Privacy policy

Who is responsible for my personal data?
The personal data controller is Wellr AB, corporate ID no. 556857-1995, with the address of Strandbergsgatan 61, 112 51 Stockholm

Where can I ask questions about the processing of my personal data?

You are always welcome to contact us at dataskydd@wellr.se

Who may be a recipient of my personal data?
Wellr engages so-called personal data processors to deal with the operation, technical support and maintenance of our IT solutions and to send out newsletters. These personal data processors can come into contact with your personal data and are bound by agreements to process it only according to our instructions. We impose stringent requirements on security and confidentiality with regard to your personal data and regularly check that our personal data processors meet those requirements.

We may also share your personal data with a public authority if we are obliged to do so by law or in the case of a suspected crime.

Will you transfer my personal data to a third country?
Wellr will never transfer your personal data to a recipient in a non-EU or EEA country (a third country).

What are my rights as a data subject?
Right to access
You are entitled to be informed of what personal data we process on you. You can contact us at any time and gain access to this personal data in the form of an extract from a register stating the purpose, categories of personal data, categories of recipients, storage periods, where we received the personal data from and whether any automated decision-making exists based on the personal data. Bear in mind that if you request access, we may request additional information to ensure effective processing and to ensure that the personal data is provided to the right person.

Right to correction
If personal data that we process on you is inaccurate, you are entitled to ask to have it corrected. Within the framework of the specified purpose, you are also entitled to complete any incomplete personal data. Bear in mind that you yourself will be able to amend most of your personal data directly through Mina sidor [My pages].

Right to erasure
You are in some cases entitled to have your saved personal data erased. Bear in mind that you can erase all your personal data saved at Wellr by going into My pages and erasing your profile. Please note that we may be entitled to refuse your request if there are legal obligations that prevent us from immediately erasing certain personal data.

Right to object to certain processing
You are entitled to object to the processing in cases where we use so-called legitimate interest as a legal basis for processing. After such an objection, we must be able to show an imperative legitimate reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the personal data in order to establish, exercise or defend legal claims.

Right to revoke consent
In cases where we use your consent as a legal basis for processing, you are entitled to withdraw your consent at any time. Bear in mind that, depending on the purpose of the processing, withdrawal of your consent may affect your access to services on www.wellr.se.

Right to avoid direct marketing
You are entitled at all times to object to your personal data being processed for the purposes of direct marketing. The objection also includes analyses of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing means all types of outreach marketing actions, (e.g. mailings by post, e-mail and text message). Marketing services resulting from the fact that you actively chose to seek us out to find out more about our services or resulting from the use of our services, such as product recommendations, offers and similar on My pages, do not count as direct marketing.

Right to data portability
In cases where we use your consent or the fulfilment of an agreement with you as a legal basis for processing, you are entitled to have the personal data relating to you and that you have provided to us transferred to another personal data controller (so-called data portability). One condition for data portability is that the transfer must be technically feasible and must be able to be automated.

How is my personal data protected?
We use IT systems to protect confidentiality, privacy and access to your personal data. We have adopted specific security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only the persons who actually need to process your personal data to enable us to fulfil our stated purposes have access to it.

What does it mean when it says that the Swedish Authority for Privacy Protection is the supervisory authority?
The Swedish Authority for Privacy Protection is responsible for monitoring the application of the legislation and anyone who considers that a company is processing personal data incorrectly can file a complaint with the Swedish Authority for Privacy Protection.