Privacy Policy
Last updated: February 2025
1. Overview
At Welliba, we respect and prioritise your privacy. Whether you're using our platforms or visiting our website, we are committed to ensuring transparency in how we collect, process, and protect your data. Our goal is to empower you and your organization with valuable insights while maintaining the highest standards of trust and security. This Privacy Notice explains how we handle your information, so you can confidently engage with Welliba and maximise the benefits of our solutions.
This Privacy Notice (“Notice”) provides you with relevant information as to what personal data is collected, how we process your personal data, with whom we share it, how long we keep it when you visit our public website and its sub sites (https://www.welliba.com and https://excelerate.welliba.com respectively). This Notice also provides details of how to contact us if you have any queries or concerns about our use of your personal data. Please note that some information is only applicable where the EU General Data Protection Regulation (“GDPR”) applies to you.
Our use of Cookies is described in our Cookie Policy which may be accessed by visiting the same page on our website where this Notice is located.
2. Controller & Welliba Data Protection Officer
The below stated entities are the controllers of your personal data as the case may be. As regards the controller of your personal data when you visit the main public website (www.welliba.com) the controller is Welliba Ireland Limited. When you visit our sub site (https://excelerate.welliba.com) the controller is Welliba Global Sales Limited. You can also use the details provided below to contact our Data Protection Officer for both companies.
Welliba Ireland Ltd and Welliba Global Sales Ltd
Comworks,
Railway House,
Station Road,
Loughrea,
Co. Galway,
Ireland.
E-Mail: privacy@welliba.com
3. Purpose and Legal Basis
Below you will find information about how we process your personal data, the purpose for our processing, and the legal basis according to the GDPR if applicable:
3.1 Website and Subsite Users
3.1.1 Use of website and sub site
The purpose of our processing is:
- (i) Technical and functional provision & optimisation of our site;
- (ii) Understanding your interests;
- (iii) Provide information on our services;
- (iv) Complying with our obligations as regards any rights requests made by you.
Certain technical data is always processed by us when you visit our site and sub site such as IP-Address, Session ID, and information concerning your systems browser and device. This ensures that we can provide you with the best possible service, that it is secure and functions correctly.
Certain functional data such as email address and name (and company details) may be processed by us in order for you to receive information (or deny information) based on your request as the case may be. This ensures that you are able to validly receive the requested information.
In order to comply with our obligations as regards any rights requests made by you (as specified in section 4.4 of this Notice) we may need to process certain personal data in order to satisfy such requests.
The legal basis for our processing is our legitimate interest (Article 6(1)(f) GDPR), our legitimate interests being the successful technical and functional provision of our website and sub site, IT security, understanding user interests and providing information on our services in line with our business goals and satisfying any rights requests made by you.
3.1.2 Use of website and sub site
We may use your basic contact information to communicate with you but this may be of a limited nature depending on whether you visit the main website or sub site
The purpose of our processing is:
- (i) Allow you to use our contact and request forms on the website and sub site;
- (ii) Allow you to contact us directly via a provided email address.
- (iii) Provide you with notifications, legal updates (based on our legal obligations), to satisfy any queries, requests etc you have made to us via our contact forms, request forms or via a provided email address, to satisfy any rights requests made by you (if applicable) or other information that is relevant to your usage of the website and sub site. We may receive communication data from your organisation.
The legal basis for our processing is our legitimate interests (Article 6(1)(f) GDPR), our legitimate interests being to make contact with you and respond to your requests and provide requested information.
3.2.2 Marketing
The purpose of our processing is:
- (i) Allow you to use our contact and request forms on the website and sub site;
- (ii) Allow you to contact us directly via a provided email address.
- (iii) Provide you with notifications, legal updates (based on our legal obligations), to satisfy any queries, requests etc you have made to us via our contact forms, request forms or via a provided email address, to satisfy any rights requests made by you (if applicable) or other information that is relevant to your usage of the website and sub site. We may receive communication data from your organisation.
