This policy distinguishes between the processing of personal data for you as a user of our app/health service (“End User”) and you as a representative of a company in contact with us, for example when purchasing our services or booking a demo (“Business Contact”).
Who is responsible for my personal data?
The data controller is Wellr AB, company registration number 556857-1995, with address Ringvägen 100, 11860 Stockholm, Sweden.
Where can I ask questions about how my personal data is handled?
You are always welcome to contact us at dataskydd@wellr.se
Who may receive my personal data?
Wellr uses data processors to manage operations, technical support and maintenance of our IT solutions, as well as to send emails and newsletters. These data processors may come into contact with your personal data and are bound by agreements to process such data only in accordance with our instructions. We impose high requirements for security and confidentiality and regularly verify that our data processors comply with these requirements.
We may also share your personal data with a public authority if we are required to do so by law, in the event of suspected crime, and with social media platforms and advertising networks (only for the purpose of marketing matching for Business Contacts).
Will you transfer my personal data to third countries?
We strive to process End Users’ personal data within the EU/EEA. If personal data is, in exceptional cases, transferred to a country outside the EU/EEA, we ensure that the transfer takes place in accordance with the GDPR and with appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.
We never sell your personal data. We only share data with third parties regarding Business Contacts – for marketing purposes in digital channels as described in the marketing section (Business Contacts).
What are my rights as a data subject?
Right of access
You have the right to know what personal data we process about you. You may contact us at any time and obtain access to this personal data in the form of a register extract stating the purposes, categories of personal data, categories of recipients, retention periods, where we obtained the personal data from, and whether any automated decision-making takes place based on the personal data. Please note that if you request access, we may ask for additional information in order to ensure efficient handling and that the personal data is provided to the correct person.
Right to rectification
If personal data about you that we process is inaccurate, you have the right to request that it be corrected. Within the scope of the stated purpose, you also have the right to supplement incomplete personal data. Please note that as a user of our app/health service, you can change most of your personal data directly via My Pages.
Right to erasure
In certain cases, you have the right to have your stored personal data erased. Please note that as a user of our app/health service, you can erase all stored personal data by going to My Pages and deleting your profile. Please note that we may have the right to deny your request for erasure if there are legal obligations that prevent us from immediately deleting certain personal data.
Right to object to certain processing
Where we use legitimate interest as the legal basis for processing, you have the right to object. After such an objection, we must be able to demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms. Otherwise, we may only process the personal data in order to establish, exercise or defend legal claims.
Right to withdraw consent
Where we use your consent as the legal basis for processing, you have the right to withdraw your consent at any time. Please note that if you withdraw your consent, this may, depending on the purpose of the processing, affect your access to our app/health service.
Right to opt out of direct marketing
You always have the right to object to your personal data being processed for direct marketing. This objection also covers any analysis of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing includes all types of outbound marketing activities (e.g. via mail, email and SMS). Marketing services resulting from you actively seeking out information about our services, or resulting from your use of our services (e.g. product recommendations, offers and similar), are not considered direct marketing.
Right to data portability
Where we use your consent or the performance of a contract with you as the legal basis for processing, you have the right to have the personal data relating to you and provided by you transferred to another data controller (data portability). A prerequisite for data portability is that the transfer is technically possible and can be carried out in an automated manner.
Right to restriction of processing
In certain cases, you have the right to request that our processing of your personal data be restricted, for example if you believe the data is inaccurate and you want the processing restricted while we investigate, or if you have objected to the processing.
Processing of personal data as a user of the app/health service (End User)
In order to provide you with information about how your health is developing and what needs you may have, we need access to the information you upload in the app/health service. Certain information is required to create and administer your account. Providing health data is voluntary, but it is required for us to provide you with an individually tailored health profile. You are entirely free to decide whether you want to upload data or not, and you are entirely free to decide what data you choose to upload. You also have the option, if you wish, to upload your step data in the app/health service.
The data you upload in the app will be processed in order to deliver an individually tailored health profile, a health plan for you, and the number of steps you have taken. This forms the basis of the agreement you enter into as a user when you create an account in the app. Processing your personal data is therefore necessary in order for us to deliver our part of the agreement.
Please note that health data (e.g. data on physical activity, diet, sleep, weight, BMI and similar) constitutes special categories of personal data under the GDPR. Wellr processes such data only if you actively choose to provide it in the app and on the basis of your explicit consent. You may withdraw your consent at any time by deleting your profile or by contacting us.
We do not share your personal data with your employer or other external parties in identifiable form, except in the cases described in this policy (e.g. data processors, legal requirements, competitions that you choose to participate in).
