Petz Vibes GDPR Compliance & Your Data Protection Rights
Last Updated: Nov 2025
Introduction
At PetzVibes, we take your privacy seriously and are committed to protecting your personal data in accordance with the European Union’s General Data Protection Regulation (GDPR) and the UK GDPR.
This page provides detailed information about your data protection rights, how we process your personal data, and how you can exercise your rights under GDPR. This information is specifically designed for residents of the European Economic Area (EEA), United Kingdom, and Switzerland.
Our commitment: Transparency, security, and respect for your privacy rights are fundamental to how we operate.
Who We Are
Data Controller:
PetzVibes
Email: contact@petzvibes.com
As the data controller, we are responsible for deciding how and why we process your personal data. We are committed to complying with all applicable data protection laws.
Data Protection Contact:
For all data protection inquiries, please email us at: contact@petzvibes.com
Subject Line: “GDPR Inquiry” or “Data Protection Request”
Legal Basis for Processing Your Data
Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:
1. Contract Performance (Article 6(1)(b))
We process your data to fulfill our contract with you when you:
- Create an account
- Place an order
- Request customer service
- Use our website features
Data processed: Name, email, shipping address, billing address, payment information, order history
2. Legitimate Interests (Article 6(1)(f))
We process data based on our legitimate business interests, provided these don’t override your rights:
Our legitimate interests include:
- Fraud prevention and security
- Improving our website and services
- Understanding customer preferences
- Internal analytics and business intelligence
- Network and information security
- Preventing misuse of our services
Data processed: Usage data, IP addresses, device information, browsing patterns
Your rights: You can object to processing based on legitimate interests at any time.
3. Consent (Article 6(1)(a))
We ask for your explicit consent before:
- Sending marketing emails and newsletters
- Placing non-essential cookies on your device
- Processing sensitive information about your pets (health conditions, special needs)
- Sharing data with third parties for marketing purposes
Your rights: You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
4. Legal Obligation (Article 6(1)(c))
We process data when required by law:
- Tax and accounting records
- Responding to legal requests
- Compliance with regulatory requirements
Data processed: Transaction records, identity verification data, correspondence
Your GDPR Rights
As a data subject under GDPR, you have the following rights:
1. Right to Access (Article 15)
What it means: You have the right to request a copy of the personal data we hold about you.
What you’ll receive:
- Confirmation that we’re processing your data
- A copy of your personal data
- Information about how we use your data
- Details about data recipients
- Data retention periods
- Information about your other rights
How to request: Email contact@petzvibes.com with subject line “GDPR Access Request”
Timeline: We’ll respond within 1 month (extendable to 3 months for complex requests)
Cost: First copy is free; reasonable fees may apply for additional copies
2. Right to Rectification (Article 16)
What it means: You can request correction of inaccurate or incomplete personal data.
Examples:
- Update your shipping address
- Correct your name or email
- Add missing information to your profile
How to request:
- Update directly in your account settings
- Email contact@petzvibes.com with subject line “GDPR Rectification Request”
Timeline: We’ll respond within 1 month
Note: We may need to verify your identity before making corrections
3. Right to Erasure / “Right to be Forgotten” (Article 17)
What it means: You can request deletion of your personal data in certain circumstances.
When this applies:
- Data is no longer necessary for the purpose it was collected
- You withdraw consent (where consent was the legal basis)
- You object to processing and there are no overriding legitimate grounds
- Data has been unlawfully processed
- Legal obligation requires erasure
When we may refuse:
- We need the data to comply with legal obligations (e.g., tax records)
- We need the data to establish, exercise, or defend legal claims
- We have overriding legitimate grounds for keeping the data
How to request: Email contact@petzvibes.com with subject line “GDPR Erasure Request”
Timeline: We’ll respond within 1 month
What happens: We’ll permanently delete your data and confirm deletion, or explain why we cannot comply
4. Right to Restriction of Processing (Article 18)
What it means: You can request that we limit how we use your data while we resolve certain issues.
When this applies:
- You contest the accuracy of your data
- Processing is unlawful but you don’t want erasure
- We no longer need the data but you need it for legal claims
- You’ve objected to processing and we’re verifying grounds
What happens: We’ll mark your data and only process it with your consent or for specific legal reasons.
