WELLBEES PRIVACY AND COOKIES POLICY

This is the Privacy and Cookies Policy for the Wellbees Application (the "App"). The App is operated by or on behalf of Wellbees Limited (Company number: 13674312) , ('we', 'us', 'our' or "Wellbees").

This policy sets out how we collect and use your personal data in connection with the provision of our services to you through the App. This policy covers:

Information we collect about you and how we use it
Cookies and other technologies
Communications
Who we give your information to
Where we store and transfer your information
Child safety
How we protect your information
How long we keep your information
Your rights
Changes to this policy
Contacting us

We are committed to protecting and respecting your privacy. We confirm that we will not sell your personal data to any third party not associated with or part of the Wellbees group companies.

Please read the following carefully to understand our views and practices regarding your personal data and how we may treat it.

By accepting our services and using the App, you acknowledge you have read and understood this privacy policy.

For the purposes of UK and European Economic Area data protection law, (the "Data Protection Law") the data controller is: Wellbees Inc. with its headquarters at 1401 Pennsylvania Ave. Unit 105 Wilmington, Delaware 19806.

Data controller

Wellbees is made up of different legal entities:

Wellbees Inc., with its headquarters at 1401 Pennsylvania Ave. Unit 105 Wilmington, Delaware 19806, which is the holding company of the Wellbees Group.
Wellbees Limited, with its registered office at 4th Floor Imperial House, 8 Kean Street, London, England, WC2B 4AS.
Actifit Spor VeSaglik Hizmetleri Sanayi VE Tic A.S, of Maslak Mah, Eski Buyukdere Cad, 14 Park Palza, K:3 Saruter, Turkiye.
Wellbees DMCC of Jumeirah Lakes Towers, Dubai, United Arab Emirates.

This privacy policy is issued on behalf of the Wellbees Group so when we mention "Wellbees", "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Wellbees Group responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us. Wellbees Inc. is the controller and responsible for this website.

For the UK, Wellbees Inc has appointed Wellbees Ltd as its official representative for all data protection matters.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the using the details set out below.

Information collected about you and how we use it

The App will collect and process the following personal data from you:

Information you give usas an App user

This is information you enter directly when you interact with the App. This includes where you:

Register to create an account with us.
Log diary notes about your health and wellbeing.
Book expert sessions.
Attend virtual events.
Collect WellPoints (if your employer has enabled this feature).
Participate in surveys or research.
Ask questions or submit a query.

Find out more [link to text box below]

This is information about you that you record by filling in forms and using different App features. It includes information to:

● Register to create an accountwith us: you will need to set up an account with us in order to use the App. We ask for

Identity information: your name, username and chosen password

Contact information: your email address.

This is so we can create an account in your name, identify you as the account holder when you log in and use the App and contact you where appropriate with specific administrative service messages about your account.

● Record information about yourself: you can enter profile details about yourself.

Profile information: (e.g. your date of birth, your residing location, your gender, height, weight and your wellbeing interests).

Job information: (e.g. your employer's name, your department, job title, company location).

● Log diary notes: about your daily health and wellbeing and activity or experiences including your mood.

Health information:about your physical and mental health and wellbeing, including details about your mood, sleep, activity, nutrition or water intake.

● Book expert sessions: if you would like to partake in a therapy or nutrition session, we ask for:

Identity information, contact information and health information in connection with booking your session. The expert will then contact you via a videocall via the platform. We also keep a record of the number of sessions that you have taken, and with which experts you have spoken.

● Attend a virtual event: if you choose to attend a virtual event we ask for:

Identity information and contact information so you can book the event. We also keep a record of the events that you attend.

● Interact with other users or experts: we use your identity information to enable you to interact with other users or experts in the App.

● Track your WellPoints: if your employer has enabled this feature, we ask for:

Identity information, details about events attended, and other health information that you input or via health app integrations (see information we collect from integrated apps below) such as how much water you have drank or activities undertaken. This is used to issue WellPoints, which can be redeemed against discount codes and coupons, expert sessions, and other items decided by your employer.

● Participate in a survey or research: if you choose to participate in a survey or research,

Identity information, and health information in connection with sharing your experiences.

● Ask questions: if you submit a query regarding the App. We will use the details you provide to investigate and respond.

Identity information: in connection with responding to any questions or enquiries you raise with us.

Information you give if you are an expert: we will collect information about your identity, qualifications and other information about your education and work history, contact information, CVS and payment information to sign you up as an expert and enable you to book sessions with clients.
Information we collect about you from your use the App: we will automatically collect usage information from you each time you visit the App. This includes:
- Technical information.
- Information about your engagement with the App.
- Find out more [link to text box below]
Information we collect from integrated apps: if you choose to enable us access to select other health apps, we can integrate health data from these apps such as step count, activity levels, nutrition or sleep tracking information.

