Privacy notice
How Erin Health Ltd collects, uses, shares and otherwise processes your personal data in connection with your use of the Erin Health App and Resources.
Last updated · 14 December 2025
1. Important information about Erin Health and this privacy notice
We are Erin Health Ltd (“Erin Health”, “we” or “us”), a company registered in England and Wales with company no. 16589696 and registered office at 32 Crieff Road, London, England, SW18 2EA. Erin Health is the controller and is responsible for your personal data.
Please read this privacy notice carefully, because it describes how we will collect, use, share and otherwise process your personal data in connection with your use of: (i) the Erin Health mobile application software (the “App”); and (ii) the functions, digital content, resources and services provided through the App (which, together with the App itself, are referred to below as the “Resources”). This privacy notice was last modified on 14 December 2025.
The Resources are not intended for those under 18. We do not knowingly collect data relating to children.
2. How to contact us
We have appointed a data protection officer (“DPO”). If you have any questions about this privacy notice, please contact our DPO using the following details: admin@erin.health, 0457416254, 32 Crieff Road, London, SW18 2EA.
You also have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK regulator for data protection issues.
3. Changes to the privacy notice and your duty to inform us of changes
We keep this privacy notice under regular review. It may change and, if it does, those changes will be posted on this page and notified to you when you next start the Resources or log onto your account. The new notice may be displayed on-screen, or you may be required to read and acknowledge the changes to continue your use of the Resources.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. Please visit the ‘My Profile’ section of your account on the App (the “Account”) to update your details.
4. The data we collect about you
We collect, use, store and transfer different kinds of personal data about you. To make it easier for you to use this privacy notice, we group these into the categories set out below. Each of these categories is described in more detail in section 16.
- Identity Data.
- Contact Data.
- Profile Data.
- Health Data.
- Device Data.
- Content Data.
- Usage Data.
- Security Data.
- Cookies Data.
- Marketing and Communications Data.
- Location Data.
- Connected Data.
- Feedback Data.
- Personalisation Data.
5. How your personal data is collected
We collect your personal data in the following ways:
- Registration. We collect your Identity Data and Contact Data when you register your Account with us.
- Communications. When you communicate with us via email, telephone, one of our online forms or chat we collect your Contact Data. If the communication relates to an error or problem you are having with the Resources, we will also collect Usage Data for diagnosis and improvement.
- Information you generate when using our Resources. Each time you access and use our Resources we collect Content, Device, Cookies, Personalisation and Usage Data. We collect Content Data where you interact with the content available on the Resources. We collect Device, Cookies, Personalisation and Usage Data using cookies and other similar technologies.
- Information we collect through monitoring the use of our Resources. Each time you access and use our Resources we collect information about that access and use, being Device, Content, Cookies, and Usage Data.
- Additional information we otherwise collect through our Resources, where we have your consent to do so. Where you provide your consent, we collect your Location Data on an ongoing basis while you have the Resources installed on your device.
- Direct Marketing. We collect and record Direct Marketing Data when we add you to our marketing database, you request to change your direct marketing preferences, or you interact with our direct marketing communications.
- Information we receive from third parties. We receive Device and Cookies Data from analytics providers (Google Analytics, based in London); and Contact, Financial and Transaction Data from providers of technical, payment and delivery services (Stripe, based inside the UK).
- Unique application numbers. When you want to install or uninstall a service containing a unique application number or when such a service searches for automatic updates, that number and information about your installation, for example the type of operating system, may be sent to us.
6. Cookies
We use cookies (small files placed on your device) and other tracking technologies on the Resources and in our direct marketing emails to improve your experience and our development of the Resources. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see the Cookie Notice in section 17.
7. How we use your personal data
We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:
- Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by accessing the ‘My Profile’ section of your Account, or contacting us (see “Your legal rights” below).
- Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.
- Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
- Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you.
