GDPR Compliance

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in the European Union (EU) on May 25, 2018. It sets strict requirements on how personal data of EU residents is collected, processed, and stored.

Wellcome Listings Manager is committed to maintaining full compliance with GDPR requirements and ensuring the highest standards of data protection for all our users.

2. Your Rights Under GDPR

As a user of our application, you have specific rights regarding your personal data:

• Right to be Informed: You have the right to know how your data is used.
• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): You can request that we delete your personal data under certain conditions.
• Right to Restrict Processing: You can request that we limit the way we use your data.
• Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your data for specific purposes (e.g., direct marketing).
• Rights Related to Automated Decision-Making: You have rights regarding automated processing and profiling.

3. Data Controller Information

For the purposes of GDPR, Wellcome Listings Manager acts as the **Data Controller** for the information provided directly to us (e.g., your account details).

When we process data on behalf of our business users (e.g., synchronizing listing data to third-party platforms), we may act as a **Data Processor**.

Contact Details:
Email: help@thewellcome.com

4. Lawful Basis for Processing

We process personal data based on the following legal grounds:

• Consent: When you have given clear consent for us to process your data for a specific purpose.
• Contract: When processing is necessary for a contract we have with you.
• Legal Obligation: When processing is necessary for us to comply with the law.
• Legitimate Interests: When processing is necessary for our legitimate interests (e.g., improving application security).

5. International Data Transfers

Some of our service providers and integrated platforms (like Google, TikTok, Facebook) are located outside the European Economic Area (EEA). We ensure that any international data transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legal mechanisms.

6. Data Protection Officer (DPO)

While we are not required to appoint a formal DPO under all circumstances, our security and privacy team oversees our data protection strategy. If you have any concerns, please reach out to us at help@thewellcome.com.

7. Data Breach Notification

In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority and affected users within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

8. How to Exercise Your Rights

To exercise any of your rights mentioned in Section 2, please send a request to help@thewellcome.com. We will respond to your request within 30 days.