1Object of Processing
1.1The Controller processes personal data (hereinafter 'Data') provided by you when purchasing, subscribing to services, or generally within the framework of the contractual relationship with the Controller. The processed Data may include:
1.1.1Required Data: Such as your email address, necessary for creating an account and accessing the Service.
1.1.2Data related to your pets: Documents, test results, and other information the user chooses to store.
1.1.3Optional Data: Contact information such as address, phone number, ZIP code, region, and country. This data may be provided by the user to complete the information to be shared with doctors or clinics.
1.1.4Automatically collected Data: Usage data such as IP address, device type, operating system, and other analytical information collected through integrated services such as Sentry and Vercel Analytics.
1.1.5Payment Data: Financial information provided by the user when making an online purchase through the Services to complete the transaction. This data may include the name, billing address, payment method number (e.g., credit card), security code associated with the payment method (e.g., CSV), and other financial information. The transaction is carried out through external payment service providers, and therefore, no financial information is directly retained by the Controller.
2Purpose and Legal Basis of Processing
2.1Your personal data is processed, without your prior consent (Art. 6(b), (c) GDPR), solely for the purposes of managing and executing pre-contractual and contractual relationships; fulfilling administrative and accounting obligations; complying with laws, regulations, or EU legislation, or as required by authorities; protecting the Controller's rights in judicial proceedings and managing any disputes; preventing and suppressing unlawful acts.
2.2Further processing purposes: Collected data may also be used, with your prior explicit consent (Art. 6(a) GDPR), for the following additional purposes as detailed below:
2.2.1Your personal data is processed with consent (Art. 9(2)) for managing and executing pre-contractual and contractual relationships; fulfilling administrative and accounting obligations; complying with laws, regulations, or EU legislation, or as required by authorities; protecting the Controller's rights in judicial proceedings and managing any disputes; preventing and suppressing unlawful acts.
2.2.2Marketing: To send you newsletters, promotional materials, and commercial communications through both automated means (e.g., email, SMS, MMS, App) and traditional methods (postal mail and non-pre-recorded calls).
3Processing Methods and Retention
3.1Processing will be carried out through the operations indicated in Art. 4 GDPR and may take place through computer systems (cloud, internet, intranet, computers, and mobile devices) and automated processes, as well as in paper form (archives).
3.2Data collected through the Digital Veterinarian app may be processed through external cloud services, such as Google Drive, OneDrive, and Dropbox, by way of example but not limitation. Users have the option to choose a cloud storage service from those integrated within the app. It is solely the user's responsibility to ensure there is sufficient space in the selected cloud service for data storage. Digital Veterinarian has no control over how cloud services manage data stored on their systems and disclaims any responsibility for security, storage capacity, management, or data processing issues by external cloud services. Users are encouraged to review the privacy policies and terms of use of the respective cloud service providers.
3.3In compliance with the provisions of Article 5(1)(e) of the EU Regulation 2016/679, personal data collected will be stored in a form that allows the identification of the data subjects for a period not exceeding the time required to fulfill the purposes for which the personal data is processed; personal data may be retained for longer periods provided they are processed solely for archival purposes in the public interest, scientific or historical research, or for statistical purposes, in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this regulation to protect the rights and freedoms of the data subject.
3.4In light of this principle, your personal data will be processed by the Data Controller only as necessary to achieve the purposes set out in Section 2 of this Policy. In particular, your personal data will be processed for a time period equal to the minimum necessary, i.e., up to ten years after the termination of the contractual relationships between you and the Data Controller, without prejudice to an additional retention period that may be imposed or allowed by law.
3.5For the processing carried out to achieve the purposes set out in Section 2.2 of this Policy, the Data Controller may lawfully process your personal data until you notify, through one of the methods provided by this Policy, your intention to revoke your consent to one or all of the purposes for which it was requested and/or to object to the processing. The revocation of consent or exercise of the right to object will require the Data Controller to cease processing your personal data for such purposes.
4Data Security
4.1We adopt adequate technical and organizational measures to protect users' Personal Data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, data encryption, access control, and security protocols for handling information.
4.2Digital Veterinarian implements security measures to protect user data within its infrastructure. However, files uploaded and stored on external cloud services chosen by the user are subject to the security policies of those third-party providers. Digital Veterinarian is not responsible for any breaches or security issues that may occur on external cloud services.
4.3Despite our efforts, no system can guarantee absolute security. Therefore, we encourage users to exercise caution in managing and sharing their information and to review the security policies of cloud service providers to understand their data protection practices.
5Nature of Data Provision and Consequences of Refusal
5.1The provision of personal data referred to in point 1 of this Notice is necessary for the execution of the contractual relationship and obligations arising from legal, regulatory, or community law requirements, but any refusal may result in the total or partial inability to provide the requested services or performance.
5.2It is understood that if you do not wish to consent to the processing of your data for the purposes referred to in point 2.2, this will not prevent you from accessing the website or the App and using the available features linked to your personal account.
6Data Access
6.1Your Personal Data may be communicated to specific subjects considered recipients of such Personal Data, as defined in Article 4, point 9.
6.2In this regard, the following Recipients may process your Personal Data:
6.2.1Individuals, employees, and/or collaborators of the Data Controller in their capacity as processors and/or internal processing officers and/or system administrators;
6.2.2Third parties that carry out part of the Processing activities and/or related and instrumental activities on behalf of the Data Controller. These subjects have been appointed data processors, as understood individually by the term under Article 4, point 8) of the Regulation.
