PRIVACY AND COOKIES POLICY
The Allergy Team Ltd (“We”, “Us”) is committed to protecting and respecting your privacy. This Privacy and Cookies Policy (“Policy”) (together with and any other documents referred to therein) sets out the basis on which the personal data collected from you, or that you provide to Us will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.
For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018, (collectively the “Data Protection Laws”) the Data Controller is The Allergy Team Ltd.
YOUR PERSONAL INFORMATION
Information we collect from you
We collect and process some or all of the following types of information from you in the course of your use of our website and associated content.
- Information that you provide by signing up to our newsletter, filling in forms on the website, filling in forms as part of the registration process. This includes information provided at the time of registering to use the Website, subscribing to our service or requesting further information or services. We may also ask you for information when you report a problem with the Website or sign up to join a Webinar, group chat, online Q&A session or similar.
- Specifically, personal details such as name, email address, address or locality, date of birth, child’s age and you/your child’s type of allergy or any information input by when using the Website, completing our survey forms, using our Services.
- If you contact Us, We may keep a record of that correspondence.
- We may also ask you to complete surveys that We use for research purposes, although you do not have to respond to them.
- Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.
We need to collect your name, email address, address or locality, date of birth and/or that of your child(ren), and the allergies that you are interested in to enable Us to subscribe you to or unsubscribe you from our site and personalise your experience of our services. We will inform you at the point of collecting information from you, whether you are required to provide the information to Us.
Where you have provided information about a third party, including any child(ren) for whom you are responsible, you must ensure that they have consented to the use of their personal data, or that you have the right to consent to the use of their personal data on their behalf. This privacy notice applies to all such third party data and references to “your personal data” should be interpreted as references also to all such third party data.
Information We Collect From Other Sources
We may also obtain personal data from healthcare and medical professionals who refer you to us.
USES MADE OF YOUR INFORMATION
Lawful basis for, and purposes of, processing
We rely on the legal bases of “consent”, “performance of a contract with you” and “legitimate interest” to process your personal information in connection with our services. More information is provided below.
We use information held about you in the following ways:
- To provide you with our services, to allow you to participate in interactive features of our service (when you choose to do so) and to carry out our obligations arising from any contracts entered into between you and Us. In these cases, we use your data for the performance of a contract with you.
- To notify you about changes to our service. We have a legitimate interest in using your personal data in this way.
- To ensure that content on the Website is presented in the most effective manner for you and for the device(s) you use to access and view the Website. We have a legitimate interest in using your personal data in this way.
- To provide you with information and offers that you request from Us or which We feel may interest you. We will obtain your consent before providing such information to you.
- To develop training and resources for health professionals and carers. We will obtain your consent before using your information in this way, unless your information is entirely anonymised and aggregated with other data so that you cannot be identified.
We may use anonymised and aggregated data for any purposes without your consent, provided that such data could not be used to identify you or any other individual.
In addition to the above uses, we may use your information and, where you have consented, permit selected third parties to use your information, to notify you about goods or services which may be of interest to you. Where We do this, We will contact you by electronic means (e-mail or SMS) only if you have consented to such communication. If you do not want Us to use your data in this way please either (i) tick the relevant box on the form on which We collect your data (for example, the registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform Us at any time by contacting Us at the contact details set out below.
Automated decision making/profiling
We may use your personal data to help us identify which information may be of most interest to you and to bring to your attention other information of relevance. We may carry out automated processes for this purpose, however, if you would prefer that we do not use your personal data in this way please just let us know using the contact details set out below.
DISCLOSURE OF YOUR INFORMATION
We routinely disclose your personal data to third parties as follows:
- We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to host our servers, to host our email).
- Where you have requested that information be passed to a separate website or service provider, for example where we link to your chosen online supermarket to add recipe items to your shopping basket at your request.
We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).
We may also disclose your personal data to third parties:
- in the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets;
- if We or substantially all of our assets are acquired by a third party, in which case personal data held by Us about our customers will be one of the transferred assets;
- if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any terms and conditions for use of our website, or other agreements;
- where we believe that it is necessary to protect the vital interests of you or another person;
- for the prevention or detection of fraud or any other criminal activity;
- to protect Our rights, property, or safety or that of our affiliated entities and our users and any third party We interact with them to provide the Website; or
- in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain goods or services, which may be of interest to you.
Other than as set out above, and save insofar as is necessary in order for Us to carry out our obligations arising from any contracts entered into between you and Us, We will not share your data with third parties unless We have procured your express consent to do so.
Where you have provided information to or via a third party (e.g. by sending your “shopping basket” to an online store, or where you have completed a survey hosted by Survey Monkey), your information will also be held by the third party. These third parties are separate data controllers of your personal information, and you should refer to their Privacy Notices for details of how they will use your personal data.
STORING YOUR PERSONAL DATA
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Where We process payment transactions, these will be encrypted using good industry practice. Where We have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
Keeping your personal data up to date
If your personal details change you may update them by contacting Us using the contact details at the end of this Privacy Notice. If you have any questions about how We use data collected which relates to you, please Contact Us using the contact details at the end of this Privacy Notice.
We will endeavour to update your personal data within 14 working days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible.
How long we keep your personal data
- Where you register as a user of our Website and/or provide any personal data for inclusion in your user profile, We will hold all information about you, and any third party whose information you have provided to us through your registration, throughout the period for which you are registered as a user of our website and for six (6) years after you cease being a registered user.
- In all other circumstances, We will hold all personal data for no longer than necessary for the purposes for which it was collected.
Where we store your personal data
All information We hold about you is stored on our secure servers within the United Kingdom or European Economic Area (“EEA”) or with our services providers, who may store and process your personal data worldwide.
The data that We collect from you may, therefore, be transferred to, and stored at, a destination outside the United Kingdom or European Economic Area (“EEA”) Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal data will only be carried out where appropriate safeguards have been put in place (as permitted under Article 46(5) of the General Data Protection Regulation). To obtain further information about how we protect your data, please contact us as set out below.
Under the General Data Protection Regulation, you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal data and to certain other supplementary information that this Policy is already designed to address
- require Us to correct any mistakes in your information which We hold
- require the erasure of personal data concerning you in certain situations
- receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal data concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal data
- otherwise restrict our processing of your personal data in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to Us
- let Us have enough information to identify you (eg account number, user name, registration details)
- let Us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let Us know the information to which your request relates including any account or reference numbers, if you have them.
HOW TO COMPLAIN
We hope that We can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
We may collect information about your mobile phone, computer or other devices from which you access the Website including where available your IP address, operating system and browser type, for systems administration and to report aggregate information to third parties affiliates. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data We have about you in order to track your usage of our services.
A cookie is a small file of letters and numbers that We store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
The cookies We use include:
- “Strictly necessary” cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services. These cookies will be set whether you have consented or not, as our services cannot be provided without them.
- “Analytical” They allow Us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps Us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
- “Functionality” cookies. These are used to recognise you when you return to our Website. This enables Us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- “Targeting” cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed to our affiliates’ websites. We will use this information to make our Website, offers e-mailed to you and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Analytical, Functionality and Targeting cookies will only be set with your consent.
All questions, comments and requests regarding this Privacy and Cookies Policy should be addressed to firstname.lastname@example.org write to Us at Sedulo, Office 302 Coppergate House, Whites Row, London, United Kingdom, E1 7NF.