logo

Meet My Paws

MEET MY PAWS™: DATA, PRIVACY & SECURITY POLICY

This policy outlines how Meet My Paws™ ("MMP") will guard and protect Personal Information You provide when You use the Meet My Paws™ platform at meetmypaws.com.

Definitions Used in This Policy appear at the end of it.

A: STATEMENTS OF PRINCIPLE: DISCLOSURE & ACCESS TO PERSONAL INFORMATION

  1. This policy applies to all data processing activities involving MMP (who is a Data Controller) and includes activities or systems related to both internal business operations, as well as external relations and any third-party agreements.
  2. MMP shall access and store the minimum amount of Personal Information necessary for the purposes of providing the services provided to MMP platform users under our terms and conditions with users. As such, we may rely on the following legal bases to process your personal information:
    • Consent. We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time by emailing office@meetmypaws.co.uk.
    • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
    • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
    • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
  3. Access to Personal Information is limited to employees, agents or consultants who have a need to know the Personal Information as a condition to MMP's performance of services to Members.
  4. You may upload information that may be considered Personal Information to the MMP platform. Personal Information that you upload will be processed in accordance with this policy. You can withdraw your consent at any time by contacting us by notifying us at office@meetmypaws.
  5. MMP will not share, transfer, disclose, make available or otherwise provide access to any Personal Information that You provide to it to any third party; 'third party' means any person or business entity other than a registered user of the MMP platform.
  6. Any access to Personal Information granted to a third party ("Sub-Processor") will only be undertaken under a written agreement with each Sub-Processor.
  7. MMP will not sell Personal Information.
  8. MMP will undertake a detailed assessment of the purposes and context of the Processing, and the laws of the country or countries of destination prior to processing to ensure it an provide an adequate level of protection for the Personal Information.
  9. MMP shall not transfer, transmit or disclose Personal Information outside the country from which Member originally delivered it to MMP without entering into written agreements as are necessary to comply with Privacy Laws concerning any cross-border transfer of Personal Information.
  10. MMP shall cooperate to answer individual data subject requests for updates to, or deletions of their Personal Information, or requests the restriction of or objects to the Processing of his or her Personal Information. You may request a copy of all Personal Information we hold about You by writing to MMP at office@meetmypaws.co.uk.
  11. MMP shall implement and maintain a documented procedure for reviewing and responding to Government Authority Requests and shall maintain a written record of all such requests.
  12. MMP shall implement appropriate technical and organisational measures to protect Personal Information in transit over public networks and ensure that all Personal Information in transit is encrypted by default.
  13. MMP shall ensure, to the extent possible, that the Personal Information it stores is pseudonymized.

B: COMPLIANCE WITH PRIVACY AND INFORMATION SECURITY SAFEGUARDS

  1. MMP employs an information security program that complies with applicable Privacy Laws.
  2. MMP's information security program includes appropriate administrative, technical, physical, organisational and operational safeguards and other security measures designed to (i) ensure a level of security appropriate to the risk presented by the Processing of Personal Information; (ii) protect against any anticipated threats or hazards to the security, availability, confidentiality and integrity of Personal Information; and (iii) protect against any Information Security Incident.

    3. Safeguards involve (as appropriate):

    1. the pseudonymization and encryption of the Personal Information; using appropriate software;
    2. regular testing to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services involved in the Processing of the Personal Information;
    3. regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing (no less than annually).
  3. MMP shall immediately inform a Member in writing of any Information Security Incident of which MMP becomes aware. In which case MMP will follow the procedure below.
  4. MMP shall immediately inform a Member if, in MMP's opinion, an instruction from Member infringes applicable Privacy Laws.
  5. MMP supervises its employees, agents, consultants and Sub-Processors to the extent required to maintain appropriate privacy, confidentiality and security of Personal Information.
  6. MMP provides training, as appropriate, regarding the privacy, confidentiality and information security requirements set forth in this Policy to relevant employees, agents, consultants and Sub-Processors who have access to Personal Information.

C: CLASSIFICATION OF DATA

  1. To properly assign safeguards, all data that MMP collects, processes or stores must be assigned one of the following classification categories to ensure MMP upholds its regulatory commitment to uphold the rights of individuals, as outlined under Data Protection Legislation:
    • Public
    • Open
    • Confidential
    • Strictly Confidential
    • Secret
  2. Some data MMP uses will most likely be classed as being either 'Public' or 'Open' data. Any information relating to an individual or organisation that could identify them or is personal or private in nature must be assigned a category of either 'Confidential' or 'Strictly Confidential'.

Public data

  1. Public data is information or data that can be accessed by any external individual or organisation. Types of public data include:
    • Official contact data of relevant company employees
    • News updates or press releases
    • Company publications
    • External-facing company policies or procedures

Management of public data:

  1. Public data will be formatted to allow for the most basic security measures. Examples include converting a Word document into a PDF to avoid others editing it, as this could subsequently cause some form of reputational damage.

Open data

  1. Anyone at MMP is able to access this information for the purposes of fulfilling MMP's contractual obligations and business needs. MMP platform users are granted access to open data. Types of open data might include:
    • Official contact data e.g. full name, primary email address and telephone number
    • Authorised communications, such as blogs, news articles and updates

Management of open data:

  1. Open data will be formatted to allow for the most basic security measures. Examples might include converting a Word document into a PDF to avoid others editing it, as this could subsequently cause some form of reputational damage.

