3. Processing Activities in Applications

When you use our application, we process personal data. You are not legally required to provide this data, but without it, many features may not be available.

The following sections explain what data we process, for what purposes, for how long, and on what legal basis. You will also learn to whom we pass on your data. At the end of the privacy policy, you will also find information about our storage periods, general recipients, and algorithmic decision-making.

3.1 Web Application

Our web application is offered to business owners and web developers

3.1.1 Server Provision and Hosting

Purpose: The web application can be self-hosted or hosted in the cloud. If you choose our cloud, we collect and temporarily store certain data to ensure the operation, availability, stability and security of the application.

Categories of data: IP address, time and date of access, browser type and version, operating system. 

Legal basis: The legitimate interest in ensuring the technical functionality and security of our software (Art. 6 para. 1 lit. f) GDPR.

Storage period: Log data is deleted after 7 days.

3.1.2. Signing up and setting up a profile

Purpose: To register and onboard veterinary businesses, create accounts, and establish secure access for managing their practice‘s information and activities, thus allowing them to provide services through the platform. 

Categories of data: In particular, work email, business name, business type (veterinary business, breeding facility, pet sitter, groomer shop), registration number, address, specialised department, provided services, professional background (specialisation, qualification, medical license number), appointment duration (consultation mode, consultation fee, username)

Legal basis: Establishment of the user relationship, Art. 6 para. 1 lit. b) GDPR. By providing voluntary profile information, you consent to the processing of this data, Art. 6 para. 1 lit. a) GDPR.

Storage period: The data will generally be processed for as long as you maintain your account with us. After termination of the account, your data will be deleted unless the deletion of individual data or documents is prevented by statutory retention obligations.

3.1.3. General Use of the Application

Purpose: To allow businesses to use the application and all its core functions (such as creating appointments, adding prescriptions, generating bills, creating appointments), we process the information you enter, and data generated during use.

Categories of data: In particular, name, e-mail address, phone number, doctor’s name, prescription notes, billing details, payment information. 

Legal basis: The processing is necessary for the performance of the user contract (Art. 6 para. 1 lit. b) GDPR). In addition, we have a legitimate interest in pursuing the above-mentioned purposes (Art. 6 para. 1 lit. f) GDPR).

Storage period: We store the data as long as the user account is active. Data may be deleted upon account deletion unless legal retention applies.

3.1.4. Contacting Clients und Communications

Purpose: The application allows communication with clients and within teams. This can include sending messages, images and videos related to the pet’s condition, treatment, or general care questions.

Categories of data: Messages, attachments (photos, videos), pet-related context (e.g. symptoms, recent treatments), metadata (timestamps, sender/ recipient).

Legal basis: The processing is necessary for the performance of the user contract (Art. 6 para. 1 lit. b) GDPR). In addition, we have a legitimate interest in pursuing the above-mentioned purposes (Art. 6 para. 1 lit. f) GDPR).

Storage period: We store the data until the conversation or account is deleted unless the deletion of individual data or documents is prevented by statutory retention obligations

3.1.5. Payment

Business owners and developers can implement their preferred payment options and payment services directly in the web application. The payment is directly performed over these payment providers. DuneXploration does not process any personal data in connection with the payment.

3.2. Mobile Application 

3.2.1. Server Provision and Hosting

Purpose: The application is hosted on servers to be made technically available for users. For this purpose, we collect and temporarily store certain data to ensure the operation, availability, stability and security of the software. 

Categories of data: IP address, time and date of access, browser type and version, operating system. 

Legal basis: The legitimate interest in ensuring the technical functionality and security of our software (Art. 6 para. 1 lit. f) GDPR).

Storage period: Log data is deleted after 7 days.

3.2.2. Signing up and setting up a profile 

Purpose: To onboard new users (pet owners, breeders, groomers, and vet doctors) to the mobile application, enabling account creation, authentication, and access to platform features. 

Categories of data: In particular, name, e-mail address, phone number, address, type of user.

Legal basis: Establishment of the user relationship, Art. 6 para. 1 lit. b) GDPR. 

Storage period: The data will generally be processed for as long as you maintain your account with us. After termination of the account, your data will be deleted unless the deletion of individual data or documents is prevented by statutory retention obligations.

