CINDY Privacy & Data Protection Charter

011. Introduction & Overview

CINDY Balinese Cats ("CINDY", "we", "us", or "our") operates as a premium Balinese cat breeding and adoption service. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website, engage with our services, or participate in our adoption process. We are committed to transparency and protecting your privacy rights in accordance with applicable laws including GDPR, CCPA, and other privacy regulations.

022. Information We Collect

• •**Personal Identifiers**: Full name, title, contact details (email, phone, address), date of birth, and identification documents when required for adoption contracts.
• •**Household & Lifestyle Data**: Family composition, home environment details, work schedules, travel patterns, pet ownership history, and preferences for communication and placement.
• •**Financial Information**: Payment details, billing addresses, and transaction records processed through secure third-party payment processors (we do not store complete payment card information).
• •**Communication Records**: Email correspondence, chat logs, consultation notes, and feedback provided during the adoption process.
• •**Technical Data**: IP address, browser type, device information, cookies, and usage analytics to improve our website experience and services.
• •**Health & Veterinary Records**: Vaccination records, health certificates, and medical history provided by veterinarians or shared for placement coordination.
• •**Media & Documentation**: Photographs, videos, testimonials, and other media shared during the adoption process or for marketing purposes with explicit consent.

033. How We Collect Information

• •**Direct Collection**: Information provided through contact forms, waiting list applications, consultation bookings, and adoption applications.
• •**Automated Collection**: Technical data collected through cookies, analytics tools, and website interaction tracking.
• •**Third-Party Sources**: Information from veterinarians, references, or service providers involved in the adoption process.
• •**Communication Channels**: Data collected through emails, phone calls, social media, and in-person consultations.

044. Legal Basis for Processing (GDPR)

For visitors and clients in the European Union, we process personal data based on the following lawful grounds: • **Contract**: Processing necessary to fulfill adoption agreements and provide services • **Legitimate Interest**: Improving services, ensuring security, and direct marketing of similar services • **Consent**: For marketing communications and non-essential cookies • **Legal Obligation**: Compliance with veterinary regulations, consumer protection laws, and financial reporting requirements • **Vital Interest**: Protecting the health and welfare of animals and people

055. How We Use Your Information

• •**Adoption Services**: Matching kittens with suitable guardians, conducting consultations, and facilitating the adoption process.
• •**Communication**: Sending updates about available kittens, litter announcements, care instructions, and follow-up support.
• •**Customer Service**: Responding to inquiries, providing support, and managing customer relationships.
• •**Legal Compliance**: Maintaining records for regulatory compliance, veterinary requirements, and dispute resolution.
• •**Service Improvement**: Analyzing website usage, customer feedback, and service performance to enhance our offerings.
• •**Marketing**: With explicit consent, sending newsletters, promotional materials, and information about events or services.
• •**Security & Fraud Prevention**: Protecting against unauthorized access, fraud, and ensuring platform security.

066. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share limited information only in the following circumstances: • **Service Providers**: With veterinarians, transporters, payment processors, and other third parties essential to adoption services • **Legal Requirements**: When required by law, court order, or regulatory authorities • **Business Transfers**: In connection with mergers, acquisitions, or asset sales (with notice to affected users) • **Consent**: With your explicit permission for specific purposes • **Vital Interests**: To protect health, safety, or property when necessary All third-party service providers are contractually bound to maintain confidentiality and security standards comparable to ours.

077. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience: **Essential Cookies**: Required for website functionality, security, and basic operations **Analytics Cookies**: Google Analytics and similar tools to understand website usage and improve services **Marketing Cookies**: To deliver relevant advertisements and measure campaign effectiveness **Preference Cookies**: To remember your settings and personalize your experience You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality.

088. Data Retention

We retain personal information only as long as necessary for the purposes outlined: • **Active Clients**: Duration of adoption process plus 7 years for legal and warranty purposes • **Waiting List**: Up to 3 years unless renewed or converted to active status • **Website Visitors**: Technical data retained for 2 years for analytics and security • **Marketing Contacts**: Until consent is withdrawn or data becomes inactive (3 years maximum) • **Legal Requirements**: As required by applicable laws and regulations When retention periods expire, data is securely deleted, anonymized, or archived as required by law.

099. Your Rights & Choices

• •**Access**: Request copies of personal data we hold about you.
• •**Rectification**: Correct inaccurate or incomplete personal information.
• •**Erasure**: Request deletion of personal data in certain circumstances ("right to be forgotten").
• •**Portability**: Receive your data in a structured, commonly used format.
• •**Restriction**: Limit how we process your personal data in certain cases.
• •**Objection**: Object to processing based on legitimate interests or direct marketing.
• •**Withdrawal**: Withdraw consent for processing that requires consent.
• •**Complaint**: Lodge complaints with supervisory authorities regarding data processing.

1010. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act: • **Right to Know**: Information about categories of personal data collected and purposes of processing • **Right to Delete**: Request deletion of personal information (subject to legal exceptions) • **Right to Opt-Out**: Opt-out of sale of personal information (we do not sell data) • **Right to Non-Discrimination**: Receive equal service regardless of exercising privacy rights • **Right to Correct**: Request correction of inaccurate personal information To exercise these rights, contact us using the information provided below. We will respond within 45 days as required by law.

1111. International Data Transfers

CINDY operates primarily in the United States but serves clients worldwide. When we transfer personal data internationally: • **Adequacy Decisions**: We transfer data to countries deemed adequate by the European Commission • **Standard Contractual Clauses**: We use approved contractual clauses for transfers to other countries • **Your Consent**: We obtain explicit consent for certain international transfers • **Derogations**: We rely on appropriate legal exceptions when applicable We ensure all international transfers maintain the same level of protection as required by applicable laws.

1212. Data Security

We implement comprehensive security measures to protect your personal information: • **Technical Safeguards**: Encryption, secure servers, firewalls, and access controls • **Administrative Controls**: Employee training, access restrictions, and security policies • **Physical Security**: Secure facilities and device protection measures • **Regular Audits**: Security assessments, vulnerability testing, and compliance reviews • **Incident Response**: Procedures for data breach detection, investigation, and notification While we strive for the highest security standards, no system is completely immune to risks. We encourage you to protect your account credentials and notify us of any suspected security issues.

1313. Children's Privacy

CINDY services are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 13 without parental consent. If we become aware of such collection, we will promptly delete the information and take appropriate measures.

1414. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you use.

1515. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes: • We will notify you via email (if we have your email address) or prominent website notice • Updates will be posted with a revised "Last Updated" date • Your continued use of our services after updates constitutes acceptance of the revised policy • We recommend reviewing this policy regularly to stay informed of your privacy rights

1616. Contact Information & Data Protection Officer

For privacy-related questions, to exercise your rights, or to file complaints: **Data Protection Officer Contact**: Email: privacy@cindybalinesecats.com Phone: +1 (606) 465-2993 **Mailing Address**: CINDY Balinese Cats Attention: Data Protection Officer [Your Address - To be provided] **Response Times**: • General inquiries: 5-7 business days • Rights requests: 30 days (45 days for CCPA requests) • Complaints: Acknowledged within 48 hours **Supervisory Authorities**: For GDPR complaints, you may contact your local data protection authority or the Oregon Attorney General for US matters.