ProPet Privacy & Data Protection Compliance with GDPR
The EU General Data Protection Regulation (GDPR) is the new European data protection law that replaces the existing 1995 EU Data Protection Directive 95/46/EC on May 25th, 2018. It will be the sole data protection law throughout all EU member states and also applies to any organization outside the EU that offers goods/services (paid or for free) to individuals within the EU.
GDPR applies to all organizations operating within the EU or outside the EU that process personal data of EU residents. The regulation applies only to personal data about individuals and does not govern data concerning companies or any other legal entities.
ProPet will comply with GDPR when it becomes enforceable on May 25th 2018. The data protection and privacy that we adopt to meet GDPR for our EU customers maybe extended to ProPet customers worldwide.
Using the ProPet platform involves us transmitting and storing some of your personal data. We are very cognizant of our responsibilities of protecting your data and privacy.
Categories of personal data
Your personal data are different pieces of information which when collected together can lead to the identification of you and are known as personal information.
For reporting purposes all your personal data is rendered anonymous in such a way that your identity as an individual is no longer identifiable.
The personal data we collect from you are your first and last name, residential address, email address, phone number, Internet Protocol (IP) address and a cookie ID.
ProPet does not store any financial information (e.g. credit card number) that you provide. Credit / debit card purchases for the ProPet Platform are processed by the third-party vendors Stripe and Payfirma. When you provide financial information on our platform the data is sent to Stripe or Payfirma, i.e., no financial data is not stored on our systems. The payment processors are compliant with Payment Card Industry Data Security Standard (PCI DSS) for the storage and handling of payment information.
About ProPet and lawful basis of processing
Your personal data is/has been provided by you when you create(d) an account on the ProPet platform and is processed on behalf of a pet business that uses the ProPet platform to manage their business operations. The ProPet platform is owned and operated by ProPet Software Inc.
The purposes for personal data
ProPet Software enables pet businesses to manage their business operations and provide services/sell products to their customers using the online platform.
The personal data you provide is used for the following purposes:
- Registration: In order to register for our Services on the ProPet platform you must provide certain Personal data to us such as username, full name and email address. If you create an account with any business/ organization that uses the ProPet platform to manage their business, they may require you to provide additional information such as your location, credit card and billing information. We use such information to create and administer your account and provide you with the Services and access to the platform.
- Identification: To verify and confirm your personal identity
- Bookings & Purchases: To book services or buy products from businesses that use ProPet Software to manage their businesses/operations
- Invoicing: To issue you invoices for services provided and or products purchased
- Payments: To collect payments from you for services provided or products purchased
- Marketing: The business through which you signed up to use the ProPet platform from time to time may offer you value added email marketing for services like discounts, new services such as loyalty programs, newsletters, other promotional materials etc. You have the option of opting out of this at any point in time.
- Reporting: The platform may use parts of your personal data for the generation of reports and analytics. Note- Your personal data is rendered anonymous in such a way that your identity as an individual is no longer identifiable
- Customer Support: To provide you with customer support should the need arise when using the ProPet Platform
- Cookies: Cookies are used by us for session management to track when you login to the system. We do not track your location.
Your personal data is subject to all the data protection requirements of the General Data Protection Regulations.
Your data is processed for the sole purposes stated above. We will ask for your permission/ consent before using information for a purpose other than those that are set out in this Policy document.
Your personal data will reside within the platform as long as you have an account with us. You can delete your account at any time.
Access to your data is limited and restricted to ensure it is only used for its intended purpose. Your personal data is only visible to the business that you are registered with that uses ProPet to manage their business operations and the administrators of the ProPet platform. We have implemented procedures designed to limit the dissemination of your personal data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
Transfer and storage of data
The data within the ProPet platform is stored, transmitted to and from cloud servers of our data processor Digital Ocean with data centres in the USA. The USA is one of the countries that meets the EU adequacy decision i.e. offers an adequate level of data protection required by the EU for personal data transfer from the EU to the US. There is no obligation under the GDPR for data to be stored in the EU and the rules regarding transfer of personal data outside the EU remain largely unchanged. The GDPR permits transfers of personal data outside of the EU subject to certain conditions.
Personal data transferred between the EU and US is protected by the EU-US Privacy Shield framework which protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes and effective protection and redress for individuals. Digital Ocean is an active participant in and complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides Digital Ocean a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.
In the future should we plan to distribute platform data within the EU or to countries like Canada for example that meet the EU adequacy decision you will be notified.
Privacy by Design
Data protection and privacy have been taken into account when designing the ProPet Platform. We have in place the technical and organisational measures to meet the requirements of GDPR.We hold and process only the data absolutely necessary for the completion of data operations (data minimisation). We also limit the access to personal data to only the purposes required for processing.
Your Data and Privacy Rights
Right to Access & Right to Information
You have the right to know of the information about the processing of your personal data. Your personal data is being processed only as stated, in the defined location and for the purposes as outlined in this policy document.
You have the option of downloading a copy of your personal data, free of charge, in an electronic format (.csv fomat).
