ProPet Privacy & Data Protection Compliance with GDPR

GDPR

The EU General Data Protection Regulation (GDPR) is the new European data protection law that replaces the existing 1995 EU Data Protection Directive 95/46/EC on May 25th, 2018. It will be the sole data protection law throughout all EU member states and also applies to any organization outside the EU that offers goods/services (paid or for free) to individuals within the EU.

GDPR applies to all organizations operating within the EU or outside the EU that process personal data of EU residents. The regulation applies only to personal data about individuals and does not govern data concerning companies or any other legal entities.

ProPet will comply with GDPR when it becomes enforceable on May 25^th 2018. The data protection and privacy that we adopt to meet GDPR for our EU customers maybe extended to ProPet customers worldwide.

Using the ProPet platform involves us transmitting and storing some of your personal data. We are very cognizant of our responsibilities of protecting your data and privacy.

In conjunction with our privacy policy, this document strictly focuses on the personal data requirements and compliance as outlined in the GDPR. The handling of non-personal information is addressed in our privacy policy.

Categories of personal data

Your personal data are different pieces of information which when collected together can lead to the identification of you and are known as personal information.

For reporting purposes all your personal data is rendered anonymous in such a way that your identity as an individual is no longer identifiable.

The personal data we collect from you are your first and last name, residential address, email address, phone number, Internet Protocol (IP) address and a cookie ID.

ProPet does not store any financial information (e.g. credit card number) that you provide. Credit / debit card purchases for the ProPet Platform are processed by the third-party vendors Stripe and Payfirma. When you provide financial information on our platform the data is sent to Stripe or Payfirma, i.e., no financial data is not stored on our systems. The payment processors are compliant with Payment Card Industry Data Security Standard (PCI DSS) for the storage and handling of payment information.

About ProPet and lawful basis of processing

Your personal data is/has been provided by you when you create(d) an account on the ProPet platform and is processed on behalf of a pet business that uses the ProPet platform to manage their business operations. The ProPet platform is owned and operated by ProPet Software Inc.

The purposes for personal data

ProPet Software enables pet businesses to manage their business operations and provide services/sell products to their customers using the online platform.

The personal data you provide is used for the following purposes:

1. Registration: In order to register for our Services on the ProPet platform you must provide certain Personal data to us such as username, full name and email address. If you create an account with any business/ organization that uses the ProPet platform to manage their business, they may require you to provide additional information such as your location, credit card and billing information. We use such information to create and administer your account and provide you with the Services and access to the platform.
2. Identification: To verify and confirm your personal identity
3. Bookings & Purchases: To book services or buy products from businesses that use ProPet Software to manage their businesses/operations
4. Invoicing: To issue you invoices for services provided and or products purchased
5. Payments: To collect payments from you for services provided or products purchased
6. Marketing: The business through which you signed up to use the ProPet platform from time to time may offer you value added email marketing for services like discounts, new services such as loyalty programs, newsletters, other promotional materials etc. You have the option of opting out of this at any point in time.
7. Reporting: The platform may use parts of your personal data for the generation of reports and analytics. Note- Your personal data is rendered anonymous in such a way that your identity as an individual is no longer identifiable
8. Customer Support: To provide you with customer support should the need arise when using the ProPet Platform
9. Cookies: Cookies are used by us for session management to track when you login to the system. We do not track your location.

Your personal data is subject to all the data protection requirements of the General Data Protection Regulations.

Your data is processed for the sole purposes stated above. We will ask for your permission/ consent before using information for a purpose other than those that are set out in this Policy document.

Data Retention

Your personal data will reside within the platform as long as you have an account with us. You can delete your account at any time.

Restricted Access

Access to your data is limited and restricted to ensure it is only used for its intended purpose. Your personal data is only visible to the business that you are registered with that uses ProPet to manage their business operations and the administrators of the ProPet platform. We have implemented procedures designed to limit the dissemination of your personal data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

Transfer and storage of data

The data within the ProPet platform is stored, transmitted to and from cloud servers of our data processor Digital Ocean with data centres in the USA. The USA is one of the countries that meets the EU adequacy decision i.e. offers an adequate level of data protection required by the EU for personal data transfer from the EU to the US. There is no obligation under the GDPR for data to be stored in the EU and the rules regarding transfer of personal data outside the EU remain largely unchanged. The GDPR permits transfers of personal data outside of the EU subject to certain conditions.

Personal data transferred between the EU and US is protected by the EU-US Privacy Shield framework which protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes and effective protection and redress for individuals. Digital Ocean is an active participant in and complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides Digital Ocean a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.

In the future should we plan to distribute platform data within the EU or to countries like Canada for example that meet the EU adequacy decision you will be notified.

Privacy by Design

Data protection and privacy have been taken into account when designing the ProPet Platform. We have in place the technical and organisational measures to meet the requirements of GDPR.We hold and process only the data absolutely necessary for the completion of data operations (data minimisation). We also limit the access to personal data to only the purposes required for processing.