Sensitive Data

  1. Access to sensitive data is limited only to individuals at MMP who have been granted appropriate authorisation to view or process that information. MMP platform users are not granted access to Your sensitive data. Types of sensitive data might include:
    • Name
    • Date of birth
    • Address
    • Telephone number
    • Email address
    • National Insurance number
    • Race
    • Religion
    • Health details
    • Political affiliations
    • Trade union membership
    • Criminal offences
    • Employee contracts
    • Non-Disclosure Agreements
    • Unfinished or unapproved company documents
    • Employee wage slips
    • Death certificates
    • PDR documentation
  2. Where strictly necessary authorised individuals or stakeholders of MMP may need to be granted access to sensitive data on a need-to-know or project only basis.
  3. Sensitive Data is afforded a higher level of protection than other data that is not sensitive. Sensitive data must be identified and assessed on a case-for-case basis. In most cases, sensitive data will inherently be classed as confidential; thus, access and/or availability will be limited to key individuals who need to know the information in order to fulfil a MMP platform user contract or a statutory obligation of MMP.

Management of Sensitive Data:

  1. As and where required to handle confidential data, employees should exercise the following handling processes:
    • Paper documents will be:
      • In secure locked storage
      • Transported in sealed envelopes only
      • Transported by an approved third-party courier service
      • Securely disposed of
    • Electronic data will be:
      • Encrypted
      • Password-protected wherever possible
      • Transportation must follow secure file transfer protocol
      • Storage must be limited to secure file stores
      • Securely disposed of

Strictly confidential data

  1. A minimal number of MMP authorised individuals, authorities or other stakeholders may be permitted access to data that has been classified as being 'Strictly confidential'. MMP platform users are not granted access to Your confidential data. Types of strictly confidential data might include:
    • Bank details
    • Credit card information
    • Financial information
    • Server information
    • Usernames or passwords
    • Test data
    • Medical records
    • Disciplinary proceedings
    • Patent information
    • Network information

Management of strictly confidential data:

  1. As and where required to handle strictly confidential data, employees should exercise the following handling processes:
    • Paper documents will be:
      • In secure locked storage
      • Transported in sealed envelopes only
      • Transported by an approved third-party courier service
    • Electronic data will be:
      • Encrypted
      • Password-protected wherever possible
      • Tagged
      • Transportation must follow secure file transfer protocol
      • Storage must be limited to secure file stores

Secret data

  1. On rare occasions, MMP may wish to classify data as 'Secret'. Secret data may require different controls and circumstances. Bearing that in mind, individual protocols will be implemented on a case-for-case basis.

Data classification markings

  1. Data classification is used by MMP to match the classification category in which that data has been assigned and will include the retention period for the data.

Reclassifying data

  1. There may be occasions when Personal Information and other data must be reclassified from one data category to another data category. The need for reclassification may depend upon a content change, or an alteration in terms of the data's intent, where it is stored or how it is being used. You may request reclassification of Personal Information by writing to MMP at office@meetmypaws.co.uk.

D: DATA STORAGE POLICY

  1. All information and data that is collected and processed by MMP is subject to this policy. This includes information collected electronically, by paper, telephone or data collected through any other means.
  2. All data will be collected, stored and protected in a secure location appointed by MMP for the retention period necessary for fulfilment of our terms of service with You and bearing in mind the nature of the data and the period it has been assessed as being required to be stored for.

E: RETURN OR DESTRUCTION OF PERSONAL INFORMATION

  1. MMP shall securely destroy all Personal Information in MMP's or its Sub-Processors' possession, custody or control on or as soon as possible after the data retention date and/or on request of a MMP platform user in relation to their Personal Information.

F: REPORTING SECURITY BREACHES

  1. MMP will report any data breach to You which will include:
    • DETAILS of the Information Security Incident
    • HOW the Information Security Incident was discovered
    • WHEN the Information Security Incident occurred
    • CORRECTIVE ACTION being taken

G: DEFINITIONS

  1. "Data Controller" means a person who alone or jointly with others determines the purposes and means of the Processing of Personal Information.
  2. "Data Processor" means a person who Processes Personal Information on behalf of the Data Controller.
  3. "Information Security Incident" means any actual or reasonably suspected accidental or unlawful Processing, destruction, loss, theft, alteration, misuse, interference, modification, unauthorized access to, or disclosure or acquisition of, any Personal Information.
  4. "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified, identifiable or particular individual or household, regardless of the media in which it is contained, that may be (a) disclosed to or Processed (as defined below) by MMP in connection with or incidental to the performance of its business; or (b) derived by MMP from the information described in (a) above.
  5. "Process", "Processed", or "Processing" means any operation or set of operations performed upon Personal Information or on sets of Personal Information, whether or not by automatic means, such as creating, collecting, procuring, obtaining, retaining, accessing, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, transmitting, aligning, combining, restricting, anonymizing, deleting or destroying the data.
  6. "Privacy Laws" means the Data Protection Act 2018 and applicable laws, rules, regulations and governmental requirements currently in effect relating to the privacy, confidentiality or security or otherwise relating to the Processing of Personal Information.
  7. "Sell" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Personal Information of Member for monetary or other valuable consideration.