If you request access to your personal data stored within the ProPet application, ProPet will verify your identity (such as, clicking a verification link, entering a username and/or password) and then:
- Confirm whether we are processing personal data concerning you
- Provide a copy of your personal data on request
- Provide information about the processing (such as purposes, categories of personal data, etc.) as stated in this document
You may correct any of your personal data that you enter on the platform and may also request for incorrect, inaccurate or incomplete personal data to be corrected.
All right to access requests will be responded to in writing within 30 days or sooner as per EU regulations.
Right to withdraw consent
You have the right to withdraw consent at any time, delete your account and to stop using the ProPet platform at any time.
You may withdraw your consent to receiving marketing communications at any time by following the opt-out instructions in each communication.
Right to object
You have the right to object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
You may also request the restriction of the processing of your personal data in specific cases.
Right to be forgotten
You have the option to either delete your account or have the business that uses ProPet Software to manage their business/operations to delete your account (data erasure). The conditions for erasure include: the data no longer being relevant to original purposes for processing or you withdrawing consent.
From the moment your account deletion is processed your personal data will be completely removed from the ProPet application, will no longer be accessible to anyone within the platform and will no longer be disseminated to any third parties (for example the payment processor).
We maintain an archive of ProPet data backups that keep certain historical information for legal reasons (for example invoices of services rendered or products purchased). These backups are kept for as long as legally necessary, which may extend beyond the termination of our relationship with you (i.e. when the account was deleted).
Right to Data Portability
You have the right to receive all your personal data within the ProPet system in a commonly used and machine-readable format. You can download it in the form of a (.csv format) or have the business send you a copy of your personal data. You have the right to transmit that data to another organization/ data controller.
Right of Notification
We will inform you within 72 hours should there ever be a data breach involving your personal data as well as inform the Data Process Authorities for any EU customers that have been affected within member states of the EU.
Right to complaint
EU citizens have the right to lodge a complaint with their respective Data Protection Authority (DPA).
Collection of Information: We aim to collect, use and disclose only such information as is required to enable us to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes and for service improvement. We will maintain the confidentiality of any contact information you provide to us on signing up for our Services or contacting us with questions or for further information and we will use it only for the purposes for which we have collected it (subject to the exclusions and disclosures we have listed below), unless you agree that we may disclose it to other third parties.
"Personal Information" is personally identifiable information, such as your name, address, e-mail address, credit card information, birth date and gender. At the time of collection, we will clearly identify the information being collected and the purposes for which it will be used. It is always your choice whether or not to provide Personal Information but if you choose not to provide certain requested Personal Information, in some instances you may not be able to register to use the Website or Services or be able to access and use the Website or Services at all. In other instances, your choice not to provide certain other Personal Information may mean that you will not be able to use certain features of the Website or Services. We may collect Personal Information in respect of the Website or Services through registration processes; communications with you; information downloads; service use; purchases; user support; and surveys.
"Non-Personal Information" is information of an anonymous nature, such as an Internet Protocol Address (IP Address), the domain used to access the Website or Services, and the type and version of browser or operating system being used by visitors to access the Website or Services. Aggregate information, such as demographic statistics of our users (e.g. geographical location of our users), number of visitors, what pages users access or visit, and average time spent on the Website or Services is not considered Personal Information. Similarly, business contact information such as the name, title, business address, e-mail address, or telephone number of a business or professional person or an employee of an organization is not considered Personal Information.
Use of Information: We collect information for the following purposes:
- Booking Appointments: If you book any appointments using the Service, we will store a record of such appointments in your account.
- Sharing Features: If you use any third-party platforms that we support such as Facebook or Twitter to share content, such content will be publicly available and searchable on the Internet.
- Messages: Users may have the ability to send messages to each other through the Services. If you send a message to another user, they will be able to see your username, profile photo and the content of your message. If you receive a message from another user, we will send you an email to let you know that you have received a new message.
- Marketing Communications: If you opt-in to receive marketing communications from us, we will keep you up to date on our products and services. You may withdraw your consent to receiving marketing communications from us at any time by following the opt-out instructions in each communication.
- Statistics: We also collect statistics about use of the Services which we use for analytics including predictive analytics. Aggregate statistics that do not personally identify an individual will be kept by us and such aggregate statistics may be made available to other members or third parties.
Your IP address is reported by your web browser whenever you visit a page on the Website. This information is recorded together with your registration information on our databases.
- Third-Party Links: The Website may contain links to other third-party websites that are not owned or controlled by us. Such third-party websites are governed by the terms and conditions and privacy policies of such third-party providers and we are not involved in any interaction or transaction between you and such third-parties.
From time to time we may employ third parties to help us improve the Website and/or the Services. These third parties may have limited access to databases of user information solely for the purpose of helping us to improve the Website and/or the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose.
Important Exceptions: We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Website members, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.
Security: The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your email account information or your password for the Services to third parties.
Retention: We will keep information for as long as it remains necessary for the identified purpose or as required by law (e.g. invoices for tax purposes), which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law.
Access and Accuracy: You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information although in certain limited circumstances, we may not be able to make all relevant information available to you such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.
Contact Us: You can help by keeping us informed of any changes such as a change of address or telephone number or you can make these changes yourself within your account on the platform. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at: firstname.lastname@example.org.
Last Updated: Sep 25, 2019