top of page

Privacy Policy

Last Updated: April 22th, 2025


​AllergyRhino Limited ("we," "our," or "us") is committed to protecting your privacy and ensuring our practices comply with both the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the European Union’s General Data Protection Regulation (GDPR). This Notice describes how we collect, use, and safeguard your personal data—including protected health information (PHI) and any special category data—as well as your rights regarding that information.

1. Personal Data We Collect

We may collect various types of personal data, including but not limited to:

  • Identification Data: Your full name, contact details (email, phone, address), and unique patient or customer identifiers.

  • Health-Related Data (Special Category Data): Protected health information (PHI) related to your treatment, including diagnoses, treatment information, and other health records.

  • Usage Data: Information regarding your interactions with our website or telehealth platforms (e.g., IP address, cookies, device identifiers).

  • Other Relevant Data: Any other details you provide to us (e.g., when you contact us for support or request appointment details).

2. Legal Basis for Processing Personal Data

Under the GDPR, we process your personal data only on one or more of the following legal bases:

  • Consent: When you have given explicit consent for specific processing activities.

  • Contractual Necessity: When processing is necessary for the performance of a contract between you and AllergyRhino Limited (e.g., to provide healthcare or telehealth services).

  • Legal Obligation: When required by applicable law (including HIPAA, when applicable).

  • Legitimate Interests: When processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.
    Note: For special category data such as health information, additional safeguards (such as explicit consent or another specified basis under Article 9 of GDPR) are applied.

3. How We Use, Store, and Protect Your Personal Data

4. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you, in paper or electronic form.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure: Request that we erase your personal data, subject to applicable exemptions.

  • Right to Restrict Processing: Ask us to limit how your data is processed in certain circumstances.

  • Right to Data Portability: Request to receive your data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another controller.

  • Right to Object: Object to certain types of data processing where our legitimate interests are relied upon.

  • Right to Lodge a Complaint: If you believe your rights have been infringed, you may lodge a complaint with your local supervisory authority.

  • Right to ask for account deletion: Send us a request to delete your account at info@allergyrhino.com

To exercise any of these rights, or for further inquiries, please contact us as indicated in Section 7 below.

5. Third-Party Sharing

We may share your personal data with trusted third parties in the following circumstances:

  • Healthcare Providers & Business Associates: To support treatment, payment, and healthcare operations (in line with HIPAA and GDPR requirements). All business associates and contractors (e.g., cloud storage and analytics providers) are bound by agreements ensuring your data is handled securely and lawfully.

  • Legal and Regulatory Authorities: When required by law or to protect public health and safety.

  • Service Providers: To support our operational needs, marketing, and administrative functions. These third parties are carefully selected and contractually obligated to process your data in compliance with GDPR standards.

Where applicable, we will inform you of any international data transfers and the safeguards (such as Standard Contractual Clauses or Privacy Shield frameworks) in place to protect your data.

6. International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure that adequate safeguards are in place to protect your data. These safeguards may include:

  • Standard Contractual Clauses (SCCs)

  • Other approved transfer mechanisms compliant with GDPR

7. Data Protection Officer (DPO) and Contact Information

For any questions or concerns about how we process your personal data, or to exercise your rights, please contact our Data Protection Officer:

For any additional inquiries about our data protection practices or regarding this policy, you may also contact us at:

9. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page along with a revised "Last Updated" date. We recommend reviewing our privacy policy regularly to stay informed about how we protect and use your personal data.

8. Ecommerce and Customer Purchase Data

If you make a purchase through our website, we collect and process personal data necessary to fulfil your order. This may include your name, contact details, delivery address, payment method (processed securely by third-party providers), and details of the product(s) you have ordered.
 

This data is used for the following purposes:

  • Processing and dispatching your order

  • Providing order confirmations and updates via email

  • Maintaining records for legal, tax, and regulatory compliance

  • Responding to any post-purchase inquiries or service issues
     

We currently only ship products to addresses within the United Kingdom. By placing an order, you confirm that your delivery address is located within the UK.
 

Refund Policy:

Please note that we do not accept returns or issue refunds for our allergy testing kit, as clearly stated on our product page. If you believe your item is defective or you experience a service-related issue, please contact us directly at info@allergyrhino.com so we can review your case.

All payment data is handled by our secure third-party payment providers. We do not store your card details on our servers.

Use of Personal Data
We use your data for:

  • Treatment and Healthcare Operations: Providing, coordinating, and managing your healthcare services.

  • Payment and Financial Administration: To facilitate billing and payment for our services.

  • Operational Purposes: For quality assessment, training, auditing, licensing, and other internal operations.

  • Legal and Regulatory Compliance: To meet our legal obligations and to protect public health and safety.

  • Communications: To respond to your inquiries, provide updates, and facilitate any requested services or support.
     

Data Storage and Retention

  • Storage: Your personal data is stored on secure servers with access controls. Where applicable, backup and encryption procedures are in place.

  • Retention Period: We retain your data for as long as necessary to fulfil the purposes outlined herein, comply with legal obligations, and resolve disputes. Specific retention periods may vary by the type of data and applicable law.


Data Protection
We implement appropriate technical and organizational measures to safeguard your data against unauthorized access, loss, or disclosure. These measures include encryption, access controls, and regular security assessments.

bottom of page