GDPR Privacy Notice

Last updated: 27.04.2026

Last updated: 27.04.2026

1. Data Controller

This Privacy Notice has been prepared by Wuffi Pet in its capacity as Data Controller under Law No. 6698 (KVKK / Turkish Data Protection Law) and Law No. 5651.

Data Controller: Wuffi Pet
Contact: info@wuffi.pet
Address: Istanbul, Turkey

2. What Personal Data Do We Process?

  • Identity Information: First name, last name, username
  • Contact Information: Email, phone, address, city
  • Account Information: Password (hashed), login dates, IP address
  • Pet Information: Pet name, species, breed, date of birth, photo, health records
  • Transaction Information: Appointment, order, message and review history
  • Location Information: Province/district (only for service matching)
  • Cookies and Marketing: Behavioral analytics data (anonymized)

3. For What Purposes Is Your Data Processed?

  • Membership and account management
  • Service delivery, matching and communication
  • Legal obligations (KVKK, Law No. 5651, e-commerce regulations)
  • Customer experience and user support
  • Marketing and promotional notifications (only with explicit consent)
  • Site security and fraud prevention

4. With Whom Is Your Data Shared?

Your personal data is never sold. It is only shared with the following parties to the extent necessary:

  • Business partners: When you request a service, only your name and contact details are shared with the relevant vet/business
  • Hosting provider: GoDaddy (under contract, KVKK compliant)
  • Legal authorities: Pursuant to a court order or legal obligation
  • Payment processors: Certified payment services such as Iyzico and PayTR (PCI-DSS compliant)

5. Is Your Data Transferred Abroad?

As part of our use of cloud services (CDN, email), data may be processed in EU and US data centers. All transfers are protected by Standard Contractual Clauses (SCC). Sensitive pet health data is kept within Turkey.

6. Your Rights Under KVKK Article 11

You have the following rights:

  • To learn whether your personal data is being processed
  • To request information if it has been processed
  • To learn the purpose of processing and whether it is used in line with that purpose
  • To request correction if processed incompletely or incorrectly
  • To request deletion or destruction under KVKK Article 7
  • To request that third parties to whom data has been transferred be notified
  • To object to outcomes of automated systems that work against you
  • To request compensation for damages caused by unlawful processing

Submitting a Request

To exercise the rights listed above, you may submit a written request to kvkk@wuffi.pet. Requests are answered free of charge within 30 days.

7. Data Retention Period

  • Active account data: as long as the account is active + the legal retention period (10 years)
  • After account deletion: 6 months for identity verification, then anonymized
  • Order and invoice records: 5 years under the Tax Procedure Law
  • Cookies and analytics: 26 months

8. Security Measures

  • Passwords are hashed with bcrypt (never stored in plain text)
  • All traffic is encrypted with HTTPS/TLS
  • Regular security audits are conducted
  • In the event of a data breach, the Data Protection Authority is notified within 72 hours

9. Changes

This notice is updated as needed. Significant changes are announced by email or site notification.

Last updated: 27.04.2026