BreederHub Logo

Privacy Policy

Version: 2.0 Effective date: March 30, 2026 Previous version: 1.0 (undated)


Section 1. Data Controller

  1. The Data Controller is OpenTopic Technologia Sp. z o.o. with its registered office in Bialystok (15-004), ul. Sienkiewicza 40A, Poland, entered into the National Court Register (KRS) under number: 0000647187, NIP: 9662107440, REGON: 365885932.

  2. Contact for data protection matters: legal@ot.technology

  3. The Data Controller has not appointed a Data Protection Officer (DPO). If a DPO is appointed in the future, information will be published at breederhub.global/en/privacy-policy/.


Section 2. Scope of This Policy

This Privacy Policy applies to the processing of personal data of users of the BreederHub platform, available at breederhub.global and within breeder-specific domains and subdomains ("Service").


Section 3. Purposes, Scope, and Legal Bases for Processing

We process data at several levels, depending on your interaction with the Service:


3.1. Website Browsing

  • Scope of data: Analytical data (cookie identifiers, IP address, session data, browser type, operating system).
  • Purpose: Traffic analysis and platform optimization.
  • Legal basis: Art. 6(1)(a) GDPR (voluntary consent expressed through cookie banner settings).
  • Tools: Google Analytics 4 (GA4).

3.2. Waitlist and Contact

  • Scope of data: E-mail address, survey responses regarding interest in the service.
  • Purpose: Direct marketing, invitations to testing phases, and product updates.
  • Legal basis: Art. 6(1)(a) GDPR (voluntary consent).
  • Note: Consent may be withdrawn at any time by clicking the unsubscribe link in any e-mail or by contacting legal@ot.technology. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

3.3. Registration and Platform Usage

  • Scope of data: Name, surname, e-mail, kennel data (name, certificates, registration number), billing information.
  • Purpose: Provision of SaaS services and fulfillment of the subscription agreement.
  • Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.4. Puppy Reservation Form

  • Scope of data: Name, surname, e-mail, phone number, living conditions, cynological experience, household information.
  • Purpose: Buyer screening and processing of puppy reservations.
  • Legal basis: Art. 6(1)(b) GDPR (steps taken at the request of the data subject prior to entering into a contract) and Art. 6(1)(f) GDPR (legitimate interest of the Breeder in selecting appropriate buyers).
  • Role of BreederHub: We act as a Data Processor on behalf of the Breeder, who is the Data Controller of their buyers' data. Data is collected within the BreederHub infrastructure and made available to the Breeder to fulfill the above purposes.

3.5. Complaint Handling

  • Scope of data: Name, e-mail, description of the issue.
  • Purpose: Handling complaints and requests.
  • Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (legal obligation).

3.6. Legal Obligations

  • Scope of data: Billing data, transaction records.
  • Purpose: Fulfillment of tax and accounting obligations.
  • Legal basis: Art. 6(1)(c) GDPR (legal obligation).

Section 4. Profiling and "Smart Buyer Screening"

  1. As part of the platform, we use profiling technologies ("Smart Buyer Screening") to assist Breeders in analyzing questionnaires.

  2. Mechanism: The algorithm may suggest a score for an application based on the answers provided.

  3. No Automated Decisions: Every application is subject to human verification (human-in-the-loop). BreederHub does not make independent, automated decisions to reject candidates. The final decision regarding the acceptance or rejection of a reservation rests solely with the Breeder.

  4. Art. 22 GDPR - Automated individual decision-making: The Service does not make decisions based solely on automated processing, including profiling, which produce legal effects concerning the data subject or similarly significantly affect them. The AI-generated scores are advisory only and always require a human decision by the Breeder.

  5. Right to object to profiling (Art. 21 GDPR): The Buyer has the right to object at any time to profiling based on the legitimate interest of the Breeder (Art. 6(1)(f) GDPR). To exercise this right, contact: legal@ot.technology. Upon receiving a valid objection, we will cease profiling of the data subject's data, unless we demonstrate compelling legitimate grounds for the processing that override the data subject's interests, rights, and freedoms.

  6. Training data: Data from questionnaires is not used to train or improve AI models without the User's explicit consent (opt-in). The Data Controller may use anonymized, aggregated data for Service improvement.


Section 5. Data Recipients

We share data only with entities necessary for the operation of the Service:

  1. Infrastructure Providers: AWS (Amazon Web Services) - hosting and databases located within the EU (eu-central-1 region, Frankfurt).

  2. Breeders: Data from reservation forms is shared with the Breeder via the BreederHub management panel. The Breeder becomes an independent Data Controller regarding the use of this data for qualification and sales purposes.

