Cat hotel

Privacy Policy

Privacy policy

Macrory OÜ PRIVACY POLICY

 

This privacy policy (Privacy Policy) describes how Macrory OÜ (we) processes personal data. Our goal is to protect the privacy of data subjects (you) by complying with applicable data protection regulations. Please read the Privacy Policy carefully, as it contains important information about the processing of your personal data. The Privacy Policy applies to all our services and online activities where personal data is processed; this includes, among other things, the processing related to our website and social media. If you need additional information or have questions about our Privacy Policy, please feel free to contact us.

1. TERMS
Here you will find the terms frequently used in the Privacy Policy. The terms are defined in this section of the Privacy Policy or in the body text.
1.1 Data protection terms have the same meaning as defined here or in the General Data Protection Regulation (2016/679) (GDPR).
1.2 Data Subject – a natural person about whom we have information that can be used to identify the natural person.
1.3 Client – a legal or natural person who uses our services or products.
1.4 Cookies – data files stored on visitors’ devices based on choices made while using the website. More information about the use of Cookies can be found through the Cookie solution on our website.
1.5 Contract – any agreement entered into between us and the Client or another data subject.
1.6 Service(s) – the veterinary services and related services and products (if any) provided by us.
1.7 Usage Data – data about the use of our Service and website, including technical information about the device used, browser information, IP address, viewed pages, visit time and date, time spent on those pages, unique device identifiers, and other diagnostic data and logs.
1.8 Visitor – a person who visits our website.
1.9 Website – our website, accessible at https://nordicvet.ee, including all its subdomains and our social media pages (if applicable).

2. GENERAL INFORMATION AND CONTACT DETAILS
Here you will find information about when the Privacy Policy applies, who we are, and how to contact us.
2.1 About Us. We are Macrory OÜ, with registry code 16863447, operating address Tiigrisilma, Vilivere village, Rapla County, email info@macrory.ee. Macrory OÜ is a cattery and cat hotel operating in Vilivere.
2.2 Data Protection Contacts. If you have questions about the processing of personal data, please write to us at info@macrory.ee.
2.3 About the Privacy Policy. The Privacy Policy applies to all personal data processing carried out by us. We reserve the right to unilaterally amend the Privacy Policy. We will inform the Data Subject of all significant changes via the Website or by other means.

2.4 Status as Controller and Processor. We are the controller of personal data when we process the data of our individual Clients or the personal data of our Clients’ employees and representatives in connection with the provision of our Service(s) (e.g., when booking appointments, performing accounting activities, or engaging in client communication). We are also the controller for the processing of our employees’ data.
2.5 Our data processing supervisory authority is the Estonian Data Protection Inspectorate https://www.aki.ee/en.
2.6 Other links/applications, etc. Please note that links on our Website may lead to websites governed by the specific privacy terms of those service providers, not this Privacy Policy. We are not responsible for the content published on other websites. Your personal data on our social media channels is processed by the respective platform providers in accordance with the privacy terms of those platforms.

3. PERSONAL DATA PROCESSING PRINCIPLES
Here you will find the principles we always follow when processing your personal data.
3.1 Compliance and Purpose. Our goal is to process personal data responsibly, ensuring we can demonstrate that the processing of personal data complies with the set purposes and applicable law.
3.2 Principles. All our processes, guidelines, and activities related to personal data processing are based on the following principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and data protection by design and by default.

4. INFORMATION WE PROCESS
Here you will find the categories of Data Subjects and the personal data we process.
4.1 Categories of Data Subjects. Generally, we may process the personal data of the following categories of Data Subjects:
(a) our Client (if an individual);
(b) representatives and employees of our Client;
(c) representatives of our business partners;
(d) our employees or contractors;
(e) Website Visitors;
(f) our Client’s customers and other Data Subjects.
4.2 Collection of Personal Data. We collect personal data from the following sources:
(a) Personal data provided by the Data Subject – typically including name, contact details, email address, or other data sent to us via social media or made available by the Data Subject;
(b) personal data arising from ordinary communication between us and the Data Subject, e.g., correspondence related to Service(s);
(c) personal data resulting from the consumption and use of Service(s);
(d) personal data resulting from visiting and using the Website;
(e) personal data disclosed by the Client when using our Service;
(f) personal data generated and combined by us (e.g., consultation times; correspondence in the context of client relationships).
4.3 Detailed Information on Processed Personal Data. As a controller, we primarily process the following personal data:

