This Privacy Policy is jointly issued by AnyVet Co., Ltd. (Thailand) and Anyvet AI Co., Ltd. (South Korea), collectively referred to as "AnyVet", "we", "us", or "our".
This Privacy Policy applies to the website www.anyvetmicrochip.com and all related microchip registration, lookup, and management services provided by AnyVet (collectively, the "Services").
This Privacy Policy does not apply to websites, applications, or services operated by third parties that may be linked from our Services. We encourage you to review the privacy policies of any third-party services you access.
By creating an account and actively consenting through our registration process, you acknowledge that you have read and understood this Privacy Policy. For sensitive data such as veterinary medical information, separate explicit consent will be obtained.
For users in South Korea, consent must be active and informed in accordance with the Personal Information Protection Act (PIPA). Use of the website alone does not constitute consent.
AnyVet operates as Joint Controllers, meaning both entities jointly determine the purposes and means of processing your personal data.
Address: 748, 7th Fl., Sukhumvit 30/1 Rd., Khlong Tan, Khlong Toei, Bangkok 10110, Thailand
Role: Joint Controller
DPO (Thailand): TBD — privacy@anyvet.ai
Address: 5th Fl., 123 Gangnam-daero, Seocho-gu, Seoul 06626, South Korea
Role: Joint Controller
DPO (South Korea): TBD — privacy@anyvet.ai
For all privacy inquiries: support@anyvet.ai
A Joint Controller Agreement exists between both entities defining their respective responsibilities for the processing of your personal data.
Full name, email address, phone number, physical address, account credentials (login information, Google OAuth), and profile information.
ISO-compliant microchip number (15 digits), breed, weight, color, sex, date of birth, pet photos, registration date, and implanting hospital information.
Sensitive Data
Vaccination records, medical history and health status, and veterinarian notes.
This data may be classified as indirect health information of the pet guardian. Processing requires your explicit consent.
Hospital name, address, contact information, veterinarian license information, veterinarian name, and service provision history.
IP address, browser type and version, device information, operating system, access timestamps, page visit logs, and cookie and similar technology identifiers.
Direct input: Information you provide through registration forms, microchip enrollment, and account management.
Automatic collection: Data collected through cookies, server logs, and similar technologies when you use our Services.
Third-party provision: Data received from partner hospitals during microchip implantation and registration.
We process your personal data for the following purposes, each supported by a specific legal basis:
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Microchip registration & lookup | Contractual necessity | Owner info, pet/chip data |
| Animal medical record management | Explicit consent | Medical data |
| Lost & found service | Legitimate interest | Chip number, owner contact |
| Partner hospital network operation | Contractual necessity | Hospital/vet data |
| Legal compliance (tax, regulatory) | Legal obligation | Payment/tax data |
| Service improvement & analytics | Legitimate interest | Technical data, usage stats |
| Marketing & promotions | Explicit consent | Contact info, profile |
| Security & fraud prevention | Legitimate interest | Technical data, access logs |
AnyVet operates a multi-region infrastructure to serve users across different jurisdictions:
| Transfer Route | Legal Basis | Safeguards |
|---|---|---|
| Thailand → South Korea | PDPA §28 adequate protection or §29 consent (fallback) | Joint Controller Agreement, technical safeguards |
| South Korea → Thailand | PIPA §17, §28-8 | Data subject consent, contractual safeguards, mandatory notification |
| Both → Singapore (AWS) | Respective national laws | Data Processing Agreement, encryption |
| Future: → EU/EEA | GDPR Chapter V | Standard Contractual Clauses (planned) |
Encryption in transit using TLS 1.2 or higher.
Encryption at rest using AES-256.
Strict access controls and comprehensive audit logging.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period | Basis |
|---|---|---|
| Microchip registration data | Animal's lifetime + 3 years after death/transfer | Registry operation, ISO standard |
| Owner account data | Account duration + 1 year after deletion | Service provision, dispute resolution |
| Animal medical data | 5 years after last record | Veterinary continuity, legal requirements |
| Partner hospital data | Contract duration + 3 years after termination | Contractual obligation, legal disputes |
| Technical/log data | 1 year from collection | Security monitoring, service improvement |
| Payment-related data | 5 years after transaction | Tax law obligations (Thailand + South Korea) |
| Marketing consent records | Until withdrawal + 1 year | Consent evidence |
Personally identifiable data is irreversibly destroyed through secure deletion methods.
Statistical data may be retained after de-identification for research and service improvement purposes.
You have the following rights regarding your personal data:
| Right | Description | Response Time |
|---|---|---|
| Access | Request a copy of your personal data | Within 30 days |
| Rectification | Request correction of inaccurate data | Within 30 days |
| Erasure | Request deletion of your data (subject to legal retention obligations) | Within 30 days |
| Restriction | Request suspension of processing in certain circumstances | Within 30 days |
| Objection | Object to processing based on legitimate interest | Within 30 days |
| Portability | Receive your data in a structured, machine-readable format | Within 30 days |
| Withdraw Consent | Withdraw your consent at any time (prior processing remains valid) | Immediate |
Erasure Limitation: Microchip numbers may be retained in the public interest for animal identification and lost pet tracking, even after an erasure request.
