Privacy Policy for ALPACUNA Herds & ALPACUNA Shows

Effective Date: 12.9.2025
Applicability: European Economic Area (EEA) users (GDPR compliant)

Introduction

Welcome to ALPACUNA Herds and ALPACUNA Shows, software-as-a-service (SaaS) products for managing alpaca herds and organizing alpaca shows. We respect your privacy and handle personal data in compliance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and applicable EEA data protection laws. This Privacy Policy explains what data we collect, how we use and protect it, and your rights. We aim to use clear, plain language so you can easily understand our practices.

By using ALPACUNA Herds/Shows, you agree to the processing of your personal data as described in this policy. If you have any questions, feel free to contact us at the details provided below.

Data Controller and Contact Information

The Data Controller (the person or entity responsible for your personal data) is:

  • Name: Matthias Popp (sole proprietor, operating under the brand “ALPACUNA”)
  • Address: Hammerstraße 80, 4453 Trattenbach, Austria
  • Email: office@alpacuna.com

Matthias Popp, as the owner of ALPACUNA, determines the purposes and means of processing your personal data. For any privacy-related inquiries or requests (e.g. exercising your rights under GDPR), please contact us via the above email.

Data Protection Officer

We have not appointed a Data Protection Officer (DPO). Our business is operated by a sole proprietor and does not meet the GDPR criteria requiring a DPO. Nevertheless, we are fully committed to protecting your data. If you have questions or concerns about your data, you can reach out directly to Matthias Popp (contact info above). We will be happy to assist you, even in the absence of a formal DPO.

Purposes of Data Processing and Legal Bases

We only collect and process personal data for specific purposes and lawful bases under GDPR. The main purposes and corresponding legal grounds are:

  • Providing the Service (Contractual necessity): We process your personal data primarily to provide you with the ALPACUNA Herds/Shows services – for example, to create your account, enable herd management features, record show entries, and process payments. This is necessary for the performance of our contract with you (GDPR Article 6(1)(b)). Without this data, we cannot fulfill our services.
  • Maintaining a Public Animal Register (Legitimate interest): In certain cases, we rely on our legitimate interests (GDPR Article 6(1)(f)) to process data. ALPACUNA Herds includes a herdbook (animal registry) that is intended to be a consistent, public record of alpacas. We process and retain animal data to ensure transparent and traceable breeding practices, which benefits the alpaca breeder community. This includes:
    • Maintaining comprehensive pedigree and lineage information for each animal to allow breeders and associations to verify ancestry and prevent inbreeding.
    • Preserving herdbook records (e.g. bloodlines, medical and genetic information) to improve disease traceability and overall herd health management.
    • Ensuring that an animal’s lineage and ownership history remain available even if an individual user’s account is deleted, when this is necessary for the broader public interest of breeders and breeding associations. For example, if you recorded an alpaca in the system and later delete your account, we may need to retain that alpaca’s pedigree and past ownership data to keep the breed registry intact and useful to other breeders.

These processing activities are carried out under Article 6(1)(f) (legitimate interests) and we have carefully balanced them against your personal rights and freedoms. We believe this data use is minimally intrusive and in the public interest of the alpaca breeding community, and does not override your rights. Importantly, whenever we rely on legitimate interest, you have the right to object (see Your Rights below), and we will honor objections unless we have compelling reasons to continue (for instance, a critical need to maintain a certain record for animal health or lineage reasons).

  • Legal Obligations: In addition to the above, we may process certain data to comply with legal obligations (GDPR Article 6(1)(c)). For example, Austrian accounting/tax laws may require us to retain invoice information (which can include personal data like your name or address on receipts) for a certain period. If such laws apply, we will process and retain the minimum necessary data to fulfill our legal duties.

We do not process data for any purposes other than those described above. We do not use your data for marketing or advertising (see “No Marketing or Profiling” below), and we do not collect sensitive personal data (e.g. ethnicity, religion, health data about you – note that animal health data is not considered personal data about an individual).

