GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last Updated: December 11, 2025

Our Commitment to GDPR

At PetAware, we are committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (GDPR) - EU Regulation 2016/679.

This page explains how we comply with GDPR requirements and outlines your rights as a data subject when using our pet health management platform.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU) and European Economic Area (EEA).

GDPR gives individuals more control over their personal data and imposes strict requirements on organizations that collect, store, and process personal information.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.

Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request that we delete your personal data when it is no longer necessary for the purpose it was collected, or when you withdraw your consent.

Right to Restrict Processing (Article 18)

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to the processing of your personal data, including processing for direct marketing purposes.

Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

Data We Collect

To provide our pet health management services, we collect and process the following categories of personal data:

Category Examples Legal Basis
Identity Data Name, username, email address Contract performance
Contact Data Email address, phone number Contract performance
Pet Data Pet name, breed, health records, medications Contract performance
Technical Data IP address, browser type, device information Legitimate interest
Usage Data How you use our platform Legitimate interest
Marketing Data Communication preferences Consent

How to Exercise Your Rights

To exercise any of your data protection rights, you can:

Step 1: Contact our Data Protection Officer via email at dpo@petaware.org

Step 2: Specify which right(s) you wish to exercise and provide your identity verification

Step 3: We will acknowledge your request within 72 hours

Step 4: We will respond to your request within 30 days

No Fee Required: You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive.

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Control

Strict access controls and multi-factor authentication

Regular Backups

Automated encrypted backups with disaster recovery

Security Audits

Regular security audits and penetration testing

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Account Data: Retained while your account is active + 2 years after deletion

Pet Health Records: Retained while your account is active + 7 years for medical compliance

Marketing Data: Until you unsubscribe or withdraw consent

Analytics Data: Anonymized after 26 months

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission

Transfers to countries with adequacy decisions

Binding Corporate Rules where applicable

Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns directly.

You can find your local Data Protection Authority at: European Data Protection Board - Members

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with GDPR. You can contact our DPO:

Data Protection Officer

dpo@petaware.org

PetAware Data Protection, EU Representative Address

Contact Form

Related Policies

Privacy Policy Terms of Service Cookie Policy