Privacy Policy

We are My Peterinarian ("we", "us"). We are the data controller responsible for your personal data.

What we use it for: We collect your data to book appointments, manage your pet's records, send you updates, and (with your consent) send you newsletters or analyse our website.
Your Rights: You have the right to access, correct, delete, or restrict your data, and to object to our processing.
Complaints: You always have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).
Contact: You can contact us with any privacy questions at hej@mypeterinarian.com.

This is just a summary. For full details, please read our Full Privacy Policy below.

The company responsible for your personal data (the "data controller") is:

My Peterinarian ApS
CVR-no: 39029804
Peder hvitfeldts stræde 16
Copenhagen, 1173
Denmark

If you have any questions about this policy, how we handle your data, or wish to exercise your data protection rights, please contact us at:

Email: hej@mypeterinarian.com

We have not appointed a formal Data Protection Officer (DPO) as we are not required to, but this email is monitored for all privacy-related enquiries.

We only process your personal data when we have a specific purpose and a lawful basis to do so. The table below explains our activities.

Purpose of Processing	Data Categories We Use	Lawful Basis (GDPR Art. 6)
To book and manage your appointments	Name, email, phone number, pet's name, appointment time/details.	Art. 6(1)(b) - Contract: To take steps to enter into and fulfill our service agreement with you.
To respond to your enquiries (via contact form or email)	Name, email, phone number, and any data you provide in your message.	Art. 6(1)(f) - Legitimate Interest: Our interest in responding to your query and providing customer service.
To provide veterinary services	All client and pet records, treatment history, contact details.	Art. 6(1)(b) - Contract: To fulfill our service. We may also process incidental health data you provide about yourself based on Art. 9(2)(h) (management of health services).
To send critical service updates (e.g., appointment reminders, holiday closures)	Name, email, phone number.	Art. 6(1)(b) - Contract: As this is part of the service you have requested.
To send marketing newsletters	Name, email.	Art. 6(1)(a) - Consent: You must provide explicit, opt-in consent to receive marketing.
To process payments for services	Name, billing address, payment details (processed by our payment provider).	Art. 6(1)(b) - Contract: To fulfill our service and receive payment.
To comply with legal obligations	Client records, invoices, payment data.	Art. 6(1)(c) - Legal Obligation: E.g., our duty to keep records for 5 years under the Danish Bookkeeping Act (Bogføringsloven).
To secure and analyse our website (Analytics)	IP address, device type, cookie/user ID, browsing behaviour.	Art. 6(1)(a) - Consent: For all non-essential analytics and tracking cookies, we rely on your explicit consent, given via our cookie banner.
To secure our website (Security Logs)	IP address, login attempts, timestamps.	Art. 6(1)(f) - Legitimate Interest: Our interest in protecting our website and your data from malicious activity.

Note on pet data: Data about your pet (name, breed, health) is not personal data under GDPR. However, when we link this data to you (the owner), we treat the entire record as confidential and protected personal data.

We use cookies and similar technologies on our website. Some are "strictly necessary" to make the site work. For all others (like analytics and marketing cookies), we will only use them if you give us your active, prior consent via our cookie banner.

You can review and change your cookie settings at any time by clicking the Cookie Settings link on our website.

We do not sell your personal data. We only share it with trusted third-party service providers ("data processors") who help us run our business, and only when we have a Data Processing Agreement (DPA) in place.

We may also share data if required by law, such as with the police or tax authorities (SKAT).

Some of our service providers are based outside the European Economic Area (EEA), primarily in the United States. When we transfer your data to the USA, we ensure it is protected by a valid transfer mechanism:

EU-U.S. Data Privacy Framework (DPF): We check if the provider is certified under the DPF, which the European Commission has deemed adequate.
Standard Contractual Clauses (SCCs): If the DPF is not used, we sign the EU's approved SCCs with the provider.

We only keep your data for as long as we need it for the purpose it was collected.

Data For:	Retention Period:
Client & Appointment Records	5 years from the end of the financial year of your last appointment (to comply with the Danish Bookkeeping Act).
Contact Form Enquiries	6 months after your enquiry is resolved.
Marketing Newsletter Consent	For as long as you are subscribed, plus 12 months (as proof of consent).
Analytics Data	14-26 months (user-level data is anonymised or deleted after this).
Security Logs	12 months.

We take data security seriously. We have implemented appropriate technical and organisational measures to protect your data from being lost, stolen, or accessed by unauthorised persons. These include:

Encryption: Using SSL/TLS to encrypt all data sent to and from our website.
Access Controls: Limiting access to your data to only those staff who need it, using strong passwords and two-factor authentication.
Software Updates: Regularly updating our website, plugins, and server software.
Secure Payments: Using a trusted, PCI-DSS compliant payment processor.

Under GDPR, you have several rights regarding your personal data.

Right to Access (Art. 15): You can ask for a copy of the data we hold about you.
Right to Rectification (Art. 16): You can ask us to correct any inaccurate data.
Right to Erasure (Art. 17): You can ask us to delete your data (the "right to be forgotten"), though we may have to keep some data for legal reasons (see retention).
Right to Restriction (Art. 18): You can ask us to temporarily stop processing your data.
Right to Object (Art. 21): You can object to us processing your data, especially for direct marketing. If you object to marketing, we will stop immediately.
Right to Data Portability (Art.20): You can ask for your data in a machine-readable format to move to another service.
Right to Withdraw Consent (Art. 7): Where we rely on your consent (for newsletters or cookies), you can withdraw it at any time, as easily as you gave it.

To exercise any of these rights, please email us at hej@mypeterinarian.com. We will respond within one month.

You always have the right to lodge a complaint about our data processing with the Danish Data Protection Agency (Datatilsynet).

(Du har til enhver tid ret til at indgive en klage til Datatilsynet over vores behandling af dine personoplysninger.)

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Tlf: 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk

We may update this policy from time to time. The "Effective Date" at the top shows when it was last revised. We recommend you check it regularly.