Our privacy policy.

This Privacy Policy describes how the owner of the PetHive application processes personal data when you use the PetHive mobile application and/or the landing page available at https://pethive.ro. By using the App or Website, you agree to the content of this document.

PetHive has acknowledged the scope and implications established by EU Regulation 2016/679 (GDPR) and related data protection legislation, and is committed to protecting your rights and freedoms and processing your data safely and in compliance with all legal obligations.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in how we process your personal data or any changes in legal requirements. In the event of any such changes, the updated version will be displayed in the App and on the Website.

01 Definitions

• "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
• "Personal Data" means any information relating to an identified or identifiable natural person ("data subject").
• "Processing" means any operation or set of operations performed on personal data, such as collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
• "Policy" means this Privacy Policy.
• "Data Subject/Customer" means the user of the App and/or visitor of the Website whose personal data is processed by the Controller.
• "Controller/App Owner/PetHive" is represented by Mr. Paul Chelaru, with contact details in the "General Provisions" section.
• "Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
• "Recipient" means a natural or legal person, public authority, agency or other body to which personal data are disclosed.
• "App" means the PetHive digital platform, available through a mobile application, which enables the creation and use of an Account and through which Services can be accessed and used.
• "Announcement" means a post published by a user in the App (e.g. lost/found/adoption), which may include text content, images, and location.
• "Website" means the landing page available at https://pethive.ro.
• "Account" means the user account created in the App, required to use the Services.
• "PDF Poster" means the PDF file generated by users of the application based on a "lost" announcement, intended for printing/distribution.
• "Services" means all functionalities made available through the App, consisting mainly of the ability to publish, view, and manage announcements relating to lost, found, and adoptable pets.

02 General provisions

PetHive collects certain personal data for the purposes of managing and carrying out its own activities and fulfilling legal obligations.

By using PetHive's Services, you confirm that you agree to comply with this Policy. Data subjects are not entitled to use the App if they have not read and accepted the Policy.

The use of third-party services (e.g. Apple/Google for authentication) may be subject to the terms and conditions of those third parties.

Contact details of the App owner: [email protected]

Customers are solely responsible for the content published in announcements and undertake to publish only the information necessary for the purpose and to avoid including personal data of third parties or excessive data.

Core data protection principles

• Lawfulness, fairness and transparency — data is processed lawfully, fairly and transparently in relation to the data subject.
• Purpose limitation — data is collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data minimisation — data is adequate, relevant and limited to what is necessary for the purposes of processing.
• Accuracy — data must be accurate and, where necessary, kept up to date.
• Storage limitation — data is not stored longer than necessary for the purposes of processing.
• Integrity and confidentiality — data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing.
• Accountability — PetHive is responsible and able to demonstrate compliance with the above principles.

03 Data processed and purposes of processing

3.1. Data provided when creating and managing an Account

• First and last name (required)
• Email address (required for email-based account; also used for OTP)
• Password (for email-based accounts – stored securely, irreversibly)
• Authentication identifiers (token/ID) provided by Apple/Google, if you choose to authenticate with these services

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

3.2. Contact data associated with announcements

In order to be contacted about your published announcements, you may provide:

• Phone number and/or
• Email address (including an address different from the Account email, if you opt for this)

Important: these contact details are not automatically displayed in the announcement; they become visible to other users only when they press dedicated buttons. PetHive recommends that users publish only the information necessary for the purpose of the announcement and avoid including personal data of third parties or excessive data.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

3.3. Location data (precise location – GPS)

The App may process your precise location (GPS) to enable:

• setting and displaying the precise location of the animal in announcements
• displaying the user on the map

The data subject reserves the right to withdraw their consent at any time by modifying the mobile device settings, in which case certain features (particularly those related to maps and location) may become unavailable or limited.

Legal basis: consent (Art. 6(1)(a) GDPR).

3.4. User-generated content (announcements)

When you publish a "lost & found" or adoption announcement, we may process:

• photographs of the animal
• description and information about the animal
• precise location of the announcement
• contact details chosen to be displayed

Depending on the content, photographs and descriptions may contain or enable the identification of a person. In such cases, the Controller treats this information as personal data and processes it in accordance with this Policy.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

3.5. Technical and security data

For the purposes of the technical operation and security of the App and Website, the following may be processed:

• IP address
• information about the operating system and its version, device model and manufacturer, application version
• regional device settings (language, time zone)
• technical identifiers required for the operation of the App (session identifiers)
• information about technical events and errors (system and application logs, error codes), anti-abuse measures, security events

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3.6. App usage analytics data (events analytics)

To understand how users use the App and to improve experience, stability and features, the App may automatically transmit usage records ("events") corresponding to certain actions performed in the interface (e.g. accessing screens, pressing buttons, going through announcement creation/management flows).

The following may be processed:

• the name of the tracked action and the date/time of recording
• technical properties attached to records (application version, platform, OS version, regional settings)
• an internal user identifier (user_id/UUID) associated with the Account
• record-specific properties (announcement type, steps taken, search/filter parameters)

Important: this mechanism does not use cookies and is not used for marketing or advertising profiling purposes.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3.7. Data collected through the Waiting List registration form

Where a "Waiting List" form is available on the Website, interested persons may enter their email address to be notified when the App launches. PetHive will use the email addresses provided solely for the purpose of sending a one-time notification about the launch of the App.

