Trust and Compliance Centre

Built to be trusted, by design

How MYQER collects, protects, and shares information, and how emergency access works. In plain English, with the law set out clearly.

Why MYQER exists, and why information is collected

People cannot help with information they do not have. MYQER exists so that the important things about a person can be known in seconds, when that person cannot speak for themselves. We collect information for one purpose only. To make it available to a helper in an emergency, if and when you choose to share it.

We do not collect information to sell it, to advertise to you, or to build a profile of you. We collect the things you decide to put in your Emergency Access Profile, and nothing more.

The two kinds of information, in plain English

Data protection law treats some information as more sensitive than the rest. It helps to understand the difference, because MYQER handles the sensitive kind with extra care.

Personal data

The ordinary details that identify you.

  • Name
  • Date of birth
  • Emergency contacts
  • Phone numbers
  • Account information

Special category data

Health information, which the law protects more strongly.

  • Allergies
  • Medical conditions
  • Medications
  • Disability information
  • Accessibility needs, where relevant

MYQER processes special category data only with your explicit consent. Under the UK GDPR this is Article 9(2)(a). You give that consent when you choose to add health information to your profile, and you can withdraw it at any time by editing or deleting your information.

The lawful basis we rely on

UK GDPR and EU GDPR

We believe in being clear about the law rather than hiding it. Here is exactly what MYQER relies on.

While you set up and use MYQER

MYQER holds and processes your information on the basis of your consent. For ordinary personal data this is Article 6(1)(a). For health information this is Article 9(2)(a), explicit consent. You are in control. You choose what to include, and you can change or remove it whenever you wish.

During an emergency, when you cannot consent

If you are unconscious or otherwise unable to give consent, the person helping you may rely on a different lawful basis, vital interests. For personal data this is Article 6(1)(d). For health information this is Article 9(2)(c), which permits processing where the person is physically or legally incapable of giving consent. Recital 46 explains that vital interests are matters essential to a person's life.

To be completely accurate, MYQER does not override data protection law, and we would never claim it does. MYQER is designed so that the information you chose to share is ready when those lawful bases apply. The control stays with you. The law simply recognises that, in a genuine emergency, helping someone who cannot speak is lawful and right.

How emergency access works

MYQER is built, on purpose, to make your chosen emergency information available through your Emergency Access Profile and your QR codes. Here is what that means.

  • You choose what information is included. Nothing is added without you.
  • The emergency view is read only. A person who scans can see, but cannot change, your information.
  • MYQER does not sell data.
  • MYQER does not build advertising profiles.
  • MYQER does not make your information publicly searchable. It is reached through your QR, not through a search engine.
  • MYQER is for emergency preparedness and emergency information access. That is its only job.

The Offline QR, explained honestly

You have one profile and one dashboard. The information you enter there powers both of your QR codes. The online QR points to your live profile and always shows your latest information when there is signal. The offline QR works differently, and we want to be completely transparent about it, because your trust matters more than a tidy sentence.

  • When you generate your card, the information in your profile at that moment is encoded directly inside the offline QR.
  • Because the information lives inside the code itself, the offline QR works with no signal, anywhere.
  • The offline QR is a snapshot. It holds your information as it was when the card was generated. It does not update on its own.
  • If you change your profile later, your online QR updates automatically, but a printed card still carries the older snapshot. To update the offline version, generate your card again and reprint it.
  • Because the information is held inside the code, anyone who has that particular printed card may be able to read what it contains.

So keep your printed card somewhere appropriate, and reprint it when you update your information. The online QR is always current. The printed offline QR is current as of the day you printed it. We would rather tell you this plainly than let you assume.

Your rights, and staying in control

Under the UK GDPR you have clear rights over your information, and MYQER is built to honour them.

  • Access, correct, or erase your information.
  • Request a copy to take elsewhere, known as data portability.
  • Withdraw your consent at any time.
  • Turn your visibility off, or delete your account entirely.

When you delete your account, your information is removed from active systems straight away, and from secure backups within thirty days. You can make any request by emailing hello@myqer.com.

For schools, trusts, employers and public sector buyers

If you are considering MYQER for your organisation, this section is for your safeguarding, governance, and procurement teams. We separate clearly what is in place today from what is on our roadmap, because we will never present a future plan as a present fact.

In place today

  • Privacy by design and data minimisation. We collect only what is needed.
  • Consent driven processing. The user is always in control.
  • Role based and row level access controls in our database.
  • Read only emergency views.
  • Encryption in transit and at rest.
  • Hosted on SOC 2 and ISO 27001 certified infrastructure.
  • Registered with the ICO, registration ZC076886.
  • UK GDPR aligned, operated by THREEVION Ltd, Company No. 16861658.

A note on certifications. The SOC 2 and ISO 27001 certifications belong to the infrastructure that hosts MYQER, not to MYQER itself. We are clear about this distinction on purpose. We will not claim a certification we do not hold, and we will update this page as our own certifications are achieved. For procurement questions, email hello@myqer.com.

A note for visitors outside the UK

MYQER is built in the United Kingdom and follows UK GDPR. The same principles, consent, data minimisation, user control, and protection of special category data, align closely with the EU GDPR across Europe, and with the spirit of privacy laws in countries such as Australia and the United States. If your information is ever processed outside the UK or EU, that happens only under approved safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.

Built in the UKTHREEVION Ltd • Company No. 16861658
ICO RegisteredRegistration ZC076886
Secure InfrastructureHosted on SOC 2 and ISO 27001 certified infrastructure
Global AccessAvailable in 26 languages

Questions from your team?

We are happy to support safeguarding, governance, and procurement reviews. Reach us any time.