Where you have consented to us processing your personal data for marketing purposes, our processing is based on this consent (Article 6(1)(a) GDPR). Where you have purchased services from us in the past, we may send you similar promotional material based on our legitimate interests (Article 6(1)(f) GDPR) – our legitimate interest being the promotion of our services.
4. General Information
4.1 Recipients of your Personal Data
Here you will find information about recipients of your personal data. We only share your personal data where it is necessary. We will never share your personal data without a valid reason or interest connected to the above stated purposes in section 3 of this Notice.
4.1.1 Internal & Affiliates of Welliba
We will share your personal data internally and possibly also with our affiliates where required. We only do this where we have a defined reason for doing so.
4.1.2 Unafilliated third parties
We will share your personal data internally and possibly also with our affiliates where required. We only do this where we have a defined reason for doing so.
- We may share your session-related personal data (e.g., Session ID and IP address) with unaffiliated third parties who perform administrative, business, marketing, professional, or technological support functions.
- Where we engage external service providers, such as HubSpot, to support us in promotional and/or advertising activities, your personal data will be shared with them to the extent necessary.
- If we are obliged to share your personal data due to legal requirements, we will do so to the extent necessary in line with our legal obligations. We reserve the right to contact appropriate authorities when activities that are illegal or violate our policies occur on our website or sub-site.
4.2 Storage of your Personal Data
We only store your personal data for a period reasonable for our purposes of processing and/or for a period of time that is required of us by applicable laws. This may include retaining your personal data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our website and sub site.
We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of your personal data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data transmitted, stored or otherwise processed.
4.3 Transfer to third countries and/or international organisations
If you are located in the European Union, personal data collected may be processed in a country where the adequacy of that countries data protection laws have not been approved by an adequacy decision of the European Commission. Some service providers, for example, may be based outside the EU. Where we transfer personal data in this manner, we will take all steps reasonably necessary to ensure that your personal data is protected to an acceptable EU standard. The safeguards in place with regard to the transfer of your personal data outside of the EEA to third parties shall include (but shall not be limited to) the entry by us into appropriate contracts with all transferees of such and the carrying out of risk assessments and adoption of supplementary and/or mitigating measures to ensure compliance with GDPR.
We do not process your data any longer than we need to. If you would like more information about our retention periods, please contact our Data Protection Officer with the contact details that we provided above.
4.4 Your Rights
You can use the contact information provided above and based on your specific situation and subject to our review to exercise the following rights set out in the table below. We will respond to any rights that you exercise within one (1) month of receiving your request, unless the request is particularly complex in which case, we will respond within three (3) months (we will inform you within the first month if it will take longer than one (1) month for us to respond.
| Right | Further Information |
|---|---|
| Right of Access (Article 15 GDPR) | You have the right to request a copy of the personal data held by us about you. We will usually provide this free of charge. We will only charge you if your request is unjustified or excessive. For security reasons, we will take reasonable steps to confirm your identity before providing any personal data. |
| Right of Rectification (Article 16 GDPR) | You have the right to request that we amend any inaccurate or incomplete personal data that we have about you. |
| Right to Object (Article 21 GDPR) | You have the right to ask us to stop using your personal information, and we will comply unless there is a legal basis for us to continue using it. |
| Right to Erasure (Article 17 GDPR) | You have the right to ask us to erase your personal data under specific circumstances, such as when it is no longer necessary or has been unlawfully processed. If we cannot comply, we will explain why. |
| Right to Restriction of Processing (Article 18 GDPR) | You have the right to ask us to restrict processing your personal data in certain situations, such as when you contest its accuracy or require it for legal claims. |
| Right to Data Portability (Article 20 GDPR) | You have the right to obtain and reuse your personal data across different services, and request that we transfer your data to you or a third party in electronic form. |
| Right to be Informed | You have the right to clear, transparent, and easily understandable information about how we use your data and your rights. |
| Right to Withdraw Consent | Where processing is based on consent, you can withdraw it at any time by contacting privacy@welliba.com or adjusting your cookie settings. However, this may affect our ability to provide services. |
4.5 Complaints
You may submit a complaint regarding your personal information to a supervisory authority regarding our processing of your personal data.
