Vetnio AB

Registered address: Grev Magnigatan 10, 114 55, Stockholm

Contact details: Arman Karégar, info@vetnio.com