Categories of Personal Data We Collect

We collect and use the following categories of personal data in ALPACUNA Herds and Shows:

  • Account Information: When you register or subscribe, we collect personal details needed to create and manage your user account. This includes your name, email address, postal address (for billing or contact), and login credentials. If you purchase a subscription or paid features, we also collect payment-related information (e.g. subscription plan, transaction ID) – however, payment card details are handled securely by our payment processor, not stored on our systems (see “Third-Party Processors” below).
  • Herd and Animal Data: The core of our service is storing information about your alpaca herd. This data is provided by you (or other authorized users, such as association officials if applicable) and can include:
    • Animal profile data: alpaca name, identification number, date of birth, sex, color, and photos (if you upload any).
    • Lineage and pedigree: details of the animal’s parents, offspring, and pedigree history (family tree). This may include the names or identifiers of breeders/owners associated with those animals.
    • Breeding and medical records: breeding dates, mating partners, genetic test results, health check-ups, vaccinations, and any illness or treatment history you choose to log.
    • Ownership and transfer history: records of the current owner of each alpaca, previous owners (if transferred), and dates of ownership change or registration in shows or herdbooks.
    • Show records: if you use ALPACUNA Shows, data about show entries and results (e.g. which alpaca was entered in which category, awards or rankings, and the owner/exhibitor’s name).

Important: Some of this animal-related data (especially pedigree, lineage, and possibly past owner names) may be visible to other users of the platform or even publicly accessible as part of the “public animal register” function. The purpose is to allow any breeder or association to verify an alpaca’s lineage and prevent inbreeding across the community. We do not make your personal contact details public; however, your name or farm name could be linked to an alpaca as part of ownership history or breeder record. This is only done in pursuit of the legitimate interests of the breeding community and transparency in pedigrees, as described above.

  • Communication Data: If you communicate with us (e.g. via support emails to our office@alpacuna.com address), we will collect the information you provide in those communications (such as your email address and the content of your inquiry) in order to respond to you and improve our services. We ask that you not send any sensitive personal information via support requests.
  • Technical Usage Data: We do not use any tracking or analytics (see “Cookies and Tracking” below), but like any online service, our servers may automatically log certain information when you use ALPACUNA. This may include your device’s IP address, browser type, access times, and pages/features accessed. We use this data solely for security (e.g. to detect misuse of the system) and performance monitoring (to ensure the service is running smoothly), not for profiling. These server logs are kept secure and are not shared with third parties except if needed for legal/security investigations.

We do not collect any data that is not necessary for the purposes stated. In particular, we do not collect any data about your browsing behavior outside of our services, no behavioral profiles, and no special categories of personal data about you as an individual (such as health, ethnicity, etc.). All personal data we process was either provided directly by you, generated through your use of our service, or provided by someone authorized (for example, an association official might enter data on your behalf in certain cases).

Third-Party Service Providers and Data Sharing

We treat your personal data as confidential and do not sell or rent it to any third parties. We will only share your data in the following circumstances:

  • Payment Processing (Mollie): For handling subscription payments and other transactions, we use Mollie – a reputable payment service provider. When you enter payment details (e.g. credit card or bank information) to pay for ALPACUNA services, that information is transmitted directly to Mollie. Mollie B.V. (based in the Netherlands) processes your payment data in compliance with strict security standards and GDPR. All payment data is stored on secure servers in the EU under Mollie’s control, and Mollie is PCI-DSS Level 1 certified (the highest industry standard for payment security). This means your sensitive payment information never reaches our servers – we only receive notifications of payments and basic customer info needed to record your subscription (e.g. that a payment was successful, the amount, and your name/email). Mollie may act as an independent data controller for the payment processing (handling your data for fraud prevention and regulatory compliance on their side); you can refer to Mollie’s Privacy Policy for more details on their practices. We have a data processing agreement in place with Mollie as required by GDPR.
  • Hosting and Storage (Contabo GmbH): Our applications and databases are hosted on secure servers provided by Contabo GmbH, a hosting company with data centers in Germany (European Union). All your personal data is stored in the EU. Contabo is GDPR-compliant and we have a Data Processing Agreement with them to ensure they only process data under our instructions and with adequate security. According to Contabo, as a European provider, they adhere to European data protection standards and ensure data is securely stored in compliance with GDPR. Contabo acts as a data processor on our behalf, meaning they technically handle data storage/compute but cannot use your data for any other purposes.
  • Email Service: Our outgoing email communications (such as verification emails or support responses) are sent via ProtonMail. ProtonMail does end-to-end encryption for their messages where possible and uses TLS as a fallback if the receiver supports it. (https://proton.me/support/proton-mail-encryption-explained).
  • Breeder Associations / Registries: We do not automatically share your personal data with any third-party organizations. However, if you are using ALPACUNA as part of a breeder association program or alpaca registry, there may be cases where information from the system is shared with such an organization at your direction or with your knowledge. For example, you might generate a herdbook report or export data to submit to a breed association – in such cases, you control what information is shared. ALPACUNA itself does not transmit your personal data to breeder associations behind the scenes. We simply provide you with tools to manage and retrieve your data, which you may choose to share with others (e.g. printing a show catalog that includes your name as an exhibitor).
  • Legal Requirements: If we are ever required by law to disclose data – for instance, in response to a lawful request by law enforcement or a court order – we will only disclose the minimum necessary data and only when obligated under the law. We would inform you of such requests if allowed.

