PLEASE READ CAREFULLY BEFORE STARTING TO USE THE Diaverum d.CARE PATIENT APP.
Non-acceptance means that you cannot use the Diaverum d.CARE Patient App.
Effective Date: 26 November, 2025
Please note that paper copies of this document may be outdated and no longer valid. The latest version can be found here: https://www.diaverum.com/en/utilities/d_care_patient_app_privacy_policy_and_terms_of_use
Diaverum AB and its affiliates (“Diaverum”) respect your privacy. This Privacy Notice applies to registered users of the Diaverum d.CARE Patient App (the “App”). It describes the types of personal data we collect and process in connection with the App, the purposes for which we collect that personal data, the other parties with whom we may share it and the measures we take to protect the data. It also tells you about your rights and choices with respect to your personal data, and how you can reach us to get answers to questions you may have about our privacy practices. If you do not agree to the Privacy Notice you cannot use the App. Except as set forth in Section 7, the entity responsible for the collection and use of your personal data in the context of the App is:
Diaverum AB, Company registration number: 559140-5344
Hyllie Boulevard 53, 215 37 Malmö, Sweden
E-mail address: info@diaverum.com
Diaverum has appointed a Data Protection Officer who can be contacted in writing using the above address information or by email: se.dpo@diaverum.com
- Personal Data we collect
a. Personal Data provided by you
In connection with your use of the App, you are able to enter or share the following information:
- A score of how you feel
- Fluid intake
- Medication intake
- Health Connect/Health Kit data, including Steps and Sleep. See also point (d.) below.
b. Personal Data provided from other sources
The majority of the information in the App is provided to you using the Diaverum clinic and patient management system as the source. This includes:
- your registered account information (e.g. user-id, phone number, modality type),
- selected parts of your prescription information, including medication,
- parts of your dialysis treatment results,
- parts of your lab test information.
c. Information we collect automatically
We may collect certain anonymized information by automated means when you use the App (“Usage Information”), such as information about the aspects of the App that you use or visit, the date and time of day you access the App, and how long you spend using the App, mobile internet browser, the model and operating system of your mobile phone, tablet, or other device (a "Device"), and other information described in this Privacy Notice.
The data collected automatically is processed to improve the App and to provide you with the best information and services. We may also collect the mobile Device IP address or other unique identifier for any Device where the App is installed and used. A Device Identifier is automatically assigned to your Device, and our systems identify your Device by its Device Identifier.
d. d.CARE Patient App Health Connect/Health Kit
We also offer the possibility to choose and share data from your native health app (Google's Health Connect or Apple's Health Kit) to the App. This could e.g. include Sleep and Steps data. The data is, after you have given your informed consent through both the App and the native health app, shared with the App, stored in the App's database and made available to you through the App. After initial connection between the App and the native health app, 30 days of data is fetched and shared with Diaverum, and after that regularly updated with new data. The data is transferred to and securely stored in the d.CARE app database, and only accessible through the App to you. The data from the health app will be used solely for the purpose of your personal health management and will not be shared with any third parties, and not used for advertising or similar services.
The aim is to promote dialogue between the nurse and the patient about the patient's well-being, using this data as support, and to enable you to further engage in your wellbeing.
2. How we use the Personal Data
We may use the personal data we obtain about you in connection with the App for the following purposes:
|
Purpose |
Legal Basis - GDPR/UK GDPR |
|
Provide you with information and statistics about your dialysis treatments, and other health related information with Diaverum. |
Informed consent - Article 6(1)(a)) and Art. 9(2)(a) – Explicit consent (for health data) |
|
Generate and distribute your login information in a secure manner. |
Informed consent - Article 6(1)(a)) |
|
Create and manage your account, provide our products and services, and respond to your inquiries; |
Informed consent - Article 6(1)(a)) |
|
Anonymize the data provided by you during your usage of the App in order to be able to use it for other purposes (Anonymized content). |
Legitimate interests - Art. 6(1)(f) |
|
Protect against and prevent fraud; unauthorized activity; and claims and other liabilities; and manage risk exposure; |
Legitimate interests - Art. 6(1)(f) |
|
Operate, evaluate, and improve our business (including by developing new products and services; managing our communications; facilitating the functionality of our mobile application); |
Legitimate interests - Art. 6(1)(f) |
|
Enforce our Terms of Use; |
Legitimate interests - Art. 6(1)(f) |
|
Comply with applicable legal requirements and industry standards, and our policies; |
Legal obligation - Art. 6(1)(c) |
|
Respond to and process inquiries, complaints, disputes. |
Legitimate interests - Art. 6(1)(f) |
We may also use the information in other ways for which we provide specific notice at the time of collection.
In-App Notifications: You may receive system notifications such as reminders and information from the App. You can manage your notification preferences or deactivate these notifications at any time by turning off the notification settings in the App or in the Device settings of your mobile Device.
3. Personal Data we share
We do not sell or otherwise disclose personal data we collect and hold about you, except as described in this Privacy Notice or otherwise disclosed to you at the time the data is collected.
Service providers as our data processors: We may share personal data with our service providers who perform services on our behalf, such as companies that develop and support the operation of the App. We do not authorize these service providers to use or disclose the data except as necessary to perform certain services on our behalf or comply with legal requirements. We require these service providers by contract to appropriately safeguard the privacy and security of personal data they process on our behalf, and in accordance with this Privacy Notice.
Diaverum Clinic staff: The information you actively send to Diaverum using the App is made available to personnel at your clinic through a secured system where only authorized personnel have access.
At your choice, you can also share the personal information in the App with staff at your clinic by physically presenting the content shown on the screen of your Device to them.