In some cases, we compile statistics in consideration of your employer’s interest in understanding the general health status of its employees. The statistics shared with the employer do not contain information that directly identifies you as an individual. Wellr takes measures to reduce the risk of indirect identification, including minimum group size requirements and by not reporting results at levels where individuals can be singled out. If you do not want your data to be included in the statistics we share with your employer, you can disable this function in the app under Settings.
If you have feedback on how Wellr AB processes your personal data, if you want to complain about something we do, or if you otherwise have questions about how we work with data protection, you can contact our Data Protection Officer at dataskydd@wellr.se.
You always have the right to complain about how we process your data directly to the Swedish Authority for Privacy Protection. The Swedish Authority for Privacy Protection (IMY) is the supervisory authority in Sweden. You can read more about how to submit a complaint or contact IMY via the contact details on their website.
How we collect and use personal data in the app/health service (End User)
We collect your personal data in several ways and for different purposes, including:
1. When you register for an account or interact with our services
We collect personal data when you use or interact with our services, including when you register for an account in Wellr and when you ask us to tailor our services. This personal data may include name, photo, username and password, email address, date of birth and gender.
2. When you enter fitness and health data within our services or use services that collect or receive data from mobile sensors
“Fitness and health data” includes data you provide related to your dietary habits, dietary restrictions, training activities, training goals, lifestyle (for example sleep habits), life events, height, weight, measurements, fitness level, BMI and similar types of data related to physiological condition and activity. We collect this data in order to provide services and tailor features and services based on your interests and goals, including meal suggestions, reporting and analysis, training plans, and services related to meal planning and product recommendations.
3. When you use or interact with a wearable device or other connected device
We also collect personal data, including fitness and health data, when you use a device connected to the internet, such as activity trackers and other devices or wearable products that integrate with the services.
Specific information regarding Apple HealthKit or Google Health Connect
If you choose to integrate the Wellr app with an external step counter via Apple HealthKit or Google Health Connect, we will only collect the types of health data that you actively consent to, such as your physical activity in the form of the number of steps you have taken.
This processing only takes place if you provide your consent via your device, and you may withdraw your consent at any time by disabling the integration on your phone. If you disable the integration, we will stop collecting new data via the integration. Data already stored in the app will not automatically be affected and will be deleted when you delete it in the app or delete your profile.
This data will only be used to provide health, movement or training services in the Wellr app, in accordance with the purposes described below. Wellr will not use this data for marketing, advertising or usage-based data collection, including such use by third parties.
a) verify the total number of steps you have taken,
b) create step and activity competitions together with other participants,
c) create daily leaderboards of Wellr app users, consisting of all users or users who meet specific criteria based on the number of steps taken or other similar criteria, and enable users to interact with each other.
Specific information regarding competitions in the app
From time to time, it will be possible to participate in competitions in the app. In some types of competitions, your name and your activities (such as steps) will be visible to other participants in the competition. There are also other types of competitions where only your name is shown, but your activities are hidden from other participants. This is clearly stated in the competition description that you can read before choosing to participate, including what will be visible.
If, after joining a competition, you change your mind and no longer want to participate, you can easily leave and cancel your participation. Your results will then disappear from the competition.
Processing of personal data in connection with competitions only takes place if you choose to participate and is based on your consent. You may withdraw your participation at any time by leaving the competition in the app or by contacting us.
We do not share your steps or activities with external parties.
How we collect and use personal data for digital advertising & marketing (Business Contacts only)
If you are a Business Contact (B2B), we may use your contact details (email, name, phone number) to target relevant information and offers via external platforms such as Meta (Facebook/Instagram), LinkedIn and Google. The data is encrypted (hashed) before being sent for matching and is then deleted by the platform.
This processing is based on Wellr’s legitimate interest in marketing our services to relevant business contacts. You may object to this processing at any time by contacting us. The external platforms also process personal data as independent data controllers in accordance with their own privacy policies.
How is my personal information protected?
We use IT systems to protect the confidentiality, integrity and accessibility of your personal information. We have implemented specific security measures to protect your personal information against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only those persons who actually need to process your personal information in order for us to fulfil our stated purposes have access to it.
How long do we retain your personal data?
We retain your personal data for as long as necessary for the purposes for which it was collected. For example:
In some cases, we may need to retain data for a longer period if required by law or in order to establish, exercise or defend legal claims.
What does it mean that the Swedish Authority for Privacy Protection is the supervisory authority?
The Swedish Authority for Privacy Protection is responsible for supervising the application of the legislation, and anyone who believes that a company processes personal data incorrectly may submit a complaint to them.