6.2.3Third parties that carry out Processing activities and/or related and instrumental activities in their capacity as independent data controllers, including, but not limited to, consulting companies, freelancers, third-party companies, and/or those affiliated with the Data Controller.
6.2.4If required by law or to prevent or suppress the commission of a crime, your Personal Data may be communicated to Public Entities or the Judicial Authority without them being defined as Recipients.
6.3Additionally, you can share your Personal Data, as well as data related to your animals, with other users or professionals, such as veterinarians or clinics, whom you freely identify through the app. The sharing of such data is at your sole discretion, maintaining full control over the information you choose to make accessible to others. Digital Veterinarian is not responsible for the management of data once shared with third parties identified by you.
7Data Communication
7.1Without your express consent (pursuant to Article 6 letters b, c GDPR), the Data Controller may communicate your Data to Public Entities to comply with the obligations imposed by laws, regulations, or Community legislation or imposed by the Authorities, who will process the data in their capacity as independent data controllers.
7.2Your data may also be communicated to Third Parties (e.g., partners and client companies) who will process the data to carry out activities instrumental to the requested services and the purposes mentioned above.
7.3Generally, the selected service providers operate through data centers located within the European Union. If your data is transferred outside the European Economic Area (EEA), even for technical management purposes of the collected data, this will be done in full compliance with GDPR, to companies adhering to the Privacy Shield (USA) or third countries with recognized adequacy guarantees by the European Commission, or adequate personal data protection guarantees will be provided through agreements or contractual clauses (including binding corporate rules - BCR, and standard contractual clauses).
8Data Subject Rights
8.1At any time, you may exercise your rights with respect to the Data Controller, pursuant to Articles 15-22 of Regulation EU 2016/679, and in particular:
8.1.1Right of Access: You have the right, pursuant to Article 15(1) of the Regulation, to obtain confirmation from the Data Controller as to whether or not your Personal Data is being processed.
8.1.2Right to Rectification: You may obtain, pursuant to Article 16 of the Regulation, the rectification of inaccurate Personal Data. Additionally, considering the purposes of the Processing, you may obtain the completion of your incomplete Personal Data by providing a supplementary statement.
8.1.3Right to Erasure: Pursuant to Article 17(1) of the Regulation, you may obtain the erasure of your Personal Data without undue delay, and the Data Controller will be obliged to erase your Personal Data. In some cases, as provided for in Article 17(3) of the Regulation, the Data Controller is entitled not to proceed with the erasure of your Personal Data if its Processing is necessary, for example, for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or statistical purposes, for the establishment, exercise, or defense of legal claims.
8.1.4Right to Restriction of Processing: You may obtain the restriction of Processing pursuant to Article 18 of the Regulation in the following cases: a) you have contested the accuracy of your Personal Data (the restriction will last for the period necessary for the Data Controller to verify the accuracy of such Personal Data); b) the Processing is unlawful, but you oppose the erasure of your Personal Data, requesting instead the restriction of its use; c) although the Data Controller no longer needs the data for Processing purposes, your Personal Data is required for the establishment, exercise, or defense of legal claims; d) you have objected to the Processing pursuant to Article 21(1) of the Regulation and are awaiting verification as to whether the Data Controller’s legitimate grounds override your rights. In the event of a restriction of Processing, your Personal Data will be processed, except for storage, only with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another person, or for reasons of public interest. We will inform you before such restriction is lifted.
8.1.5Right to Data Portability: At any time, you may request and receive, pursuant to Article 20(1) of the Regulation, all your Personal Data processed by the Data Controller and/or Joint Data Controllers in a structured, commonly used, and machine-readable format, or request its transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with the exact details of the new data controller to whom you wish to transfer your Personal Data, along with written authorization.
8.1.6Right to Object: Pursuant to Article 21 of the Regulation, you may object, at any time, to the Processing of your Personal Data a) if it is processed for marketing purposes, including profiling to the extent that it is related to such marketing, or b) for reasons related to your particular situation if your Personal Data is processed based on the legitimate interest of the Data Controller or third parties, unless there are compelling legitimate grounds for the Processing that override your interests, rights, and freedoms, or the Processing is necessary for the establishment, exercise, or defense of legal claims.
8.2To exercise all your rights as identified above, simply contact the Data Controller and/or Joint Data Controllers by sending an email to info@digitalveterinarian.freshdesk.com, to the attention of the Privacy Office.
8.3In addition, you have the right to lodge a complaint with a supervisory authority: Without prejudice to your right to seek redress through other Administrative or Judicial venues, if you believe that the Processing of your Personal Data by the Data Controller and/or Joint Data Controllers violates the Regulation and/or applicable law, you may lodge a complaint with the Data Protection Authority or other competent supervisory authority.
8.4At any time, you may consult the 'Privacy' section of the Websites and App (as defined below), where you will find all information regarding the use and Processing of your Personal Data, the detailed company references, and updated information about contacts and communication channels made available to all Data Subjects by the Data Controller.
9Privacy Policy Updates
9.1We may periodically update this Privacy Policy. Changes will be posted on this page, and you may continue to use the Service only after accepting the updated terms. We encourage users to regularly check this page for any updates or changes. Continued use of the Service after changes are posted implies acceptance of the updated terms.
10Contact Information
10.1For any questions or requests regarding personal data protection, you can contact us through the following channel:
10.1.1by sending an email to info@digitalveterinarian.freshdesk.com, to the attention of the Privacy Office.
