Privacy Policy

Wellnessjourney.pro - Privacy Policy

At Wellness Journey we consider privacy policy quite seriously and respect the privacy concerns of our users. We only use the information for the improvement of our website and under no circumstances we jeopardize the data and information you entrust us. Your privacy is important to us and that is why we only utilize it for the development of the website and to keep you updated.

This privacy policy explains how we collect, disclose, use, and process personal information in connection to our website and mobile application. By using this site – you accept the usage and collection of the information in accordance with this privacy policy.

Scope of the Privacy Policy

This privacy policy is implemented on all the information you access through our site wellnessjourney.pro. You need to agree with all the privacy policy points to use this site.

If you wish to update your preferences or want to change any of the information we have, you can be sent an email. The following document contains all the details related to how we use and proceed with information, to clear your queries related to privacy.

Information We Collect

It depends on how you interact with us, we may collect information automatically, directly from you, or/and from other sources.

Information We Collect Automatically

When you interact with us, some of the information we collect automatically, including, but not limited to:

Usage Information

This is about the time you spent on each page and the total number of pages viewed by you. This also includes the date and time of your visit to our website. The privacy policy section is also about your links clicked and search history alongside the apps or websites you visited through us.

Device Information

This privacy policy section includes IP address – information about the hardware of your device, information about the software of your device, its operating system, language, browser type, version, unique device identifiers, time zone, and advertising identifiers like mobile advertising ID.

Information You Provide to Us

We directly collect information from you when you use the services, for instance, when you create an account, grant access to your information, and provide information. The most common types of information you might provide to us include:

Account Information

This includes your login information, areas of interest, and preferences. This information is collected when you create and use an account.

Contact Information

This includes email address, name, physical address, and phone number.

Location Information

This portion is only applicable when you allow us to collect this as per privacy policy. it is about the general location collected through your IP address or the precise location collected through your mobile device.

User Content

This includes feedback and reviews you submit while visiting our site. This content will be visible to other account holders. It will also be visible to the public and may include your account information such as your user name.

Cookie Information

We send one or more cookies to your computer or mobile device when you use our services, as per our Privacy Policy. We may use one or both the persistent and session cookies.

  • Session cookies instantly disappear when you close the app browser.
  • Persistent cookies are those that remain after you leave the app or close your browser. These cookies may be used by the browser subsequently. You can make changes to cookies through cookie settings. If you find these cookies are causing annoyance, you can remove them.

How We Use the Information

This is the most prominent and crucial of all Privacy Policy clauses. Your information and data are important for us and we use it to deliver the best possible services.

We may use your information for the following purposes as per privacy policy:

  • To improve and enhance our services and establish new functionalities and features on our website.
  • To better understand your needs and demands to create more affiliates and appropriate programs that can be beneficial for you in the long term.
  • To avoid fraud and for utmost security.
  • To closely analyze the preferences and trends of users across versatile mediums.
  • To send you promotional emails so you can reach out directly.

We may or may not collect information automatically to:

  • Personalize the services in a better way so that we remember your information and you do not need to enter it again and again every time you visit our website.
  • Monitor the website’s key metrics including page views and total number of visitors.
  • Track the status and submissions during any relevant activities like promotion.

Privacy Policy Updates and Changes

We reserve the right to make changes in the Privacy policy of the wellness journey at any time. However, we will notify you after making any changes and will let you know how we are going to use your information. We can notify you through important notifications on our website or through email. Any modifications to the privacy policy will be executed thirty days after our initial notification. Though, the immaterial modifications will be implemented directly upon posting the updated privacy policy.

Visiting the privacy policy page every once in a while helps a lot to stay up to date. The dispute will be resolved following the privacy policy in case of any inconvenience in the future.

GDPR Policy

Wellness Journey strictly adheres to the GDRP policy as stated below: 

Data protection principles

If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2:

  1. Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
  2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
  3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
  4. Accuracy — You must keep personal data accurate and up to date.
  5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
  6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Accountability

The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. And this isn’t something you can do after the fact: If you think you are compliant with the GDPR but can’t show how, then you’re not GDPR compliant. Among the ways you can do this:

  • Designate data protection responsibilities to your team.
  • Maintain detailed documentation of the data you’re collecting, how it’s used, where it’s stored, which employee is responsible for it, etc.
  • Train your staff and implement technical and organizational security measures.
  • Have Data Processing Agreement contracts in place with third parties you contract to process data for you.
  • Appoint a Data Protection Officer (though not all organizations need one)

Data security

You’re required to handle data securely by implementing “appropriate technical and organizationalmeasures.”