(a) Regarding Visitors – data collected during the use of the website, i.e., through Cookies (if enabled) and Usage Data (if applicable) – information available in the Cookie solution;
(b) Identification data of our Client (if an individual) or their representatives – name, personal identification code, address, phone number, email;
(c) Contact details of the Client and their representatives – email address, phone number, address;
(d) Communication and Service usage data of Clients and their representatives – communication with us (text messages, chats, calls, chat) and Service usage data (generally information about the purchase, service name, and amount), as well as Usage Data;
(e) The client and representatives in video recordings (if any), for example, when they visit our premises (captured on security camera footage);
(f) Payment and payment behavior data of the Client (if an individual) – payment and claim data collected during accounting;
(g) Other data of Clients and representatives – for example, compliments, complaints, and data submitted as feedback in satisfaction surveys;
(h) Personal data of employees upon entering into an employment contract, during its fulfillment, and based on our legitimate interest (we process, for example: full name, personal identification code, position, salary, and other payment data). More detailed information is disclosed to employees in internal company documents.
Please note that pet treatment and pet data are not directly personal data (however, information indicating that a Data Subject uses a specific service of ours, etc., may be considered personal data). We are obligated to process certain treatment and other veterinary service-related data in accordance with applicable laws (e.g., the Veterinary Act).

If you would like more detailed information about the processing of your personal data, please contact us at the email provided in section 2.2.

5. GENERAL PURPOSES, LEGAL BASES, AND PROCESSING ACTIVITIES
Here you will find information about the purposes and legal bases for processing your personal data.
5.1 Consent. Based on consent, we process personal data strictly within the limits, scope, and purposes for which the Data Subject has given their consent. The Data Subject’s consent must be freely given, specific, informed, and unambiguous (e.g., ticking a box on the Website). Please note that you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
5.2 Contract Conclusion and Performance. When concluding and performing a contract, we may process personal data for the following purposes:

(a) taking measures prior to concluding a contract, which are necessary for entering into the contract or requested by the Data Subject (e.g., using data specified in sections 4.3(b), c, and d);
(b) verifying your identity to the extent necessary for concluding and performing the contract or enabling the use of our Service (e.g., using data specified in sections 4.3(b), c, and d);
(c) fulfilling obligations undertaken (e.g., invoicing) (e.g., using data specified in sections 4.3(b), c, d, and f);
(d) communicating with you, including sending information and reminders regarding contract performance or Service usage (e.g., using data specified in sections 4.3(b), c, d, and f);
(e) protection of rights and claims (depending on the data, all collected data may be used);
(f) identification, prevention, and resolution of technical issues (depending on the issue, all collected data may be processed);
(g) provision of customer support (primarily using data specified in sections 4.3(b), c, d, and f);
(h) provision and maintenance of our Service, including monitoring the use of our Website (primarily using data from sections 4.3(a), d, and g, but all data may be processed if necessary);
(i) notifying you of changes to our Service or sending other contract/Service-related notifications (primarily using data specified in sections 4.3(b) and c).

Please note that the specific purpose and legal bases may also be defined in the terms and/or Contract. Additionally, if necessary for contract performance, certain Service-related data may be transferred to another animal clinic or related institution (e.g., if the pet’s primary veterinarian is at another clinic and a specific examination is ordered from us).
5.3 Organization of Training. When we organize various trainings and events, processing participants’ personal data is necessary for their organization and execution. For training purposes, we collect the participant’s name, email, clinic (including license number), position, registration, and participation details; for paid trainings, payment and payer information is also collected. These personal data are necessary to conduct the training requested by the participant (Data Subject) (processing is based on the necessity for entering into a contract).
5.4 Legal Obligation. We process personal data to fulfill legal obligations in accordance with the law and to the extent stipulated by law, such as the obligation to retain accounting documents under the Accounting Act; processing due to obligations arising from the Veterinary Act or other applicable regulations concerning animal treatment, welfare, etc.
5.5 Legitimate Interest. Our legitimate interest refers to our interest in managing or directing our activities and enabling us to provide the best possible Service. When we rely on legitimate interest, we have previously assessed our interests against yours. You have the right to request the assessment related to the processing of your personal data by writing to info@macrory.ee. We may process your personal data (excluding special categories of personal data) based on legitimate interest for the following purposes:

