Privacy Policy and Data Protection (GDPR) — Lumea Blănosilor Platform
Last updated: 06/07/2026
Preamble
We, NEXTERAWEB ONLINE SRL (NEXTERAWEB™), as data controller, are committed to protecting the privacy and security of personal data of all Lumea Blănoșilor platform users (pet owners and service providers). This policy explains what data we collect, how we use it, and how we keep it secure, in accordance with Regulation (EU) 2016/679 (GDPR).
Data controller: NEXTERAWEB ONLINE SRL, tax ID RO54742009, Trade Reg. J2026033574006, registered office: Str. Verzisori, nr. 6, bl. D, ap. B118, București, Sector 4. Contact: contact.nexteraweb@gmail.com. Phone: +40 753 606 959.
GDPR requests: contact.nexteraweb@gmail.com. Phone: +40 753 606 959.
1. What personal data do we collect?
To provide Lumea Blănosilor platform services, we collect the following categories:
For Clients (pet owners): name, email, phone number, location (city and, only if you allow it in the browser, temporary GPS coordinates for Urgentă Blănoș), pet details (name, breed, age, sex, neuter status, size, allergies, vaccinations, behaviour profile, care rules/notes, distinctive marks), optional messages to providers, booking request history (including fixed snapshots at send time, visit summary entered by the Provider on completion), veterinary consultation history (medical record — cloud read only on Family/Pack), Lost Blănos sighting reports, optional insurance partner link clicks, reviews (rating, comment, fixed publication date), and notification preferences.
For Providers (businesses): legal representative name, company name, tax ID (CUI), registered/office address (and optional GPS coordinates for the public profile map), phone, email, financial details (processed via an authorised payment provider), terms acceptance history (including IP address), visit summaries, public review replies, and review reactions.
Automatically collected: IP address, browser type, device identifiers, and navigation data via Cookies (see Cookie Policy).
2. Purpose and legal basis
We process your data for the following lawful purposes:
Contract performance: account creation, enabling clients to contact clinics/trainers, and processing subscription payments and billing via the platform's payment provider.
Legitimate interest: platform security against fraud, site performance, and user experience improvements.
Consent: automated email or SMS notifications (e.g. trial expiry alerts, booking confirmations).
Explicit consent (Urgentă Blănoș): processing browser GPS coordinates only in the session when you press the button, to show nearby Providers; we do not store a separate GPS history beyond standard server logs where required for security or compliance.
Explicit consent (booking requests): transmitting selected pet record data and your optional message to the chosen Provider; we store proof of terms acceptance (version, date, IP).
Explicit consent (medical record): generating the QR/link and alphanumeric access code, and storing consultations entered by approved veterinary clinics; we store proof of acceptance (version, date, IP).
2.1. Booking requests and digital pet record
Digital pet record data is entered voluntarily and can be updated in your account. When you send a booking request, only the targeted Provider receives the selected sheet (behaviour, allergies, care rules, distinctive marks — as you toggle — optional message). A fixed snapshot of the sheet may be stored for that request at send time.
After a visit, the Provider may enter a mandatory summary before marking completion; we store it with the request and may notify you. Your reviews are linked to the completed visit, shown with a fixed date; the Provider's public text reply (if any) is separate and does not change your review.
A Provider's public address may be geocoded automatically (e.g. OpenStreetMap/Nominatim) only to display a map — without tracking your GPS in real time, except in Urgentă Blănoș where you explicitly allow location in the browser.
We do not sell this data or use it for third-party targeted advertising. We retain requests as long as needed for platform operation, dispute handling, and legal compliance.
The Provider is responsible for how they use data received in their direct relationship with you; we only facilitate technical transmission.
2.2. Urgentă Blănoș feature (clients and providers)
Clients: on first use we ask you to confirm terms for this feature; we store document version, date, and IP (audit trail). GPS coordinates are not sent automatically to Providers — only you choose to call, WhatsApp, or open maps.
Providers: when enabling the service in the dashboard you confirm emergency numbers are accurate; data is shown to signed-in clients using Urgentă Blănoș.