How to request: Email contact@petzvibes.com with subject line “GDPR Restriction Request”
Timeline: We’ll respond within 1 month
5. Right to Data Portability (Article 20)
What it means: You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
What you’ll receive:
- Your personal data in CSV or JSON format
- Data you provided to us
- Data processed by automated means based on consent or contract
Examples of portable data:
- Account information
- Order history
- Preferences and settings
- Communication history
How to request: Email contact@petzvibes.com with subject line “GDPR Portability Request”
Timeline: We’ll respond within 1 month
Cost: Free of charge
6. Right to Object (Article 21)
What it means: You can object to certain types of data processing.
Object to Direct Marketing
You can object to processing for direct marketing purposes at any time, and we must stop immediately.
How to object:
- Click “Unsubscribe” in any marketing email
- Email contact@petzvibes.com
- Adjust preferences in your account settings
Object to Processing Based on Legitimate Interests
You can object to processing based on our legitimate interests unless we can demonstrate compelling legitimate grounds.
Examples:
- Analytics and profiling
- Fraud prevention measures
- Service improvement activities
How to object: Email contact@petzvibes.com with subject line “GDPR Objection”
Timeline: We’ll respond within 1 month
7. Right Not to Be Subject to Automated Decision-Making (Article 22)
What it means: You have the right not to be subject to decisions based solely on automated processing that significantly affects you.
Our practices:
- We use limited automated processing for fraud detection
- We may use algorithms for product recommendations
- No significant decisions are made solely by automated means
- Human review is always available
If you have concerns: Email contact@petzvibes.com to request human review of any automated decision.
8. Right to Withdraw Consent
What it means: Where we process data based on consent, you can withdraw that consent at any time.
Examples:
- Unsubscribe from marketing emails
- Revoke cookie consent
- Remove consent for pet health data processing
How to withdraw:
- Click “Unsubscribe” in emails
- Adjust cookie settings in our cookie banner
- Email contact@petzvibes.com
- Update account preferences
Important: Withdrawal doesn’t affect the lawfulness of processing before withdrawal.
9. Right to Lodge a Complaint
What it means: You have the right to complain to your local data protection authority if you believe we’ve violated your rights.
EU/EEA Supervisory Authorities: Find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en
UK Information Commissioner’s Office (ICO):
- Website: https://ico.org.uk
- Phone: 0303 123 1113
- Report online: https://ico.org.uk/make-a-complaint
Swiss Federal Data Protection Authority:
- Website: https://www.edoeb.admin.ch
We encourage you to contact us first so we can try to resolve your concerns directly.
How We Process Your Personal Data
Categories of Personal Data We Collect
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Identity Data | Name, username, title | Account management, order processing | Contract, Legitimate Interest |
| Contact Data | Email, phone, address | Communication, delivery | Contract |
| Financial Data | Payment information | Transaction processing | Contract |
| Transaction Data | Order history, purchases | Order fulfillment, customer service | Contract |
| Technical Data | IP address, browser type, device | Website functionality, security | Legitimate Interest |
| Usage Data | Browsing behavior, clicks | Analytics, improvement | Legitimate Interest, Consent |
| Marketing Data | Preferences, communication choices | Marketing communications | Consent |
| Pet Data | Pet names, breeds (voluntary) | Product recommendations | Consent |
How Long We Retain Your Data
We retain personal data only as long as necessary for the purposes we collected it:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until account deletion + 30 days | Account management |
| Order History | 7 years | Tax and legal obligations |
| Marketing Data | Until you unsubscribe + 2 years | Marketing compliance |
| Cookie Data | Up to 2 years | As specified in Cookie Policy |
| Customer Service Records | 3 years | Customer support, dispute resolution |
| Analytics Data | 26 months (aggregated) | Business intelligence |
| Financial Records | 7 years | Legal and tax obligations |
After these periods, we securely delete or anonymize your data.
International Data Transfers
PetzVibes.com operates globally, which means your data may be transferred to and processed in countries outside the EEA/UK, including the United States.
How We Protect Your Data During International Transfers:
1. Adequacy Decisions Where possible, we transfer data to countries that the European Commission has determined provide adequate data protection.