(a) development of our Services and Website (primarily anonymously; however, depending on the situation, we may process all personal data);
(b) ensuring a better customer/user experience to provide a higher quality Service; we may monitor the use of our Service and Website, analyze identifiers and personal data collected from the use of our Website, Service, social media pages, and other sales channels, and collect statistics about Clients and Visitors; Usage Data may also be processed;
(c) conducting satisfaction surveys and measuring the effectiveness of marketing activities (using contact details and general Service usage data);
(d) recording and logging; we may record messages and orders transmitted both on our premises and through communication channels (email, etc.), as well as information provided by us and other activities. If necessary, we use these recordings for evidence and to protect/assert claims;
(e) technical and cybersecurity-related reasons, e.g., measures to combat piracy and ensure Website security, as well as for creating and maintaining backups and preventing/resolving technical issues (depending on the issue, all data may be processed);
(f) processing for organizational purposes, primarily for managing and processing personal data for internal management purposes (as well as for audits and other potential oversight) (primarily general Service usage and Client contact details);
(g) processing in the context of business transactions, e.g., mergers, acquisitions, or similar, where our company or part of it is sold, and processing certain personal data is necessary for preparing and executing the transaction (primarily general Client information, accounting data);
(h) preparing, asserting, or defending legal claims, including assigning claims to, for example, collection service providers or using legal advisors (depending on the claim/issue, all data may be processed).
5.6 New Purpose. If personal data is processed for a purpose other than that for which it was originally collected, or if it is not based on the Data Subject’s consent, we carefully assess the permissibility of such new processing. To determine whether processing for a new purpose is compatible with the original purpose for which the personal data was collected, we take into account, among other things:
(a) any connection between the purposes for which the personal data was collected and the purposes of the intended further processing;
(b) the context in which the personal data was collected, particularly in relation to the relationship between the Data Subject and us;
(c) the nature of the personal data, particularly whether special categories of personal data or personal data related to criminal convictions and offenses are processed;
(d) the possible consequences of the intended further processing for Data Subjects;
(e) the existence of appropriate safeguards, which may include encryption or pseudonymization.

6. PERSONAL DATA TRANSFER AND AUTHORIZED PROCESSING
Here you will find information about the transfer and authorized processing of personal data.
6.1 Use of Business Partners. We collaborate with individuals to whom we may transfer data concerning Data Subjects (including personal data) within the framework and purpose of the collaboration. We may have various relationships with these business partners, such as controller, processor, and sub-processor relationships. When transferring personal data to third parties (generally our business partners), we comply with applicable data protection requirements.
6.2 Requirements for Our Business Partners Acting as Our Processors. Such third parties may include, among others:

(a) advertising and marketing partners (primarily cookie information, contact details);
(b) IT partners, i.e., providers of various technical services (depending on the service, access to all data we hold may be possible);
(c) software for booking appointments and/or registering for and offering trainings (primarily name, contact details, appointment time, training registration fact);
(d) various consultants (depending on the service, information necessary for providing the service);
(e) debt collection agencies (if we have assigned our claim or delegated collection to them; generally name, contact details, outstanding amount, and, as needed, contract conclusion information);
provided that the relevant purpose and processing are lawful, and personal data is processed in accordance with the controller’s instructions and a valid contract.

If you would like more information about the business partners and processors we use, please write to us at info@macrory.ee.

6.3 Other Transfers. In other cases, we may transfer your personal data to third parties provided there is a legal basis for such transfer, e.g., your consent or a legal obligation. Generally, these are separate data controllers. Such parties may include:

6.3.1 Other clinics, treating veterinarians, veterinary specialists, laboratories, and animal healthcare service providers and institutions (name, contact details, service usage information – i.e., when necessary in connection with the animal’s treatment or welfare);
6.3.2 Agriculture and Food Board – we are required to provide information to them due to legal obligations and to the extent necessary;
6.3.3 Insurance companies and other professional and legal advisors (depending on the service, all personal data may be transferred);
6.3.4 Public authorities and investigative bodies – in certain cases, we may be required to disclose your personal data if mandated by law or if public sector authorities submit a valid request. We always assess the lawfulness of information requests before disclosing personal data; or disclosure is necessary to protect or assert our rights or those of a third party;
6.3.5 (Potential) transaction parties and their advisors – if our company is involved in a merger, acquisition, or asset sale, your personal data may be transferred.

