1. Introduction
At Wellow, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains how we process your personal data in compliance with GDPR.
2. Data Controller
Wellow is the data controller responsible for processing your personal data. If you have any questions about our data processing activities, please contact our Data Protection Officer at dpo@wellow-app.com.
3. Legal Basis for Processing
We process your personal data on the following legal bases:
- Consent: We process certain data based on your explicit consent, which you can withdraw at any time.
- Contractual Necessity: We process data necessary to provide our services to you according to our Terms of Service.
- Legitimate Interests: We process data based on our legitimate interests, such as improving our services and ensuring security, where these interests are not overridden by your rights and freedoms.
- Legal Obligation: We process data to comply with our legal obligations.
4. Your GDPR Rights
Under the GDPR, you have the following rights:
- Right to access: You have the right to request copies of your personal data.
- Right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- Right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- Right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- Right to data portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
To exercise any of these rights, please contact us at privacy@wellow-app.com. We will respond to your request within 30 days.
5. Data Protection Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular testing and evaluation of the effectiveness of our security measures
- Procedures to restore access to personal data in the event of a physical or technical incident
- Regular staff training on data protection
6. International Data Transfers
When we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, such as:
- Transferring to countries that the European Commission has determined provide an adequate level of protection
- Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
- Implementing binding corporate rules for transfers within our corporate group
7. Data Breach Procedures
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
8. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) when new technologies or processes are likely to result in a high risk to your rights and freedoms.
9. Records of Processing Activities
We maintain records of our processing activities, including the purposes of processing, categories of personal data, recipients of personal data, and time limits for erasure.
10. Data Protection Officer
Our Data Protection Officer can be contacted at dpo@wellow-app.com for any queries related to our data processing activities.
11. Complaints
If you have concerns about our processing of your personal data, you have the right to lodge a complaint with a supervisory authority. For EU residents, you can find your national data protection authority on the European Commission website.