3.2.3. General Use of the Application

Purpose: To allow users to use the application and all its core functions (such as creating pet profiles, managing daily care tasks, recording notes of health data, adding vaccination record, creating exercise plans etc), we process the information you enter and data generated during use.

Categories of data: In particular, name, e-mail address, phone number, type and content of enquiry, message. 

Legal basis: The processing is necessary for the performance of the user contract (Art. 6 para. 1 lit. b) GDPR). In addition, we have a legitimate interest in pursuing the above-mentioned purposes (Art. 6 para. 1 lit. f) GDPR).

Storage period: We store the data as long as the user account is active. Data may be deleted upon account deletion unless legal retention applies.

3.2.4. Booking Appointments

Purpose: To enable pet owners to book appointments with veterinarians through the Yosemite Crew mobile application.

Categories of data: Name, e-mail address, telephone number, booking details and, if applicable, desired appointment reminders or additional comments on your booking. The data marked as mandatory fields must be provided in order to make a booking. 

Legal basis: The processing is necessary for the performance of the user contract (Art. 6 para. 1 lit. b) GDPR). In addition, we have a legitimate interest in pursuing the above-mentioned purposes (Art. 6 para. 1 lit. f) GDPR).

Storage period: The data collected as part of the booking will be deleted after the expiry of the applicable statutory retention obligations (6 years according to HGB, 10 years according to AO).

3.2.5. Contacting Veterinarians und Communications

Purpose: To enable meaningful communication between pet owners and veterinary professionals the user can contact veterinarians directly through the application. This can include sending messages, images and videos related to the pet’s condition, treatment, or general care questions. If you contact the veterinarian, your data will be processed to the extent necessary for the veterinarian to answer your inquiry and for any follow-up measures.

Categories of data: Messages, attachments (photos, videos), pet-related context (e.g. symptoms, recent treatments), metadata (timestamps, sender/ recipient).

Legal basis: The processing is necessary for the performance of the user contract (Art. 6 para. 1 lit. b) GDPR). In addition, we have a legitimate interest in pursuing the above-mentioned purposes (Art. 6 para. 1 lit. f) GDPR).

Storage period: We store the data until the conversation or account is deleted unless the deletion of individual data or documents is prevented by statutory retention obligations.

3.2.6. Review and Ratings

Purpose: Users can provide feedback on services received from pet service providers to help other users to make their decision and enhance user friendliness.

Categories of data: Rating (in the form of starts), review text, name, timestamp.

Legal basis: Voluntary consent to publish review (Art. 6 para 1 lit. a GDPR).

Storage period: We store the data until the review is manually removed by the user or deleted due to inactivity or policy violations.  

3.2.7. Payment

Users can pay assessment fees directly or receive invoices for treatments via the app. When payment is made through the app, the transaction is directly performed by the pet service providers own payment services. We will not process any payment data in connection with the payment process.

3.2.8. Pet Medical Records and Health Features

Purpose: To enable users to record, track and share their pet's medical and health information, such as medical conditions, medications, vaccination status and observations (e.g. water intake or pain levels), users can add information to their profile. This allows for better monitoring and communication with veterinary care providers.

Categories of data: Pet's medical records (vaccinations, prescriptions, diagnoses), daily health logs, notes on behaviour or pain, exercise schedules, reminders, task lists.

Legal basis: The legitimate interest in pursuing the aforementioned purposes (Art. 6 para. 1 lit. f. GDPR).

Storage period: As long as the pet profile exists and data is not manually deleted. Full deletion occurs with account removal or upon user request.

3.2.9. Contacting Us

Purpose: Users can contact us through the application by sending us a message. Users can submit a general enquiry, feature request or a data subject access request. When you contact us at, your data will be processed to the extent necessary to answer your enquiry and for any follow-up measures.

Categories of data: Inventory data (e.g., names, addresses), contact details, content data, metadata (timestamps, sender/ recipient).

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR); legitimate interests (Art. 6 para. 1 lit. f. GDPR) in the processing of communication.

Storage period: The data will generally be processed for as long as it is necessary to process the inquiry.

