Effective Date: 25th February 2019
This Privacy Notice explains how we, as a data controller, collect, share and use the personal information that you provide and the information that is collected automatically. By using our app you confirm that you have read and give permission for My Allergy ID and our third party processors to use your information in the ways described in this notice.
- Lawfulness, fairness and transparency – all collection of personal data will obey with the law; there will be clear reasons why each piece of personal information is collected;
- Purpose Limitation – the data collected will only be used for the specified purpose
- Data Minimization – we will only process the data that is required for the service
- Accuracy – the personal data we hold will be accurate and complete
- Storage Limitation – we only hold your data for the length of time that is required
- Integrity and Confidentiality – we process your data securely
How My Allergy ID Collects Data
Data you provide to us
When creating an account/subscription with My Allergy ID you provide us with personal information so that:
- Your interaction with the app is customised to suit your allergies
- We can you send updates regarding our partnered businesses or any updates or changes to the app
- If you forget your password you can reset it with ease
- We can send you service messages about your account registration or subscription
- We can verify your identify when you login to your account
Automatically Collected Data
We collect your location so that we can display the partnered businesses that are local to you
Legal Basis for Data Collection
My Allergy ID will only collect and process your personal data with your consent and in line with data protection laws in order for us to perform our contract to you. We will also collect your data if we have a legal obligation to do so, if vital interests (your life or someone else’s) depends on it or if we need to complete a public task as long as it is our legitimate business interests to do so.
When we ask for your consent we ask for permission to process the specified data but you maintain the right to withdraw your consent at any time. If you do withdraw your consent any processing of your data previous to your withdrawal will not be considered unlawful. To withdraw your consent you can contact our Data Protection Officer via…..
When we ask you to provide personal data to fulfil a legal requirement, we will provide our reasoning as to why this is required and it will be clear whether it is a mandatory field or not.
Please note that any data that is considered mandatory must be provided to ensure our service can provide you with the best possible experience and you may not be able to act under legal obligation with us. When a field is mandatory we will make clear the consequences of not providing that specific data.
Retention of Personal Data
According to the principle of ‘Storage Limitation’ we will only keep your data for as long as we need it for the purposes explained in the ‘How My Allergy ID Collects Data’ section above regarding our legitimate business interests. On the occasion that data is retained it will be kept anonymously in order to improve our service for future or existing customers.
If you deny permission for us to process certain elements of your personal data, including cancelling or refusing updates via email, we will keep record of this in order to continue to respect your decision.
When your personal information is no longer required we will destroy or permanently anonymise it securely. If this is not possible for example if it is stored in a back-up archive your data will be held securely and will be isolated from other data processing until erasure is possible.
Sharing your Personal Data
International Transfer of Data
The GDPR gives you eight rights over your personal data, these are:
The right to be informed – You must be provided with clear, transparent and understandable reasons behind our ‘privacy information’.
The right of access – You have the right to view your data at any time if we are processing it to check that we are following data protection laws. If you wish to request your data please contact our Data Protection Officer via…..
The right of rectification – You can request that inaccurate or incomplete data is modified however in certain circumstances your request can be denied
The right of erasure – Also known as the ‘right to be forgotten’, you can request that your personal data is deleted from our system
The right to restrict processing – You have the right to restrict us from using your personal data although when exercised we can still hold your data permitted that we don’t process it any further
The right to data portability – You can receive and obtain the data you have provided us with in an accessible format so that you can reuse it for personal purposes
The right to object – You may object to certain types processing or use of your personal data for direct marketing purposes or profiling
The right to lodge a complaint – You have the right to complain to a supervisory authority if you believe that we have failed to comply with any data protection laws
If you wish to exercise any of these rights feel free to contact us via ……
Changes to this Policy
This policy is subject to change at any time but the latest
effective date will be highlighted at the top of the Privacy Notice. We will make
you aware of changes to our policy via email when deemed appropriate.
encourage you to periodically review our Privacy Notice for current information
on how we store and process your data.