1.1 What is personalised data and personalised data processing?
Personal data is any kind of information that can be directly or indirectly attributed to a physical person now living. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (e.g. IP numbers) are personal data if they can be linked to natural persons. Every action taken with personal data constitutes processing, regardless of whether it is performed automatically or not. Examples of common treatments are collection, registration, organization, structuring, storage, processing, transmission and deletion.
1.2 Who is responsible for the data we collect?
AB org. no. 559324-5912, with address Gåshaga brygga 1, 181 66 Lidingö, is the personal data controller for the company's processing of personal data.
2. What does Wellon use your personal data for?
Below you can read about what Wellon uses your personal data for and why.
2.1. So that you can manage and follow up your purchases and services When you use our services (such as the health analysis) or shop at Wellon, a customer account is generated for you. With the customer account, you can log into our app where you have the opportunity to; See history of your purchases and recommendations. Change your personal data and settings. Functions to remove or obtain the information we store about you.
2.2 To be able to handle orders
Which includes: Delivery (including notification and contacts regarding delivery). Identification and age control.
Management of payment (including analysis of possible payment solutions, which may include a check against payment history and collection of credit information from Klarna). Handling of complaints and warranty matters. We process the following information: Name Contact information (e.g. address, e-mail and phone number) Payment history Payment information Credit information from credit reporting companies Purchase information (e.g. which product has been ordered or if the product is to be delivered to another address) User data for My pages (if you have a customer account)
Legal basis: Fulfillment of the purchase agreement. This collection of your personal data is required in order for us to be able to fulfill our obligations according to the purchase agreement. If the information is not provided, our obligations cannot be fulfilled and we are therefore forced to refuse you the purchase. Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter in order to be able to handle any complaints and warranty matters.
2.3 In order to complete the company's legal obligations
Necessary handling for the fulfillment of the company's legal obligations according to legal requirements, judgments or authority decisions (e.g. the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the production of communication and information to the public and customers about product alerts and product recalls in the event of, for example, a defect or harmful to health). We process for this purpose; Name Contact details (e.g. address, e-mail and telephone number) Payment history Payment information Your correspondence Details of time of purchase, place of purchase, possible error/complaint User details for the app (if you have a customer account)Legal basis: Legal obligation. This collection of your personal data is required by law. If the information is not provided, our legal obligation cannot be fulfilled and we are therefore forced to refuse you the purchase. Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter, or up to seven years for data processed in accordance with the Accounting Act.
2.4 To be able to handle customer service matters
Which includes: Communication and answering any questions to customer service (via telephone or in digital channels, including social media). Identification and questions regarding user account. Investigation of any complaints and support matters (including technical support).Questions and advice about and before purchases, questions about products, return handling, changing orders and similar matters. We process the following data; Name Contact details (e.g. address, e-mail and phone number) Your correspondence Details of purchase (time, place of purchase, possible errors/complaints) Health analysis data Health data (e.g. allergic reactions and health conditions you inform us about) User details for the app (if you have a customer account) Legal basis: Legitimate interest, as well as express consent in cases where we process sensitive data. The processing is necessary to satisfy our and your legitimate interest in handling customer service matters.Retention period: 36 months after the customer service case has been closed.
