Privacy and Data Protection Policy
Information About Us
The site (“MyDearDog.com“) is operated and owned by Moon.
In the course of business, My Dear Dog, LLC uses various kinds of data on identifiable individuals, which includes data regarding:
- Present, past, and future employees
- Visitors to its sites
When collecting and processing this data, the business is subject to various laws that govern how these actions are carried out and the security measures that have to be in place to safeguard it.
This statement aims to layout the applicable law and outlines My Dear Dog, LLC’s actions to ensure it complies with the law.
This policy is applicable to all people, systems, and processes that comprise the information systems of the company that including directors, board members, employees, suppliers, and other third parties that can access My Dear Dog.
The following policies and procedures pertaining to this document.
- Data Protection Impact Assessment Process
- Information Security Incident Response Procedure
- GDPR Roles, Responsibilities, and Authorities
- Records Retention and Protection Policy
The General Data Protection Regulation
The General Data Protection Regulation 2016 (GDPR) is among the most important pieces of legislation that will affect how My Dear Dog, LLC performs its data processing. The law provides for significant fines when a breach is found to have occurred by the GDPR, which was created to safeguard the citizens’ personal data in the European Union. Therefore, My Dear Dog’s policy that our compliance with GDPR and other relevant legislation is apparent and evident every time.
There are 26 definitions contained in the GDPR. It is not appropriate to repeat the entire list in this document. The most important definitions about the GDPR are as follows:
Personal data refers to:
any information that relates to an identifiable human being (‘data subject’); an identifiable natural person is one who could be identified either directly or indirectly, notably through an identifier like the name, an identification number or location data or online identifiers or one or more aspects particular to the physical-biological, genetic, mental economic, cultural, or social identity of that person;
any of the operations or sets of operations that are executed on personal information or the personal data of a set that are processed, regardless of automated methods, like the collection, recording, or organizing, structuring storage, adaptation or alteration, retrieval consulting, use, disclosure through transmission, distribution or other means of making accessible, mixing or alignment, restriction and destruction or erasure;
The natural or legal person or legal person, public authority, agency, or any other body that together with other bodies determines the purposes and methods for processing personal data. If the reasons and the methods used in the processing are defined by Union or Member State law, the controller or the conditions for its selection could be specified through Union as well as Member State law;
Principles Relating to Processing of Personal Data
There are many fundamental principles on which the GDPR is built.
Personal data is:
(a) processing is done legal, fair and transparent way concerning the subject (‘lawfulness fairness, transparency and lawfulness’).
(b) taken for specific legal, explicit and specific purposes that are not processed further in a way that is not compatible with the stated purpose or further processing for archive purposes that are in the public interest or for scientific or historical research and for statistical purposes should be in line with Article 89(1) and (b) not be deemed to be not compatible with the original purpose (‘purpose restriction’).
(c) appropriate, pertinent and restricted to what is required to fulfill the purpose that these data will be processed (‘data reduction’);
(d) complete and, if necessary, maintained up-to-date The most reasonable steps must take place to guarantee that any personal data that are not accurate, concerning the purpose that they are used for they are deleted or corrected immediately (‘accuracy’);
(e) stored in a manner that permits the identification of data subjects, not more than what is required to fulfill the purpose of personal processing data. Personal data can be kept for longer durations if the personal data is only used for archiving purposes to protect the public, for scientific or historical research, or for statistical reasons as per the provisions of Article 89(1) with the implementation of the necessary administrative and technical measures stipulated by this Regulation to protect the rights and liberties of the person who is the of the subject (‘storage restriction’);
(f) processing in a way that provides adequate security of personal data, which includes security against illegal or unauthorized processing and accidental destruction, loss or damage, by using appropriate organizational or technical measures (‘integrity and security).
Right of The Individual
The person who is the data subject also has rights under GDPR. This includes:
- Right to information
- Access rights
- The right to rectify
- The right to erase
- The right to limit processing
- The right to transfer data
- The right to raise an objection
- Rights related to automated decision-making and profiling.
