Privacy Policy

Dianovo AB is the controller of the personal data processed via this website.

• Legal name: Dianovo AB
• Org.nr: 559533-4581
• Address: Ideon Science Park, Skomakaregatan 17 B, 223 50 Lund, Sweden
• Privacy contact: martin@dianovohealth.com

Dianovo is a Swedish medical-technology company developing CENTiV, a continuous cellulose roll-based rapid diagnostic platform intended for IVDR Class D donor screening. The website is a corporate communications site; it is not a medical device, does not provide medical advice, and is not a clinical service.

a) Contact form submissions. When you submit the contact form, we collect:

• Name
• Email address
• Organization (if you choose to provide it)
• Inquiry type (selected from a drop-down)
• The content of your message

b) Aggregated, cookieless website analytics. We use Vercel Web Analytics in its cookieless mode. No cookies are set on your device and no persistent identifier is stored about you. Vercel generates a short-lived hash from incoming request signals which is discarded within 24 hours and cannot be linked back to you. We see aggregate counts (page views, referrers, country at country level) but cannot identify individual visitors.

c) Standard server logs. Our hosting provider records minimal technical information necessary to operate the site (timestamp, requested URL, HTTP status, IP address, user agent) for security, abuse prevention and diagnostics.

We do not knowingly collect data about children, and we do not process special categories of personal data (for example, health data) through this website. Please do not include health or patient information in any message to us.

We have carried out a balancing test for the legitimate-interest activities and concluded that the minimal, aggregate or technical nature of the data, combined with the absence of profiling or third-party advertising, means our interests do not override your rights and freedoms.

You may withdraw consent or object to legitimate-interest processing at any time using the contact details in Section 1. Withdrawal does not affect processing carried out before withdrawal.

a) Vercel, Inc. - Hosting and cookieless analytics.
Vercel hosts the website and provides the cookieless analytics described above. Vercel is established in the United States and is certified under the EU-U.S. Data Privacy Framework (DPF)and the UK Extension to the DPF. We have a Data Processing Addendum with Vercel incorporating the European Commission’s Standard Contractual Clauses (2021/914) as a fallback transfer mechanism.

b) Resend, Inc. - Email delivery for contact form messages.
When you submit the contact form, Resend transmits the message from our website to our mailbox. Resend is established in the United States and is certified under the EU-U.S. Data Privacy Framework (DPF)and the UK Extension to the DPF. We have a Data Processing Addendum with Resend incorporating the European Commission’s Standard Contractual Clauses (2021/914) as a fallback transfer mechanism. Account-level metadata and logs at Resend may be processed on US infrastructure even when emails are sent from a European region.

c) Future B2B visitor analytics - currently inactive.
We do not currently use B2B visitor-identification or marketing-analytics tools (for example, Leadfeeder, Leadinfo, Albacross, Snitcher, or Factors). If we add such a tool in the future, this Privacy Policy and our Cookie Policy will be updated before activation, and, where consent is legally required, a compliant cookie banner will be deployed.

A current list of processors is available on request at martin@dianovohealth.com.

Because Vercel and Resend are established in the United States, your personal data is transferred outside the European Economic Area when you use the website. We rely on the following transfer mechanisms, in order:

1. EU-U.S. Data Privacy Framework adequacy(Commission Implementing Decision (EU) 2023/1795 of 10 July 2023) while the recipient’s DPF certification remains active. You can verify the current status of any participant on the public Data Privacy Framework list at dataprivacyframework.gov.
2. Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) as a contingency, supplemented by a Transfer Impact Assessment where appropriate.

If you would like more information about these transfer mechanisms, please contact us.

To exercise any of these rights, contact us at martin@dianovohealth.com. We will respond within one month, as required by Article 12(3) GDPR.

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure(“right to be forgotten”) (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21), including any direct-marketing use (we do not currently use your data for direct marketing)
• Rights related to automated decision-making and profiling (Art. 22) - we do not carry out any such automated decision-making with material legal or similar effect

To withdraw consent you previously gave, simply tell us. Withdrawal is as easy as giving consent and does not affect processing already carried out.

You also have the right to lodge a complaint with a supervisory authority. The competent authority in Sweden is:

Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
imy@imy.se · www.imy.se

You may also complain to the supervisory authority in the EU country where you live or work.

For any privacy-related question, request, or complaint:

Martin Lundberg, CEO
martin@dianovohealth.com
Dianovo AB, Ideon Science Park, Skomakaregatan 17 B, 223 50 Lund, Sweden