English
Introduction
Wuuff Inc. (hereinafter referred to as Wuuff or Data Controller), in accordance with the relevant legislation – in particular Regulation (EU) 2016/679 (hereinafter referred to as the Regulation) – and its own data protection policies, aims to inform its customers through this document about data processing related to the wuuff.dog website.
Wuuff is committed to protecting your personal data and recognizes the importance of handling it responsibly. Below, we summarize how Wuuff collects, uses, and protects your personal data and what rights you have in this regard.
This notice contains information exclusively regarding specific data processing activities and does not cover all activities of the Data Controller.
1. The Data Controller
Name of the Data Controller: Wuuff, Inc.
Headquarters of the Data Controller: 7901 4th St N STE 300, Saint Petersburg FL 33702, United States of America
Tax number of the Data Controller: 83-3274009
Phone number of the Data Controller: +1 727 495-6925
Email address for data processing matters: privacy@wuuff.dog
Your data is processed by Wuuff Inc.
Contact details: Headquarters: 7901 4th St N STE 300, Saint Petersburg FL 33702, United States of America, privacy@wuuff.dog, website: wuuff.dog
The Data Controller is a business entity registered in the United States. While performing its activities, the Data Controller processes personal data of data subjects located in the European Union, therefore it applies the rules of the Regulation to all of its data processing activities.
In accordance with Article 27 of the Regulation, the Data Controller appoints a representative in the EU who is authorized to act on behalf of or alongside the controller in all matters related to data processing to ensure compliance with the Regulation—particularly regarding inquiries from supervisory authorities and data subjects.
EU representative of the Data Controller: Sandor Fagyal; contact: help@wuuff.dog, +36 70 944-8684
In the course of its data processing activities, the Data Controller also transfers data to recipients located outside the EEA and processes data partly in third countries outside the EEA in connection with the provision of services. A part of the data processing is carried out at its registered office in the United States.
For specific data processing activities, the Data Controller informs data subjects of data transfers to third countries outside the EEA. We kindly ask data subjects to decide on the provision of their data with this information in mind.
2. Description of Data Processing Activities
1. Requesting Information, Contacting Us, Requesting an Offer
Scope of data processed
Name and contact information of the data subject (phone number, email address)
Purpose of data processing
To maintain contact with potential customers, respond to inquiries, and provide quotations.
Legal basis for processing
Regulation Article 6(1)(a) – Consent of the data subject. The data subject acknowledges that the Data Controller processes the data provided during contact for the purpose of responding, and consents to this data processing. The Data Controller will provide the requested information or offer. Data will be deleted 6 months after the end of communication (retention period).
Recipients of data
Employees of the Data Controller within the scope of their duties.
If contact occurs online, the Data Controller uses an IT service provider as a data processor.
Duration of processing
Until the consent is withdrawn, or 6 months after the end of the communication, whichever comes first.
2. Customer Registration
Interested parties can register on the Data Controller’s website by providing their data. By doing so, they consent to their data being processed by a provider located outside the EEA. If data subjects do not agree to data processing outside the EEA, they are asked not to provide their data.
Scope of data processed
Mandatory data: name, email address, password
Optional data: phone number, profile picture
Purpose of data processing
Providing convenience features on the website (e.g., simplified search, contact with breeders)
Legal basis for processing
Regulation Article 6(1)(a) and Article 49(1)(a) – Consent of the data subject
Recipients of data
Employees of the Data Controller within the scope of their duties.
If contact occurs online, the Data Controller uses an IT service provider as a data processor.
Duration of processing
Upon termination of registration (which constitutes withdrawal of consent), data will be deleted immediately, but no later than within 15 days.
3. Breeder Registration
Breeders may register on the Data Controller’s website by providing their data. By doing so, they consent to their data being processed by a provider located outside the EEA. If data subjects do not agree to data processing outside the EEA, they are asked not to provide their data.
Scope of data processed
Mandatory data: name, email address, password
Optional data: phone number, profile picture, kennel-related information
Purpose of data processing
Providing convenience features on the website (e.g., publishing certain breeder data for interested users)
Legal basis for processing
Regulation Article 6(1)(a) and Article 49(1)(a) – Consent of the data subject
Recipients of data
Employees of the Data Controller within the scope of their duties.
If contact occurs online, the Data Controller uses an IT service provider as a data processor.
