WelloWork LogoWelloWorkBook a demo
Legal

Privacy policy (template).

How WelloWork collects, uses, and protects personal data, under the GDPR and Swedish law. This is a template; counsel review is pending.

What does this privacy policy cover? It explains what personal data WelloWork collects when you use this website or the WelloWork platform, what we do with it, the legal bases we rely on under the GDPR, your rights, and how to reach us about them.
Template — review with counsel before launch. This page is a starting template based on standard practice for GDPR-resident SaaS in Sweden and the wider EU. WelloWork has not yet had it reviewed by legal counsel and it should not be relied upon as the final policy in production.

Who is the controller of your data?

WelloWork AB, registered in Sweden and operating from Uppsala, Sweden, is the controller for personal data collected on this website and through enquiries. For data processed inside the WelloWork platform on behalf of a customer organisation, WelloWork AB acts as processor and the customer organisation is the controller — that relationship is governed by a separate Data Processing Agreement.

What personal data do we collect?

  • Contact data you provide via forms on this site (name, work email, company, role, industry, optional message).
  • Limited technical data (IP address, user-agent string) at the moment a form is submitted, used for spam control and security.
  • Operational data from the platform (training session results, assessment results, biomarker reports) — only where you are an end user of the WelloWork platform; that data is processed under the customer organisation's DPA.

What is the legal basis for processing?

  • Consent for marketing follow-up after a demo or contact request. You can withdraw at any time.
  • Legitimate interests for responding to enquiries, basic security logging, and protecting our service from abuse.
  • Contract where you are an end user of the WelloWork platform and we process your data to deliver the contracted service to your employer.
  • Legal obligation for retention periods imposed by Swedish or EU law (e.g. tax records for invoiced customers).

Where is your data stored?

All personal data is stored on infrastructure resident in the European Union. WelloWork does not transfer personal data outside the EU/EEA without an appropriate transfer mechanism in place.

How long do we keep it?

  • Enquiry forms: up to 24 months unless you ask us to delete sooner.
  • Platform records (as processor): per the customer's DPA and retention configuration.
  • Backups: routine retention for up to 90 days.

What rights do you have?

Under the GDPR you can request access, rectification, erasure, restriction, portability, and the right to object. You can also lodge a complaint with the Swedish data protection authority (IMY). To exercise any right, email info@wellowork.net with "privacy request" in the subject.

How do we secure data?

Transport encryption, encryption at rest, role-based access, audit logging, and a minimum-team-size threshold for all manager-visible aggregates. ISO 27001 certification is in progress.

Changes to this policy

Material changes will be posted here with a revision date. Last revision date: this page is dated by its current deploy and will be updated when counsel-reviewed.