Privacy Policy

1. Introduction

PetConnect EU ("we", "our", "us") operates the platform at petconnect.info. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive 2002/58/EC, and all applicable national data protection legislation of EU Member States.

This Privacy Policy explains what personal data we collect, how we process it, the legal basis for processing, your rights as a data subject, and how we protect your information.

2. Data Controller

The data controller responsible for processing your personal data is:

PetConnect EU
Email: privacy@petconnect.info
Website: petconnect.info

For any questions regarding data protection or to exercise your rights under GDPR, contact our Data Protection Officer at dpo@petconnect.info.

3. Categories of Personal Data We Collect

We collect and process the following categories of personal data, depending on how you use the Platform:

3.1 Account & Identity Data

• Full name
• Email address
• Password (stored as a cryptographic hash, never in plain text)
• Profile photograph / avatar
• Account role (user, admin)
• Account creation date

3.2 Profile & Demographic Data

• Country and city of residence
• Phone number (optional)
• Website URL (optional)
• Date of birth (optional)
• Biography / personal description (optional)
• Profile visibility preference (public/private)

3.3 Pet Data

• Pet name, species, breed, and date of birth
• Gender, color, and weight
• Microchip number (unique animal identifier)
• Pet photographs
• Reproductive status and information
• Health test records and certifications
• Show/competition titles and achievements
• Pedigree and lineage information
• Pet description and additional notes

3.4 Breeder-Specific Data

• Kennel name and registration
• Professional certifications and documentation
• Languages spoken
• Business address and geographic coordinates (latitude/longitude)
• Working hours
• Experience level (years of breeding)
• Specialization (breeds)
• Verification status and submitted documentation

3.5 Shelter-Specific Data

• Shelter name, description, and type
• Address and geographic coordinates
• Contact information (phone, email, website)
• Operating hours and animal capacity
• Accepted animal types
• Donation page URL
• Verification status

3.6 Social & Communication Data

• Posts, comments, and media shared on the social feed
• Likes and interactions with other users' content
• Follower and following relationships
• Direct messages exchanged with other users
• Pet matching preferences and interactions

3.7 Payment & Subscription Data

• Subscription plan (Free, Premium, Breeder, Shelter)
• Subscription status and billing period
• Payment transaction references (Stripe session and customer IDs)
• Subscription price and currency

Important: We do not store your full credit card number, CVV, or bank account details. All payment processing is handled directly by Stripe, Inc., a PCI DSS Level 1 certified payment processor. See Section 9 for details.

3.8 Technical & Usage Data

• IP address
• Browser type and version
• Operating system and device type
• Pages visited and features used
• Timestamps of access and actions
• Referring website or source

3.9 Event Data

• Events created: title, description, location (address, coordinates), dates, type, and capacity
• Event registrations and attendance records

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes, each with a corresponding legal basis under Article 6(1) GDPR:

5. Special Categories of Data

We do not intentionally collect special categories of personal data as defined under Article 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, etc.).

Pet health records and veterinary data relate to animals, not humans, and are therefore not classified as special category data under GDPR. However, we treat all data with appropriate care and security measures.

6. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR. You may exercise these rights at any time:

• Right of Access (Art. 15): You may request a copy of all personal data we hold about you. Use the "Export My Data" feature in your Dashboard Settings to receive your data in machine-readable JSON format.
• Right to Rectification (Art. 16): You may correct or update inaccurate personal data at any time through your profile settings.
• Right to Erasure / Right to be Forgotten (Art. 17): You may request deletion of your account and all associated personal data. Use the "Delete Account" option in your Dashboard Settings. Deletion is permanent and irreversible.
• Right to Restriction of Processing (Art. 18): You may request that we limit the processing of your personal data in certain circumstances (e.g., while we verify its accuracy).
• Right to Data Portability (Art. 20): You may export your data in a structured, commonly used, machine-readable format (JSON) via your Dashboard Settings.
• Right to Object (Art. 21): You may object to processing based on legitimate interest. Where we process data for direct marketing, you may object at any time unconditionally.
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent (e.g., cookies, marketing emails), you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right Not to be Subject to Automated Decision-Making (Art. 22): We do not engage in solely automated decision-making that produces legal effects or similarly significant effects on you.