The Data Controller publishes individual data of registered and verified breeders (e.g., kennel name, city) on the website to allow potential customers to get to know the breeder.
Duration of processing
Upon termination of registration (which constitutes withdrawal of consent), data will be deleted immediately, but no later than within 15 days.
4. Use of Services
The Data Controller necessarily processes data of breeders using advertising services in order to issue invoices related to the service.
Scope of data processed
Breeder’s name and contact information (e.g., email address)
Billing name, billing address, and other mandatory invoice elements as required by law
Purpose of data processing
Issuing and sending invoices to the data subject.
Legal basis for processing
Regulation Article 6(1)(b) and Article 49(1)(b) – Fulfillment of the service contract in the Terms of Service
Regulation Article 6(1)(c) – Compliance with accounting laws (VAT Act §169, Accounting Act §§167, 169)
Recipients of data
Employees of the Data Controller within the scope of their duties.
If contact occurs online, the Data Controller uses an IT service provider as a data processor.
Duration of processing
Contracts and invoices are stored for 8 years. Supporting documents that are part of the general ledger are stored for 10 years.
5. Puppy Alert Service
The Data Controller offers a free Puppy Alert service for interested individuals. The service can be used by providing personal data and consenting to data processing.
Scope of data processed
Name and contact information of the data subject
Purpose of data processing
To notify the data subject if a puppy matching their interest appears in the system.
Legal basis for processing
Regulation Article 6(1)(a) – Consent of the data subject.
Recipients of data
Employees of the Data Controller within the scope of their duties.
Duration of processing
Until the consent is withdrawn or the purpose of processing is achieved, whichever comes first.
6. Newsletter Subscription
The Data Controller offers a newsletter service to clients and potential clients interested in its services. Subscription is done by providing personal data and consenting to data processing. Data subjects can unsubscribe anytime via the “unsubscribe” link at the bottom of the email or by sending an email to privacy@wuuff.dog.
Scope of data processed
Name and contact information of the data subject
Purpose of data processing
To send information related to the services of the Data Controller to newsletter subscribers.
Legal basis for processing
Regulation Article 6(1)(a) – Consent of the data subject. Consent is provided during newsletter subscription.
The Data Controller deletes the data subject's data immediately upon unsubscribing, but no later than within 15 days.
Recipients of data
Employees of the Data Controller within the scope of their duties.
For newsletter delivery and subscriber list management, we use the services of Sales Autopilot LLC (registered office: 1024 Budapest, Margit krt. 31–33, mezzanine 4–5.) as data processor.
Duration of processing
Until the consent is withdrawn (unsubscribe), or the purpose of processing is achieved, whichever comes first.
7. Complaint Management
In compliance with legal obligations, the Data Controller ensures the right to lodge complaints for its customers and other interested parties. Complaints can be submitted orally or in writing using any of the Controller’s contact methods. In the case of oral complaints, a report is prepared. The Data Controller processes and addresses the complaint promptly. It maintains a register of complaints.
Scope of data processed
Name and address of the complainant, location, time and method of complaint submission, detailed description of the complaint, attached documents, the Data Controller’s statement regarding the complaint, signatures of both the recorder and complainant (except for telephone or other electronic complaints), location and time of the report, complaint reference number
Purpose of data processing
Ensuring the right to complain against objectionable conduct, documenting the complaint in accordance with the law, and resolving the complaint
Legal basis for processing
Regulation Article 6(1)(c) – Legal obligation (Act CLV of 1997 on Consumer Protection, §17/A)
Recipients of data
Employees of the Data Controller within the scope of their duties.
Data may be transferred to consumer protection authorities in accordance with legal obligations.
Duration of processing
3 years due to statutory requirements.
8. Processing Contact Persons’ Data of Partners
During its cooperation with contractual partners and clients, the Data Controller processes the contact and representative data of such partners, which may include personal data (e.g., name, email address, phone number).
Scope of data processed
Name and contact details (phone number, email address) of the contact person or representative
Purpose of data processing
To ensure effective cooperation with contractual partners and clients
Legal basis for processing
Regulation Article 6(1)(f) – Legitimate interest of the Data Controller to ensure smooth and continuous business relations
Recipients of data
Employees of the Data Controller within the scope of their duties.
Duration of processing
Until June 30 of the calendar year following the end of the cooperation or contractual relationship (document destruction deadline).