2. Standard Contractual Clauses (SCCs) We use EU-approved Standard Contractual Clauses with our service providers to ensure appropriate safeguards.
3. Additional Safeguards
- Technical measures (encryption, pseudonymization)
- Organizational measures (access controls, data minimization)
- Regular audits of data processors
- Privacy impact assessments
4. Your Rights You can request information about the safeguards we use for international transfers or request a copy of the relevant adequacy mechanism.
Third Countries We Transfer Data To:
- United States: Our primary servers and some service providers
- Other regions: As necessary for shipping and payment processing
Contact us if you have questions about international data transfers.
Children’s Data Protection
We do not knowingly collect personal data from children under 16 years of age (or the applicable age of digital consent in your country) without parental consent.
If we discover we’ve collected data from a child without consent:
- We’ll delete it immediately
- We’ll notify the child’s parent/guardian if possible
Parents/Guardians: If you believe we’ve collected your child’s data, contact us immediately at contact@petzvibes.com with subject line “Child Data Concern”
Data Security Measures
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
- SSL/TLS encryption for data transmission
- Encryption of data at rest
- Secure payment processing (PCI-DSS compliant through PayPal)
- Regular security audits and vulnerability assessments
- Firewall protection and intrusion detection
- Secure backup systems
Organizational Measures:
- Access controls and authentication
- Employee training on data protection
- Confidentiality agreements with staff and processors
- Data protection impact assessments (DPIAs)
- Incident response procedures
- Regular policy reviews and updates
Data Breach Notification:
In the event of a personal data breach that poses a risk to your rights and freedoms:
- We’ll notify the relevant supervisory authority within 72 hours
- We’ll notify you directly without undue delay
- We’ll provide clear information about the breach and steps you can take
Third-Party Data Processors
We work with carefully selected third-party processors who help us provide our services. All processors are bound by GDPR-compliant data processing agreements.
Key Data Processors:
| Processor | Service | Location | Safeguards |
|---|---|---|---|
| PayPal | Payment processing | US & EU | SCCs, Privacy Shield successor |
| Analytics, advertising | US & EU | SCCs, adequate safeguards | |
| Facebook/Meta | Advertising, social media | US & EU | SCCs, adequate safeguards |
| Email Provider | [TBD] | [TBD] | [TBD] |
| Web Hosting | Website infrastructure | [Specify] | SCCs, encryption |
| Shipping Carriers | Order fulfillment | Various | Contractual agreements |
We regularly review our processors to ensure continued compliance with GDPR.
How to Exercise Your Rights
Step-by-Step Process:
1. Submit Your Request Email contact@petzvibes.com with:
- Clear subject line indicating your request type (e.g., “GDPR Access Request”)
- Your full name and email address associated with your account
- Specific details about your request
- Proof of identity (if required)
2. Identity Verification To protect your privacy, we may request additional information to verify your identity:
- Account email confirmation
- Order number reference
- Recent account activity verification
3. Processing Timeline
- Initial response: Within 1 month of receiving your request
- Complex requests: Up to 3 months (we’ll inform you if extension is needed)
- We’ll keep you updated throughout the process
4. Response We’ll provide:
- Confirmation of action taken
- Explanation if we cannot comply fully
- Information about your right to complain to a supervisory authority
Request Templates:
Access Request:
Subject: GDPR Access Request
Dear PetzVibes Data Protection Team,
I am writing to request access to my personal data under Article 15 of the GDPR.
Name: [Your Name]
Email: [Your Email]
Account Number/Order Number: [If applicable]
Please provide me with a copy of all personal data you hold about me.
Sincerely,
[Your Name]
Erasure Request:
Subject: GDPR Erasure Request
Dear PetzVibes Data Protection Team,
I am writing to request erasure of my personal data under Article 17 of the GDPR.
Name: [Your Name]
Email: [Your Email]
Account Number: [If applicable]
Please delete all personal data associated with my account.