●
Technical information: we collect the internet protocol (IP) address used to connect your device to the Internet, your device make and model and identifiers, App version, browser type (e.g. Apple Safari or Google Chrome) and operating system version. We also receive information about the content of a request as well as the time zone setting, date and http status code associated with the request.

● Information about your engagement with the App: may include the App session data traffic, including date and time, content viewed or searched for, click details to see the types of club/challenge/event/content/program that you click on, content load response times, download errors, length of session. This is so that we can understand how the App is used and in the case of your searches, display to you ranked feedback, editorial content, summary reports and content relevant to your search terms. We also collect information about the number of challenges you have participated in, events attended and your interactions with other users or experts in the App.

● Information we collect from integrated apps: if you choose to enable us access to select other apps, we can integrate health data from these apps such as step count, activity levels, nutrition or sleep tracking information. You can select which apps you would like to integrate with the App, and can turn off the integration at any time.

You can see a full list of the types of data we process, the purpose for which we process it and the lawful basis on which it is processed here [link to table at end of policy].

Cookies and other technologies

The App uses cookies and/or other similar technologies to collect and store certain information. These typically involve pieces of information or code transferred to or accessed from your mobile device to store and sometimes track information about you. Cookies and similar technologies enable you to be remembered when using that device to interact with online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content.

The App uses cookies and similar technologies to distinguish you from other users of the App. This helps us to provide you with a personalised experience when you navigate the App and also allows us to improve our content and services.

Most browsers automatically accept cookies and similar technologies, but if you prefer, you can change your device privacy settings to enable you to do this. We also give you information about how to disable cookies below. However, you may not be able to take full advantage of our App if you do so.

A number of cookies and similar technologies we use last only for the duration of your App session and expire when you exit the App. Others are used to remember you when you return to the App and will last for longer.

We use these cookies and other technologies on the basis our legitimate interests (where such cookies are strictly necessary for the operation of the App (and we have considered that these are not overridden by your rights),or otherwise where you have consented to their use.

Find out more [link to text box below]

We may use the following types of cookies:

● Strictly necessary cookies. These are cookies that are required for the operation of our App and under our terms with you. They include, for example, cookies that enable you to log into your account and manage your session.

● Functional cookies. These enable us, subject to your choices and preferences, to personalise the look or appearance of certain content on the App,

● Analytical/performance cookies. They allow us to recognise and count the number users and to see how they engage with our App content and features. This helps us to identify, ways of improving our App, for example by ensuring that users are finding what they are looking for easily.

Sponsored promotional content that appears within the app is generated by the content you view or inputted symptom or search terms you use and not through the use of third-party advertising cookies. For example, an article or search relevant to dry skin may be matched with sponsored content for a specific moisturising cream product.

The effect of disabling cookies depends on which cookies you disable but, in general, the Platform may not operate properly if all cookies are switched off.

If you want to disable cookies and equivalent technology used on the App, you can change your device privacy settings to reject cookies.

Where you have not set your permissions, we may also separately prompt you regarding our use of cookies and similar technologies through the App.

You can find more information about the individual cookies we use and the purposes for which we use them below. [link to table below]

Cookie	Type	Purpose and other details
jwt_access_token	● Strictly necessary	necessary for user app usage (three months)
companyHeaderWebColorCode	● Functional	Company theme color(three months)
baseUrl	● Strictly necessary	Services base url(three months)
account_token_arr	● Strictly necessary	User accountlist(three months)
awc.session.expiry	● Strictly necessary	Session expiry time(three months)
awc.session.id	● Strictly necessary	Session unique id(three months)
fslightbox-scrollbar-width	● Functional	Users’ scrollbar width(three months)
awc.last.screen.event	● Functional	Users’ last event(three months)

Communications

Where permitted in our legitimate interest we may communicate specific administrative service messages about your account. We may also where permitted in our legitimate interest or with your prior consent where required by Data Protection Law, use your personal information for analysis or to communicate messages relevant to promoting a better user experience of the App, or to let you know about our other products and services.

You can withdraw your consent, where provided, to our promotional communications at any time by selecting the unsubscribe link at the end of our communication to you or by contacting us at: info@wellbees.co

Who we give your information to

We may make personal Information available to:

Select experts to enable you to book an expert session (e.g. a videocall with a therapist, dietician or nutritionist).
A member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. To see a full list of such companies please click here. If any of these parties are using your information for their own purpose, we will only transfer the information to them for that purpose with your prior consent.
Your employer, but only in aggregate form about their workplace as a whole so they will never be able to identify you. If an expert has reason to believe that you intend to harm yourself, we may share this with the authorities for your safety.
Selected third parties.

Find out more [link to text box below]

Our selected third parties may include:

● Organisations who process your personal data on our behalf and in accordance with our instructions and the Data Protection Law. This includes in supporting the services we offer through the App in particular those providing data hosting services, providing fulfilment services, distributing any communications we send, facilitating feedback on our services and providing IT App support and development services from time to time. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only access your information to the extent necessary to perform their support functions.

