EU General Data Protection Regulation (GDPR)
From 25 May 2018 all businesses operating with or within the EU are required to adhere to the GDPR [PDF, 88 pages] if they are processing personal data. It requires businesses to be clear about how they intend to use the information provided by their customers, and to get clear unambiguous consent in this regard. It further requires that such information is available to customers electronically, and strengthens customers' rights about how this data is accessed and maintained.
Does this affect Fido?
Yes, it does. Fido has maintained very high standards with regards to customer data since its launch in 2004, and already complies with the core provisions of the GDPR. In Ireland, dog owners are legally required to supply their details to one of the authorised databases, such as Fido, and this data deserves to be respected and protected. The GDPR specifically includes those who provide data processing for tasks carried out in the public interest or in the exercise of official authority. As a government-approved database providing a public service and facilitating legal Regulations, Fido must comply with the GDPR where applicable. In line with the GDPR, Fido will continue to uphold its high standards, including those already enshrined in Irish legal instruments. Here is how your data is treated:
- According to the GDPR, the right to the protection of personal data must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. [EU2016/679(4)] Fido records only the basic information associated with a pet and certain details that are either required by law or otherwise appropriate in order to enable reunification of a pet with its owner. The information comprises the chip ID, a description of your pet, and your contact details.
- Fido clearly describes the information it seeks and asks for your consent to record the information for legitimate purposes only.
- If any information is to be shared with another party, Fido is very clear about this when requesting the information and clearly seeks your consent.
- As a government-approved database, Fido makes certain data available to specific parties (such as animal welfare personnel) subject to them providing proper identification, and in accordance with applicable Regulations. The recorded information is not available to the public.
- Fido carefully monitors access to the recorded data and uses secure systems to protect the integrity and privacy of the information in its Registry.
- Fido provides you with access to the registered information, and in the case of dogs will also supply official Certificates to confirm the legally required information held by Fido.
- Fido allows you to refresh your data at any time. For dogs, the law requires you to follow certain procedures first, often involving a vet, and Fido will facilitate the process. If Fido is alerted to input errors caused by Fido, then Fido will correct them quickly without fuss or fee.
- As a Fido customer, your pet's chip could be registered and then you might never interact with Fido again. This would be a fairly normal situation but Fido cannot be expected to keep the data on file forever. Instead, Fido reserves the right to remove the data at some time in the future when it would be reasonable to assume the data is no longer serving any purpose, such as when the age is far beyond the life expectancy of the breed. This is consistent with expectations expressed in the GDPR. You can inform Fido that you have taken your dog out of the jurisdiction, and at your request Fido will remove the chip from the live Registry.
- Fido can only legally remove a dog registration if the dog is deceased, has left the jurisdiction or you are moving the data to another government-approved database within the jurisdiction.
- If Fido records a change of ownership, the previous owner contact details will no longer be available through the live Registry. Historical records, including those governed by the applicable Regulations, are only available to appropriate administrative or legal authorities in a manner consistent with Regulations.
- Separate from the live registry, Fido maintains an audit of interaction with the service for historical, statistical and performance monitoring. This is not available outside of the administrative function of Fido and will require legal grounds for access by others (e.g. a Court Order).
Some of Fido's operations involve third-party services.
These services must act in a manner that is consistent with Fido's obligations to registrants and users, and must adhere to the GDPR.
Specifically, these services are:
- Stripe: provides a secure online payment service to enable Fido obtain fees for registration and related services. (See their policy.)
- Google Analytics: provides a means of monitoring the usage of pages on the Fido site, to identify performance or operational issues and ensure a high quality service to users. (See their statement.)
- Fido has sponsors and service providers but cannot make statements regarding their security/privacy policies. You are referred to their respective Web sites for details on their policies. Unless data is already intentionally public (e.g. EPN chip status information), or is a specific requirement of the provided service (e.g. payment invoice data) Fido does not share collected personal data with sponsors or service providers.