The General Data Protection Regulation (GDPR) is the data privacy law that applies to all residents of the European Union. Its purpose is to protect the personal information of individuals and ensure transparency, security, and fairness in how data is collected and processed.
Wellyx is fully committed to GDPR compliance. We support all customers who operate within the European Union or who serve members located there. This page explains how Wellyx manages personal data, the rights of individuals, and the responsibilities of our customers under GDPR.
If your business uses Wellyx to store or process information about members, visitors, or staff who live in the European Union, you are considered the Data Controller under GDPR. This means you decide what data is collected and how it is used.
Wellyx acts as the Data Processor. We process personal data only on your behalf and only according to your instructions. We do not use, access, or share data for any purpose other than delivering services to you.
You retain full ownership of all member and business data stored in Wellyx.
Depending on the features you use, Wellyx may process the following information
• Member names, contact details, and account information
• Staff names, roles, and login credentials
• Booking history, attendance records, and class or service preferences
• Membership purchases, renewals, and billing information
• Payment details processed through secure third party providers
• Communications sent through email, SMS, or push notifications
• Device and usage data that helps improve system performance
Wellyx never collects more information than necessary for the operation of the platform.
Wellyx processes personal information only for legitimate business purposes, which include:
• Managing memberships and bookings
• Processing payments
• Supporting communication between the business and its members
• Providing secure account access
• Offering customer support
• Improving platform speed, functionality, and experience
• Meeting legal and regulatory obligations
Wellyx applies strict security controls to protect every layer of data, such as:
• Encrypted transmission and storage
• Secure servers and protected environments
• Limited access based on roles and permissions
• Regular audits and internal reviews
• Continuous monitoring to prevent unauthorised activity
We maintain a culture of privacy and security across all teams and internal systems.
Wellyx processes personal data only when a valid legal basis applies, such as:
• Fulfillment of a contract between the business and its members
• Legitimate business interests
• Explicit consent provided by the individual
• Compliance with legal requirements such as financial record keeping
If a business relies on consent, it is responsible for collecting and managing that consent from its members.
Wellyx may store and process data in secure data centres located outside the European Economic Area. Whenever data is transferred, Wellyx ensures the same level of protection by using:
• Standard contractual clauses
• Approved international data transfer safeguards
• Verified secure service providers
All partners and vendors follow strict GDPR aligned security and privacy practices.
Wellyx may share personal data with trusted partners who assist in delivering parts of the service. These may include:
• Payment processors
• Cloud storage providers
• Email and communication tools
• Customer support platforms
• Analytics systems
Wellyx never sells or distributes personal information to third parties for marketing or unrelated activities. Every partner is bound to follow confidentiality and GDPR standards.
As the Data Controller, your business must:
• Collect personal data lawfully
• Provide clear privacy information to your members
• Obtain consent where required
• Keep member records accurate and updated
• Respond to data access or deletion requests from your members
• Report any suspected breach that occurs within your environment
Wellyx supports you with tools and documentation to help you meet these responsibilities.
Wellyx supports all rights provided to individuals under GDPR. Members of your business have the right to:
• Request access to their personal data
• Correct inaccurate or incomplete information
• Request deletion of their data
• Restrict the processing of their data
• Object to processing in certain situations
• Withdraw consent at any time
• Request a copy of their data in a structured and portable format
Wellyx assists businesses in fulfilling these rights by providing secure data export, correction, and deletion options.
Wellyx follows a defined process for identifying and managing data breaches. If a breach occurs within the Wellyx environment:
• We act immediately to contain the issue
• We investigate the source and the impact
• We notify affected customers as quickly as possible
• We work with customers to meet any regulatory reporting obligations
Transparency and speed are central to our breach response.
Wellyx provides a detailed Data Processing Agreement that outlines:
• Responsibilities of the Data Controller and Data Processor
• Technical and organisational measures for protecting data
• Rules for subprocessors and third-party providers
• Security standards and breach notification procedures
• Support for data subject rights
A full DPA is available for every customer and can be requested through our support team.
Wellyx uses cookies to maintain platform performance and deliver a smooth experience. Cookies may be used for:
• Essential security functions
• Session management
• Analytics and performance tracking
• Improving the user journey
Users can manage cookie preferences through browser settings at any time.
For GDPR questions, privacy requests, or DPA inquiries, please contact us at:
Wellyx Privacy Team
Email: [email protected]
We respond promptly to all privacy-related concerns and requests.