All of these rights should be backed by proper processes inside My Dear Dog, LLC that permit the necessary action to be undertaken within the specified timeframes in the GDPR.
These timescales include:
- Right to receive information when the data is collected (if provided by the data person) or within a month (if not provided by the data subject)
- Access rights A month
- The right to rectify One month
- The right to erase without delay
- The right to limit processing without delay
- The right to transfer data – One month
- Right to object to the receipt of the objection
- Rights related to automated decision-making and profiling – not specified.
Unless it is required to do so because the GDPR permits, explicit consent is required from the person who is a data subject to use and store their personal data. If a child is under 16 years old, consent from parents must be sought. The information we use of their personal information must be given to data subjects when permission is obtained, and their rights about their data clarified like the option to withhold consent. This information should be given in a format that is accessible and written clearly and free of charge.
Suppose the data are not directly obtained from the individual who is the subject of the data. In that case, the information has to be disclosed within a reasonable time after data is collected and preferably within one month.
Privacy by Design
My Dear Dog, LLC has adopted the privacy principle by design and will ensure that the design and implementation of all new or drastically altered systems that gather or process personal information are subject to thorough attention to privacy concerns and the execution of one or several impact evaluations.
The assessment of the impact of data protection will comprise:
- The consideration of how personal data are processed and for what purpose.
- Analyzing whether the processing proposed for personal data is appropriate and necessary about its purpose(s)
- Evaluation of the risk to individuals involved in personal processing data of individuals
- What measures are required to deal with the identified risks and show compliance with the law?
The use of techniques like pseudonymization and data minimization should be considered if appropriate.
Transfer of Personal Data
Transfers of personal data that occur outside the European Union must be carefully scrutinized before any transfer is made to ensure that they are within the restrictions set forth under the GDPR. This is mainly dependent on the judgment of the European Commission regarding the sufficiency of the protections for personal data that are applicable in the destination country and could change over time.
Transfers of data between groups are subject to legally binding agreements, referred to by Binding Corporate Rules (BCR), which grant enforceable rights to the data subject.
Personal Information That This Website Collects And Why We Collect It
This website collects and utilizes personal data to fulfill the following purposes:
- Site Visitation Tracking
As with most websites, this one utilizes Google Analytics (GA) for GA to monitor user interactions. This data is used to figure out the number of users who visit our website to comprehend how they locate and interact with our websites and track their experience on our website.
While GA retains information such as your residence, the device you use, browsers, and the operating systems, none of this data is used to identify you personally. GA also tracks your computer’s IP address, which could be used to identify you, but Google does not give the access we need to that. We believe Google is a third-party data processor.
GA utilizes cookies. More details are available in Google’s Developer Guides. For your information, our site uses GA’s analytics.js application of GA.
Disabling cookies in your internet browser will prevent GA from tracking every aspect of your visits to pages on this site.
- Contact Forms
Suppose you decide to contact us via the Contact form found on the ‘Contact Us page. In that case, the information you input will be saved on this site and compiled into an email delivered to us using our Simple Mail Transfer Protocol (SMTP). We have SMTP servers that are secured by TLS (sometimes called SSL), which means that your email is transmitted through an encrypted connection using encryption using SHA-2 and 256-bits and is accepted by Google’s secured servers.
- Newsletters by email
If you decide to sign up for our newsletter by email in the future, the email address you supply for us to be redirected via ConvertKit, which provides us with marketing email services. We view ConvertKit as a third-party data processor. Therefore, the email address you enter is not stored in the website’s database nor within the internal systems of ConvertKit.
Your email may be in ConvertKit’s database for the duration of time we continue to utilize ConvertKit’s service for marketing via email or until you want to be removed from our list. You can opt out by unsubscribing via the links to unsubscribe in the email newsletters or through email to request removal. If asking for removal by email, please send us an email message via the email account already subscribed to our mailing list.
