Privacy Policy

Norra Hamn Kliniken AB (org. no. 559249-4081), operating as Dibélle, is the data controller for personal data processed in connection with our operations.

Address: Kullagatan 40, 252 20 Helsingborg, Sweden

Phone: +46 72-020 20 62

Email: info@dibelle.se

Responsible person: Abir Mustafa, Licensed Nurse

We collect the following categories of personal data depending on how you interact with us:

Via the contact form:

• Name
• Email address
• Subject (optional)
• Message

Via website visits (with your consent):

• IP address (anonymised)
• Device and browser information
• Pages visited and behaviour on the website
• Geographic location (city level)

Via booking through Bokadirekt:

• Booking details are handled by Bokadirekt AB according to their privacy policy. We do not have access to your payment information.

We process your personal data for the following purposes:

• Responding to enquiries (contact form). Legal basis: Legitimate interest in providing good customer service
• Managing bookings (via Bokadirekt). Legal basis: Performance of a contract
• Analysing website traffic (Google Analytics). Legal basis: Consent
• Improving website performance (Vercel Analytics). Legal basis: Legitimate interest (no cookies, no personal data)
• Compliance with accounting law. Legal basis: Legal obligation

We never process your personal data for advertising, profiling or resale.

Our website uses cookies and similar technologies. We divide them into two categories:

Necessary (no consent required):

• Consent setting: saves your cookie choice (localStorage, 6 months)

Analytics (requires your consent):

• Google Analytics 4: measures website traffic and behaviour. Only activated after you click "Accept" in the cookie banner.

You can change your consent at any time by clearing your browser cookies and revisiting the website. The banner will reappear after 6 months.

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited. The service uses cookies to analyse how visitors use our website.

What is collected: Page views, session duration, device type, browser, approximate geographic location and traffic source.

Google Consent Mode v2: Google Analytics is only activated after you give your consent via our cookie banner. Without consent, no analytics data is collected.

Data retention in GA4: User data is stored for a maximum of 14 months.

You can block Google Analytics by installing Google's browser opt-out add-on: https://tools.google.com/dlpage/gaoptout

Read Google's privacy policy: https://policies.google.com/privacy

We use Vercel Web Analytics and Speed Insights to measure website performance and visitor statistics. These services are privacy-friendly and do not use cookies.

What is collected: Page views, referrer, device type, browser and country (aggregated).

No individual visitors can be identified. No cookie consent is required under the ePrivacy Directive.

Provider: Vercel Inc. Read their privacy policy: https://vercel.com/legal/privacy-policy

We share personal data with the following third parties, solely to deliver our services:

• Bokadirekt AB: Booking platform. When you book an appointment via Bokadirekt, they handle your data according to their privacy policy: https://www.bokadirekt.se/articles/privacy-policy
• Resend Inc.: Email delivery. Messages sent via the contact form are delivered through Resend.
• Google Ireland Limited: Google Analytics 4 (with consent) and Google Maps (on the contact page).
• Vercel Inc.: Web hosting, Analytics and Speed Insights.

All third parties process data according to their respective privacy policies and applicable data protection laws. We never sell your data to third parties.

When you send a message via the contact form, we collect your name, email address and message. The data is used solely to respond to your enquiry.

The message is sent via Resend to our email. We do not store your data in any database, it exists only in our inbox.

Your IP address is temporarily stored in server memory to prevent abuse (spam). It is automatically deleted at the next server restart and is never stored permanently.

On our contact page, we display a Google Maps map to help you find the clinic. When the map loads, Google may collect your IP address and set cookies.

Read Google's privacy policy for more information: https://policies.google.com/privacy

• Contact form: Until your enquiry has been answered, plus 12 months for follow-up
• Booking details: Handled by Bokadirekt according to their policy
• Accounting records: 7 years under Swedish accounting law
• Google Analytics data: Maximum 14 months
• Consent setting: 6 months (then the cookie banner reappears)

When the storage period expires, the data is deleted or anonymised.

Under GDPR, you have the following rights:

• Right of access: You can request to know what data we hold about you.
• Right to rectification: You can request that incorrect data be corrected.
• Right to erasure: You can request that your data be deleted, unless legal requirements prevent it.
• Right to restriction: You can request that we restrict the processing of your data.
• Right to data portability: You can request to receive your data in a machine-readable format.
• Right to object: You can object to processing based on legitimate interest.
• Right to withdraw consent: You can withdraw consent at any time without affecting the lawfulness of prior processing.

Contact us at info@dibelle.se to exercise your rights. We will respond to your request within 30 days.

Some of our service providers (Google, Vercel, Resend) may process data outside the EU/EEA, primarily in the USA. These transfers are protected by the European Commission's Standard Contractual Clauses or equivalent safeguards under GDPR Chapter 5.

We take appropriate technical and organisational measures to protect your personal data. All data traffic is encrypted with SSL/TLS. Access to personal data is limited to authorised personnel.

In the event of a personal data breach that poses a risk to your rights, we will notify you and the Swedish Authority for Privacy Protection (IMY) within 72 hours.

Dibélle does not perform treatments on persons under 18 years of age. We do not knowingly collect personal data from minors. If you are under 18, please do not submit personal information through our website.

If you believe that we are processing your personal data incorrectly, you have the right to file a complaint with:

The Swedish Authority for Privacy Protection (IMY)

Box 8114, 104 20 Stockholm, Sweden

Phone: +46 8-657 61 00

Email: imy@imy.se

Website: https://www.imy.se

We may update this privacy policy. In the event of material changes, we will inform you via the website. The date of the latest update is always stated at the top of the page.