Privacy Policy - VetPal Tech Limited

VetPal Tech Limited, a company incorporated under the laws of Ireland, (“VetPal” or "We") are committed to protecting and respecting your privacy.

DEFINITIONS

1. Agreement: means any agreement entered into between VetPal and the Customer.
2. Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
3. Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in Ireland including the Data Protection Act 2018 (“DPA 2018”) (and regulations made thereunder)  and the EU General Data Protection Regulation (2016/679) (“GDPR”) and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications) and the guidance and codes of practice issued by the Information Commissioner or other relevant regulatory authority and applicable to a party.
4. Domestic Law: meaning Irish law.

1. DATA PROTECTION

1. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 1 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
2. The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Provider is the Processor. The Schedule sets out the scope, nature and purpose of processing by the Provider, the duration of the processing and the types of Personal Data and categories of Data Subject.
3. Without prejudice to the generality of 1.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Provider, and/or lawful collection of the Personal Data by the Provider on behalf of the Customer, for the duration and purposes of this Agreement.
4. Without prejudice to the generality of 1.1, the Provider shall, in relation to any Personal Data processed in connection with the performance by the Provider of its obligations under this Agreement:

1. process that Personal Data only on the documented written instructions of the Customer unless the Provider is required by Domestic Law or EU Law to otherwise process that Personal Data. Where the Provider is relying on Domestic Law or EU Law as the basis for processing Personal Data, the Provider shall promptly notify the Customer of this before performing the processing required by the Domestic Law or EU Law unless the Domestic Law or EU Law prohibits the Provider from so notifying the Customer;
2. ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
3. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
4. not transfer any Personal Data outside of Ireland and the EEA unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:

1. the Customer or the Provider has provided appropriate safeguards in relation to the transfer;
2. the data subject has enforceable rights and effective legal remedies;
3. the Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
4. the Provider complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;

5. assist the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
6. notify the Customer without undue delay on becoming aware of a Personal Data Breach;
7. at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Domestic Law or EU Law to store the Personal Data; and
8. maintain complete and accurate records and information to demonstrate its compliance with this clause 1.4.

5. The Customer does not consent to the Provider appointing any third party processor of Personal Data under this Agreement. The Provider confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement which the Provider confirms reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and the Provider, the Provider shall remain fully liable for all acts or omissions of any third-party processor appointed by it.

The Schedule - Processing, Personal Data and Data Subjects

1. Processing by the Provider

1. Scope

We may collect and process the following data about you:

• Information that you provide by filling in forms on our site www.vetpal.ie (“our site”). This includes information provided at the time of registering to use our site, becoming a member of our site or posting material. We may also ask you for information when you report a problem with our site or app.
• If you contact us, we may keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Details of transactions you carry out through our site and of the fulfilment of your orders.
• Statistical information about browsing actions including, but not limited to:

∙         traffic data;

∙         location data: we gather location data to track the nearest veterinary clinic and Animal Remedy

   Store to each Animal Owner.

2. Nature

We use information held about you in the following ways:

∙                 To enable Animal Owners to receive prescriptions for their animals from veterinarians and Animal    

                Remedy Stores.

∙                 To facilitate Animal Owners making appointments and communicating directly with veterinary practices via a messaging service on the app,

∙                 To provide Animal Owners, veterinarians and Animal Remedy Stores with copies of the animal’s

                prescriptions when requested.

∙                 To ensure that content from our site is presented in the most effective manner for you and for your computer or device.

∙                 To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.

∙                 To allow you to participate in interactive features of our service, when you choose to do so.

∙                 To notify you about changes to our service.

We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post, telephone or e-mail.

If you are an existing customer, we will only contact you by electronic means (e-mail or SMS or smart-phone alert) with information about goods and services similar to those which were the subject of a previous sale to you.

If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.

If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the registration form).

We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.

3. Purpose of processing

As part of this process, we collect personal data in relation to the following:

 

“Animal Owners”:                             the individuals availing of services from the veterinarians and collecting prescriptions from the Animal Remedy Stores,

“Veterinarians”:                                the veterinarians providing the prescriptions to the Animal Owners,

“Animal Remedy Stores”:         the individual pharmacists or licensed merchants dispensing the prescriptions

to the Animal Owners.

The specific purposes of processing are set out below:

 

∙     Animal Owners’ personal data:

• Registration details: email, name, address, phone number, and, if the Animal Owner is a farmer, their heard/equine/flock number. These details are collected in order to provide access to our service.
• We process personal data of Animal Owners in order to connect the Animal Owners with Veterinarians and Animal Remedy Stores to enable them to avail of the services.
• The lawful basis for the processing of this personal data is based on your consent. By clicking “I agree” in the relevant box situated on the form on which we collect your data (the registration form) when creating an account on our site, you are consenting to the processing your personal data in accordance with this policy. You have the right to withdraw your consent regarding the processing of sensitive data at any time.
• The Animal Owners will also be required to provide certain information relating to their animals.
• You will also be asked to tick a box if you are an organic farmer when creating an account. This information may be provided to the Department of Agriculture if requested.

 

∙     Veterinarian’s personal data:

• Registration details: email, name, qualifications, Veterinary Council of Ireland registration number. 
• We will also collect data about the clinic where they veterinarian practices; such as the phone number and address.
• We process personal data of veterinarians in order to set up their profiles and allow them to use the app to connect with Animal Owners. We also process their data to enable the veterinarians to liaise with Animal Remedy Stores and manage the prescription process through the app and website in order track their activity as required by the Animal Owners. The lawful basis for processing this personal data is the provision of the services offered by the app and website to the Animal Owners.

 

∙      Animal Remedy Store personal data:

• Registration details: email, name, Pharmaceutical Society of Ireland number (if the individual is a pharmacist), QQI Level 6 Certificate number/Responsible Person Certificate Number.
• We will also collect data about the store where the pharmacist or licensed merchant operates; such as the phone number and address.
• We process personal data of pharmacists or licensed merchants in order to set up their profiles on the site and allow them to manage the prescription process through the app and website and in order track their activity as required by the Animal Owners. The lawful basis for processing this personal data is the provision of the services offered by the app and website to the Animal Owners.

4. Duration of the processing

We shall retain personal data for strictly no longer than is necessary for:

(a)   the purposes for which it was collected;

a.     for as long you maintain an active profile on the site or app; and

b.     for 5 years following the date on which the Animal Owner and/or veterinarian and/or Animal

      Remedy Store ceases to maintain a profile to allow us to respond to follow up queries; and

(b)   as required to fulfil our obligations in law.

2. Types of Personal Data

The Types of Personal Data are outlined in paragraph 1.1 of this Schedule.

3. Categories of Data Subject

The Categories of Data Subject are outlined in paragraph 1.3 of this Schedule.