We at Wellbefy AB (”Wellbefy”, “we”, ”our” and ”us”) care about you and your privacy when we process your personal data.  

In this document, we provide you with information on how and why we process your personal data. Your rights, the legal basis for processing, and the storage period for which we keep your personal data.  

The aim of our privacy notice is to provide information to individuals who engage with us in various scenarios, whether as a representative of our existing or prospective customers, suppliers, or partners. Additionally, this privacy statement extends to those of you who visit our website or engage with us through social media channels.

‍

In brief: Why do we handle your personal information? 

• If you are our customer representative, we process your personal data for the purpose of entering into an agreement with your organization, managing our relationship, sending newsletters, and providing customer service. 
• If you engage with us without a pre-existing business connection, act as a business prospect, or visit our social media channels, we process your personal data to facilitate communication and support your organization in exploring Wellbefy. 
• When you visit our website, we process your personal data to analyze your usage patterns on the site and to display relevant marketing content on your social media accounts and other websites you visit. 
• Should you have any questions or complaints, we process your personal data to address your inquiries.
• For those representing our partners and suppliers, we process your personal data to establish agreements with your organization and oversee our collaborative efforts. 
• If you subscribe to our newsletters, your personal data is used to deliver newsletters to you and to analyze their effectiveness, enabling us to enhance and refine their content. 
• When you participate in one of our events or webinars, we process your personal data to enable your involvement in the event or webinar and may utilize footage from such occasions. 
• If you are an end-user, employee, or consultant, of the Service (Wellbefy app - Mobile & Webb) we act as a data processor on behalf of our business customers (your employer or client).

When we mention "your organization" in this privacy notice, we are specifically referring to your employer or the entity you represent. Our data processing activities are exclusively related to your professional role. This means, for instance, that we will direct marketing communications solely to your organization and not to you in your personal capacity.

The extent of your personal data processing depends on the nature of our relationship with you. Detailed information regarding the processing of your personal data is available in the sections below.

‍

Read more about:

1. If you use our service as an employee or consultant.
2. Wellbefy's responsibility for processing your personal data.
3. The sources from which we collect your personal data.
4. The specific personal data you are required to provide to us.
5. A comprehensive description of our methods for processing your personal data.
6. Who has access to your personal data and the reasons for such access.
7. The locations where your personal data undergo processing.
8. Your Rights Regarding the Processing of Your Personal Data.
9. Assessments of balancing interests when processing personal data based on the legal grounds of "legitimate interests."
   ‍

1.If you use our service as an employee or consultant
‍

Wellbefy provides its app and web platform ("the service") to business customers. This means that end users of the Service are typically employees or consultants of Wellbefy's business customers.

When you as an end user use the Service, we process personal data about you in order to provide the Service. When we process your personal data in order to provide the Service, we process your personal data on behalf of our business customers (your employer or client). This means that we are a data processor to our respective business customers (your employer or client), who are data controllers. For this purpose, we have entered into a data processor agreement with our business customers. For information on how your employer or client processes your personal data, we refer you to your employer or consultant.

When we mention "your organization" in this privacy notice, we are specifically referring to your employer or the entity you represent.

‍

2. Wellbefy's responsibility for processing your personal data 

‍

Wellbefy AB (Swedish registration number 559121-9331) is accountable for processing the personal data detailed in this policy. Wellbefy assumes the role of the controller solely for your personal data pertaining to your professional responsibilities, such as when you represent your organization.

Should you have inquiries concerning the processing of your personal data or wish to exercise your rights under data protection legislation, please contact us through our email address at kontakt@wellbefy.se or give us a call at 042-424 04 30. You can also reach us by mail at Wellbefy AB, Henckels torg 3, 252 36 Helsingborg.