Delivery and improvement of our App
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| To permit you to install the App and register you as a new App or web user | Identity; Contact; Device | Performance of a contract |
| To take steps towards providing you with services at your request, to process and fulfil in-App orders/purchases and deliver services to you, including managing payments and sending you service communications | Identity; Contact; Transaction; Device; Financial | Performance of a contract |
| To provide you with your membership or subscription benefits, fulfil your purchase or redemption of gift cards | Identity; Contact; Transaction; Device | Performance of a contract |
| Enforce our terms and conditions, including to collect money owed to us | Identity | Legitimate interests (to recover debts due to us) |
Account management and profiling
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| Combining the information we collect about you into a single customer account profile | Contact; Direct marketing | Legitimate interests (to publicise and grow our business) |
Direct marketing
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| To send you direct marketing communications via email, telephone, text and/or push notification. | Contact; Device; Direct Marketing | Consent. Unless we can rely on the soft opt-in and you have not opted out, in which case we rely on Legitimate Interest (to publicise and grow our business). |
Troubleshooting, improvement and security
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| To administer, monitor and improve our business and the App including troubleshooting, data analysis and system testing | Identity; Contact; Device | Legitimate interests (for running our business, provision of administration and IT services, network security, maintaining the security of the App, providing a secure service to users and preventing fraudulent and other misuse of the App) |
| Applying security measures to our processing of your personal data, including processing in connection with the App | All personal data under this privacy notice | Legal obligation (applying appropriate technical and organisational measures) |
| Otherwise monitoring use of the App and deploying appropriate security measures | Contact; Security; Transaction | Legitimate interests (running our business, provision of administration and IT services, network security, maintaining the security of our App and services, providing a secure service to users and preventing fraudulent and other misuse of our App) |
Rights and obligations
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| To comply with our other legal obligations, including compliance with tax legislation, judicial, law enforcement and government authorities' requests. | All personal data under this privacy notice | Legal obligation |
Cookies and personalisation
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| To deploy and process personal data collected via Cookies that are strictly necessary, as set out in the Cookie Notice | Cookies | Legitimate interests (delivering and securing our Resources) |
| To deploy and process personal data collected via Cookies that are not strictly necessary, as set out in the Cookie Notice | Cookies | Consent |
| To deliver (personalised) advertisements to you | Personalisation | Consent |
Other communications
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| To notify you of changes to the App, the Resources, your purchases and our terms and conditions for ongoing contracts | Contact | For ongoing or prospective contracts, Performance of a contract. Otherwise, Legitimate interests (in servicing our users and prospective users). |
| To notify you of updates to this privacy notice | Contact; Transaction | Legal obligation (to inform you of our processing under Articles 13 and 14 of the UK GDPR) |
| To respond to your requests to exercise your rights under this notice | As relevant to your request | Legal obligation (complying with data subject requests under Chapter 3 of the UK GDPR) |
| To ask you to complete a survey and process your response | Contact | Legitimate interests (to analyse how users use our Resources and to develop them and grow our business). Unless you have previously opted out, where we will rely on Consent. |
| To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary | As relevant to your enquiry or request | Legitimate interests (service our users and prospective users) |
Personal data sharing
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| Share personal data with our third-party providers for purposes not otherwise set out above (see “Disclosures of your personal data”) | Contact | Legitimate interests (for the purpose relevant to the recipient, as set out at “Disclosures of your personal data”) |
Business contacts
| Purpose or activity | Type of personal data | Lawful basis for processing |
|---|---|---|
| Process personal data relating to staff members of our business contacts, including suppliers, customers and prospects | Contact | Legitimate interests (servicing and receiving products or services, to or from our business contacts and carrying out our B2B business) |
8. Automated decision making and profiling
We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).
9. Criminal offence data
We do not intentionally collect criminal offence data about you.
10. Special categories of personal data
We process the following special categories of personal data about you.
| Purpose or activity | Type of personal data | Lawful basis for processing | Processing condition |
|---|---|---|---|
| To take steps towards providing you with services at your request, to process and deliver services to you, including recommending and personalising your service provisions | Health | Consent | Explicit consent |
11. Disclosures of your personal data
We may share your personal data with the following third parties:
- Your App Store provider and mobile network operator to allow you to install the Resources.
- Service providers (acting as processors) based in the UK, Denmark and Sweden who provide IT and system administration services, hosting services for our Resources, delivery and logistics services, payment processing, fraud and identity verification providers, customer service support, email delivery and administration, and data storage and analysis.
- Our professional advisors (acting as controllers) based in the UK, Germany and Denmark including lawyers, auditors, insurers and consultants who provide legal, accounting, insurance and healthcare related services.
- Your service providers that you have appointed and we need to contact to fulfil your requests, such as your banking or payment card provider to process your transactions.
- Marketing and promotional partners and co-operatives (acting as processors, controllers or joint controllers) based in the UK with whom we share data to enhance our offerings and identify prospective customers.
- Third party partners where you have expressly subscribed to receive marketing from or with them.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets, or whom we may seek to acquire or merge with. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties (acting as controllers) based in the UK where necessary to exercise our rights or comply with a legal obligation.
12. International transfers
We do not transfer your personal data outside the UK.
13. Data security
All information you provide to us is stored on our secure servers and located in the UK. Any payment transactions carried out by us or our chosen third-party provider of payment processing services (Stripe Payments UK Limited) will be encrypted using 256-bit Advanced Encryption Standard (AES-256) for data at rest and TLS for data in transit. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Resources, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorised use or access, including tokenisation and isolated infrastructure. We will collect and store personal data on your device using application data caches and browser web storage (including HTML5) and other technology.
Certain Resources include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.
We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.
14. Data retention
Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request by contacting us.
By law we have to keep basic information about our customers (including Contact, Identity, Security and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see “Your legal rights” below for further information. Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you do not use the Resources for a period of six years then we will treat the account as expired and will delete your personal data.
15. Your legal rights
You have the following rights under data protection laws in relation to your personal data. You can exercise any of these rights at any time by contacting us at admin@erin.health.