Ownership Transfer: When pet guardianship changes, the previous owner's data is handled according to our ownership transfer procedure.
Email: support@anyvet.ai
In-app request form (coming soon)
Identity verification is required to process all data subject requests.
Thailand: Personal Data Protection Committee (PDPC) — pdpc.or.th
South Korea: Personal Information Protection Commission (PIPC) — pipc.go.kr, hotline: 118
We maintain an internal standard to notify supervisory authorities within 72 hours of becoming aware of a data breach. This exceeds PDPA requirements and aligns with GDPR Article 33 for future EU readiness.
Data subjects will be notified without undue delay for high-risk breaches.
Comprehensive breach response procedures and records are maintained at all times.
Users under 18 years of age must obtain parental or legal guardian consent before using our Services.
South Korea: Under PIPA, legal guardian consent is mandatory for children under 14 years of age.
Thailand: Under PDPA, legal guardian consent is required for the processing of minors' personal data.
If we become aware that personal data has been collected from a minor without proper guardian consent, we will take immediate steps to delete such data.
This Privacy Policy includes an Effective Date and Last Updated date displayed at the top of the page.
When we make changes, we will post a notice on our website and notify registered users via email.
For material changes — such as addition of processing purposes, expansion of third-party sharing, or changes to international transfer arrangements — we will provide at least 30 days' advance notice and obtain re-consent where required.
Minor changes such as typographical corrections or wording clarifications will take effect upon posting to our website.
AnyVet does not currently use automated decision-making or profiling that produces legal or similarly significant effects on data subjects.
No automated decisions are made solely by automated means regarding microchip registration, ownership verification, or service access.
If automated decision-making is introduced in the future (e.g., fraud detection algorithms for ownership disputes), this section will be updated to include: the logic involved, the significance and envisaged consequences, and your right to human intervention.
This disclosure is provided in compliance with PIPA §37-2 and GDPR Article 22.
Public Lookup: When a microchip number is queried through our public lookup service, only the registration status (registered/not found) is returned, along with a prompt to contact the registry for owner details. Owner personal data is never returned in public lookups.
Authorized Lookup: Partner hospitals, shelters, and animal control officers with authenticated API access may receive chip status, pet description (breed, color, sex), and owner contact information (name, phone number) for animal identification purposes.
Law Enforcement: Full data access is provided only upon valid legal request (court order or official investigation). All such access is logged and auditable.
Inter-Registry Sharing: AnyVet does not currently participate in federated lookup networks (e.g., Europetnet, AAHA Universal Pet Microchip Lookup). This section will be updated if future participation is planned.
API Consumer Obligations: All API consumers must sign data use agreements restricting use to animal identification and reunification purposes only.
To protect your data, we require identity verification before processing any data subject request. For pet owner requests: email verification and account authentication. For non-account holders: government-issued ID matching the information in our registry.
Safety Considerations: In cases involving potential domestic violence or stalking (where one party may attempt to locate another through shared pet registration), enhanced verification procedures are applied. Our staff is trained to recognize and handle safety-sensitive requests.
Response Process: We will acknowledge receipt of your request within 3 business days, fulfill the request within 30 days, with one possible 30-day extension if the complexity warrants it (you will be notified of any extension).
Applies to: Residents of Thailand or users accessing services through AnyVet Co., Ltd.
Per Chapter 6 of PDPA B.E. 2562 (2019), we process your data based on:
Animal medical data may indirectly contain guardian health-related information. We obtain your explicit consent before processing such data.
Transfers of your data to South Korea and Singapore are carried out with adequate protection measures or with your consent, as required under PDPA Sections 28 and 29.
Name: TBD
Email: privacy@anyvet.ai
Phone: TBD
Personal Data Protection Committee (PDPC)
Website: pdpc.or.th
In case of conflict between Thai and English versions of this Privacy Policy, the Thai version shall prevail.
Applies to: Residents of South Korea or users accessing services through Anyvet AI Co., Ltd.
Your personal data is processed under the Personal Information Protection Act and its Enforcement Decree.
We clearly separate mandatory consent items (required for service provision) from optional consent items.
If you refuse optional consent, specific service limitations will apply and will be clearly communicated to you.
We provide your data to third parties only as described in Section 5 of this Privacy Policy. Separate consent is obtained for partner hospital network data sharing.
We entrust personal data processing to the following parties:
Your data may be transferred to: Thailand (AnyVet Co., Ltd., for microchip registry operation) and Singapore (AWS, for infrastructure hosting). Full disclosure of destination countries, recipients, data items, and retention periods is provided above.
We notify data subjects within 72 hours of becoming aware of a data breach.
For large-scale breaches (1,000+ records), we report to PIPC within 24 hours.
Notifications include: type of breach, data items affected, response measures taken, and DPO contact information.
Name: TBD
Email: privacy@anyvet.ai
Phone: TBD
Personal Information Protection Commission (PIPC)
Website: pipc.go.kr
Privacy Violation Report Center: 118
In case of conflict between Korean and English versions of this Privacy Policy, the Korean version shall prevail.
[Reserved]
This Annex will become effective when AnyVet commences services directed at individuals in the European Union or European Economic Area.
For inquiries regarding future EU services: support@anyvet.ai
This translation is provided for convenience. The English version is the legally binding version.