‍‍

3. The sources from which we collect your personal data.

We collect your personal data directly from you, typically when you initiate contact with us. Additionally, we may acquire your personal data from your organization, particularly if one of your colleagues designates you as the organization's representative. In specific situations, we may gather your personal data from other origins as follows:

• If you act as a potential customer, supplier, or partner (i.e., a business lead), we may obtain your personal data from online sources or third-party services.
• When you visit our website, we gather information regarding your website usage to analyze your interactions with our online platform.‍

4. The specific personal data you are required to provide to us.

In most cases, and with certain exceptions, you are not obliged to furnish us with your personal data. Instances in which you are required to provide your personal data are outlined in the sections below, where the legal basis is designated as "Legal obligation." If you choose not to provide such personal data to Wellbefy, we may be unable to effectively manage our relationship with your organization or fulfill our commitments to your organization.

‍‍

5. A comprehensive description of our methods for processing your personal data.

The following sections provide an exhaustive explanation of why we process your personal data, the specific personal data we process, the occasions when you are expected to provide this information to us, and the legal foundation for our data processing activities, as governed by the General Data Protection Regulation (GDPR). Additionally, you will find information concerning the duration of our personal data processing activities.

Please do not hesitate to reach out to us if you have any questions pertaining to our handling of your personal data. Our contact details can be found in the first section of this privacy notice.
‍

5.1. If you represent our customer
5.2. Interactions without a Pre-existing Business Relationship
5.3. Website 
5.4. If you object to receiving marketing from us
5.5. If participating in webinars or physical events with Wellbefy
5.6. If you represent one of our partners
5.7. In accordance with our obligations for bookkeeping and accounting
5.8. For Handling Inquiries, Complaints, and Claims

‍

5.1. If you represent our customer

‍

5.1.1. For Sending Newsletters:

‍

Nature of Our Data Processing:

• Distributing information about news, marketing updates, special offers, and event invitations (referred to as "newsletters").
• Enhancing and refining our newsletters through the analysis of recipient interactions, including open rates and click-through behavior. More information about this type of analysis can be found in our cookie policy.

Types of Personal Data Processed:

• Email address
• Name
• Information about how you engage with our newsletters, including open rates and clicked links
• IP address

Legal Basis for Data Processing:

• Legitimate Interest: the processing of personal data is carried out based on our legitimate interest in sending newsletters to our customers.
• Consent: The processing of personal data is also conducted based on your consent, which can be withdrawn at any time.

Data Retention Period:

• We will process your personal data as long as your organization remains our customer, but for a shorter period if we receive information that you no longer represent the organization. 
• You can opt to unsubscribe or object to receiving newsletters and marketing materials at any time. If you choose to object to our marketing communications, your preference will be recorded in our "unsubscribe-list" to prevent further marketing material from being sent.

‍

5.1.2. For Providing Customer Service and Enabling Account Login

‍

Nature of Our Data Processing:

• Furnishing relevant information and engaging in communication with you as a representative of our customer.
• Managing support matters.
• Enabling you, as a representative of our customer, to access your Wellbefy account.

Types of Personal Data Processed:

• Name
• Position within your organization
• Telephone number
• Email address
• Information related to support matters
• User name and password for our login service

Legal Basis for Data Processing:

• Legitimate Interest
• The processing of personal data is conducted based on our legitimate interest in providing customer service.

‍

Data Retention Period:

• We will process your personal data for twelve months after the resolution of the support matter, but for a shorter period if we receive information that you no longer represent our customer. Sensitive personal data will be promptly erased in any case.
• We will process your account information for our login service as long as your organization remains our customer, but for a shorter period if we receive information that you no longer represent our customer.

‍

‍

5.2. Interactions Without a Pre-existing Business Relationship
‍

In the event that you engage with us without a prior business relationship, such as by initiating contact through our chat, website contact forms, email correspondence, or messaging via our social media account, we will process your personal data as outlined in the following sections. Our data processing encompasses the personal information you furnish to us, as well as data derived from your social media account (if you employ such an account for communication).

When contacting us through a social media platform, we recommend that you familiarize yourself with the platform's own privacy policies.