- Access. Request access to and/or a copy of the personal data we process about you (commonly known as a data subject access request). This enables you to check that we are lawfully processing it.
- Correction. Request correction of any incomplete or inaccurate data we hold about you. We may need to verify the accuracy of the new data you provide to us.
- Deletion. Request us to delete or remove personal data where there is no good reason for us continuing to process it, where you have successfully exercised your right to object, where we have processed your information unlawfully, or where we need to erase it to comply with law. In some cases we may need to retain some of your personal data where required by law.
- Objection. Object to us processing your personal data where we are relying on legitimate interests and you feel the processing impacts your fundamental rights and freedoms, or where the processing is for direct marketing purposes.
- Restriction. Request that we restrict or suspend our processing of your personal data in certain circumstances — for example to establish the data's accuracy, where our use is unlawful but you do not want it erased, where we no longer need it but you need it for legal claims, or while we verify overriding legitimate grounds.
- Data portability. Request we transfer certain of your personal data to you or your chosen third party in a structured, commonly used, machine-readable format. This right only applies to information processed by automated means on the lawful bases of consent or performance of a contract.
- Withdraw consent. Withdraw your consent at any time where we are relying on consent to process your personal data. This does not affect the lawfulness of any processing carried out before you withdraw your consent.
- Complain to the UK data protection regulator. If you are unhappy with how we process your personal data, please contact us first so that we have the chance to put it right. You also have the right to make a complaint to the ICO at any time.
16. Description of categories of personal data
- Identity Data: first name, last name, title, date of birth and Profile Data.
- Contact Data: first name, last name, email address and telephone numbers, your communication preferences and copies of the communications between you and us.
- Profile Data: your email address, username and password.
- Health Data: personal data related to your physical or mental health, including the provision of health care services, which reveal information about your health status.
- Transaction Data: billing and delivery addresses, payment card details, history of your payments, purchases, deliveries, returns and refunds and the applicable terms and conditions of your purchases.
- Device Data: the type of device you use, your unique device identifier, mobile network information, your mobile operating system, the type of mobile browser you use, IP address, and time zone setting.
- Content Data: information that you store or generate in the Resources, being associated metadata, check-ins, posts and messages.
- Usage Data: logs and detail of your use of our Resources, being the dates and times on which you download, access and update the Resources, any error or debugging information, the resources that you access and the actions we and you take in relation to them, and Cookies Data.
- Security Data: information we collect about your use of the Resources and our Sites in order to ensure your and our other users' safety and security, being Usage Data, the Cookies Data generated by our cookies and the information provided to us by our payment processing provider.
- Cookies Data: the information collected through the cookies and similar technologies listed in our Cookie Notice.
- Direct Marketing Data: your direct marketing preferences, consents for receiving direct marketing from us and/or our third parties and the history of the direct marketing communications we have sent to you.
- Location Data: your current location as disclosed by GPS technology, WiFi connections and your IP address for the time period where you have permitted us to collect it.
- Connected Data: information stored on your Device that you permit the Resources to connect to, being login information and health data.
- Feedback Data: your feedback and survey responses.
- Personalisation Data: Cookies Data (in respect of persistent cookies), Device Data, Content Data, Transaction Data, Connected Data, Usage Data, Location Data, and the preferences we have inferred you have and use to personalise the Resources.
17. Cookie Notice
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
What is a cookie? A “cookie” is a piece of information that is stored on your computer's hard drive if you agree to this and which records how you move around a website so that, when you revisit, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. Cookies are used by nearly all websites and do not harm your system.
We are required to obtain your consent for all non-essential cookies used on our website. You can block cookies (including essential cookies) at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block essential cookies you may not be able to access all or parts of our site.
How do we use cookies? We use cookies to track your use of our website. This enables us to understand how you use the site and track any patterns in how you are using it, which helps us to develop and improve our website as well as our products and services.
- Session cookies: stored on your computer only during your web session and automatically deleted when you close your browser. They usually store an anonymous session ID allowing you to browse without having to log in to each page, and do not collect personal data from your computer.
- Persistent cookies: stored as a file on your computer and remaining there when you close your browser. The cookie can be read by the website that created it when you visit again. We use persistent cookies for Google Analytics.
- Strictly necessary cookies: essential to enable you to use the website effectively. Without these cookies, the services available to you cannot be provided. They do not gather information about you that could be used for marketing.
- Performance cookies: enable us to monitor and improve the performance of our website, for example to count visits, identify traffic sources and see which parts of the site are most popular.
- Functionality cookies: allow our website to remember choices you make and provide enhanced features. The information these cookies collect is usually anonymised.
- Targeting cookies: record your visit to our website, the pages you have visited and the links you have followed, to make our website and the advertising displayed on it more relevant to your interests.
- First and third-party cookies: first party cookies are set by our website; third party cookies are set by a website other than ours, such as where we use analytics or social pixels.