Aside from the scenarios above, no third parties have routine access to your personal data. In particular, we do not share data with advertisers or social media companies. Within our organization, your data is accessed only by the controller (Matthias Popp) and possibly occasional IT support personnel, strictly on a need-to-know basis, and all are bound by confidentiality.

No Marketing Use and No Profiling

We do not use your personal data for marketing purposes. You will not receive newsletters, promotional emails, or advertising from us unrelated to the ALPACUNA service unless you explicitly opt-in to such communications. We do not sell your information to advertisers or use it for personalized ads.

Additionally, we do not perform any automated decision-making or profiling that produces legal or similarly significant effects on you. In other words, we aren’t running algorithms to evaluate or predict your personal aspects (like creditworthiness, behavior, etc.). All data processing is for the operational purposes described above, not to analyze or categorize you as a customer for marketing. Any analysis we might do (e.g. usage statistics) is done on an aggregated level and anonymized; it’s not tied to individual identities.

Rest assured that your data is used only to deliver our services to you and to uphold the integrity of the alpaca herd records, not to target you with commercial offers.

Cookies and Tracking Technologies

No cookies, no trackers. We do not use any tracking cookies or similar tracking technologies in the ALPACUNA Herds and Shows applications. When you use our web platform, we do not place any cookies on your browser that track you across sites or remember personal preferences. We also do not use web analytics services (like Google Analytics) or any third-party tracking pixels. Our goal is to respect your privacy fully: the service is designed to function without invading your privacy through tracking.

For clarity:

  • We do not use marketing, advertising, or analytics cookies. There are no persistent identifiers created, and nothing is stored on your device by us for cross-site tracking or marketing purposes.
  • We do not use fingerprinting or other hidden tracking techniques.
  • We do not collect your browsing history or behavior outside of our own platform.

Because we have no non-essential cookies, we do not need to display those annoying cookie banners or obtain cookie consent for our services – since we simply don’t use them. Your usage of ALPACUNA is not being tracked beyond the data you intentionally input.

International Data Transfers

We are based in Austria and store all user data on servers located in the EU (Germany via Contabo). Our default practice is not to transfer your personal data to any country outside the European Economic Area (EEA). All processing happens within the EEA.

However, we want to address a unique aspect of the ALPACUNA platform: it serves a global community of alpaca breeders. This means users from outside the EEA (for example, a breeder in the United States or Switzerland) might access the system. If an international user has access to the herdbook or show data, it could result in personal data of EEA users being viewed outside the EEA. For instance, a breeder in a non-EU country could look up the lineage of an alpaca that includes the name of an EU breeder.

Does this constitute an “international data transfer”? In the strict sense, whenever personal data hosted in the EU is accessed by someone in a third country, that is a transfer. Here’s how we handle such situations to remain GDPR-compliant:

  • There are no systematic or bulk transfers of our database to third countries. The data remains on EU servers at all times. When non-EEA users access the service, they are securely connecting to our EU servers.
  • We rely on the legitimate interest lawful basis (Article 6(1)(f) GDPR) for allowing cross-border access to the animal registry in real-time. This legitimate interest is the maintenance of a global breeding registry – alpaca breeding is an international field, and allowing trusted access across borders is necessary to keep the registry consistent and avoid data silos that could harm breeding transparency.
  • All users, regardless of location, are subject to our Terms of Service and this Privacy Policy. Non-EEA users accessing EEA personal data are doing so only for the same limited purposes (e.g. checking an animal’s pedigree).
  • Appropriate Safeguards: Since data stays on EU servers, the main safeguard is that the data is protected by EU law at rest. For user access from abroad, we ensure the connections are encrypted and secure. If we were in the future to enable any third-party service outside EEA or store data outside EEA, we would implement additional GDPR safeguards (such as EU Commission Standard Contractual Clauses, adequacy decisions, etc.). As of now, there are no such transfers.