‍

5.2.1. Communication with You

‍

Nature of Our Data Processing:

• We engage in communication via various means, including email, chat, and contact forms on our website. 
• We also communicate through social media platforms, such as responding to comments on our page or wall. 
• Our aim is to address your inquiries and provide you with the best service.

Types of Personal Data Processed:

• Information you provide to us, such as your name and contact details.
• If you visit our social media accounts (e.g., Linkedin), we may also process information from your profile on the relevant social media platform (e.g., your username and profile picture), as well as other details pertinent to the subject of your communication.

Legal Basis for Data Processing:

• Legitimate Interest: This processing is carried out on the basis of our legitimate interest in communicating with individuals who have reached out to us.

Data Retention Period:

We regularly delete your personal data:

• Communication via our website or email will be retained for one year, unless there is an ongoing relationship or communication with you. Chat history, however, will be deleted within 30 days.
• You have the option to delete your comments and communication with us on social media at any time. We will promptly remove posts or comments that violate platform rules or are in contravention of applicable legislation.

‍

5.2.2. Newsletters

Types of Processing We Undertake:

• Sending newsletters containing news, marketing updates, special offers, and event invitations to individuals who have opted to subscribe to our newsletters.
• Enhancing and refining our newsletters through the analysis of recipient interactions, including open rates and click-through behavior. Further details about this type of analysis can be found in our cookie information.

Personal Data We Process:

• Email address
• Name
• Job title 

Legal Basis for Data Processing:

• Legitimate Interest: Processing of personal data is also carried out under our legitimate interest, specifically to deliver the newsletters that you have expressed an interest in receiving.
• Consent: Processing of personal data is conducted based on your consent, which can be withdrawn at any time.

Data Utilized for Analysis:

• Information concerning how you engage with our newsletters, including open rates and clicked links.
• IP address.
• Email address.

Storage Duration:

• You maintain the option to unsubscribe or object to receiving newsletters and marketing materials at any time. 
• If you opt out of receiving marketing communications from us, your preference will be recorded in our "unsubscribe-list" to ensure you do not receive further marketing materials.

‍

5.3. Website
‍

We analyze user behavior on our website to enhance our site and services. To achieve this, we utilize the analytical service provided by Google Analytics. This service involves assigning a random ID to your device to differentiate it from other visitors and identify usage patterns on our website. Importantly, this process does not reveal your identity.

The personal data we collect serves various purposes, including optimizing site functions and customizing the website to better suit our visitors' needs.

‍

5.3.1. Data Processing Details
‍

Nature of Our Data Processing: We analyze your website usage to improve our website and services, employing Google Analytics for this purpose.

‍

Types of Personal Data Processed: This includes an encrypted version of your IP address, which we cannot link to your individual identity. We also gather information about your device and browser (e.g., your location and screen resolution), details about your activities on the website, and any additional information Google possesses about you, such as the source through which you found our website.

‍

Legal Basis for Data Processing: This processing is carried out with your consent. You have the option to withdraw your consent at any time. To prevent Google Analytics from utilizing your personal data, you can download and install a browser add-on.

‍

Data Retention Period: Your personal data will be retained for a period of 6 months after your website visit. Google will continue to retain your personal data for their own purposes, and they will provide separate information regarding their data retention practices. For further information, we refer to our cookie policy.

‍

5.3.2. Our Marketing Activities

‍

Nature of Our Data Processing:

• Promoting our services by displaying offers that we believe may interest you or your organization.
• Displaying such marketing on platforms such as Google (including YouTube), Facebook (including Instagram), and/or LinkedIn. This marketing is personalized based on the information these companies have about you in advance, a process known as profiling.
• Sharing certain information about you with Google (including YouTube), Facebook (including Instagram), and/or LinkedIn so that these marketing services can target individuals interested in our offerings.