NEXTERAWEB™ does not track you in real time and does not replace public emergency services.
2.3. Medical record / veterinary consultations
Consultations (including weight, temperature, history, exam, diagnosis, treatment) are stored on the pet profile. Only approved, authenticated veterinary clinics on the platform can add entries after entering your access code or scanning your QR.
Free plan: you can generate access codes for future visits but cannot read consultation history in the cloud. Family and Pack allow read-only history in your account. The QR and alphanumeric code can be regenerated to revoke access for clinics that received them earlier.
PDF export is an informational copy for you; it does not replace official medical documents. Erasure requests follow the GDPR rights section; some records may be retained by the clinic under its own legal obligations.
Platform administrators may access data only for technical, security, moderation, and legal compliance purposes.
2.4. Client subscriptions, phone, and promotions
The phone number in your Client account (optional but recommended) is used for booking-related contact, account security, and, if provided, eligibility checks for promotions (e.g. the one-time 40% off first Pack month). We do not sell your number to third parties for marketing.
For the Pack -40% first-month promotion, we store only cryptographic hashes of email, phone, and account name — not plain values in the promotions table — to prevent abuse (multiple accounts for the same person).
Client subscription payments (Family, Pack) and the one-time extra Blănos slot (RON 49) are processed by Stripe; PDF export is included in Pack with no separate fee. Billing and payment history are linked to your account and Stripe identifiers (customer/subscription).
If you tick immediate start of the digital service at checkout, we store proof of that choice (terms version, date) per Terms section 11.
2.5. Browser notifications (Web Push)
If you enable notifications in your account, your browser asks for separate permission. We store a technical push subscription identifier (endpoint + cryptographic keys) to send alerts about bookings, consultations, reviews, Lost Blănos alerts, or payment confirmations.
You can withdraw consent by disabling the option in your account or removing permission in browser settings. Removing the push subscription in your account does not automatically remove browser permission — check both.
Push notifications do not replace mandatory transactional email or direct communication with your Provider.
Platform administrators may send informational messages to user segments (e.g. all clients, all providers); these appear in the notification centre. Legal basis: legitimate interest / service information; not third-party ads without separate consent where required.
2.6. Partnerships and discounts (Pack plan)
The Partnerships/discounts page (for clients with an active Pack subscription, where applicable) shows promo codes from verified shops on the platform with an active Regional or National plan and a code configured in their dashboard. The same codes may appear on the shop's profile for logged-in clients.
Insurance or canine club offers (when published) come from independent third parties; benefits depend on the partner. We do not guarantee availability, final price, or promo code acceptance.
We do not sell your data to partners for marketing; page access is tied to an active Pack subscription where applicable. Viewing a code on a shop profile does not automatically send your data to the shop — contact and use of the code are your choice.
2.7. „Lost Blănos” — community alert
If you trigger an alert (Client account — including Free plan with section 12 limits; Family/Pack; or PRO/VIP Provider), we process: pet name, breed, description, optional photo, city/county/landmark, optional GPS coordinates (starting point), contact phone/WhatsApp, account identifier, and accepted terms version.
The active alert is visible to signed-in platform users who receive a nationwide notification; it is not publicly indexed by search engines. Recipients see the details you entered so they can contact you or help.
We keep the alert for up to 14 days from publication (or until you mark it found / cancel). We do not guarantee the animal will be found; processing aims to inform the platform community.
Do not post a full home address, national ID, or third-party personal data in the alert. You may request erasure under the GDPR rights section.
“I saw them” reports: we process the reporter account id, timestamp, and WhatsApp contact shared with the alert owner if provided; a “True Blănos” counter is stored on the reporter account.
2.9. Blănos Insurance (partner link clicks)
When you open Blănos Insurance or click a partner link, we may log: partner id, timestamp, user account (if signed in), IP address — for internal statistics and security.
We do not automatically send partners your medical record or pet health data; anything you enter on their form is governed by their policy.
Redirect to the partner site may include a promo code in the URL per partner settings.
