Privacy Policy

Welcome to our Privacy Policy! It’s great that you’d like to know more about how we keep your information safe. This policy will give you information about how we look after your Personal Data when you visit or use our Dawn Health Platform (Hereafter ‘the Platform’). The Privacy Policy also tells you about your privacy rights and how the law protects you.

Who is responsible for your Personal Data?

This Privacy Policy is issued on behalf of Dawn Health A/S (Dawn Health) where Dawn Health is the data controller (the entity responsible for and in charge of your Personal Data).

You can read more about Dawn Health here .

How does Dawn Health collect and use your Personal Data

Dawn Health collects your Personal Data as you share it with us within our Mobile Applications, Web Portals, on websites operated in connection with a specific Application, and through our customer support as we support your use of our Platform.

For each activity mentioned below, we note the purpose (Dawn Health is prohibited for processing personal data for other purposes than those in accordance with relevant legal basis) for which we use your Personal Data, whom this Personal Data concerns, the categories of Personal Data being used, the legal bases we rely on for our use, the source from which we received the Personal Data, and for how long we keep the Personal Data.

Users of our Mobile Applications

Purpose

Dawn Health will process your Personal Data for the purpose of providing you with access to our Mobile Applications (hereafter ‘Applications’) to assist you in managing your condition, to optimise your experience and the functionality of our Applications, keeping the Applications operational and secure, and to comply with regulations.

Who the Personal Data regards (Data Subjects)

Users of our mobile Applications.

Categories of Personal Data

1. Identity and contact Data. Such as first name, last name, e-mail address or similar unique identifiers, and date of birth
2. Technical data. Such as IP address, your login data, operating system and platform user ID
3. Usage Data. Such as information about how you use our websites and Applications
4. Location Data. Such as information about preferred language and country
5. Health Data. Such as information about conditions and diseases, symptoms, diagnosis, treatment, consultation dates, laboratory results, quality of life and optional survey responses
6. Other Data. Includes information that you as a user decides to store within the Application or feedback about the Application provided to Dawn Health

Source

You as a user of Applications provide your Personal Data.

Recipients

To operate our Application and keep your Personal Data secure we use trusted third parties with whom we may share your Personal Data. Whenever possible your data will be shared with third parties in pseudonymised form. Additionally, these parties may only process your Personal Data in accordance with the instruction provided by Dawn Health, and a signed data processing agreement.

HEALTH DATA OF EU CITIZENS WILL ONLY BE HOSTED WITHIN THE EEA, MEANING THERE WILL BE NO TRANSFER OF PERSONAL HEALTH DATA TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA (AUCUN TRANSFERT DE DONNÉES DE SANTÉ À CARACTÈRE PERSONNEL VERS UN PAYS TIERS À L’ESPACE ÉCONOMIQUE EUROPÉEN).

To the extent Dawn Health discloses or transfers your Personal Data to third parties, who may use your Personal Data for their own purposes, such disclosure or transfer will only take place if it is in accordance with applicable law, or after first obtaining your consent.

Representation of Guarantees (HDS)

Business name of the actor: Dawn Health A/S

Role in the hosting service (Host/Processor of Host): Host

HDS certified: Yes (issued on 08-01-2025 with renewal data 07-01-2028)

SecNum Cloud 3.2 qualified: No

Hosting activities in which the player is involved: Activity 3, 4 and 5 of the HDS:2024 Framework

Access to personal data from countries outside the European Economic Area, by the Host or one of its processers (Requirement No 29 of the HDS framework): No

Host or processor subject to a risk of access to personal health data from countries outside the European Economic Area, imposed by the legislation of a third country in breach of EU law (Requirement No 30 of the HDS Framework: No

Retention

You may withdraw your consent and have your Personal Data deleted from our Dawn Health Platform by using the “delete my account” button on the settings page. In certain circumstances, we may be required to retain some of your Personal Data after you have requested deletion to satisfy regulatory, legal or contractual obligations. Uninstalling our Application on your device will stop future collection of your Personal Data, however already collected Personal Data will be stored in accordance with our retention policy, or until you request for your Personal Data to be deleted.

If you are inactive in our app for 5 years your Personal Data will also be deleted.

Legal Bases

For the processing of your Personal Data Dawn Health relies on the legal bases of necessity for the performance of our agreement (Article 6(1)(b), GDPR), or your consent (Article 6(1)(a), GDPR) to provide you access to our Application, to optimize your experience and provide you with support using our Application.

For the processing of your health information Dawn Health relies on the legal bases of explicit consent (Article 9(2)(a), GDPR) from you to assist you with managing your condition or disease within our Application.

Additionally, Dawn Health relies on our legitimate interest (Article 6(1)(f), GDPR). to secure the Applications, maintain regular operation and improve functionality and personalise our service.

Lastly, Dawn Health may need to process your information to comply with legal or regulatory obligations (Article 6(1)(c), GDPR).

Third-party Integrations

Our Applications may offer integrations with third-party systems and services to enhance your experience and the functionality of the Applications. These integrations may allow for exchange of certain data between our application and the third-party service. Exchange of your Personal Data through an integration will only occur upon your consent. The third-party system you choose to share to share your personal data with are independent Data Controllers and are responsible for how they process your personal data.

Sharing your information with a health care professional

You may choose to share the information within the Applications with your healthcare professional or any other third party. If you decide to share your information from the Applications with a third party the third party is separately responsible for processing your information, and for using your information to provide your treatment and care. This Privacy Policy will not apply in such case.