Types of Personal Data Processed:

• An encrypted version of your IP address, which cannot be traced back to you as an individual.
• Subsequently, you will encounter search results and advertisements based on:

1. An analysis of your usage patterns on our website.
2. Pre-existing information about you that the marketing services we use have access to, such as details about how you discovered our site.

Legal Basis for Data Processing:

• Consent: Personal data processing is carried out based on your consent, which can be withdrawn at any time. You have the option to make choices regarding the marketing you receive from Google and Facebook, where you can adjust your ad preferences under the "Ad settings" section.

Data Retention Period:

• You will encounter our marketing on other websites and social media platforms for a period of 6 months after visiting our website. However, Google (including YouTube), Facebook (including Instagram), and/or LinkedIn will continue to process your personal data independently. Information about their respective data retention policies can be found in their privacy notices.

‍

5.4. If you object to receiving marketing from us

In adherence to marketing regulations, we retain information pertaining to individuals who have expressed their preference to abstain from receiving marketing communications from us. Please refer to the following chart for more details. The personal data we store has been voluntarily provided by you.

‍

Nature of Our Data Processing:

• If you have indicated your preference to not receive marketing materials from us, we will maintain this information within an "unsubscribe-list" to ensure that no marketing communications are sent to you.

Types of Personal Data Processed:

• Name
• Email address

Legal Basis for Data Processing:

• Legal Obligation: This processing is essential for us to fulfill our legal obligations, specifically those outlined in marketing laws that mandate refraining from sending marketing materials to individuals who have opted out of receiving such communications.
• To ensure you do not receive marketing from us, we are required to process your personal data for this specific purpose. Therefore, providing your personal data for this purpose is mandatory.

Data Retention Period:

• You will remain on our "unsubscribe-list" until further notice.

‍

5.5. If participating in webinars or physical events with Wellbefy

‍

5.5.1. For Event and Webinar Participation

‍

Nature of Our Data Processing:

• Managing your registration for our events or webinars.
• Communicating with you as a representative of our current or potential customer, supplier, or partner before and during the event.
• Sending requests to participate in post-event evaluations and managing the responses provided in the evaluation, as well as compiling statistics from evaluation results.

Types of Personal Data Processed:

• Name
• Position within your organization
• Telephone number
• Email address
• Dietary preferences (if applicable)
• Information you provide in an evaluation (if applicable)

Legal Basis for Data Processing:

• Legitimate Interest: Personal data processing is conducted based on our legitimate interest in organizing events for you, as a representative of a current or potential customer, supplier, or partner of Wellbefy.‍
• Consent: If we process sensitive personal data, such as information regarding allergies, we will obtain your consent.

Data Retention Period:

• Your personal data will be retained until the completion of the event. However, a participant * list containing your information will be saved for one year to enable us to track your participation in the event and invite you to similar events.
• In cases where we have sent an evaluation to you after an event and you have responded, we will store the evaluation results for one year following your response. We will cease sending evaluations if you object to receiving them.

‍

5.5.2. For Capturing Photos and Videos During Events and Publishing Them:

‍

Nature of Our Data Processing:

• Capturing photos of you during an event.
• Publishing your photo on our intranet, website, or social media platforms for marketing purposes.

Types of Personal Data Processed:

• Your image, either in photos or video material.

Legal Basis for Data Processing:

• Legitimate Interest: Personal data processing is carried out based on our legitimate interest in documenting our events and using footage from these events for marketing purposes.
• Consent: We will always ensure you provide your consent, as per the Swedish Act on Names and Pictures in Advertising, if your photo or name is visible in our marketing materials.

Data Retention Period:

• If we have published a photo or video of you from our event on our intranet or website, the photo or video will remain published until we delete it or until you request its removal.
• Photos or videos of you that have been published on our social media pages will be kept online until you request their removal.

‍

5.6. If you represent one of our partners or suppliers

‍

Nature of Our Data Processing:

• Negotiating and entering into an agreement with your organization.
• Administering our relationship with your organization, including communication with our supplier or partner.