Administrative and legal reasons: We may also disclose data about you: (i) if we are required to do so by law or legal process, (ii) to law enforcement, authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
Additional Information for UK Users
In the United Kingdom, health information is also protected under the Common Law Duty of Confidentiality. This means that identifiable patient information will be kept confidential and only be shared with your consent or where there is a legal requirement or overriding public interest. This duty applies alongside data protection laws such as the UK GDPR and the Data Protection Act 2018.
4. Your Rights and Choices
Under applicable data protection laws (including EU GDPR and UK GDPR), you have the following rights regarding your personal data:
- Right of Access. You may request confirmation of whether we process your personal data and obtain a copy of such data.
- Right to Rectification. You may request correction of inaccurate or incomplete personal data.
- Right to Erasure (“Right to be Forgotten”). You may request deletion of your personal data where:
- the data is no longer necessary for the purposes for which it was collected,
- you withdraw consent (where consent is the legal basis),
- you object to processing and there are no overriding legitimate grounds, or
- processing is unlawful.
Please note that certain data may form part of your formal medical record and must be retained in accordance with legal obligations. - Right to Restriction of Processing. You may request that we limit processing under certain circumstances, such as while we verify accuracy or handle an objection.
- Right to Object. You may object to processing based on our legitimate interests or for direct marketing purposes.
- Right to Data Portability. You may request to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
- Right to Withdraw Consent. Where processing relies on your consent, you may withdraw it at any time with future effect. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact your clinic or use the contact details provided in the beginning of this notice. We will respond as soon as we can, minimum within one month of receiving your request (extendable by two months for complex cases).
If you withdraw your consent to use the App, your account will be disabled, and data stored in the App’s database will be deleted. You will no longer be able to use the App. Note that parts of the data may be considered an integral part of your formal medical records and will therefore be subject to separate and different retention periods.
If you have any questions or concerns regarding Diaverum’s processing of your personal data, please contact your clinic or use the contact information provided above.
If, in your opinion, Diaverum fails to meet your privacy and data protection expectations, you have the right to file a complaint with the National Data Protection Authority of your choice.
(for example to one of the EU authorities: https://edpb.europa.eu/about-edpb/board/members_en or for UK Users, the Information Commissioner’s Office (ICO): https://ico.org.uk).
5. How we protect Personal Data
We maintain appropriate administrative, technical, and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. We also take measures to destroy or permanently de-identify personal information when there is no longer a valid purpose to keep the information. The types of measures we take vary with the type of information, and how it is collected and stored.
Please note that no collection or data transmission can be guaranteed to be 100% secure. Therefore, while we strive to protect your personal data, we cannot guarantee or warrant the security of any data transmission.
We will never ask you for your authentication credentials in any unsolicited communication (including unsolicited correspondence, such as letters, phone calls, or e-mail messages). If you believe your authentication credentials have been compromised, please contact your clinic immediately or use the contact information provided above.
All data related to and accessible through the d.CARE Patient App are stored on servers in Diaverum’s Data center located in the EU. For users based in Saudi Arabia, Kazakhstan or China the data centers are located in respective country.
6. Data Transfers
The personal data processed by Diaverum is stored in the data centers, as described above in section “5. How we protect Personal Data”. The data is not transferred outside each data center’s jurisdiction other than to the location of each individual User’s and his/her device.
Should the data be transferred to a location outside the respective jurisdiction, we will ensure that the transfer is legal and based on adequacy decisions or other lawful transfer mechanisms such as informed consent, EU Standard Contractual Clauses, or IDTA (for UK).
7. Features and Links to Other Websites
Our App may contain certain features for which we partner with other entities or provide links to other websites for your convenience and information. These features may include social networking, geographic location tools, and links to other websites or applications, any of which may not be owned or operated by Diaverum. These other features, websites, or mobile applications may have their own privacy notices or policies, which we strongly suggest you review. To the extent any features or linked websites you visit are not owned or operated by Diaverum, we are not responsible for the sites’ content, any use of the sites, or the privacy practices of the sites.
8. Data retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law.
Source of Data: Most of the data accessible via the App originates from our digital clinic and patient management system. This data is a copy of your formal medical records, and its retention follows the legal requirements for medical records in each jurisdiction.
Retention in the App: The App stores and displays only up to six months of historical data. It does not contain your full medical treatment history.
Patient-Entered Data:
- Some data you enter remains only in the App database and is retained for as long as you maintain your account or until you delete it.
- Certain data you provide may be transferred to our patient and clinic management system and become part of your formal medical record, subject to the retention periods required by law.
Automatic Deletion: When you are no longer registered as an active patient with the company, all data stored in the App and its database will be automatically deleted. However, any data that forms part of your formal medical record will be retained in accordance with applicable healthcare laws and regulations.
Anonymized Data: Data that has been anonymized is no longer considered personal data and may be retained indefinitely for research, analytics, and other lawful purposes.
Legal and Regulatory Requirements: Where retention is required by law (e.g., healthcare regulations), we comply with those obligations.
When data is no longer needed for these purposes, we securely delete or anonymize it.
9. Updates to our Privacy Notice
This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal data practices. In the App, we will request you to review and consent to our changed Privacy Notice and indicate at the top of the notice when it was most recently updated.
10. How to Contact Us
If you have any questions or comments about this Privacy Notice or if you would like to exercise your rights or to update the information we have about you or your preferences, you may contact your clinic or in writing using the above address information.
To assist us in responding to your request, please give full details of the issue, including that your request relates to the Diaverum d.CARE Patient App.