4. Presence on social media

We have profiles on social networks. Our social media accounts complement our PMS and offer you the opportunity to interact with us. As soon as you access our social media profiles on social networks, the terms and conditions and data processing guidelines of the respective operators apply. The data collected about you when you use the services is processed by the networks and may also be transferred to countries outside the European Union where there is no adequate level of protection for the processing of personal data. We have no influence on data processing in social networks, as we are users of the network just like you.  Information on this and on what data is processed by the social networks and for what purposes the data is used can be found in the privacy policy of the respective network listed below. We use the following social networks:

4.1. LinkedIn

Our website can be accessed at: https://de.linkedin.com/company/yosemitecrew

The network is operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Privacy policy of the network: www.linkedin.com/legal/privacy-policy

4.2. Tik-Tok

Our website can be accessed at: https://www.tiktok.com/@yosemitecrew

The network is operated by: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

Privacy policy of the network: https://www.tiktok.com/legal/page/eea/privacy-policy/de

4.3. Instagram

Our website can be accessed at: https://www.instagram.com/yosemite_crew

The network is operated by: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Privacy policy of the network: https://privacycenter.instagram.com/

4.4. X.com

Our website can be accessed at: https://x.com/yosemitecrew

The network is operated by: X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

Privacy policy of the network: https://x.com/de/privacy

4.5. Discord

Our website can be accessed at: https://discord.gg/YVzMa9j7BK

The network is operated by: Discord Netherlands BV, Schiphol Boulevard 195, 1118 BG Schiphol, Netherlands.

Privacy policy of the network: https://discord.com/privacy

4.6. GitHub

Our website can be accessed at: https://github.com/YosemiteCrew/Yosemite-Crew

The network is operated by: GitHub B.V Prins Bernhardplein 200, Amsterdam 1097JB, Netherlands.

Privacy policy of the network: https://docs.github.com/de/site-policy/privacy-policies/github-general-privacy-statement

4.7. Joint responsibility

Purposes: We process personal data as our own controller when you send us inquiries via social media profiles. We process this data to respond to your inquiries.

In addition, we are jointly responsible with the following networks for the following processing (Art. 26 GDPR). When you visit our profile on LinkedIn and Instagram, Tik-Tok, X.com, Discord, Github the network collects aggregated statistics (“Insights data”) created from certain events logged by their servers when you interact with our profiles and the content associated with them. We receive these aggregated and anonymous statistics from the network about the use of our profile. We are generally unable to associate the data with specific users. To a certain extent, we can determine the criteria according to which the network compiles these statistics for us. We use these statistics to make our profiles more interesting and informative for you.

For more information about this data processing by LinkedIn, please refer to the joint controller agreement at: https://legal.linkedin.com/pages-joint-controller-addendum

Further information on this data processing by Instagram can be found in the joint controller agreement at: https://www.facebook.com/legal/terms/information_about_page_insights_data

Further information on this data processing by TikTok can be found in the joint controller agreement at: https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en

Further information on this data processing by X.com can be found in the joint controller agreement at: https://gdpr.x.com/en/controller-to-controller-transfers.html

Further information on this data processing by Discord can be found in the joint controller agreement at: https://discord.com/terms/local-laws

Further information on this data processing by Github can be found in the joint controller agreement at: https://github.com/customer-terms/github-data-protection-agreement

Legal basis: Processing is carried out on the basis of our legitimate interest (Art. 6 (1) (f) GDPR). The interest lies in the respective purpose.

Storage period: We do not store any personal data ourselves within the scope of joint responsibility. With regard to contact requests outside the network, the above information on establishing contact applies accordingly.

8. What rights do you have with regard to the personal data you provide to us?

You have the following rights, provided that the legal requirements are met. To exercise these rights, you can contact using the following address: security@yosemitecrew.com .

Art. 15 GDPR – Right of access by the data subject:

You have the right to obtain confirmation from us as to whether personal data concerning you are being processed and, if so, which data are being processed and the circumstances surrounding the processing.

Art. 16 GDPR – Right to rectification:

You have the right to request that we immediately correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

Art. 17 GDPR – Right to erasure:

You have the right to request that we erase personal data concerning you without undue delay.

Art. 18 GDPR – Right to restriction of processing:

You have the right to request that we restrict processing.

Art. 20 GDPR – Right to data portability:

In the event of processing based on consent or for the performance of a contract, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us or to have the data transmitted directly to the other controller, where technically feasible.

Art. 77 GDPR in conjunction with § 19 BDSG – Right to lodge a complaint with a supervisory authority:

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable law.