Types of Personal Data Processed:

• Name
• Organizational affiliation
• Position within your organization
• Telephone number
• Email address

Legal Basis for Data Processing:

• Legitimate Interest: Personal data processing is conducted based on our legitimate interest in negotiating and entering into an agreement with your organization, as well as in administering the agreement.

Data Retention Period:

• Your personal data will be deleted if we determine that we will not enter into an agreement with your organization.
• If your organization becomes our supplier or partner, we will retain your personal data for this purpose for as long as the organization you represent maintains its status as our supplier or partner. However, we will retain the data for a shorter period if we receive information that you no longer represent the organization.

‍

5.7. In accordance with our obligations for bookkeeping and accounting

‍

Nature of Our Data Processing: 

• We maintain records for bookkeeping and accounting purposes.

Types of Personal Data Processed:

• Your name
• Historical payment records and other data forming part of accounting records.

Legal Basis for Data Processing:

• Legal Obligation: This processing is indispensable to fulfill our legal commitments, specifically those mandated by bookkeeping and accounting regulations.

Data Retention Period:

• We will retain any documents constituting bookkeeping materials, along with the personal data contained therein, for a period of seven to eight years as stipulated by bookkeeping and accounting legislation. This regulation dictates that we retain bookkeeping materials until the end of the seventh year following the conclusion of the fiscal year to which the personal data pertains.

‍

5.8. For Handling Inquiries, Complaints, and Claims

‍

Nature of Our Data Processing:

• Addressing questions, complaints, or claims.

Types of Personal Data Processed:

• Personal data essential for addressing claims, complaints, or legal matters.
• Information such as name, organizational affiliation, position within your organization, telephone number, email address, details related to your organization's complaint or claim, and other pertinent information concerning the matter.

Legal Basis for Data Processing:

• Legitimate Interest: The processing of personal data is carried out based on our legitimate interest in managing inquiries, complaints, and legal disputes, where you represent a customer, supplier, or partner.

Data Retention Period:

• We will retain your personal data from the initiation of the matter and throughout the potential dispute.

‍‍

6. Who has access to your personal data and the reasons for such access
‍

Initially, your personal data is collected and processed solely by us, and we do not engage in the sale of your personal data. This ensures that your personal data is managed by our employees, but access is restricted to personnel who require it to carry out their work effectively.

In the course of conducting our business, it is essential to collaborate with suppliers and partners who may need to process your personal data. We assume responsibility for sharing your personal data with these suppliers or partners and ensure the security of your personal data when shared with third parties, as outlined below.

‍

Recipients of Your Personal Data
‍

We will share your personal data with the following recipients:

• Social Media Platforms: When you engage with us on or visit our social media profiles, the social media platform you use will process personal data about you as a user.

• Archiving Services: To comply with bookkeeping and accounting laws, we may utilize a company to archive the necessary information, which includes personal data. However, this data will be processed solely on our behalf and in accordance with our instructions.

• Website Analytics and Marketing Services: If you use our website and grant us permission to do so, we will share your personal data with Google (for website analysis) and the companies providing the marketing services we utilize, such as Google (including YouTube), Facebook (including Instagram) and LinkedIn.

• Event Participation: If you participate in any of our events, we may share your personal data with event photographers who will process it on our behalf and as per our instructions. Additionally, if we publish a picture or video in which you appear, social media platforms may process your personal data either at our direction or as independent controllers, depending on the specific platform and activity.

For further information about how we share your personal data or to inquire about specific recipients, please feel free to reach out to us. Our contact details are provided at the beginning of this privacy notice.

‍
‍

7. The locations where your personal data undergo processing

‍
We and our processors primarily handle your personal data within the EU/EEA. In certain cases, limited data transfers outside the EU/EEA may occur, strictly in compliance with applicable data protection legislation.