Sincerely,
[Your Name]
Automated Decision-Making and Profiling
What We Do:
Limited Automated Processing:
- Fraud detection algorithms to protect against unauthorized transactions
- Product recommendation algorithms based on browsing history
- Email personalization based on purchase history
No Significant Automated Decisions:
- We do not make decisions that significantly affect you based solely on automated processing
- Human oversight is always involved in important decisions
- You can request manual review of any automated process
Your Rights:
- Request information about the logic involved
- Request human intervention
- Express your point of view
- Contest the decision
To request review: Email contact@petzvibes.com with subject “Automated Decision Review”
Cookies and Tracking
Under GDPR, we must obtain your consent before placing non-essential cookies on your device.
How We Comply:
- Cookie consent banner appears before cookies are set
- Clear categorization of cookie types
- Granular consent options by category
- Easy withdrawal of consent
- Detailed Cookie Policy available
Manage Your Cookie Preferences:
- Click “Cookie Settings” in our website footer
- Adjust preferences at any time
- Block cookies through browser settings
For complete information, see our Cookie Policy.
Data Protection by Design and Default
We integrate data protection into our business processes:
Privacy by Design:
- Data minimization (we collect only what’s necessary)
- Purpose limitation (clear purposes for each data type)
- Storage limitation (retention periods defined)
- Security measures built into systems
- Regular privacy impact assessments
Privacy by Default:
- Strictest privacy settings applied automatically
- Only necessary data processed by default
- Limited data retention periods
- Opt-in for marketing (not opt-out)
- Clear, easy-to-find privacy controls
Updates to Our GDPR Practices
We regularly review and update our GDPR compliance practices to:
- Reflect changes in data protection law
- Incorporate new technologies and safeguards
- Respond to guidance from supervisory authorities
- Improve transparency and user control
When we make significant changes:
- We’ll update this page
- We’ll notify you via email if you have an account
- We’ll update the “Last Updated” date
- We may request renewed consent where required
Frequently Asked Questions
Q: How do I delete my account?
A: Email contact@petzvibes.com with subject “Account Deletion Request” We’ll delete your account within 30 days and confirm deletion.
Q: Can I get a copy of my data?
A: Yes! Submit a GDPR Access Request via email. We’ll provide your data in a portable format within 1 month.
Q: How do I stop receiving marketing emails?
A: Click “Unsubscribe” in any marketing email, or email contact@petzvibes.com. We’ll process this immediately.
Q: Do you sell my personal data?
A: No, we never sell your personal data to third parties.
Q: How do you protect my payment information?
A: We use PayPal for secure payment processing. We never store your full payment card details on our servers.
Q: Can I shop without creating an account?
A: Yes, you can checkout as a guest. We’ll only process the minimum data necessary to fulfill your order.
Q: What happens if there’s a data breach?
A: We’ll notify you and the relevant supervisory authority within 72 hours and provide clear information about the breach and protective steps.
Q: Who can I complain to about data protection?
A: Contact your local data protection authority or the UK ICO. We encourage you to contact us first to resolve concerns.
Contact & Support
For All GDPR & Data Protection Inquiries:
Email: contact@petzvibes.com
Subject Lines for Specific Requests:
- “GDPR Access Request” – Request a copy of your data
- “GDPR Erasure Request” – Request data deletion
- “GDPR Rectification Request” – Correct inaccurate data
- “GDPR Portability Request” – Receive data in portable format
- “GDPR Objection” – Object to certain processing
- “GDPR Complaint” – Lodge a formal complaint
- “Data Protection Inquiry” – General questions
Response Time: Within 1 month (complex requests may take up to 3 months)
Languages: We respond to requests in English. If you need assistance in another language, please let us know.
Our Commitment to You
At PetzVibes.com, we believe that transparency and respect for your privacy rights are essential to building trust. We are committed to:
✓ Processing your data lawfully, fairly, and transparently
✓ Collecting data only for specified, legitimate purposes
✓ Minimizing the data we collect and retain
✓ Keeping your data accurate and up to date
✓ Storing your data securely
✓ Respecting and facilitating your rights under GDPR
✓ Being accountable for our data protection practices
Thank you for trusting PetzVibes.com with your personal data. Your privacy matters to us, and we’re here to help you exercise your rights! 🐾
Related Policies
For complete information about how we handle your data, please also review:
Last Updated: [Insert Date]