ClickCease
Staff log in
Book a demo

GDPR compliance

The General Data Protection Regulation (GDPR) is the data privacy law that applies to all residents of the European Union. Wellyx also applies this GDPR Policy for all residents of the United Kingdom and Switzerland (together with the European Union, the “Wellyx GDPR Zone”). Its purpose is to protect the personal information of individuals and ensure transparency, security, and fairness in how data is collected and processed.

Wellyx is fully committed to GDPR compliance. We support all customers who operate within the Wellyx GDPR Zone or who serve members located there. This page explains how Wellyx manages personal data, the rights of individuals, and the responsibilities of our customers under GDPR.

What GDPR means for Wellyx Customers 

If your business uses Wellyx to store or process information about members, visitors, or staff who live in the European Union, you are considered the Data Controller under GDPR. This means you decide what data is collected and how it is used.

Wellyx acts as the Data Processor. We process personal data only on your behalf and only according to your instructions. We do not use, access, or share data for any purpose other than delivering services to you.

You retain full ownership of all member and business data stored in Wellyx.

What personal data Wellyx processes

Depending on the features you use, Wellyx may process the following information:

  • Member names, contact details, and account information
  • Staff names, roles, and login credentials
  • Booking history, attendance records, and class or service preferences
  • Membership purchases, renewals, and billing information
  • Payment details processed through secure third-party providers
  • Communications sent through email, SMS, or push notifications
  • Device and usage data that helps improve system performance

Wellyx never collects more information than is reasonably required for the operation and maintenance of the platform.

 How Wellyx uses and protects personal data

Wellyx processes personal information only for legitimate business purposes, which include:

  • Managing memberships and bookings
  •  Processing payments
  •  Supporting communication between the business and its members
  •  Providing secure account access
  •  Offering customer support
  • Improving platform speed, functionality, and experience
  • Meeting legal and regulatory obligations

Wellyx applies strict security controls to protect every layer of data, such as:

  • Encrypted transmission and storage
  • Secure servers and protected environments
  • Limited access based on roles and permissions
  • Regular audits and internal reviews
  • Continuous monitoring to prevent unauthorised activity

We maintain a culture of privacy and security across all teams and internal systems.

Legal basis for processing data

Wellyx processes personal data only when a valid legal basis applies, such as:

  • Fulfillment of a contract between the business and its members
  • Legitimate business interests
  • Explicit consent provided by the individual
  • Compliance with legal requirements, such as financial record keeping

If a business relies on consent, it is responsible for collecting and managing that consent from its members.

Data storage and international transfers

Wellyx may store and process data in secure data centres located outside the European Economic Area. Whenever data is transferred, Wellyx ensures the same level of protection by using:

  • Standard contractual clauses
  • Approved international data transfer safeguards
  • Verified secure service providers

All partners and vendors follow strict GDPR aligned security and privacy practices.

Data sharing

Wellyx may share personal data with trusted partners who assist in delivering parts of the service. These may include:

  • Payment processors
  • Cloud storage providers
  • Email and communication tools
  • Customer support platforms
  • Analytics systems

Wellyx never sells or distributes personal information to third parties for marketing or unrelated activities. Every partner is bound to follow confidentiality and GDPR standards.

Your responsibilities as a Wellyx customer

As the Data Controller, your business must:

  • Collect personal data lawfully
  • Provide clear privacy information to your members
  • Obtain consent where required
  • Keep member records accurate and updated
  • Respond to data access or deletion requests from your members
  • Report any suspected breach that occurs within your environment

Wellyx supports you with tools and documentation to help you meet these responsibilities.

Rights of individuals under GDPR

Wellyx supports all rights provided to individuals under GDPR. Members of your business have the right to:

  • Request access to their personal data
  • Correct inaccurate or incomplete information
  • Request deletion of their data
  • Restrict the processing of their data
  • Object to processing in certain situations
  • Withdraw consent at any time
  • Request a copy of their data in a structured and portable format

Wellyx assists businesses in fulfilling these rights by providing secure data export, correction, and deletion options.

Data breach response

Wellyx follows a defined process for identifying and managing data breaches. If a breach occurs within the Wellyx environment:

  • We act immediately to contain the issue
  • We investigate the source and the impact
  • We notify affected customers as quickly as possible
  • We work with customers to meet any regulatory reporting obligations

Transparency and speed are central to our breach response.

Data processing agreement

Wellyx provides a detailed Data Processing Agreement that outlines:

  • Responsibilities of the Data Controller and Data Processor
  • Technical and organisational measures for protecting data
  • Rules for sub-processors and third-party providers
  • Security standards and breach notification procedures
  • Support for data subject rights

A full DPA is available for every customer and can be requested through our support team.

Cookies and tracking technologies

Wellyx uses cookies to maintain platform performance and deliver a smooth experience. Cookies may be used for:

  • Essential security functions
  • Session management
  • Analytics and performance tracking
  • Improving the user journey

Users can manage cookie preferences through browser settings at any time.

Contact the Wellyx privacy team

For GDPR questions, privacy requests, or DPA inquiries, please contact us at:

Wellyx Privacy Team
Email: [email protected]

We respond promptly to all privacy-related concerns and requests.

Join the Wellyx community