If you use our website and provide consent for us to use services from Google, Facebook, and LinkedIn, your personal data may be considered transferred outside the EU/EEA, as these entities are located in the United States.

We have taken measures to de-identify your personal data as much as possible to prevent unnecessary transfers outside the EU/EEA. Such transfers are conducted only when we can guarantee an adequate level of protection for your personal data. Google, Facebook, and LinkedIn rely on Standard Contractual Clauses as a safeguard for transferring personal data outside the EU/EEA, providing a secure mechanism for such transfers.

For further details about the recipients of your personal data, please don't hesitate to contact us. Our contact information is available at the beginning of this privacy notice.

‍

8. Your Rights Regarding the Processing of Your Personal Data

You possess specific rights that allow you to influence how we handle your personal data. Detailed information about these rights can be found below.

If you seek further clarification regarding your rights or wish to exercise any of them, please reach out to us, and we will assist you. Our contact information is available at the beginning of this privacy notice.

‍

Right to Withdraw Consent and Object to Processing

You hold the right to partially or entirely withdraw any consent you have previously granted us. You always maintain the right to object to the processing of your personal data when it is conducted for marketing and profiling purposes, such as the distribution of newsletters and personalized marketing. Further insights into profiling can be found in the charts above.

Moreover, you possess the right to object to our processing of your personal data when it is founded on the legal basis of "legitimate interest." In certain cases, we may continue processing your personal data based on our legitimate interests, even if you have raised objections to our processing (e.g., when the retention of your personal data is necessary). This situation may arise if we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or if the purpose of the processing is to establish, exercise, or defend against a legal claim.
‍

Right to Information and Access

You have the right to ascertain whether we are processing your personal data and obtain a copy of the personal data we process about you. Additionally, you are entitled to information about how we handle your personal data.

‍

Right to Rectification

You possess the right to rectify any inaccuracies in your personal data that we may be processing and request us to complete incomplete personal data.

‍

Right to Erasure ("Right to Be Forgotten") and Restriction of Processing

Under specific circumstances, you have the right to request the deletion of your personal data. This applies, for example, when the personal data is no longer required for the purposes for which it was collected or processed, or if you have withdrawn your consent upon which the processing was based, and no alternative legal basis for processing exists.

Under certain conditions, you also have the right to request the restriction of our processing of your personal data. This is applicable, for instance, when you dispute the accuracy of your personal data, the processing is unlawful, and you prefer us to restrict the use of your personal data rather than delete it.

‍

Right to Data Portability

Under specific circumstances, you have the right to receive your personal data from us in a structured, commonly used, and machine-readable format, and, where technically feasible, to have your personal data transferred to another organization ("data portability"). This pertains to personal data that you have provided to us in such a format, provided that our processing of your personal data is automated and based on the performance of a contract or your consent.

‍

9. Assessments of balancing interests when processing personal data based on the legal grounds of "legitimate interests."
‍

Under the Legal Basis of "Legitimate Interests" As previously mentioned, for certain purposes, we engage in the processing of your personal data under the legal basis of "legitimate interests." Through a comprehensive assessment of our legitimate interests in processing your personal data, we have determined that our interests in this regard outweigh any conflicting interests or rights necessitating the protection of your personal data.

Should you desire further information concerning our assessments of balancing interests, please feel free to get in touch with us. You can find our contact in the top section of this privacy notice.

‍

The Right to Start a Complaint with Our Data Protection Officer and/or a Regulatory Authority 

You always retain the right to file a complaint with our Data Protection Officer at rebecca@wellbefy.se if you believe that we have not adhered to this policy or relevant regulations and legislation.

Furthermore, you possess the right to lodge a complaint with a supervisory authority. You can exercise this right in the EU/EEA member state where you reside, work, or where you allege a breach of applicable data protection laws has occurred. In Sweden, the supervisory authority is the Swedish Data Protection Authority (Integritetsskyddsmyndigheten).

‍This privacy notice was adopted by Wellbefy AB on 12/09/2023.