2.5.To be able to evaluate, develop, and improve our services, products, and systems for the customer college at large as well as offer you a personal and relevant experience in our range of services and products
Customization of services to become more user-friendly (for example, changing the user interface to simplify the flow of information or to highlight features frequently used by customers in our digital channels). Production of documents with the aim of improving goods and logistics flows (for example by being able to forecast purchases, stocks and deliveries). Preparation of documentation to develop and improve our range.Production of documentation to develop and improve our resource efficiency from an environmental and sustainability perspective (for example by streamlining purchasing and planning deliveries). Preparation of documentation for the purpose of planning new and possible re-establishments of warehouses. Give our customers the opportunity to influence and review our range. Preparation of documentation to improve IT systems with the aim of generally increasing the security of the company and our visitors/customers.Analyzes of the data we collect for the purpose. Based on the information we collect (for example purchase history, age and gender), you are sorted into a customer group (so-called customer segment) for which analyzes are then carried out on an aggregated level using de-identified or pseudonymised data, without any connection to you as individual. The insights from the analysis are the basis for which products are purchased and how we develop our app . The analysis is also used so that we can provide you with automatically adapted information in the form of e.g. articles and offers that are relevant to you based on the results of our analysis of your interests and user behavior (so-called profiling). We therefore process: Name Age GenderE-mail address City of residence Payment information Correspondence and feedback regarding our services and products Purchase and user-generated data (e.g. click and visit history) Information you provided via the health analysis Customer satisfaction survey and surveys Technical data concerning devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform) Information about your browsing habits and how you have interacted with us, including e.g. your geographic location, which external pages you have previously visited, which pages you visit with us, how you have otherwise used the service, login method, response times, download errors, your interests, how you reach and leave the service, etc.Information about how you use our websites via "cookies". You can read more about what cookies are and how we use them here. Legal basis: Legitimate interest. The processing is necessary to satisfy our and our customers' legitimate interest in evaluating, developing and improving our services, products and systems. Consent, if it concerns the data you provided via the health analysis . Storage period: From the date of collection and for a period of 36 months thereafter.
2.6 To prevent misuse of a service or to prevent, prevent and investigate crimes against the company and customers
Prevention and investigation of possible fraud or other violations of the law. Preventing spamming, phishing, harassment, attempted unauthorized access to user accounts or other actions prohibited by law or our terms of purchase, membership or service. Protection and improvement of our IT environment against attacks and intrusions. For this purpose, we process: Purchase and user-generated data (for example, click and visit history) Technical data concerning devices used and their settings (for example, language setting, IP address, browser settings, time zone, operating system, screen resolution and platform) Information about how our digital services are usedLegal basis: Fulfillment of legal obligation (if any) or legitimate interest. If there is no legal obligation, the processing is necessary to satisfy our legitimate interest in preventing abuse of a service or to prevent, prevent and investigate crimes against the company. Storage period: From the date of collection and for a period of 36 months thereafter.
2.7 To be able to offer customers a personal recommendation and advic
Carry out health analysis for the customer and possibly follow up the treatment. Recommendation of products based on the user's needs and wishes as well as information on how they should be used for the desired result. Personalized advice via phone, chat, video or e-mail. Follow-up counselling. Marketing of products based on the customer's needs and wishes. For this we process: Name Contact details (e.g. address, e-mail and phone number) Gender Age Purchase information Health data from health analysisLegal basis: Fulfillment of the agreement on the advice and express consent in cases where users provide sensitive information about themselves. Balance of interests for marketing, it is in the interest of both Wellon and the user that users buy products that suit them. Follow-up of treatments over time. Storage period: 60 months from collection.
2.8. For recruitment and personnel administration
Processing of job applications and possible new hires. Termination of employment. Administration of any rehabilitation and discrimination cases. CV Name Telephone number Email address Physical address Picture that the candidate himself attaches (optional) Social security numberPersonal letter where there may be medical history etc. Mail exchange between Wellon and the candidate Notes from Wellon regarding interviews Test results from work tests linked to the position Contact details for references Legal basis: Legitimate interest in completing or ending recruitment processes and, where applicable, keeping information as security in cases of discrimination or similar. Express consent in cases where sensitive information may occur. Storage period: 60 months from the end of the collection or recruitment process.
2.9 To follow up references when recruiting
If during the recruitment process someone provided contact details for references, we only save their names, telephone numbers and e-mail addresses. We retain the data until the recruitment process is completed.
2.10 Opt-in communication
If you opt-in (accept) during the registration process on Wellon.se or at other times when you can provide personally identifiable information, the information you provide may be used to create and deliver direct marketing to you.Direct marketing includes all types of outreach marketing, such as email, SMS and postal mail, which may consist of promotional offers, discounts, product launches, upcoming updates, advice, product recommendations and other relevant information ("Opt-In Communications").
