BreederHub Logo

Privacy Policy

BreederHub Privacy Policy

This Privacy Policy outlines the rules for collecting, processing, and protecting the personal data of users of the BreederHub platform (available at breederhub.io and within breeder-specific domains and subdomains).

Data Controller

The Data Controller is OpenTopic Technologia SP z o.o. with its registered office in Białystok (15-004), ul. Sienkiewicza 40a, Poland, entered into the Register of Entrepreneurs under KRS number: 0000647187.

You can contact the Controller regarding data protection matters via e-mail at: legal@ot.technology.

Purposes and Legal Bases for Processing

We process data at three levels, depending on your interaction with the Service:

Website Browsing

  • Scope of data: Analytical data (cookie identifiers, IP address, session data).
  • Purpose: Traffic analysis and platform optimization.
  • Legal basis: Art. 6(1)(a) GDPR (voluntary consent expressed through cookie banner settings).
  • Tools: Google Analytics 4 (GA4).

Waitlist and Contact

  • Scope of data: E-mail address, survey responses regarding interest in the service.
  • Purpose: Direct marketing, invitations to testing phases, and product updates.
  • Legal basis: Art. 6(1)(a) GDPR (voluntary consent).

Registration and Platform Usage

  • Scope of data: Name, surname, e-mail, kennel data (name, certificates), billing information.
  • Purpose: Provision of SaaS services and fulfillment of the subscription agreement.
  • Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Puppy Reservation Form

  • Scope of data: Name, surname, e-mail, phone number, living conditions, cynological experience.
  • Purpose: Buyer screening and processing of puppy reservations.
  • Legal basis: Art. 6(1)(b) GDPR (steps taken at the request of the data subject prior to entering into a contract) and Art. 6(1)(f) GDPR (legitimate interest of the breeder).
  • Role of BreederHub: We act as a Data Processor on behalf of the Breeder, who is the Data Controller of their buyers' data. Data is collected within the BreederHub infrastructure and made available to the Breeder to fulfill the above purposes.


Profiling and "Smart Buyer Screening"

As part of the platform, we use profiling technologies ("Smart Buyer Screening") to assist Breeders in analyzing questionnaires.

  • Mechanism: The algorithm may suggest a score for an application based on the answers provided.
  • No Automated Decisions: Every application is subject to human verification (Human-in-the-loop). BreederHub does not make independent, automated decisions to reject candidates. The final decision regarding the acceptance or rejection of a reservation rests solely with the Breeder.

Data Recipients

We share data only with entities necessary for the operation of the Service:

  1. Infrastructure Providers: Hosting and databases located within the EU (where data is securely stored).
  2. Breeders: Data from reservation forms is shared with the Breeder via the BreederHub management panel. The Breeder becomes an independent Data Controller regarding the use of this data for qualification and sales purposes.
  3. Payment Processors: Stripe (acts as an independent Controller for transaction processing and financial compliance).
  4. Analytical Tools: Google Analytics 4 (only upon consent).

Data Retention Period

We adhere to the principle of data minimization:

  • Analytical Data (GA4): Maximum of 14 months.
  • Buyer Data (Rejected Applications): Retained for 12 months following the end of the recruitment process to defend against potential claims.
  • Buyer Data (Successful Reservations): Retained for the duration of the Breeder’s active account to document the "Breeding Legacy Archive" and for periods required by tax law (5-6 years).
  • Anonymization: Upon the expiry of retention periods or at the user's request, personal data in litter histories is anonymized (statistical information remains without identifying data).

Data Transfers Outside the EEA

Data may be transferred to entities in the USA (e.g., Google, Stripe) based on adequacy decisions (Data Privacy Framework) or Standard Contractual Clauses (SCC), ensuring a European level of data protection.

Your Rights

You have the right to access, rectify, or erase your data ("right to be forgotten"), restrict processing, data portability, and the right to object. Complaints can be lodged with the President of the Personal Data Protection Office (uodo.gov.pl) or your local supervisory authority.

Security

As a system dedicated to "Professionalizing global cynology," we apply multi-layered data protection standards:

  • Encryption: Data transmission between the user and the server is conducted using the secure SSL/TLS protocol.
  • Logical Data Isolation (Multi-tenancy): The database architecture is designed to ensure strict logical isolation of data between individual Breeder accounts. Access to data is restricted to authorized entities only through application-level authorization mechanisms, preventing unauthorized access by other entities using the infrastructure.
  • Access Control: We regularly monitor the infrastructure for unauthorized use attempts and maintain rigorous permission management policies within our technical team.