Your Data and Privacy Rights

Right to Access & Right to Information

You have the right to know of the information about the processing of your personal data. Your personal data is being processed only as stated, in the defined location and for the purposes as outlined in this policy document.

You have the option of downloading a copy of your personal data, free of charge, in an electronic format (.csv fomat).

If you request access to your personal data stored within the ProPet application, ProPet will verify your identity (such as, clicking a verification link, entering a username and/or password) and then:

1. Confirm whether we are processing personal data concerning you
2. Provide a copy of your personal data on request
3. Provide information about the processing (such as purposes, categories of personal data, etc.) as stated in this document

You may correct any of your personal data that you enter on the platform and may also request for incorrect, inaccurate or incomplete personal data to be corrected.

All right to access requests will be responded to in writing within 30 days or sooner as per EU regulations.

Right to withdraw consent

You have the right to withdraw consent at any time, delete your account and to stop using the ProPet platform at any time.

You may withdraw your consent to receiving marketing communications at any time by following the opt-out instructions in each communication.

Right to object

You have the right to object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.

You may also request the restriction of the processing of your personal data in specific cases.

Right to be forgotten

You have the option to either delete your account or have the business that uses ProPet Software to manage their business/operations to delete your account (data erasure). The conditions for erasure include: the data no longer being relevant to original purposes for processing or you withdrawing consent.

From the moment your account deletion is processed your personal data will be completely removed from the ProPet application, will no longer be accessible to anyone within the platform and will no longer be disseminated to any third parties (for example the payment processor).

We maintain an archive of ProPet data backups that keep certain historical information for legal reasons (for example invoices of services rendered or products purchased). These backups are kept for as long as legally necessary, which may extend beyond the termination of our relationship with you (i.e. when the account was deleted).

Right to Data Portability

You have the right to receive all your personal data within the ProPet system in a commonly used and machine-readable format. You can download it in the form of a (.csv format) or have the business send you a copy of your personal data. You have the right to transmit that data to another organization/ data controller.

Right of Notification

We will inform you within 72 hours should there ever be a data breach involving your personal data as well as inform the Data Process Authorities for any EU customers that have been affected within member states of the EU.

Right to complaint

EU citizens have the right to lodge a complaint with their respective Data Protection Authority (DPA).

For further information please consult our privacy policy that addresses both personal and non personal information.

ProPet Software Inc. Privacy Policy

ProPet Software Inc. (“ProPet”/“we”/”us”/“our”) is committed to protecting your privacy. We make the website, http://propetware.com/ (the “Website”) available together with our services as further described in our Terms of Use (the “Services”). This Privacy Policy describes how we collect, store, use and distribute information about our users through the Website and Services.

Consent: By using the Website or our Services you consent to the use of your Personal Information as described in this Privacy Policy. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. We will not actively collect Personal Information for the purpose of sale or marketing in a way that specifically identifies the individual. In other words, we don’t sell customer lists. You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using the Website and/or the Services.

Collection of Information: We aim to collect, use and disclose only such information as is required to enable us to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes and for service improvement. We will maintain the confidentiality of any contact information you provide to us on signing up for our Services or contacting us with questions or for further information and we will use it only for the purposes for which we have collected it (subject to the exclusions and disclosures we have listed below), unless you agree that we may disclose it to other third parties.

Two types of information may be collected through the Website and our Services: Personal Information and Non-Personal Information. This Privacy Policy does not extend to the collection, use or disclosure of the following information which is currently not limited by applicable privacy laws: (a) information that is publicly available, such as names, addresses, telephone numbers and electronic address when listed in a directory or made available through directory assistance; or (b) Non-Personal Information (as defined further below).

"Personal Information" is personally identifiable information, such as your name, address, e-mail address, credit card information, birth date and gender. At the time of collection, we will clearly identify the information being collected and the purposes for which it will be used. It is always your choice whether or not to provide Personal Information but if you choose not to provide certain requested Personal Information, in some instances you may not be able to register to use the Website or Services or be able to access and use the Website or Services at all. In other instances, your choice not to provide certain other Personal Information may mean that you will not be able to use certain features of the Website or Services. We may collect Personal Information in respect of the Website or Services through registration processes; communications with you; information downloads; service use; purchases; user support; and surveys.

"Non-Personal Information" is information of an anonymous nature, such as an Internet Protocol Address (IP Address), the domain used to access the Website or Services, and the type and version of browser or operating system being used by visitors to access the Website or Services. Aggregate information, such as demographic statistics of our users (e.g. geographical location of our users), number of visitors, what pages users access or visit, and average time spent on the Website or Services is not considered Personal Information. Similarly, business contact information such as the name, title, business address, e-mail address, or telephone number of a business or professional person or an employee of an organization is not considered Personal Information.

Although the use of certain Non-Personal Information collected, used or disclosed through the Internet as described herein is not restricted (and to the extent that such is the case, the obligations under this Privacy Policy do not apply to such information), we provide information in this Privacy Policy about the collection of such information for the sake of transparency with respect to the operation of the Website and Services. Such Non-Personal Information is collected or derived by us in the course of operating this Website and our Services. For example, our servers may automatically collect Non-Personal Information that is provided through your browser or stored in a cookie.