  3. Payment Processors: Stripe, Inc. (acts as an independent Data Controller for transaction processing and financial compliance).

  4. Analytical Tools: Google Analytics 4 (only upon consent expressed through the cookie banner).

  5. E-mail Service Providers: For transactional and marketing communications (upon consent).

We do not sell personal data to third parties.


Section 6. Data Retention Period

We adhere to the principle of data minimization:

Data CategoryRetention PeriodBasisAnalytical Data (GA4) | Maximum 14 months | Consent settings
Waitlist data | Until withdrawal of consent or 24 months from last interaction | Consent
Account data (Breeders) | Duration of the Subscription + 30 days for data export | Contract
Buyer Data (Rejected Applications) | 12 months following the end of the recruitment process | Legitimate interest (defense against claims)
Buyer Data (Successful Reservations) | Duration of the Breeder's active account | Contract / Legitimate interest (Breeding Legacy Archive)
Billing data | 5-6 years | Tax law obligations
Complaint data | 3 years from resolution | Legitimate interest (defense against claims)
Anonymization: Upon the expiry of retention periods or at the user's request, personal data in litter histories is anonymized (statistical information remains without identifying data).


Section 7. Data Transfers Outside the EEA

  1. Data may be transferred to entities in the USA (e.g., Google LLC, Stripe, Inc.) based on:

    • Adequacy decisions, including the EU-US Data Privacy Framework (DPF), or
    • Standard Contractual Clauses (SCC) approved by the European Commission.
  2. These mechanisms ensure a level of data protection equivalent to the standards within the European Economic Area.

  3. Information about the specific safeguards in place is available upon request at: legal@ot.technology.


Section 8. Your Rights

Under the GDPR, you have the following rights:

  1. Right of access (Art. 15 GDPR) - to obtain confirmation of whether your data is being processed and access to that data.

  2. Right to rectification (Art. 16 GDPR) - to correct inaccurate or incomplete data.

  3. Right to erasure ("right to be forgotten") (Art. 17 GDPR) - to request deletion of your data when processing is no longer necessary.

  4. Right to restriction of processing (Art. 18 GDPR) - to request limitation of data processing in specific circumstances.

  5. Right to data portability (Art. 20 GDPR) - to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

  6. Right to object (Art. 21 GDPR) - to object to processing based on legitimate interest, including profiling. In particular, you have the right to object to the processing of your data by the Smart Buyer Screening system (see Section 4.5).

  7. Right not to be subject to automated decision-making (Art. 22 GDPR) - the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. As described in Section 4.4, BreederHub does not make such decisions.

  8. Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

  9. Right to lodge a complaint - you may lodge a complaint with the supervisory authority:

    • In Poland: President of the Personal Data Protection Office (Prezes UrzÄ™du Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl
    • In other EU Member States: your local data protection supervisory authority
How to exercise your rights: Send a request to legal@ot.technology. We will respond within 30 days. In complex cases, the deadline may be extended by an additional 60 days, of which you will be informed.


Section 9. Children's Data

  1. The Service is not intended for persons under the age of 16.

  2. To use the Service as a Buyer, the minimum age is 16 years. Persons aged 16-17 may use the Service only with the consent of a parent or legal guardian.

  3. To use the Service as a Breeder, the minimum age is 18 years.

  4. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete such data promptly.

  5. If you believe that we have collected data from a child under 16, please contact us immediately at: legal@ot.technology.


Section 10. Security

As a system dedicated to professionalizing global cynology, we apply multi-layered data protection standards:

  1. Encryption: Data transmission between the user and the server is conducted using the secure SSL/TLS protocol.

  2. Logical Data Isolation (Multi-tenancy): The database architecture ensures strict logical isolation of data between individual Breeder accounts. Access to data is restricted to authorized entities only through application-level authorization mechanisms, preventing unauthorized access by other users of the infrastructure.

  3. Access Control: We regularly monitor the infrastructure for unauthorized use attempts and maintain rigorous permission management policies within our technical team.

  4. Infrastructure: Data is stored on AWS infrastructure within the EU (eu-central-1 region), which is certified under ISO 27001, SOC 2, and other industry standards.

  5. Incident Response: In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the supervisory authority within 72 hours and affected data subjects without undue delay, in accordance with Art. 33-34 GDPR.


Section 11. Changes to This Privacy Policy

  1. We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or Service features.

  2. Changes will be communicated by publishing the updated Privacy Policy at breederhub.global/en/privacy-policy/ and by notifying registered Users via e-mail.

  3. The "Effective date" and version number at the top of this document will be updated with each revision.

This document was generated with AI assistance and should be reviewed by a qualified lawyer before implementation.