If you are younger than 16 years old, you must obtain parental consent before registering for our newsletter.
As long as your email address is in the ConvertKit database, you will receive periodic (approximately every month) email messages that look like newsletters from us.
How We Store Your Personal Information
As mentioned above in the previous paragraph, if you complete the contact form on this site, some personal data will be saved within the website’s database. This is the only instance where personal information is stored on this site. The data is currently stored in an identifiable way, which is a limitation of the system for managing content that this website is built upon (WordPress).
In the near term, we intend to alter the way we store this data to a pseudonymous format, meaning that the data would need further processing with a separate stored “key” before it can be used to identify an individual.
Pseudonymisation is one of the current requirements of the GDPR that numerous web application developers are currently working to implement. We have set our sights on keeping this as a top priority and will be implementing it on our website as soon as we’re in a position to.
The server of this website
Media Temple runs this website within a US data center.
A few of the important security features are listed below:
24/7/365 DDoS Security and Intrusion Protection as well as:
- Malware scanning
- Multiple different layers of password brute force protection
- A web-based application firewall
- Multi-layered DDoS mitigation
- Secured password and configuration method
All data (transferal of data) between this site and your web browser are secured and transmitted via HTTPS.
Our Third-Party Data Processors
We rely on various third-party companies to process personal information on our behalf. The third party we use has been carefully selected, and all of them comply with the laws. Two of these organizations are located within the USA and are EU-U.S Privacy Shield certified.
Data Protection Officer
A specific job description for Data Protection Officer (DPO) is required under GDPR when an organization is a public body if it conducts monitoring on a large scale or processes sensitive data types at a high volume. The DPO must possess an adequate level of expertise and may be an in-house employee or outsourced to a qualified service provider.
Based on these guidelines, My Dear Dog, LLC doesn’t require the appointment of a Data Protection Officer. be appointed.
This is My Dear Dog’s goal to ensure that it is fair in the decisions taken to inform those affected by the breach of personal information. As per the GDPR, when there is evidence that a breach may be occurring that could result in an infringement of the rights and liberties of individuals or their families, the relevant Data Protection Authority (DPA) will be notified after 72 hours.
This will be handled according to the Information Security Incident Response Procedure that outlines the general method of dealing with security incidents.
The GDPR’s pertinent DPA has the power to impose penalties of up to 4 percent of the annual global turnover or 20 million euros, whichever is higher in the event of a violation of the GDPR.
The following actions are implemented to ensure it is My Dear Dog, LLC is in full compliance with the principle of accountability in the GDPR:
- The legal basis for personal processing information is unambiguous.
- Everyone responsible for handling personal information is aware of their obligations to follow an appropriate data protection policy.
- Data protection training was provided to all staff.
- Consent is a requirement.
- There are options for data individuals who wish to assert rights over personal data. Such inquiries are dealt with efficiently.
- Regularly reviewed procedures that involve personal information are performed.
- The principle of privacy by design has been a principle that is adopted in all new or modified systems and procedures.
- The following document of processing actions is documented:
- Name of the company and other pertinent information
- – The reason for the processing of personal data
- Individuals – Categories of people and personal data processed.
- Categories of personal data recipients
- – Agreements and mechanisms to facilitate the transfer of personal data to non-EU states, as well as specifics on the security measures in place
- – Personal data retention schedules
- – Relevant organizational and technical controls in place
This site is associated with CMI Marketing, Inc. CMI Marketing, Inc., CMI Marketing, Inc., d/b/a CafeMedia (“CafeMedia”) for the purpose of displaying advertisements on the site and CafeMedia will gather and utilize specific types of data for purposes of advertising. To learn more about CafeMedia’s data usage, click here www.cafemedia.com/publisher-advertising-privacy-policy.
(©) 2021 My Dear Dog, All rights reserved. My Dear Dog is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program created to offer a way of earning a fee by connecting to Amazon.com and associated sites.