Use of Information: We collect information for the following purposes:

• Registration: In order to register for our Services you must provide certain Personal Information to us such as your username, full name and email address. If you create an account with any business/organization that uses the ProPet platform to manage their business, they may require you to provide additional information such as your location, credit card and billing information. We will use such information to create and administer your account, provide you with the Services and as otherwise outlined in this Privacy Policy.

• Account Information: You have the option to provide us with additional account information including photos, information about your pets, business services, facility layouts and other relevant operational information. We will use such information to provide you with the Services and as otherwise permitted by this Privacy Policy.

• Booking Appointments: If you book any appointments using the Service, we will store a record of such appointments in your account.

• Sharing Features: If you use any third-party platforms that we support such as Facebook or Twitter to share content, such content will be publicly available and searchable on the Internet.

• Messages: Users may have the ability to send messages to each other through the Services. If you send a message to another user, they will be able to see your username, profile photo and the content of your message.   If you receive a message from another user, we will send you an email to let you know that you have received a new message.

• Transactional Notifications: We provide notifications for certain activities relating to your use of our Services despite your indicated e-mail preferences, for example we may send you notices of any updates to our Terms of Service or Privacy Policy.

• Marketing Communications: If you opt-in to receive marketing communications from us, we will keep you up to date on our products and services. You may withdraw your consent to receiving marketing communications from us at any time by following the opt-out instructions in each communication.

• Statistics: We also collect statistics about use of the Services which we use for analytics including predictive analytics. Aggregate statistics that do not personally identify an individual will be kept by us and such aggregate statistics may be made available to other members or third parties.

• System Logs & Cookies: Cookies are used by us to track content usage and traffic on the Website and Services. A cookie is a feature of your web browser that consists of a text file that is placed on your hard disk by a web server. The Website uses cookies to help it compile aggregate statistics about usage of this Website, such as how many users visit the Website, how long users spend viewing the Website, and what pages are viewed most often. This information is used to improve the content of the Website. You can set your browser to notify you when you are sent a cookie. This gives you the chance to decide whether or not to accept it. If you disable cookies, you may not be able to take advantage of all the features of the Website or Services.

Your IP address is reported by your web browser whenever you visit a page on the Website. This information is recorded together with your registration information on our databases.

• Advertisements: Advertisements appearing on the Website may be delivered by us or one or more third-party web advertisers. These third party web advertisers may set cookies. These cookies allow the advertisement server operated by that third party to recognize your computer each time they send you an online advertisement. Accordingly, advertisement servers may compile information about where or whether you viewed their advertisements and which advertisements you clicked on. This information allows web advertisers to deliver targeted advertisements that they believe will be of most interest to you. The Privacy Policy applies to cookies placed on your computer by us, but does not cover the use of cookies by any third-party web advertisers. For the privacy practices of such third-party web advertisers, you should consult the applicable privacy policy for the relevant third-party web advertiser(s).

• Third-Party Links: The Website may contain links to other third-party websites that are not owned or controlled by us. Such third-party websites are governed by the terms and conditions and privacy policies of such third-party providers and we are not involved in any interaction or transaction between you and such third-parties.

If we plan to use your Personal Information in future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled ‘Amendment of this Policy’.

Disclosures & Transfers: We have put in place contractual and other organizational safeguards with our agents (see further below) to ensure a proper level of protection of your Personal Information (see further Security below). In addition to those measures, we will not disclose or transfer your Personal Information to third parties without your permission, except as specified in this Privacy Policy (see further Important Exceptions below).

As at the date of this Privacy Policy, we share Personal Information about you in respect of the Website or Services only with our service providers and partners which include website hosting, cloud service providers, analytics providers, email marketing providers and payment processors. Our service providers are located in Canada and the United States and accordingly your Personal Information may be available to Canadian and United States governments under a lawful order, irrespective of the safeguards we have put in place for the protection of your Personal Information.

From time to time we may employ third parties to help us improve the Website and/or the Services. These third parties may have limited access to databases of user information solely for the purpose of helping us to improve the Website and/or the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose.

Important Exceptions: We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Website members, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.

We may also disclose your Personal Information in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

Security: The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your email account information or your password for the Services to third parties.

Retention: We will keep information for as long as it remains necessary for the identified purpose or as required by law (e.g. invoices for tax purposes), which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law.

Amendment of this Policy: We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post an appropriate notice on the home page.   Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted and any material changes will become effective 30 days from their posting on the Website. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Website and Services signifies your acceptance of any changes.

Access and Accuracy: You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information although in certain limited circumstances, we may not be able to make all relevant information available to you such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.

Contact Us: You can help by keeping us informed of any changes such as a change of address or telephone number or you can make these changes yourself within your account on the platform. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at: privacy@propetware.com.

Last Updated: Sep 25, 2019