Privacy Policy

Privacy Policy GDPR Compliant

A GDPR compliant privacy policy, a cornerstone of Pfetch, Inc., leads our company to adopt the General Data Protection Regulation [GDPR].  The GDPR, an European Union regulation, gives power over the use of personal data back to individuals. The following is the privacy policy (“Policy”) for pfetchinc.com, which is run and provided by Pfetch, Inc. (we, us and our). Pfetch, Inc., is located at 223 E. Flagler St. Miami, Fl 33131.  Please contact us at info@pfetchinc.com.

Privacy, a Cornerstone of Pfetch, Inc.

One of Pfetch, Inc.’s foundation cornerstones is the protection of personal data.  Subsequently, what we gather on our platform will primarily remain in-house and not leave our database.  Furthermore, we share information to help each other, Guests, and Providers on Pfetch.  Most importantly, Pfetch Providers are partners with a requirement to consent and contribute to their third party background checks.

Altogether, the data policy outlined below describes the use and sharing of submitted data.  In particular, Pfetch stores data pseudonymously, meaning it is always encrypted when not actively in use. Consequently, the Pfetch privacy policy demonstrates for which purposes as well as what control of personal data rights you have.  Hence, we will attempt to expose common data standards and explain how Pfetch, Inc. compares. Ultimately, Pfetch intends to contrast and initiate transparency by following and expanding upon GDPR EU regulations.

I. Summary of our concierge platform’s activities:

Primarily, Pfetch matches vetted Provider offerings with Guests to retain goods or services on-demand or scheduled in advance. Pfetch offers bespoke concierge services by featuring diverse providers. Apart from this, we organize group purchasing opportunities as well as collect and publish opinions, and use data.  Furthermore, some of this material is freely available; whereas, some of it is only available to subscribers.  In summary, the following offers an overview of the data processing activities on our website and mobile application.

Visitors

  • As a rule, when you visit our website and mobile application, you do not need to set up an account.  Therefore, only limited personal data will be processed to provide you with the website or mobile app itself (see Section III below).

Registered Guests notified of associated customer organizations.

  • Typically, websites and mobile applications have a policy that may identify you as belonging to a customer organization. Accordingly, they collect information to be able to provide usage reporting to that customer. In contrast, our goal is to inform you of your affiliated customer organizations that you are associated with and to provide you with options.

Pfetch Guests allowing customer affiliations

  • First, as our Guest, you may want to allow affiliates the rights to your usage reporting.  If so, Pfetch acts as your agent and gives you the ability to agree to terms where applicable.  If this is an affiliation due to sponsorship or employment, we review your rights and advise.

VIP Guest Subscription

  • Second, we offer a VIP Guest application that vets you and vouches for your identity. Subsequently, your usage tracking is shielded or empowered as a valued consumer. For example, if you have a high credit score, you inherently have more purchasing power and should be compensated if you agree to the tracking.

Incognito Guest Subscription

  • Third, we offer an Incognito Guest subscription that vets, vouches, and may represent your identity upon request. To clarify, Pfetch may cloak your use on the platform altogether, even from creditors. Note, we will have a statement of itemizations for your personal or business tax records. Furthermore, the history of use may be completely offline and snail-mailed upon your request.

Provider Registration

  • Importantly, Providers agree to the background check/platform application deposit.  Notably, this retainer initiates the protection of personal data to be collected.  Verification of identity and merit is paramount, and data processed in the scope to offer goods or services on the platform (see Sections IV and V below). 

In-house Functionality

  • At this time, many websites and mobile applications, personal data use provide you with relevant advertising for services and products.  We limit the scope to Pfetch partners (see Section VII) and for analytics that help improve our website and mobile app. (see VIII).
  • Alternatively, Pfetch, Inc. does not assume your website and mobile app experience improves with third party content. We understand ads are often annoying unless presented clearly to be exchanged for discounted or free services.  Again, it is your choice, and if you desire outside third party content, it is available, and you can waive the default not to include ads. Thus, allowing advertisements from third parties outside of the pfetch family of providers to function (see Section IX).
  • Likewise, in many websites and mobile applications’ terms of service, you may have inadvertently allowed personal data to be disclosed (see X). Often, these third parties are outside your country of residence; potentially, different data protection standards may apply (see XI). In contrast, Pfetch Inc.’s cornerstone policy is not to share any data with third parties.  We will only share data within the boundaries of the concierge platform.
  • Notably, we have implemented appropriate safeguards to secure personal data (see XII) and retain personal data only as long as necessary (see XIII).
  • Under the legislation applicable to you, you may be able to exercise certain rights regarding the processing of personal data (see XIV).