To exercise any of these rights, use your Dashboard Settings or email dpo@petconnect.info. We will respond to requests within 30 days in accordance with GDPR requirements.

7. Cookies and Tracking Technologies

We use cookies and similar technologies in accordance with the ePrivacy Directive. Cookies are categorized as follows:

7.1 Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be disabled. They include:

• Authentication session tokens (to keep you logged in)
• CSRF protection tokens
• Cookie consent preferences

Legal basis: Strictly necessary (no consent required per ePrivacy Directive Art. 5(3))

7.2 Analytics Cookies

These cookies help us understand how visitors interact with the Platform by collecting aggregated, anonymized usage statistics.

Legal basis: Consent (Art. 6(1)(a) GDPR). You may accept or reject these via the cookie consent banner.

7.3 Marketing Cookies

These cookies may be used to deliver personalized content or advertisements relevant to you.

Legal basis: Consent (Art. 6(1)(a) GDPR). You may accept or reject these via the cookie consent banner.

You can manage your cookie preferences at any time using the Cookie Settings link in the website footer. You may also configure your browser to block or delete cookies.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy:

• Active accounts: Data is retained for the duration of your account.
• Deleted accounts: Upon account deletion, all personal data (profile, pets, posts, messages, social connections) is permanently erased within 30 days.
• Payment records: Transaction records may be retained for up to 7 years to comply with EU tax and accounting obligations (Art. 6(1)(c) GDPR).
• Server logs: Technical logs are retained for a maximum of 90 days for security and debugging purposes.
• Backup data: Encrypted backups containing personal data are purged within 60 days of account deletion.

9. Third-Party Data Processors

We share personal data with the following third-party processors, each bound by Data Processing Agreements (DPAs) in compliance with GDPR Article 28:

9.1 Stripe, Inc.

Purpose: Payment processing for subscriptions and donations.
Data shared: Email address, subscription plan, payment transaction identifiers.
Stripe is PCI DSS Level 1 certified. Stripe processes payments in accordance with their Privacy Policy.
Data transfers: Stripe operates globally; EU-US data transfers are covered by Standard Contractual Clauses (SCCs).

9.2 Brevo (Sendinblue)

Purpose: Sending transactional emails (account invitations, notifications, system alerts).
Data shared: Email address, name, email content.
Brevo is headquartered in France (EU) and processes data within the EU.
Brevo is GDPR-compliant. See their Privacy Policy.

9.3 Cloud Hosting Provider

Purpose: Hosting the Platform infrastructure, database, and file storage.
Data shared: All platform data is stored on the hosting provider's EU-based servers.
Servers are located within the European Union.

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.

10. International Data Transfers

Your data is primarily stored and processed on servers within the European Union. Where data is transferred outside the EU/EEA (e.g., to Stripe for payment processing), we ensure adequate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission where applicable
• Binding Corporate Rules where used by processors

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in compliance with Article 32 GDPR:

• Encryption of all data in transit using TLS 1.2+
• Passwords stored using industry-standard bcrypt hashing
• Token-based authentication (Laravel Sanctum) with secure session management
• Role-based access controls for administrative functions
• Regular security updates and vulnerability patching
• Database access restricted to application services only
• Automated server backups with encryption

12. Children's Privacy

The Platform is not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us at dpo@petconnect.info. We will promptly delete such data.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Art. 33 GDPR)
• Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Art. 34 GDPR)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we will provide additional notice via email or a prominent notice on the Platform.

We encourage you to review this page periodically to stay informed about how we protect your data.

15. Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is being processed:

• Email our Data Protection Officer: dpo@petconnect.info
• General privacy inquiries: privacy@petconnect.info

You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). A list of EU Data Protection Authorities is available at edpb.europa.eu.