4.6 Provision of Personal Data
You are not legally required to share your personal data with us. However, where our processing of your personal data is based on Article 6(1) (a), we cannot carry out the processing without your consent. Where our processing of your personal data is based on Article 6(1)(b) of the GDPR, we cannot carry out the contractual relationship without your personal data. Where our processing is based on another legal basis, it will often not be possible to fulfil the intended purpose without your personal data, or at least such fulfilment would be restricted without the provision of such personal data.
5. United States Addendum
This United States of America Addendum (“Addendum”) supplements the Notice and applies to all residents of the United States.
Certain state and federal laws of the United States of America (“US Laws”), such as the California Consumer Privacy Act 2018 as amended by the California Privacy Rights Act of 2020 (“CPRA”) require us to disclose the following information with respect to our collection, use and disclosure of personal data:
- Categories and specific pieces of personal data collected.
- Business or commercial purpose for collecting and using personal data.
- Category (ies) of sources of personal data.
- Category (ies) of personal data disclosed.
- Categories of third parties to whom we disclose personal data.
- Information regarding our data retention practices.
Details regarding the above are provided below.
5.1 Personal Data Rights
Under the CPRA and other similar US Laws, residents of certain US states have some of the rights provided under section 4.4 above, in addition to other rights, as follows:
Rights under section 4.4 of the Notice:
- Right of Access (to Know)
- Right of Rectification (to Correct)
- Right to Erasure (to Delete)
- Right to Data Portability
- Right to Withdraw Consent
Additional Rights:
- Opt out of the “sale” or “sharing” of personal data, as those terms are defined in certain US Laws. We do not as a matter of course “sell” or “share” personal data, in accordance with the definition of “sell” or “share” in US Laws.
- Opt out of targeted advertising. You may opt out of our use of your personal data for purposes of targeted advertising in accordance with certain US Laws.
- Non-Discrimination and Non-Retaliation. We will not discriminate or retaliate against you for exercising any of your rights under certain US Laws. Unless permitted by US Laws, we will not deny you services; charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of services; and/or suggest that you may receive a different price or rate for services or a different level or quality of services.
Exercising Your Rights:
For more information on how to exercise your rights please contact us in accordance with the contact details provided above. We may request further information from you (if possible) to verify your identity as permitted or required by applicable laws before fulfilling a rights request. We may not be able to respond to your request if we cannot verify your identity.
We may not be able to fulfil your request or some parts of your request depending on our legal obligations or certain exemptions under applicable laws. For example, we may not be able to delete or anonymise all data as we may be legally required to retain certain data or retain certain data in identifiable form. If you have any questions about how we process your personal data under applicable laws in your area, you may contact us as set out above.
You have the right to appoint an agent who is registered with the appropriate US state agency or government entity to submit requests and exercise the above rights on your behalf. We may require the agent to submit to us written permission from you as well as have you verify your identity directly with us to protect the security of your personal data. In the event an agent is not able to provide written permission to act on your behalf, we may deny a request in accordance with applicable laws. We will respond to a verifiable request within the time periods required by the applicable laws, which may differ from the GDPR. If more time is required, we will comply with any such applicable requirements. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
5.2 Personal Data Processed
We collect the categories of personal data identified above in Section 3 (which is of a limited nature) which may be categorised as follows:
- Identifiers such as name, company name, business address, email address, IP address, Session I.D.
- Geolocation data: country
- Electronic and device information such as IP address, details about your device, browsing history, search history, or other applications on the device.
We collect this directly from you, automatically through the website and sub site, and from other sources, each of which is more particularly described above and in section 3 of this Notice.