3. From which sources does Wellon collect your personal data?
3.1 From which sources do we obtain your personal data?
In addition to the information you provide to us yourself, or that we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (so-called third parties). The information we collect from third parties is as follows: Address information from public records to make sure we have the correct address information for you Credit rating information from credit rating agencies, banks or information companies.
4. Who has access/processes your personal data?
4.1 Who may we share your personal data with?
Personal data assistants. In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data assistants for us. A personal data processor is a company that processes the information on our behalf and according to our instructions. We have personal data assistants who help us with:
1) Transport (logistics companies and freight forwarders)
2) Payment solutions (card processing companies, banks and other payment service providers)
3) Marketing (print, social media, media agencies or advertising agencies)
4) IT services (companies that manage necessary operation, technical support and maintenance of our IT solutions)
5) Advice (companies we hire for advice in nutrition, health and well-being) When your personal data is shared with personal data assistants, it only happens for purposes that are compatible with the purposes for which we have collected the information (for example, to be able to fulfill our obligations under purchase agreement). We check all personal data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data processors, through which they guarantee the security of the personal data that is processed and undertake to comply with our security requirements, as well as limitations and requirements regarding the international transfer of personal data.
Companies that are independent personal data controllers. We also share your personal data with certain companies that are independent personal data controllers. The fact that the company is an independent personal data controller means that it is not us who control how the information provided to the company is to be processed. Independent personal data controllers with whom we share your personal data are:
1) Government authorities (the police, the tax authority or other authorities) if we are obliged to do so by law or in case of suspicion of a crime
2) Companies that provide public transport of goods (logistics companies and forwarders)
3) Companies that offer payment solutions (card processing companies, banks and other payment service providers)
4.2 Where do we process your personal data?
We always strive for your personal data to be processed within the EU/EEA and all our own IT systems are located within the EU/EEA.
In the case of system support and maintenance, however, we may have to transfer the information to a country outside the EU/EEA, for example if we share your personal data with a personal data processor that, either itself or through a subcontractor, is established or stores information in a country outside the EU / EEA. In these cases, the assistant may only access the information that is relevant for the purpose (for example, log files).
Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision from the European Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate protection measures. Examples of suitable protective measures are approved codes of conduct in the recipient country, standard contract clauses, binding company internal rules or the Privacy Shield. If you would like a copy of the safeguards that have been taken or information on where these have been made available, please contact us.
4.3 How long do we save your personal data?
We never save your personal data longer than is necessary for the respective purpose. See more about the specific storage periods under each purpose.
5. Your rights and consent
4.1 What rights do you have as a register?
Right of access (so-called register extract). We are always open and transparent with how we process your personal data and if you want to gain a deeper insight into which personal data we process about you in particular, you can request access to the data. The information is provided in the form of a register extract indicating purposes, categories of personal data, categories of recipients, storage periods, information on where the information has been collected and the existence of automated decision-making. Keep in mind that if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.
Right to rectification. You can request that your personal data be corrected if the data is incorrect. Within the scope of the stated purpose, you also have the right to complete any incomplete personal data. Keep in mind that you who have a customer profile on Wellon.se can change certain information directly in the app. You have the right to withdraw a consent you have given us at any time. For example, consent to send newsletters. Right to erasure. You can request the deletion of personal data we process about you if: - The data is no longer necessary for the purposes for which it has been collected or processed - You object to a balance of interests we have made based on legitimate interest and your reason for objecting outweighs our legitimate interest - You object to processing for direct marketing purposes -The personal data is processed in an illegal manner -The personal data must be deleted to fulfill a legal obligation we are subject to -Personal data has been collected about a child (under 13 years) for whom you have parental responsibility and the collection has taken place in connection with offering information society services (e.g. social media) Please note that we may have the right to refuse your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from accounting and tax law, banking and money laundering law, but also from consumer law.
It may also happen that the processing is necessary for us to establish, assert or defend legal claims. Should we be prevented from complying with a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.
Right to limitation. You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request limited processing during the time we need to check whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you, on the other hand, need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we do not delete your data.