Sharing your information with a support programme

Some of our Applications allows for sharing your Personal Data with a patient support programme offered by a pharmaceutical company partnered with Dawn Health. Sharing your data with a patient support programme will be performed on your request and based upon your approval. Dawn Health will share your contact details to facilitate the contact. Dawn Health is only responsible for transmitting your information to this third party. The third-party managing the patient support programme is independently responsible for using your information to deliver the services. Please refer to their Privacy Policy for details on how they process your data.

How we protect your Personal Data

Keeping your Personal Data secure is a top priority. We adhere to internationally recognised security standards and store your Personal Data on secure services. All Personal Data will be treated as confidential by those who are allowed to process it. Furthermore, we limit access to your Personal Data only to those people who require it. We regularly perform internal audits to review that our measures are appropriate and to ensure continued compliance with our policies and with recognised security standards.

How we share your Personal Data

To operate our Platform and keep your Personal Data secure we use trusted third parties with whom we may share your Personal Data. Whenever possible your data will be shared with third parties in pseudonymised form. Additionally, these parties may only process your Personal Data in accordance with our instruction, with technical and organizational measures assigned in accordance with article 28 (4) of GDPR and a signed data processing agreement.

HEALTH DATA OF USERS OF OUR APPLICATIONS AND USER RESEARCH MARKETED FOR EU CITIZENS WILL ONLY BE HOSTED WITHIN THE EEA, MEANING THERE WILL BE NO TRANSFER OF PERSONAL HEALTH DATA TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA (AUCUN TRANSFERT DE DONNÉES DE SANTÉ À CARACTÈRE PERSONNEL VERS UN PAYS TIERS À L’ESPACE ÉCONOMIQUE EUROPÉEN).

Your privacy rights

You have the following rights with regard to your Personal Data that we process:

1. Request access to your Personal Data. You have the right to access the Personal Data we are keeping about you. Applications and Web Portals users will, in many cases, already have this information directly available in our Platform. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business practices, confidential information and internal assessments.
2. Request correction of incorrect or incomplete data. If the data we have pertaining to you are incorrect or incomplete, you are entitled to have the data corrected, with the restrictions that follow from legislation.
3. Request erasure. You have the right to request deletion of your data free of charge when: (i)the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you withdraw your consent to the processing and there is no legitimate reason for processing, (iii) you object to the processing and there is no justified reason for continuing the processing, or (iv) the processing is unlawful
4. Limitation of processing of Personal Data. You have the right to request that we restrict the processing of your Personal Data. When processing is restricted, we will store your data but not use it for other purposes without your consent, except as legally required.
5. Object to processing based on our legitimate interest. You can always object to the processing of Personal Data about you which is based on legitimate interest. If we are processing your data for direct marketing and profiling in connection to such marketing, your objection will always be sustained. For objections to processing for other purposes, we will conduct a legitimate interest balancing test and consider whether to support your objection.
6. Data portability. You have a right to receive Personal Data that you have provided to us in a machine-readable format. This right applies to Personal Data processed only by automated means and on the basis of consent or of fulfilling a contract.
7. Selling or Sharing end user data. Dawn Health does not sell or share your Personal Data or Sensitive Personal Data as defined in California Consumer Privacy Act.
8. Other rights. You have the right to lodge a complaint with your local Data Protection Authority, if you are dissatisfied with the way we process your Personal Data. You will find the Danish Data Protection Agency’s contact information at .

If you want to exercise any of the above rights, you can send an email to our support or contact the data protection officer (). You can expect a response within 30 calendar days.

How we use AI (with your permission)

Dawn Health may offer features in our applications that use Artificial Intelligence (AI) to improve your experience, simplify your input, and help us make our products better. Using these features is completely optional, and we will always ask for your permission first. We apply the same strong privacy and security protections to AI features as we do to all your personal data, along with extra safeguards through our AI risk assessment process.

Cookie Policy

This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences. For further information on how we use, store, and keep your personal data secure, see our

You can at any time change or withdraw your consent from the Cookie Declaration on our websites.

Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.

What are Cookies?

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.

How do we use cookies?

As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

What types of cookies do we use?

Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket, and checkout securely.

Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit, etc. These data help us understand and analyse how well the website performs and where it needs improvement.

Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing content of the website on social media platforms.

Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.

Management of Cookies

There are various ways you can manage cookie-related preferences, including providing, updating, and withdrawing consent, where relevant:

1. Directly within your own device settings, for example, by preventing the use or storage of cookies and similar technologies.
2. Provide, withdraw, or update consent by setting your preferences within the consent-preferences widget.
3. Via relevant browser or device features, deleting previously stored cookies, including those used to remember your initial consent, e.g., by deleting cookie history.

You may change your cookie settings by clicking the cookie badge you find on our Privacy Policy page.

Aggregation, Anonymised and de-identification data

Aggregated and anonymised data is information from which there cannot be identified an individual. Dawn Health collects, uses and shares aggregated and anonymised data with our partners.

Dawn Health shall put measures in place to ensure de-identified data cannot be identified.

Contact us

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this policy you can contact us using the following details:

Dawn Health A/S

CVR-nr: 37683264

Sundkaj 153

2150 Copenhagen

Denmark

In the United Kingdom and Switzerland, we have appointed local representatives:

Please include your name, country and specific platform to which your inquiry relates.

Updates

Any changes to this Privacy Policy will be posted on this page and, where appropriate, notified to you. Please check back frequently to see any updates or changes to this Policy.