Privacy Policy
Last updated: 2026-06-10
This policy explains what personal data we process, for what purpose, on what legal basis, who we share it with and what rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018.
1. Data controller
The data controller is VetClinic (full legal name, registered office and tax ID to be completed at launch). For any data protection request, you can contact our Data Protection Officer (DPO) at: gdpr@veterinary.dbg.ro.
2. Categories of data processed
Depending on how you interact with us, we process:
- Identification and contact data: first name, last name, e-mail, phone, address.
- Pet data: name, species, breed, age, medical history, appointments and consultations.
- Appointment and communication data: subject of the request, messages, notification preferences.
- Payment data for orders: handled solely by the payment processor (Stripe); we do not store card numbers.
- Technical data: IP address (stored as a hash for cookie consent), device type, access logs (audit).
3. Purposes and legal bases
- Providing veterinary services and managing appointments — performance of a contract (Art. 6(1)(b)).
- Processing shop orders and invoicing — contract + legal obligation (Art. 6(1)(b), (c)).
- Marketing communications — based on consent (Art. 6(1)(a)), revocable at any time.
- Security, fraud prevention and audit logs — legitimate interest (Art. 6(1)(f)).
- Pet medical data does not fall under Art. 9 (it concerns the animal, not the person), but we treat it with heightened confidentiality.
4. Data recipients (processors)
We disclose data only to providers that help us operate the service, under data processing agreements (DPA). The full list is available below and in the Cookie Policy:
- Stripe — card payment processing.
- SMSO.ro — SMS delivery (confirmations, reminders).
- Transactional e-mail provider — confirmations and notifications.
- Sentry — technical error monitoring.
- Object storage provider (S3/MinIO) — documents and files.
- Cloudflare Turnstile — anti-bot form protection.
- Plausible Analytics — anonymous usage statistics (only with consent).
5. Retention period
- Active account: for the account lifetime + 3 years after closure.
- Pet medical data: 5 years from the last consultation.
- Appointments: 3 years.
- Invoices: 10 years (Romanian Accounting Law no. 82/1991).
- Audit logs: 5 years.
- Marketing data: until consent is withdrawn.
6. International transfers
Where a provider processes data outside the EEA, the transfer relies on the European Commission's Standard Contractual Clauses or an adequacy decision.
7. Your rights
You have the right of access, rectification, erasure (“right to be forgotten”), restriction, portability, objection and withdrawal of consent. You can exercise them from the GDPR Rights page or by writing to gdpr@veterinary.dbg.ro. You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP).
8. Security
We apply appropriate technical and organizational measures: encryption in transit (HTTPS/HSTS), role-based access control, audit logs, pseudonymization of technical identifiers and encrypted backups.