II. GDPR Definitions

Personal Data per GDPR 

See the definition in Rec.26; Art.4(1) [Note there are minor clarification edits in the following. Please use the link on the section to read the exact terminology.] “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). Therefore, an identifiable person is one who can be identified by an identifier such as a name, an identification number, location data, online id. Also, factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person qualifies as an identifier.

Sensitive Personal Data per GDPR 

See the definition in Rec.10, 34, 35, 51; Art.9(1). [Note there are minor clarification edits in the following. Please use the link on the section to read the exact terminology.] “Sensitive Personal Data” are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade- union membership; data concerning health or sex life and sexual orientation; genetic data, or biometric data. Data relating to criminal offenses and convictions are addressed separately (as criminal legislation lies outside the EU’s legislative competence).

Criminal Offences per GDPR 

See the definition in Rec. 19, 50, 73, 80, 91, 97; Art.10 . [Note there are minor clarification edits in the following. Please use the link on the section to read the exact terminology.] National authorities may only process data relating to criminal offenses and convictions. Federal law may provide derogations, subject to suitable safeguards. The responsible governmental authority may only keep a comprehensive register of criminal offenses.

Anonymous per GDPR 

Rec.26 GDPR defines personal data, and its opposite is anonymous data. The GDPR does not apply to data that are rendered anonymous in such a way that it does not identify individuals from the data collected.

Pseudonymous data per GDPR 

The term is defined Rec.26, 28-29, 75, 78, 156; Art.4(5), 6(4)(e), 25(1), 32(1) (a), 40(2)(d), 89(1) [Note there are minor clarification edits in the following. Please use the link on the section to read the exact terminology.] “Pseudonymous data” are still treated as personal data because they enable the identification of individuals (albeit via a key). However, the “key” that allows the re-identification of individuals is kept separate and secure. Consequently, the risks associated with pseudonymous data are likely to be lower. Therefore, the levels of protection required for those data are likely to be less secure.

Processing per GDPR  

The term is defined Art.4(2) “‘Processing’ means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

Controller per GDPR  

The term is defined Art.4(7) [Note there are clarification edits regarding a company outside of the EU or Member State determining a controller in the following. Please use the link on the section to read the exact terminology.] “Controller” means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Subsequently, where EU, Member State laws, or complying companies determine the purposes and means of processing, the controller (or the criteria for nominating the controller) may be designated by those laws.

Processor per GDPR 

The term is defined Art.4(8)“‘Processor’ means a natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.”

The term is defined Rec.32; Art.4(11) [Note there are minor clarification edits in the following. Please use the link on the section to read the exact terminology.] “The consent of the data subject” means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by explicit affirmative action, signifies agreement to processing data personally relating to them.

Data Breach per GDPR 

The term is defined Art.4(12) [Note there are minor clarification edits in the following. Please use the link on the section to read the exact terminology.] “Data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data concerning health per GDPR 

The term is defined Rec. 35, 53-54; Art.4(15)“‘Data concerning health’ means personal data relating to the physical or mental health of an individual, including the provision of health care services, which reveal information about his or her health status. It expressly covers both physical and mental health.”

 

III-A. Informational use of the website or mobile application

Visitors are those who go to the site or download the mobile app for informational reasons, i.e., without registering as a Guest or Provider. Thus, as listed under Section IV, they are not submitting any personal data in any other form. However, we may automatically collect information about visitors or their devices that may contain limited personal data typically anonymous. For example, the industry-wide standard automatically recognized data obtained by our server for it to function are the following:

– The user IP address
– User’s device type, name, and IDs
– Date and time of use
– Content of use
– Information of the user’s browser version
– The user’s screen resolution
– Information on the user’s operating system, including language settings.

Pfetch requires the above to operate our website and mobile app on your specific device, anonymous demographics, and standard identifications used for safety and security.

III-B. Affiliated Organization Use

Unlike other platforms, Pfetch plans to warn members with affiliation identification alerts.  Primarily, this occurs by IP or equivalent method as belonging to an organization or a company. Often, websites and apps record the use of you and your affiliated organization to create usage reports.  Namely, the records may show the organization how much of the goods and services offered are retained by their clients, vendors, or employees. Typically, this information does not contain anything related to a personal login. In contrast, nominated administrators and others under a usage-based access contract agree to share data with their sponsoring organization.