In summary, we do not send your data to any third country entities. The only potential “transfer” is via user browser access from outside EEA, which we consider covered by necessity for the service and legitimate interest. We continually evaluate this setup to ensure it meets GDPR requirements. If you have questions about cross-border data aspects, please contact us.

Data Retention (How Long We Keep Your Data)

We will not retain personal data for longer than necessary for the purposes described in this policy, in accordance with the GDPR’s “storage limitation” principle. Below are our retention practices for different types of data:

  • Account and User Data: If you have an active subscription or account, we retain your account information for as long as your account is active in order to provide the service. Upon termination of your subscription or if your account becomes inactive, we generally retain your account data for up to 10 years thereafter. There are a few reasons we might keep data for this period:
    • To comply with legal obligations: For example, financial records (invoices, payment history) may need to be kept for up to 7–10 years under Austrian tax law and EU regulations.
    • To preserve evidence and resolve any disputes: In case of any legal claims, contract disputes, or audits, we may need historical data. Ten years is a common statute of limitations for certain contract claims.
    • Our legitimate interest: We have a legitimate interest in maintaining business records and ensuring continuity for users who may return to the service after a break. However, after 10 years of inactivity, we will delete or anonymize personal data unless there’s a specific ongoing reason to keep it.

User-initiated deletion: If you actively request deletion of your account and personal data, we will honor your request and erase your personal data earlier than the 10-year mark, provided that (1) there is no overriding legal requirement to keep it, and (2) no other legitimate interest applies that would necessitate retention. We will specifically check things like: have all your subscription payments and invoices passed the required retention? Are there any outstanding issues or disputes? If not, we will delete your data. If we must retain some pieces (e.g. invoice records for accounting), we will inform you.

  • Herdbook and Animal Data: Data about alpacas and herd records may be retained for a longer duration to serve the public breeding registry interest. Even if you delete your account or cease using ALPACUNA, the animal entries and lineage records you contributed can be crucial for other breeders and associations in the future. Therefore:
    • Basic animal identity and pedigree info (e.g. an alpaca’s name, date of birth, pedigree line) will typically be kept indefinitely in the herdbook, as part of the permanent historical record of the breed.
    • We will strive to dissociate your personal details from the animal record if you leave. For example, if you were listed as the owner or breeder of an alpaca, we might replace your name with an anonymized indicator (or note that the owner is “account deleted” while still keeping the fact that that alpaca existed and its lineage).
    • However, certain personal data elements might still be retained if they are integral to the record. For instance, if an association rule or public interest requires keeping the breeder’s identity on record for authenticity, we may retain your name linked to the animal. This would be an exceptional case and based on public interest in transparent breeding (GDPR allows archiving in public interest and legitimate interest in such scenarios). We will never retain more data than necessary – only what’s needed to ensure the lineage/health traceability isn’t broken.
    • Medical treatment records or detailed notes you added about an animal would generally be deleted if you remove the animal or your account, unless those details have become relevant in a broader context (e.g. an identified hereditary disease in a bloodline – the community might have a legitimate interest in that info). Again, such cases are rare and we would aim to anonymize personal links.

In short, animal registry data can live on for the sake of the herdbook, but we minimize the personal data within it once you are no longer using the service. The integrity of the alpaca pedigree history is our goal, and we balance that with respecting individual privacy.

  • Show Data: If you participated in shows, the results (which may include your name as an exhibitor and your animal’s name) are often part of historical records (much like horse shows or dog shows publish results). We may retain show result data indefinitely as part of the historical archive of alpaca shows. These records are important for the community (e.g., tracking the performance of certain bloodlines, or awarding titles). However, if you request erasure of your personal data, we will consider removing or anonymizing your name in published results on our platform, while possibly keeping the animal’s achievement listed.
  • Communication Records: Emails or support tickets may be retained for a few years (up to 5 years typically) to help us manage our relationship with you, train our team, and defend against any legal matters (e.g., if there was a contentious issue resolved over email). We will delete these earlier if they contain information not needed and you request their deletion.

After the applicable retention periods, we either securely delete personal data or anonymize it (so it can no longer be linked to an individual). For example, we might remove personal identifiers from a dataset but keep aggregate statistics.

If there is any data we cannot fully delete due to technical constraints (for instance, data stored in secure backups), we will continue to protect that data and isolate it from active use until deletion is possible.