5.3 Purposes of Processing Personal Data
We collect personal data for business purposes identified above in section 3 of the Notice. More specifically, we use the personal data to:
- Provide, secure and improve the website and sub site and ensure it functions correctly.
- Communicate with you about the website and sub site which you signed up for or respond to your inquiries regarding Welliba or the website or sub site.
- Send marketing and promotional messages to you about the services of Welliba in compliance with applicable laws.
- Prevent fraud and conduct and comply with auditing activities.
- Comply with our legal obligations, including legal processes regarding disclosures of information, and, where necessary, for the establishment, exercise, or defense of legal claims.
- Conduct other activities where we otherwise have your consent or where you have directed us to do so.
5.4 Recipients of Processing Personal Data
We have disclosed the categories of personal data for business or commercial purposes as set forth above in Section 3 of the Notice. We may share your personal data with the third parties as described above in Section 4.1.2. of the Notice. More specifically, we share your personal data as follows:
- Internally within Welliba and the Welliba Group for reasons such as providing and improving the website and sub site, providing you technical support.
- With third party service providers who provide services to us, where such service providers only use your personal data for purposes of providing us a service and only pursuant to applicable terms.
- With law enforcement or governmental authorities when required to by law (such as in conjunction with subpoenas, search warrants, court orders or similar legal processes) or where activities that are illegal or violate our policies occur in connection with the website or sub site.
- Where we otherwise have your consent or where you’ve directed us to do so.
- With another entity in the context of a business transaction and set forth in section 7 of this Notice.
- With your organisation or third-party service providers in the context of transfers to third countries and / or international organisations (if applicable), as set forth in section 4.2 of this Notice.
5.5 Retention and Security of Personal Data
Please see above section 4.3 of the Notice for details regarding the time period for which we retain personal data and how and when we delete personal data. The criteria we use to determine how long we retain personal data may include such factors as the purposes for which we collected and used it, requirements of applicable laws, the amount and nature of the information, the potential risk of harm from unauthorised use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of our agreements.
Please see above section 4.3 of the Notice for details regarding how we secure and protect personal data. Although we use measures to protect your personal data, we cannot guarantee the security of your personal data transmitted via the website or sub site or otherwise to Welliba. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures of the website or sub site.
6. Children's Data
We do not knowingly collect personal data from children under the age of 16. If you are under the age of 16, please do not provide any information to us. If we become aware that we have collected information from a child under the age of 16, we will make commercially reasonable efforts to delete the information from our systems. We may request consent to process personal data of individuals between the ages of 16 and 18, as required by certain US Laws. The website and sub site is not directed to children under the age of 16.
7. Business Transfers
In the event that Welliba undergoes a business transition, such as a merger, acquisition, corporate divestiture or dissolution (including bankruptcy), or a sale of all or a portion of its assets, we may share, disclose or transfer all of your information to the successor organisation in such transition or during steps in contemplation of such activities (e.g. due diligence). Your personal data will not be transferred to any third party unless there are adequate safeguards in place with the recipient in respect of compliance with GDPR and the security of your personal data.
8. Third Party Websites and Applications
As set forth in our Terms of Use, the website or sub site may contain links to Linked Sites. We encourage you to be aware when you are redirected to a third-party website or application and to review the privacy policies and terms of use of each website and application you visit and use.
9. Additional Choices
As set forth in our Terms of Use, the website or sub site may contain links to Linked Sites. We encourage you to be aware when you are redirected to a third-party website or application and to review the privacy policies and terms of use of each website and application you visit and use.
- Choosing not to share your Personal Data. You may choose not to provide personal data. If you choose not to provide personal data (or ask us to delete it), we may not be able to provide you with the website or sub site or certain functionality of the system. We will tell you or your organisation what information you must provide to receive and gain access to the website or sub site or other functionality by designating it as required as the time of collection or through other appropriate means.
- Cookies and Browser Web Storage. Please see our Cookie Policy which may be accessed by visiting the same page on our website where this Notice is located.