Technical measures mean anything from requiring your employees to use two-factor authentication on accounts where personal data are stored to contracting with cloud providers that use end-to-end encryption.

Organizational measures are things like staff trainings, adding a data privacy policy to your employee handbook, or limiting access to personal data to only those employees in your organization who need it.

If you have a data breach, you have 72 hours to tell the data subjects or face penalties. (This notification requirement may be waived if you use technological safeguards, such as encryption, to render data useless to an attacker.)

Data protection by design and by default

From now on, everything you do in your organization must, “by design and by default,” consider data protection. Practically speaking, this means you must consider the data protection principles in the design of any new product or activity. The GDPR covers this principle in Article 25.

Suppose, for example, you’re launching a new app for your company. You have to think about what personal data the app could possibly collect from users, then consider ways to minimize the amount of data and how you will secure it with the latest technology.

When you’re allowed to process data

Article 6 lists the instances in which it’s legal to process person data. Don’t even think about touching somebody’s personal data — don’t collect it, don’t store it, don’t sell it to advertisers — unless you can justify it with one of the following:

  1. The data subject gave you specific, unambiguous consent to process the data. (e.g. They’ve opted in to your marketing email list.)
  2. Processing is necessary to execute or to prepare to enter into a contract to which the data subject is a party. (e.g. You need to do a background check before leasing property to a prospective tenant.)
  3. You need to process it to comply with a legal obligation of yours. (e.g. You receive an order from the court in your jurisdiction.)
  4. You need to process the data to save somebody’s life. (e.g. Well, you’ll probably know when this one applies.)
  5. Processing is necessary to perform a task in the public interest or to carry out some official function. (e.g. You’re a private garbage collection company.)
  6. You have a legitimate interest to process someone’s personal data. This is the most flexible lawful basis, though the “fundamental rights and freedoms of the data subject” always override your interests, especially if it’s a child’s data. 

Once you’ve determined the lawful basis for your data processing, you need to document this basis and notify the data subject (transparency!). And if you decide later to change your justification, you need to have a good reason, document this reason, and notify the data subject.

Consent

There are strict new rules about what constitutes consent from a data subject to process their information.

  • Consent must be “freely given, specific, informed and unambiguous.”
  • Requests for consent must be “clearly distinguishable from the other matters” and presented in “clear and plain language.”
  • Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. You can’t simply change the legal basis of the processing to one of the other justifications.
  • Children under 13 can only give consent with permission from their parent.
  • You need to keep documentary evidence of consent.

Data Protection Officers

Contrary to popular belief, not every data controller or processor needs to appoint a Data Protection Officer (DPO). There are three conditions under which you are required to appoint a DPO:

  1. You are a public authority other than a court acting in a judicial capacity.
  2. Your core activities require you to monitor people systematically and regularly on a large scale. (e.g. You’re Google.)
  3. Your core activities are large-scale processing of special categories of data listed under Article 9 of the GDPR or data relating to criminal convictions and offenses mentioned in Article 10. (e.g. You’re a medical office.)

You could also choose to designate a DPO even if you aren’t required to. There are benefits to having someone in this role. Their basic tasks involve understanding the GDPR and how it applies to the organization, advising people in the organization about their responsibilities, conducting data protection trainings, conducting audits and monitoring GDPR compliance, and serving as a liaison with regulators.

People’s privacy rights

You are a data controller and/or a data processor. But as a person who uses the Internet, you’re also a data subject. The GDPR recognizes a litany of new privacy rights for data subjects, which aim to give individuals more control over the data they loan to organizations. As an organization, it’s important to understand these rights to ensure you are GDPR compliant.

Below is a rundown of data subjects’ privacy rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object

Rights in relation to automated decision-making and profiling.

Contact Information

If you have any questions or are facing trouble with the privacy policy, you can contact [email protected]. We will surely assist you in the best possible ways concerning your disclosure practices, personally identifiable information, and any other terms mentioned in the privacy policy.