6.4 Transfer Outside the European Economic Area (EEA). Generally, we process personal data within the EEA. Our business partners or authorized processors may transfer personal data outside the EEA when providing or using certain services. Such transfers are initiated only if the requirements set out in Chapter V of the General Data Protection Regulation are met, e.g., an adequacy decision (GDPR Article 45) or EU standard contractual clauses* (GDPR Article 46), or if the company is listed in the new EU-US Data Privacy Framework**. When we transfer your personal data outside the EEA, it is generally to countries with adequate protection***. We take reasonable measures to ensure the security of your data and their processing in accordance with this Privacy Policy, and we ensure that your personal data is not transferred to any organization or country without adequate safeguards, including for the protection of your personal data.
*The texts of the EU standard contractual clauses can be found here. The Data Subject has the right to view the standard clauses used for the processing of their personal data (if applicable); for this, please write to us at info@sakuloomakliinik.ee.
** Data-Privacy Framework list can be found here.
***The European Commission has recognized adequate protection for the countries listed here.

7. PERSONAL DATA RETENTION AND SECURITY
Here you will find a description of how we protect your personal data and how long we retain it.
7.1 Retention. We adhere to the purpose of processing, the limitation periods for potential claims, and statutory retention periods when retaining personal data. We retain personal data for as long as necessary based on the purpose of processing. Client data is generally retained for the duration of the Contract and for an additional 3 years to protect against potential claims. Certain personal data is retained in accordance with applicable legal requirements, e.g., accounting data for 7 years and employment contract data for 10 years. Personal data whose retention period has expired is destroyed or anonymized.
7.2 Security Measures. We have established guidelines and procedures to ensure the security of personal data through both organizational and technical measures. Among other things, we take the following steps to ensure security and confidentiality:
(a) use secure access systems;
(b) process personal data provided to us only for the purpose and to the extent necessary for providing Services, managing the Website, and other purposes specified in this Privacy Policy.
(c) use software solutions that help ensure a level of security compliant with industry standards.
7.3 Incident. In the event of a personal data incident, we do our best to mitigate the consequences and reduce such risks in the future. We comply with the notification requirements of the General Data Protection Regulation.

8. DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION
Here you can read about your rights related to your personal data.

8.1 We aim to ensure that you are fully aware of all your rights. Data Subjects have the following rights (subject to certain conditions being met):
(a) Right to access personal data – you have the right to access your personal data and request a copy of it.
(b) Right to rectification – you have the right to request that we correct inaccurate or incorrect data.
(c) Right to erasure – you have the right, under certain conditions (e.g., if we process your personal data based on your consent), to request that we delete your personal data.
(d) Right to restrict processing – you have the right, under certain conditions (e.g., if we process your personal data based on your consent), to request that we restrict the processing of your personal data.
(e) Right to object to processing – you have the right, under certain conditions (e.g., if we process your personal data based on legitimate interest), to object to the processing of your personal data.
(f) Right to data portability – you have the right, under certain conditions, to request that we transfer the collected data to another organization or directly to you.
(g) Rights related to consent – if we process your personal data based on consent, you have the right to withdraw your consent at any time (e.g., via an unsubscribe link or by email). Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
(h) Rights related to legitimate interest – if we process your personal data based on legitimate interest, you have the right to review the legitimate interest assessment related to the processing of your personal data. To do so, please write to us at info@macrory.ee.
(i) Rights related to automated processing and profiling – this means that the Data Subject has the right, based on their specific situation, to object at any time to the processing of their personal data based on automated decisions/profiling and to request human intervention. The Data Subject may also request an explanation of the logic behind automated decision-making. For clarity: we do not use such automated processing (or artificial intelligence) or profiling that significantly affects the Data Subject or their rights.
(j) Right to lodge a complaint – you have the right to lodge a complaint with us, a supervisory authority, or a court if you believe that your rights related to the processing of your personal data have been violated. To resolve the issue, we kindly ask you to first contact us. If necessary, the contact details of our data protection supervisory authority (Estonian Data Protection Inspectorate) can be found here: https://www.aki.ee/en/inspectorate-contacts/staff-contacts. If you are a Data Subject from another EEA country, you have the right to lodge a complaint with the supervisory authority in your country of residence. Contact details for other EU data protection supervisory authorities can be found here.

8.2 Responses and Additional Information. If you submit a request related to the processing of personal data, we have one month to respond to you. If you wish to exercise any of these rights or need additional information about your rights, please contact us. Please note that we may need to verify your identity before granting access to personal data-related rights.

9. CHILDREN’S DATA
9.1 As the data controller, we do not knowingly collect personal data from children under 18 years of age. If children’s data is processed in exceptional cases, it is done with the permission of a guardian or parent.

Macrory cattery
Contact us

Karin Roth, DVM
Telephone: +372 5646 0236
E-mail: info@macrory.ee

Address: Vilivere village, Kohila rural municipality, Raplamaa county

Instagram Facebook-f

Macrory OÜ 2025