Your Rights as a Data Subject

As a user of ALPACUNA within the EEA, you have robust rights under the GDPR regarding your personal data. We are committed to respecting these rights. Below is a summary of your key data subject rights:

  • Right to Access: You have the right to obtain confirmation whether we are processing your personal data, and if so, to receive a copy of the data and certain information about how we use it. In practice, you can request a copy of your account data and any other personal data we hold about you. We will provide this in a common electronic format (unless you request another format) and include details like the purposes of processing, categories of data, and recipients of the data.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to have it corrected. For example, if you notice your name or contact info is spelled wrong in our system, or your data changes (like you move address), you can either update it through your account settings or ask us to update it. We’ll make the corrections without undue delay.
  • Right to Erasure (’Right to be Forgotten’): You have the right to request the deletion of your personal data in certain circumstances. You can ask us to erase your data if it’s no longer needed for the purposes we collected it, if you withdraw consent (where applicable) or successfully object to our processing, or if we processed your data unlawfully. This includes the ability to delete your ALPACUNA account entirely. We will honor such requests provided there is no legal or legitimate ground for us to retain the data (see the Data Retention section above for what those grounds might be). If your data has been made public in the herdbook, we will take reasonable steps to inform other controllers (if any) that you’ve requested erasure, depending on feasibility.
  • Right to Restrict Processing: You have the right to ask us to limit the processing of your data in certain situations. For instance, if you contest the accuracy of your data, you can request a restriction (meaning we just store it but don’t actively use it) until the issue is resolved. Or if you need us to preserve data for a legal claim, you can request we keep it but not use it for anything else. When processing is restricted, we will flag the data and only process it for specific reasons (with your consent or for legal reasons).
  • Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to have us transmit that data to another controller where technically feasible. In practice, this means you can ask for an export of your data (for example, all your herd records and account info) to take it to another service. We support this by fulfilling manual requests.
  • Right to Object: You have the right to object to our processing of your personal data at any time when that processing is based on our legitimate interests (or on performing a task in public interest). This includes the scenarios where we keep data for the public herdbook under legitimate interest. If you object, we will re-evaluate our grounds for processing. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or if processing remains necessary for legal claims. You also have an absolute right to object to any direct marketing use of your data – however, note that we do not engage in marketing, as stated above.
  • Right not to be Subject to Automated Decisions: As noted, we do not make automated decisions profiling you. However, for completeness: you have the right not to be subject to a decision based solely on automated processing (including profiling) that significantly affects you. This is not applicable to ALPACUNA right now, because we don’t do such processing.
  • Right to Withdraw Consent: Where we rely on your consent for any processing (in our case, generally we rely on contract or legitimate interest, not consent, except perhaps for using a photo you upload, etc.), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did before your withdrawal. If in future we ever ask for your consent (for example, to use a testimonial or to enable a new feature), you can always change your mind.
  • Right to be Informed: You have the right to clear and transparent information about how we use your data – that is the very purpose of this Privacy Policy. We aim to provide all required details here. If anything is unclear, feel free to ask.
  • Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to file a complaint with a Data Protection Supervisory Authority. You can do this in the EU country where you live, where you work, or where the issue occurred. For example, our lead authority in Austria is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde). We would, however, appreciate the chance to address your concerns directly first – we are committed to resolving any issues in good faith.

Exercising Your Rights: You can exercise any of these rights by contacting us at office@alpacuna.com. Please state which right you wish to exercise and provide necessary identifying information so we can locate your data (we may need to verify your identity to ensure we don’t disclose data to the wrong person). Exercising your rights is free of charge. We will respond to your request without undue delay and in any event within one month of receipt, as required by GDPR. If your request is complex or we have received many requests, we may extend this period by up to two further months, but we will inform you within the first month if an extension is needed and why.

We will fulfill your request to the extent possible and let you know if any exemptions apply (for example, certain data may be exempt from erasure if needed for legal compliance). Our goal is to facilitate your full control over your personal data.