2.8. Online payments (Stripe)
Stripe Payments Europe, Ltd. (or the entity shown at checkout) acts as processor for payments. Card data is collected directly by Stripe; we receive only payment status, amount, currency, and transaction identifiers needed for billing and support.
For recurring subscriptions (Client Family/Pack or Provider with active payment), Stripe stores the payment method under its policy. The “Manage subscription” button in your account redirects you to Stripe's billing portal to update your card, view invoices, and cancel renewal; when finished you return automatically to your Lumea Blănosilor account.
GDPR requests about payments may be sent to NEXTERAWEB™ at the contact in the site footer; for data held solely by Stripe, you may also contact Stripe under their policy.
3. How long do we keep your data?
We retain personal data only as long as necessary for the stated purposes or to comply with legal obligations (e.g. Romanian tax law requires keeping provider billing data for 10 years).
Inactive accounts may be deleted or anonymised after 2 years from last login.
Terms acceptance proof (timestamp, IP, document version) is kept at least 5 years for payment disputes.
4. Disclosure to third parties
Lumea Blănoșilor does NOT sell or rent your personal data. To operate the platform, data is partially shared with trusted processors, including:
Stripe Payments Europe, Ltd. — online payments, recurring subscriptions, fraud prevention (card entered on Stripe's page; we do not store CVV or full PAN).
Resend, Inc. — transactional email (confirmations, reminders, account notifications).
Supabase, Inc. — PostgreSQL database hosting (accounts, pets, bookings, consents).
Vercel, Inc. — web application hosting and content delivery.
OpenStreetMap / Nominatim — provider address geocoding for informational maps (without sending your location except in Urgentă Blănoș where you explicitly allow it).
Google LLC — only if you sign in with Google (OAuth); Apple — only if you use Sign in with Apple.
Insurance partners — only if you follow their links; data entered on their forms is processed by the partner, not by us.
Additional email/SMS infrastructure providers may be added; we will list them in this policy when updated.
User interaction: provider names, addresses, and public profiles are visible in the catalogue. Phone numbers, WhatsApp, and direct contact links are shown only to signed-in Client accounts, per platform technical settings.
On registration (Client or Provider), we store proof of terms acceptance: document version, timestamp, and IP address. For sensitive features (Urgentă Blănoș, booking requests, medical record) we require separate explicit consent at the current document version.
Booking requests: pet data and messages are visible only to the Provider you contact and authorised platform administrators for technical, moderation, and compliance purposes.
Medical record: consultations are visible in your account (read) and to veterinary clinics you voluntarily grant access (write new consultations); history stays linked to the pet for care continuity.
5. Data security (technical measures)
We implement strict security measures against unauthorised access, modification, or deletion:
All connections are encrypted using HTTPS (SSL).
The database is secured and user passwords are hashed with strong algorithms (e.g. bcrypt) and cannot be read in plain text, even by administrators.
Access to the Lumea Blănosilor admin panel is protected by two-factor authentication (2FA).
6. Your rights under GDPR
Under EU law, Lumea Blănosilor users have the following rights:
Right of access: request a copy of data we hold about you.
Right to rectification: update incorrect data in your dashboard.
Right to erasure (“right to be forgotten”): request permanent account deletion (except data we must keep by law, such as invoices).
Right to data portability: request export of your data in a structured format.
Right to lodge a complaint with your supervisory authority (ANSPDCP in Romania).
Right of withdrawal (consumers): for Client subscriptions bought at a distance, you may withdraw within 14 days per Terms section 11, subject to legal exceptions for digital content started with your explicit agreement.
8. International data transfers
Our processors (Stripe, Resend, Supabase, Vercel, etc.) may process data in the European Union and, in some cases, in third countries (e.g. USA) with contractual safeguards (EU Standard Contractual Clauses) or other GDPR-permitted mechanisms.
If you access the platform from outside Romania/the EU, you understand data may be processed under this policy and Romanian law applicable to the operator.
9. Lumea Blănosilor — service directory
Lumea Blănoșilor is a marketplace (web directory). NEXTERAWEB™ does not perform veterinary, grooming, or training services and is not liable for independent listed providers. Service complaints must be resolved directly with the chosen provider.