Legal basis: consent of the data subject (Art. 6(1)(a) GDPR), expressed through the opt-in action. The data subject may withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

04 PDF Poster

• At the user's request, the App enables the generation of a PDF Poster for "lost" or "found" announcements, based on the information in the announcement. The Poster may include the photograph, description and selected contact details.
• The Poster can only be generated and downloaded by the user who created the announcement. It is stored in a Google cloud environment.
• The Poster is deleted upon deletion of the announcement or upon completion of account deletion (after the 30-day period from the request), whichever occurs first.

05 Data export ("Download your data")

• The Controller makes available to users a data export mechanism, accessible from the Account via the "Download your Data" button.
• The resulting file will be stored in Google Cloud for 7 (seven) days from the time of generation, after which it will be automatically deleted.
• The resulting file will only be accessible to the authenticated user for whom it was generated.

06 Account deletion

Upon the user's request, account deletion is scheduled 30 (thirty) days from the date of the request and may be cancelled during this period. If the request is not cancelled, upon expiry of the 30 days the Controller will delete the data associated with the Account, except where retention of certain information is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.

The Controller may arrange the automatic deletion of Accounts that have not recorded any activity for a period of at least 2 (two) years ("Inactive Accounts"). For the purposes of this clause, "activity" includes, by way of example, logging into the App, publishing/updating/deleting an announcement, generating a PDF Poster or generating a Data Export.

07 Data sharing

The Controller maintains the confidentiality of personal data and does not disclose it to third parties, except in the cases described below:

7.1. To other App users

• Certain information from announcements (public content and location) may be visible to other users, in accordance with the nature of the Services.
• Contact details (phone/email) are accessible to other users only if they press the dedicated buttons and only to the extent that you have provided such data.

7.2. To processors (suppliers)

The Controller may use suppliers to operate the App and provide the Services, including:

• cloud infrastructure and storage (including Google Cloud for PDF Poster and Export)
• email providers for OTP and/or for sending the launch notification (Waiting List)
• technical maintenance suppliers
• App usage analytics service providers hosted in the EU

These suppliers process data exclusively on the Controller's instructions and under appropriate confidentiality and security conditions.

7.3. To public authorities/courts

Data may be disclosed where the Controller has a legal obligation or where disclosure is necessary for the establishment, exercise or defence of legal claims.

08 International data transfers

By using suppliers such as Apple, Google and/or cloud infrastructure, certain data may be transferred to or accessed from outside the European Economic Area (EEA). In such cases, the Controller will ensure that transfers are carried out in compliance with GDPR requirements, through appropriate legal mechanisms (adequacy decisions, standard contractual clauses and/or supplementary measures, as applicable).

09 Data retention periods

• Account data: retained for the duration of the Account and a maximum of 2 (two) years from the date of the last recorded activity, after which the Account may be automatically deleted.
• Announcements and content: retained until deletion of the announcement by the user or until completion of account deletion.
• PDF Poster: retained until deletion of the announcement or until completion of account deletion, whichever occurs first.
• Data export: retained for 7 days from generation, after which it is automatically deleted.
• Waiting List: retained until the launch notification has been sent, after which it is deleted.
• App usage analytics data: retained for up to 12 months from recording, after which they are deleted or anonymised.
• Technical and security logs: retained for limited periods proportionate to the purpose (security/diagnostics).

10 Your rights (GDPR)

In accordance with GDPR, you have the following rights:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request correction of inaccurate data.
• Right to erasure: you may request deletion of your data.
• Right to data portability: you may request your data in a machine-readable format.
• Right to object: you may object to the processing of your data.
• Right to restriction of processing: you may request restriction of processing in certain circumstances.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: you may file a complaint with ANSPDCP (Romania's National Supervisory Authority for Personal Data Processing).

To exercise these rights, please contact us at: [email protected]

11 Data security

The Controller has implemented appropriate technical and organisational measures, including:

• access control and the "need-to-know" principle
• authentication and authorisation mechanisms for accessing the Account
• security measures at infrastructure and cloud storage level
• logging and technical monitoring for detecting errors and unauthorised access
• protection measures against abuse (rate limiting, validations, monitoring of suspicious events)
• internal procedures for handling data subject requests (access/deletion/export)

In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, the Controller will notify ANSPDCP and, where applicable, the data subjects, within the timeframes and conditions provided for by GDPR.

12 Direct marketing and cookies

The Controller does not currently carry out direct marketing activities based on cookies, tracking pixels, advertising SDKs or similar technologies, and does not carry out advertising profiling.

The Website and App do not use cookies or similar tracking technologies for marketing or tracking purposes. To the extent that such technologies are introduced in the future, the Controller will update the Policy before activating them.

The Waiting List registration form has the sole purpose of sending a one-time notification upon the launch of the App and does not constitute a recurring newsletter.

13 Final provisions

This Policy applies from the date of its publication in the App and/or on the Website and remains in force until replaced by an updated version.

If, during the development of the product, the Controller is taken over/replaced by a legal entity (e.g. a limited liability company), the Policy will be updated accordingly and users will be informed by email, before the change takes effect.

To the extent that certain provisions of this Policy become non-compliant with a mandatory legal provision, those provisions shall be replaced by operation of law by the applicable legal provision, without affecting the validity of the remaining provisions.