Data Security Measures

We take the security of your data very seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, loss, or alteration. Some of the key security practices we follow include:

  • Secure Hosting: As noted, your data is stored on servers in professional data centers in Germany. These facilities have robust physical security and cyber-security measures. Data on our servers is protected by firewalls and monitoring systems. Our hosting provider is fully GDPR compliant and employs high standards of security.
  • Encryption: All communication between your device and our service is encrypted using HTTPS/TLS. This means any data you send to us (or we send back to you) is encrypted in transit, preventing eavesdropping. You’ll see the padlock in your browser indicating a secure connection. We also encrypt sensitive data at rest in our databases where applicable (for example, password hashes are stored using one-way encryption, and any sensitive fields are encrypted or hashed).
  • Access Controls: Access to personal data in our system is restricted on a need-to-know basis. Matthias Popp (the controller) and a very limited number of IT administrators (if any) are the only persons who can directly access the database, and even then, they use secure authentication. Within the app, each user only has access to their own data (and shared herd data if you collaborate with others explicitly). Association officials or other users cannot see your personal details unless you’ve made them public or shared intentionally as part of the platform’s features.
  • Data Minimization: We only collect the data we truly need, which inherently reduces risk. (For example, since we don’t collect extraneous identifiers like national ID numbers or personal financial info, there’s less sensitive data to protect.)
  • Regular Updates and Patching: We keep our software, libraries, and server infrastructure up-to-date with security patches to protect against known vulnerabilities. Security updates are applied as soon as practicable.
  • Monitoring and Auditing: We monitor access to the systems for any unusual activity. Administrative access logs and critical actions are recorded. We also periodically review our security measures and access logs.
  • Backups: We perform regular backups of the database to ensure data can be recovered in case of hardware failure or other incidents. These backups are stored securely (and also kept within the EU). Backup data is subject to the same retention policies and is not kept indefinitely.
  • Employee/Contractor Confidentiality: If we involve any personnel in processing data (e.g., for technical support), they are bound by confidentiality agreements and trained on data protection best practices.

Despite all these measures, it’s important to acknowledge that no system can be 100% secure. We strive to protect your data using industry best practices, but we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by GDPR (Articles 33 and 34) and take all necessary steps to mitigate the issue.

We also recommend you play a role in security: use a strong, unique password for your ALPACUNA account, keep your login credentials confidential, and notify us immediately if you suspect any unauthorized access to your account.

Legal Compliance and Framework

Our data processing practices are firmly grounded in the GDPR and applicable European laws. In particular, we adhere to the principles of GDPR such as lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and accountability. Matthias Popp (as sole proprietor in Austria) is subject to Austrian national data protection law as well, which supplements the GDPR.

For full legal reference: this policy is governed by Regulation (EU) 2016/679 (General Data Protection Regulation), a law with EEA-wide reach that protects your personal data rights. We also comply with national laws like the Austrian Data Protection Act (Datenschutzgesetz) where relevant. If there is any conflict between this policy and the GDPR or applicable law, the law prevails and we will adjust our practices accordingly.

In case of any legal inquiries, please reference that ALPACUNA is an EU-based service provider under GDPR jurisdiction. We are happy to provide additional details if needed about our compliance measures or how we interpret specific provisions of law in our context.

Changes and Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, user feedback, or new legal obligations. If we make material changes (for example, if we start processing data for a new purpose or engage a new significant third-party processor), we will notify you in a timely manner. Notification may be done through the following methods, depending on the circumstance:

  • Email Notice: We may send a notice to the email address associated with your account explaining the changes.
  • In-App/Website Notice: We might post a prominent announcement on our website or within the ALPACUNA app (for example, a banner or notification) about the update.
  • Changelog: Minor updates will be reflected by changing the “Effective Date” at the top of the policy. We encourage you to periodically review this Privacy Policy to stay informed of how we are protecting your information.

When we update the policy, we will outline what’s different or new. If required by law, we will seek your consent for any new uses of data that weren’t covered by your initial consent or this policy (though currently we don’t rely on consent, as noted).

Your continued use of ALPACUNA Herds/Shows after a policy update signifies acceptance of the revised terms. However, if any change requires your explicit consent, we will not enforce those changes until we have obtained such consent from you.

If you have any questions or objections regarding changes to this Privacy Policy, please contact us. We will also maintain an archive of previous privacy policy versions upon request for transparency.

Thank you for reading our Privacy Policy. We hope this document clearly explains how we handle your personal data and your rights. We are committed to protecting your privacy while providing a valuable service to the alpaca breeding community. If anything remains unclear or you need further information, don’t hesitate to reach out at office@alpacuna.com.

Your trust is important to us, and we aim to keep your data safe, secure, and used only in ways that respect your rights and benefit the community.