If the processing has been restricted according to any of the situations above, we may only, in addition to the storage itself, process the data to establish, assert or defend legal claims, to protect someone else's rights or if you have given your consent. The right to object to certain types of treatment. You always have the right to avoid direct marketing and to object to all processing of personal data based on a balancing of interests.
Legitimate interest: In cases where we use a balancing of interests as a legal basis for a purpose, you have the opportunity to object to the processing. In order to be able to continue processing your personal data after such an objection, we need to be able to show a compelling legitimate reason for the current processing that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.
Direct marketing (including analyzes carried out for direct marketing purposes): You have the opportunity to object to your personal data being processed for direct marketing. The objection also covers the analyzes of personal data (so-called profiling) that are carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (for example via post, e-mail and SMS). Marketing measures where you as a customer actively chose to use one of our services or otherwise sought us out to find out more about our services do not count as direct marketing (for example product recommendations or other features and offers within the app).
If you object to direct marketing, we will cease processing your personal data for that purpose as well as cease all types of direct marketing activities. You can change this by changing the settings in the app , unsubscribe link in marketing mailings or contact customer service. Right to data portability. If our right to process your personal data is based either on your consent or the fulfillment of an agreement with you, you have the right to request that the data concerning you that you have provided to us be transferred to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can be automated.
6. How is your personal data protected?
We use IT systems to protect the confidentiality, integrity and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorized processing (such as unauthorized access, loss, destruction or damage). Only the people who actually need to process your personal data in order for us to fulfill our stated purposes have access to them.
We use IT systems to protect the confidentiality, integrity and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorized processing (such as unauthorized access, loss, destruction or damage). Only the people who actually need to process your personal data in order for us to fulfill our stated purposes have access to them.7.1 What are cookies and how do we use them?
Cookies are small text files consisting of letters and numbers that are sent from our web server and saved on your browser or device. At Wellon.se, we use the following cookies:
2) Permanent cookies (cookies that remain on your computer until you delete them or they expire)
3) First-party cookies (cookies set by the website you visit)
4) Third-party cookies (cookies set by a third-party website. With us, these are primarily used for analysis, for example Google Analytics)
5) Similar technologies (technologies that store information in your browser or in your device in a way similar to cookies)
Yes! Your browser or device allows you to change the settings for the use and scope of cookies. Go to your browser or device settings to learn more about how to adjust cookie settings. Examples of things you can adjust are blocking all cookies, accepting only first-party cookies or deleting cookies when you close your browser. Please note that some of our services may not work if you block or delete cookies. You can read more about cookies in general on the Swedish Post and Telecommunications Authority's website, pts.se.
We are so happy when you share your customer experiences and tell us about your fantastic results - and we love to see products from us in home environments! So much so that we may ask if we can use your photos in our various channels, such as Instagram, Facebook , newsletter, blog and on wellon.se. If you receive a request from us to share an image (and you feel you would like to), you can respond to our request with the hashtag #yeswellon. You will then agree to our use of your image, according to the following conditions: You provide WLN
Group AB (org no. 559324-5912) a non-exclusive, royalty-free, worldwide license to use all images that you have responded with #yeswellon, hereinafter referred to as “images”, in its marketing and/or advertising, including in the gallery on the website , newsletter, instagram, blog, email and other customer communications and other marketing purposes. You hereby represent and warrant that (i) you own all rights to your images, (ii) you have received permission from any persons appearing in your images to transfer the rights herein, and (iii) WLN Group AB's use of your images will not will infringe the rights of any third party or contravene any law. You hereby release WLN
Group AB from all obligations to pay you for the use of your images and for the intellectual property rights to them in connection with the forms of use described above and you hereby release and agree to hold WLN Group AB and all persons acting on behalf of WLN Group AB harmless for all possible claims, demands and liabilities, regardless of nature, in connection with the use of the images as described above.
9. The data inspection
What does it mean that the data inspection is a supervised authority?
The Swedish Data Protection Authority is responsible for monitoring the application of the legislation, and anyone who believes that a company is handling personal data incorrectly can submit a complaint to the Swedish Data Protection Authority.
10. Do you have questions about data protection?