9. Cookie Management
Cookies are pieces of information some websites store on the browsing device for tracking purposes. Their use facilitates easier browsing (e.g., storing passwords, shopping lists, personal settings, or avoiding repetitive ads). Cookie usage is widely considered an industry standard.
Our website uses cookies to improve user experience by recognizing returning visitors.
Browsers typically accept cookies by default, but users may modify their browser settings to reject them. Note that disabling cookies may impair website functionality.
10. Advertising and Analytics
This website uses Google Analytics and Google AdWords services.
Google Analytics:
This service sends traffic data to Google servers in the United States. Google Analytics does not identify individual users and does not associate your IP address with any other data stored by Google. Wuuff uses the reports provided by Google to understand website traffic and usage.
If you do not wish to be tracked by Google Analytics, you can download a browser add-on provided by Google.
Google AdWords:
Some pages use free conversion tracking. When you contact us online, a code on the landing page helps us understand how you reached us. Google complies with EU privacy standards via the Privacy Shield Framework.
Hotjar:
To better understand user needs and optimize our service, we use Hotjar. This tool analyzes visitor behavior (e.g., time spent on pages, clicked links). Hotjar uses cookies and technologies to collect data, including anonymized IP addresses, screen size, browser info, geographical location (country only), and preferred language. These are stored in pseudonymized profiles and are not used to identify individuals. Opt-out options are available.
Facebook Pixel:
Our website uses Facebook "visitor action pixels" to track user behavior after clicking on Facebook ads. This helps us measure ad performance. These data are anonymous for us but may be stored and used by Facebook per its Data Policy.
If you wish to prevent Facebook Pixel from collecting data or displaying Facebook ads based on your data, more information is available [on Facebook].
Facebook also adheres to the Privacy Shield Framework, ensuring compliance with EU privacy laws.
3. Data Sharing with Third Parties
Some features and services require us to share data with other users or per your request. We may also share your data with trusted external service providers for analytics, processing, storage, or newsletter purposes. These providers are carefully selected and must meet strict data protection standards.
We do not share personal data with third parties without your explicit consent unless required by law, during official procedures, or if we use subcontractors (e.g., accounting, courier, postal services) to fulfill contracts. In such cases, subcontractors are contractually bound to use the data solely to fulfill the contract and are not permitted to retain or share it further.
EU-Based Data Processors
Non-EU Data Processors
In accordance with business practices, we use services operated by non-EEA companies. Therefore, data may be transferred outside the EEA (e.g., Microsoft Office tools or LinkedIn to the USA). We continuously verify that these services meet data protection standards (e.g., participation in the EU-US Privacy Framework). We only work with providers offering sufficient guarantees of data protection compliance.
No personal data will be transferred to third countries without the data subject’s explicit consent, as per Article 49 of the Regulation.
All non-EU data processors comply with the EU–US and US–Swiss Privacy Shield Framework for handling, using, and retaining personal data.
Examples:
- Google – Privacy Shield Framework
- ManyChat
- Facebook – Privacy Shield Framework
- Amazon Web Services – Privacy Shield Framework
- ActiveCampaign – Privacy Shield Framework
- Cloudinary – Privacy Shield Framework
4. Data Security Measures
The Customer Database is stored on the Data Controller’s computers or cloud storage services of data processors.
We use IT systems selected by the Data Controller and processors to manage, process, and protect the data. These ensure that only authorized personnel can access or modify data. The technology used guarantees the integrity and security of data throughout processing.
Please note that electronic communications over the internet may be vulnerable to threats, including fraud, data interception, or modification.
5. Your Rights
Your rights are defined by the Regulation and include:
- The right to request access to, rectification, or erasure of your personal data
- The right to restrict processing and object to processing
- The right to data portability
Where data is processed based on consent, you may withdraw your consent at any time without justification. This does not affect the legality of processing before withdrawal.
You can exercise your rights by contacting the Data Controller or its EU representative via the above contact details. We will respond in writing as soon as possible but no later than within one month.
If you believe your rights have been violated, you may submit a complaint to the Hungarian Data Protection Authority:
Address: 1055 Budapest, Falk Miksa utca 9–11.
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
You may also initiate court proceedings. Cases fall under the jurisdiction of the regional courts. You may bring the case before the court of your residence.
List of courts: http://birosag.hu/torvenyszekek
For more information, please contact the Data Controller via the contact information provided above.
Budapest, May 31, 2025