Consequently, if you are an employee-sponsored by your company to offer individual services on our platform, you may need to select this option as a term of your employment.  The difference being, Pfetch Inc.’s goal is to bring the affiliation tracking to each Guest and Provider’s attention.  For example, if you are using your computer at work, signing into websites with a personal email still affiliates you with your employer due to the computer’s IP address.

Automatic processing of personal data from general users follows one of the conditions (b-f ) outlined in GDPR Article 6 Section 1. The section outlines when, for the broad protection of the platform, its consenting Guests and Providers accept the data policies herein and therefore provide processing allowance under GDPR 6.1.(a).

IV. Registration for our services

Access as a Guest or a Provider and other subscription content is provided by but not limited to IP site licenses. Also, access is granted by login via third party federated identity providers, or by a personal account with us. Access to our content may be as a sponsored Provider representing an organization or an institution. For example, a university or a company may sponsor your registration, and they predetermine and have paid for your access method. Therefore, Pfetch, Inc. requires a personal account to be a Guest, even when you are a sponsored Provider. In this manner, you may purchase or retain offerings directly from Pfetch, Inc. Thus, personal services such as the use of the Intelligent Calendar, reports, and alerts will remain private. In other words, without being tracked by your sponsor, unless it is with your explicit permission and consent.

Personal Guest account login will store and process the following:

  • Guests provide their name, user name, email address, and telephone number upon registration and noted in your locked Pfetch profile.
  • Account sign-in function: login and password details.
  • Communications sent by you via email, messaging, Skype/Zoom, website, and mobile VIP Guest, Incognito Guest, or Individual Provider application forms.

Pfetch, Inc. identifies the required information to render services. Furthermore, all other optional information is submitted voluntarily. Subsequently, there is an understanding data is not being shared outside the Pfetch Provider family unless requested otherwise.

Personal data submitted will be used for the following purposes:

  • Identify and welcome returning Guests.
  • Administer Guest and Provider accounts.
  • Administer Provider accounts.
  • Communicate discounts and group purchasing opportunities.
  • Collect behavioral and use data to be shared upon your consent by acceptance of privacy terms of service within the Pfetch family.
  • Represent you as your agent if you wish to receive compensation for your user data to be shared outside the Pfetch family.
  • Facilitate the attendance of a concierge service offering.
  • Manage Provider service description submissions and share data to facilitate their success.
  • Provide access (where appropriate) to other Pfetch, Inc. group content upon request.

Use of Personal Data within the Pfetch family

The free use of personal data for behavioral advertising and profiling occurs within the Pfetch platform. Notably, it is done for the legitimate interest to improve your experience and performance while using the website and mobile application, Article 6.1 sent.1 lit—f GDPR.

The option to use the personal data and contact data you provide by registration to inform you directly about our additional products and services. The use of personal data for direct advertising related products and services within the Pfetch platform is a legitimate interest for us as a provider of this website or mobile app, Article 6.1 sent.1 lit—f GDPR.

Default Policy Excludes Direct Marketing

Due to the general lack of transparency, Pfetch Inc.’s policy is to, as a default, exclude direct marketing outside of the platform. However, exceptions occur when Pfetch Inc. offers for you to opt-in and agree to direct marketing terms of service. For example, to receive exclusive promotions, discounts, and group purchasing deals. Furthermore, you may accept the use of personal data for direct marketing at any time.

We will refrain from any processing to the extent it is related to such purposes. You may opt-in for direct marketing via links in any Pfetch, Inc. communication or user profile pages on the website and mobile application.

If there is an error in our default policy of opting-out or you mistakenly opted-in, please email our Data Protection Officer at dataprotection@pfetchinc.com.

Double Opt-in for Pfetch Invitations

At this time, we plan notification services via email and on our intelligent calendar for both Guests and Providers. Thus, Pfetch sends invitations to accept appointments and reminders to help avoid cancellations.  Importantly, this service utilizes a double-opt-in. In this case, you will receive an email containing a link. Likewise, responding to the link confirms identity and consent alerts and invitations via our email or calendar service.  Nevertheless, you can end this service by opting out via the link provided in each notification email. Without a doubt, Pfetch requires your consent to receive the notification service per Article 6.1 sent.1 lit. a GDPR.

Pseudonymous Registration Data

In general, Pfetch, Inc. keeps registration data until an account holder requests its deletion or removal. Subsequently, if such a request is received, we will erase your data within 30 days. On the other hand, statutory storage obligations or the need for legal actions that may arise from misconduct claims. Therefore, to protect Pfetch users, records of the services and payments may require longer retention of personal data. In this case, we will inform you accordingly. Removal of personal data makes it pseudonymous, and the record of the key is not stored digitally.