Who is responsible for my personal data?
The personal data controller is Wellr AB, corporate ID no. 556857-1995, with the address of Strandbergsgatan 61, 112 51 Stockholm
Where can I ask questions about the processing of my personal data?
You are always welcome to contact us at dataskydd@wellr.se
Who may be a recipient of my personal data?
Wellr engages so-called personal data processors to deal with the operation, technical support and maintenance of our IT solutions and to send out newsletters. These personal data processors can come into contact with your personal data and are bound by agreements to process it only according to our instructions. We impose stringent requirements on security and confidentiality with regard to your personal data and regularly check that our personal data processors meet those requirements.
We may also share your personal data with a public authority if we are obliged to do so by law or in the case of a suspected crime.
Will you transfer my personal data to a third country?
Wellr will never transfer your personal data to a recipient in a non-EU or EEA country (a third country).
What are my rights as a data subject?
Right to access
You are entitled to be informed of what personal data we process on you. You can contact us at any time and gain access to this personal data in the form of an extract from a register stating the purpose, categories of personal data, categories of recipients, storage periods, where we received the personal data from and whether any automated decision-making exists based on the personal data. Bear in mind that if you request access, we may request additional information to ensure effective processing and to ensure that the personal data is provided to the right person.
Right to correction
If personal data that we process on you is inaccurate, you are entitled to ask to have it corrected. Within the framework of the specified purpose, you are also entitled to complete any incomplete personal data. Bear in mind that you yourself will be able to amend most of your personal data directly through Mina sidor [My pages].
Right to erasure
You are in some cases entitled to have your saved personal data erased. Bear in mind that you can erase all your personal data saved at Wellr by going into My pages and erasing your profile. Please note that we may be entitled to refuse your request if there are legal obligations that prevent us from immediately erasing certain personal data.
Right to object to certain processing
You are entitled to object to the processing in cases where we use so-called legitimate interest as a legal basis for processing. After such an objection, we must be able to show an imperative legitimate reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the personal data in order to establish, exercise or defend legal claims.
Right to revoke consent
In cases where we use your consent as a legal basis for processing, you are entitled to withdraw your consent at any time. Bear in mind that, depending on the purpose of the processing, withdrawal of your consent may affect your access to services on www.wellr.se.
Right to avoid direct marketing
You are entitled at all times to object to your personal data being processed for the purposes of direct marketing. The objection also includes analyses of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing means all types of outreach marketing actions, (e.g. mailings by post, e-mail and text message). Marketing services resulting from the fact that you actively chose to seek us out to find out more about our services or resulting from the use of our services, such as product recommendations, offers and similar on My pages, do not count as direct marketing.
Right to data portability
In cases where we use your consent or the fulfilment of an agreement with you as a legal basis for processing, you are entitled to have the personal data relating to you and that you have provided to us transferred to another personal data controller (so-called data portability). One condition for data portability is that the transfer must be technically feasible and must be able to be automated.
Processing of personal data as users of our services
To enable us to provide you with information on how your health is progressing and what your needs are, we need to access the information you upload to the app. You yourself choose whether or not you want to upload data in the app and what data to upload.
You also have the option, if you wish, to upload your steps in the app.
We will process the data you upload in the app for the purpose of providing you with an individually customised health profile, a health plan and how many steps you have taken. This is the basis of our commitment in the agreement that users enter into when creating an account in the app. Processing your personal data is thus necessary for us to be able to deliver our part of the agreement
We will not share any information that can be traced to you with anyone else.
We compile statistics taking into account your employer’s interest in having an idea of the overall health of its employees. Provided that at least 8 people per sample from your workplace have entered answers to the questions in the app, your information will be used for statistics on health in your workplace. If you don’t want your information to be included in the statistics we send your employer, you can turn off that function in the app settings.
If you have any comments on how Wellr AB processes your personal data or if you want to complain about something we are doing or otherwise have any questions on how we deal with data protection, you can contact our data protection officer at dataskydd@wellr.se.
You have a right at all times to complain directly to the Swedish Authority for Privacy Protection (IMY) about how we process your data https://www.imy.se/privatperson/utfora-arenden/lamna-ett-klagomal/
How We Collect and Use Personal Data in the Wellr service or app.
We collect your Personal Data in a number of ways and for various purposes, including:
1. When you register for an account or interact with our Services
We collect Personal Data when you use or interact with our Services, including when you register for a Wellr and when you ask us to customize our Services. This Personal Data may include name, photo, username and password, email address, date of birth, gender.
2. When you input Fitness and Wellness Data within our Services or use our Services that collect or ingest data from mobile device sensors
“Fitness and Wellness Data” includes data you provide related to your dietary habits, dietary restrictions, fitness activity, fitness goals, lifestyle (e.g., sleeping habits), life events, fitness goals, height, weight, measurements, fitness level, BMI and similar types of data relating to physiological condition, and activity. We collect this data in order to provide the Services and to tailor features, advertising, and services to your interests and goals, including providing meal suggestions, reporting and analytics, workout plans, and meal planning related services, and product recommendations.
3. When you use or interact with a wearable or other connected device
We also collect Personal Data, including Fitness and Wellness Data, when you use a device that is connected to the Internet, such as activity trackers, and other devices or wearables that integrate with the Services. When you use a wearable or connected device or product.
Note on Apple HealthKit Data
You can choose to connect and share your information with HealthKit and your HealthKit information with Wellr. The information you provide to HealthKit is then governed by the Apple Terms and Conditions and Privacy Policy. The unique information you choose to send from HealthKit is not used by Wellr for marketing and advertising or transferred by Wellr to third parties for marketing and advertising.
Note on Google Health Connect
You can choose to connect and share your information with Health Connect and your Health Connect information with Wellr. The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.
Specifically concerning competitions
You will be able to participate in competitions in the app from time to time. In some types of competitions, your name and activities (such as steps) will be visible to other participants in the competition. There are also other types of competitions in which you only show your name. Your activities are hidden from the other participants. The description of the competition will clearly state what will be visible and you can read the description before you choose to participate in the competition. If you change your mind after you have chosen to enter a competition and decide you don’t want to take part, you can easily leave and cancel your participation. Your results will then disappear from the competition. Since you have full control over this processing, all processing of your data in connection with competitions takes place with your consent.
How is my personal data protected?
We use IT systems to protect confidentiality, privacy and access to your personal data. We have adopted specific security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only the persons who actually need to process your personal data to enable us to fulfil our stated purposes have access to it.
What does it mean when it says that the Swedish Authority for Privacy Protection is the supervisory authority?
The Swedish Authority for Privacy Protection is responsible for monitoring the application of the legislation and anyone who considers that a company is processing personal data incorrectly can file a complaint with the Swedish Authority for Privacy Protection.