Client Data and Privacy: Does PetsApp Own Your Clinic Data?

As more and more clinics switch to a hybrid online-to-offline offering to better serve their clients, fear around access, use and even ownership of private data has understandably also increased. As both service providers and service users it is good practice to maintain a high level of vigilance in protecting both your own privacy and the privacy of others. To address these concerns around client data, privacy, and ownership of clinic data the PetsApp pack have come together to create this easy-read article on client data and privacy to give you full clarity around permissions and data ownership.

What is GDPR?

UK General Data Protection Regulations (GDPR UK) are an important component of UK privacy laws. The data protection act 2018 was set in place to control how personal information is allowed to be used by organisations, businesses and governments. As such everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. These principles make sure that all information is:

  1. Used fairly, lawfully and transparently
  2. Used for specified, explicit purposes
  3. Used in a way that is adequate, relevant and limited to only what is necessary
  4. Accurate and, where necessary, kept up to date
  5. Kept for no longer than is necessary
  6. Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

As within every practice, data collection will precede most if not all clinical activity. As well as logging the medical history, age, breed, sex and ownership of a pet, all veterinary practices will also log personal information on every pet’s owner too. This data is often captured and stored within a clinic’s Practice Information Management System (PIMS) and may include highly sensitive details regarding a client’s personal identity, address and contact details, insurance policies, payment details and preferences.

Do PetsApp Own My Clinic’s Data?

In short, No! Used securely by thousands of vets worldwide, PetsApp syncs with a clinic’s PIMS data in order to offer personalised services including digital payment, SMS messaging, appointment booking, wellness plans and deliveries. However, PetsApp does not own this data and neither should any other third party app or business. The ownership of all data within a PIMS is owned solely by the practice and this is explicitly outlined in PetsApp’s licence agreement, in accordance with the UK data protection act of 2018. From a GDPR perspective PetsApp is simply a data processor, while the clinic is the data controller. It is through your management system that you can contact every one of your clients, via PetsApp, acting at your instruction. PetsApp stores your data in a GDPR compliant manner, until such time as you instruct us to remove it. We are heavily regulated by the ICO and therefore, cannot share your data with any third party whatsoever unless you instruct us to.

Is SMS a GDPR Compliant Form of Communication?

All SMS communication within PetsApp is GDPR UK compliant. That said, SMS is not a mandatory form of communication for practices or pet owners. However, contacting pet owners directly via SMS about the care of their pet falls under the “legitimate interest” category, meaning explicit consent is not required by a practice or clinic if they feel that communication via text is in the interest of the animal under their care. Therefore, each legitimate chat can be continued in the app once the client has downloaded PetsApp. It is also good to note that further steps beyond this are made by PetsApp to maintain both compliance and customer confidence at all times. For example when you start a new SMS chat with a client via PetsApp, that client will automatically receive a welcome message explaining how to "opt out" of ‘text’ messaging, to ensure the service is both GDPR compliant and customised to the needs of the pet owner.

With how our agreements are designed we could not, nor do we wish to dis-intermediate clinics, or use bait and switch tactics. We’re on a mission to keep clinics at the heart of the pet care journey by facilitating them in offering their own joined up offline-to-online experience. But regardless of our will or intent, we are bound by our very transparent agreements.

Why PetsApp Doesn't Share Your Data with Social Media Messaging Services

Part of our rationale around not using social media platforms to facilitate communications, and instead consolidating around SMS and native chat, is because it avoids any incidental “data leakage”, through the related advertising platforms either now or in the future. Part of our continued endeavour to maintain high level compliance and be beyond repute on these issues is to flag and avoid any dangers that could in theory give any unauthorised party indirect access to a clinic's data/metadata. And you need not only take our word for it. Jack Peploe has long forewarned the risks involved when relying on WhatsApp/Meta privacy policies to protect your data from any possible breach.

About PetsApp

PetsApp was founded in 2019 by Will Monk (CTO) and Dr. Thom Jenkins (CEO). PetsApp revolutionises how veterinary teams work in order to improve the quality of life for pets and clinicians alike.

*“Anyone who has a pet will tell you how important the happiness and wellbeing of their animal is, so we made it our mission to support clinics in providing the best care possible. Based on my own in-clinic experience, I wanted to create a tool that would help to enhance the level of care that veterinary teams are able to offer, while alleviating burnout, reducing workload and increasing revenue streams.

I think there’s a lot of fear out there around compliance and I can see why people would be afraid of ‘bait and switch’ as a ‘Trojan horse’ strategy, but apart from that being completely counter to the mission, our agreements explicitly prevent that from ever being an option. At PetsApp we fully support the stringent regulations and mandatory GDPR compliance. I don’t want clients to have to take it on trust that their data is safe, I want them to unequivocally know it.”*

  • Thom Jenkins Co-founder & CEO at PetsApp

We hope you’ve found this article helpful, why not also check out our webinar with Clint Latham, J.D. Director of Luca Veterinary Data Security on Cyber security in veterinary medicine with simple steps on how best to protect your hospital.

Cyber security in veterinary medicine:  Simple steps to protect your hospital

Latest from the blog