GDPR privacy policy of My Allergy ID

Effective Date: 25th February 2019


My Allergy ID pledges to protect your personal information and privacy. We want you to feel confident that your data is used only provide the best possible experience with our service. This privacy policy covers the My Allergy ID app and the My Allergy ID administration area.

This Privacy Notice explains how we, as a data controller, collect, share and use the personal information that you provide and the information that is collected automatically. By using our app you confirm that you have read and give permission for My Allergy ID and our third party processors to use your information in the ways described in this notice.

GDPR Compliance

Our Privacy Policy complies with the current principles of GDPR and follows the six principles by which all personal data must be handled. These are:

  1. Lawfulness, fairness and transparency – all collection of personal data will obey with the law; there will be clear reasons why each piece of personal information is collected;
  2. Purpose Limitation – the data collected will only be used for the specified purpose
  3. Data Minimization – we will only process the data that is required for the service
  4. Accuracy – the personal data we hold will be accurate and complete
  5. Storage Limitation – we only hold your data for the length of time that is required
  6. Integrity and Confidentiality – we process your data securely

How My Allergy ID Collects Data

Data you provide to us

When creating an account/subscription with My Allergy ID you provide us with personal information so that:

  • Your interaction with the app is customised to suit your allergies
  • We can you send updates regarding our partnered businesses or any updates or changes to the app
  • If you forget your password you can reset it with ease
  • We can send you service messages about your account registration or subscription
  • We can verify your identify when you login to your account

Automatically Collected Data


We collect your location so that we can display the partnered businesses that are local to you

Legal Basis for Data Collection

My Allergy ID will only collect and process your personal data with your consent and in line with data protection laws in order for us to perform our contract to you. We will also collect your data if we have a legal obligation to do so, if vital interests (your life or someone else’s) depends on it or if we need to complete a public task as long as it is our legitimate business interests to do so.

When we ask for your consent we ask for permission to process the specified data but you maintain the right to withdraw your consent at any time. If you do withdraw your consent any processing of your data previous to your withdrawal will not be considered unlawful. To withdraw your consent you can contact our Data Protection Officer via…..

When we ask you to provide personal data to fulfil a legal requirement, we will provide our reasoning as to why this is required and it will be clear whether it is a mandatory field or not.

Please note that any data that is considered mandatory must be provided to ensure our service can provide you with the best possible experience and you may not be able to act under legal obligation with us. When a field is mandatory we will make clear the consequences of not providing that specific data.

Retention of Personal Data

According to the principle of ‘Storage Limitation’ we will only keep your data for as long as we need it for the purposes explained in the ‘How My Allergy ID Collects Data’ section above regarding our legitimate business interests. On the occasion that data is retained it will be kept anonymously in order to improve our service for future or existing customers.

If you deny permission for us to process certain elements of your personal data, including cancelling or refusing updates via email, we will keep record of this in order to continue to respect your decision.

When your personal information is no longer required we will destroy or permanently anonymise it securely. If this is not possible for example if it is stored in a back-up archive your data will be held securely and will be isolated from other data processing until erasure is possible.

Sharing your Personal Data

International Transfer of Data

Data Rights

The GDPR gives you eight rights over your personal data, these are:

The right to be informed – You must be provided with clear, transparent and understandable reasons behind our ‘privacy information’.

The right of access – You have the right to view your data at any time if we are processing it to check that we are following data protection laws. If you wish to request your data please contact our Data Protection Officer via…..

The right of rectification – You can request that inaccurate or incomplete data is modified however in certain circumstances your request can be denied

The right of erasure – Also known as the ‘right to be forgotten’, you can request that your personal data is deleted from our system

The right to restrict processing – You have the right to restrict us from using your personal data although when exercised we can still hold your data permitted that we don’t process it any further

The right to data portability – You can receive and obtain the data you have provided us with in an accessible format so that you can reuse it for personal purposes

The right to object – You may object to certain types processing or use of your personal data for direct marketing purposes or profiling

The right to lodge a complaint – You have the right to complain to a supervisory authority if you believe that we have failed to comply with any data protection laws

If you wish to exercise any of these rights feel free to contact us via ……

Changes to this Policy

This policy is subject to change at any time but the latest effective date will be highlighted at the top of the Privacy Notice. We will make you aware of changes to our policy via email when deemed appropriate. We encourage you to periodically review our Privacy Notice for current information on how we store and process your data.