● Our analytics provider who assists us in the improvement and optimisation of the App and subject to the cookie section of this policy
(this will not identify you as an individual).

● We will share data with your employer about the general wellbeing of their workforce, but we will only do this on an aggregate basis so they will not be able to identify you from any of the data.

We may disclose your personal information to third parties:

● In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.

● If Wellbees or substantially all of its assets are acquirintegratioed by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

● If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Wellbees our end users, or others. This includes:

● sharing information with competent national or regional regulatory authorities where we are obliged to assess, and report information; or

● exchanging information with other companies and organisations for the purposes of fraud protection and to prevent cybercrime.

Where we store your information

The information that we collect is hosted on secure servers located within the EEA and Turkey and, may specifically be hosted and or processed on secure servers in the context of the country you reside and where the App is provided, (where required by law).

To the extent any access your personal information or transfer of such information is anticipated outside the UK or EEA in the context of supporting the operation of the services provided through the App, we will take steps to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy finding or mechanism, and that it is treated securely and in accordance with this privacy policy.

Find out more [link to text box below].

We may transfer your personal information outside the UK and EEA to Turkey:

● In order support the operation of the services provided by the App.

● Where we are legally required to do so.

● In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Where we transfer your personal information to a jurisdiction not subject to a relevant legal transfer adequacy finding, we will take steps to ensure an appropriate legal adequacy safeguard is in place which usually means, use of specific approved contracts that rely upon standard contractual clauses ("SCCs") for the protection of personal data.

For further information on transfers outside of the UK and EEA and/or the specific safeguard methods adopted, please contact info@wellbees.co

Child safety

Protecting the safety of children when they use the Internet and online services is important to us. The App is intended for use only by persons who are at least 18 years of age. By using the App you confirm to us that you meet this requirement.

How we protect your information

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our App may, from time to time, contain links to external sites. Where you engage with sponsored content on the App that will take you to a third party site we will notify you that you are about to leave the App. We are not responsible for the privacy policies or the content of such sites.

The App does not use personal data to make automated decisions in any way that has any legal effect or significantly affect upon you.

How long we keep your information

We retain personal data for as long as you use the App and have an account with us. We may also retain aggregate information for research purposes and to help us develop and improve our products and services. You cannot be identified from aggregate information retained or used for these purposes.

Your rights

You have the right under certain circumstances:

to be provided with a copy of your personal data held by us;
to request the rectification or erasure of your personal data held by us;
to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
to object to the further processing of your personal data,
to request that your provided personal data be moved to a third party,
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that similarly significantly affect you (note, as stated above, this App does not use personal data to make such automated decisions).

You may opt out at any time from allowing further access by us to your location data by altering the privacy settings of your device. You can also stop all information collection by un-installing the App. You may use the standard un-install processes as may be available for your mobile device.
Your right to withdraw consent: where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us as set out below.

Where we receive a request to exercise one of the above rights, we will normally respond within one month. This may be extended by up to two further months in cases where requests are complex or numerous and where such an extension is permitted by Data Protection Law. Where that is the case we will inform you within one month of any extension and the reason for this.

You can also exercise the rights listed above at any time by contacting us at info@wellbees.co

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html ). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

Changes to this policy

Any changes we make to our privacy policy in future will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail. This policy was last updated in June 2021.

Contact Us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed for the attention of Kerem Gonulkirmaz, CTO of Wellbees.

Email info@wellbees.co

Post: 1401 Pennsylvania Ave. Unit 105 Wilmington, Delaware 19806.

Purpose and lawful basis for processing of personal data

This table sets out:

What personal data we process
What we use that data for
The lawful basis for the processing

It forms part of our privacy policy [link] which you should also read.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new user of the App.

(a) Identity

(b) Contact

(a) Performance of our terms with you.

If you are an expert, to perform our agreement with you and book sessions with clients.

(a) Identity

(b) Contact

(a) Performance of our terms with you.

(b) Necessary for our legitimate interests (to manage expert sessions).

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Responding to your questions and queries

(a) Identity

(b) Contact

(a) Performance of our terms with you.

(b) Necessary to comply with a legal obligation.

(c) Necessary for our legitimate interests (to keep our records updated and to study how users engage with the App and our services).

To provide you with health tips and wellness resources and health tracking.

(a) Identity

(b) Health

(a) Performance of our terms with you.

(b) Explicit consent.

To enable you to book expert sessions.

(a) Identity

(b) Contact

(a) Explicit consent.

To administer WellPoints.

(b) Identity

(b) Health

(a) Performance of our terms with you.

(b) Necessary for our legitimate interests (being the effective management of our services).

To enable you to partake in a survey, research or attend an event.

(a) Identity

(b) Contact

(d) Usage

(a) Necessary for our legitimate interests (to study how users engage with our services, to develop them and grow our business).

(b) Research purposes. Defining and progressing research priorities.

To administer and protect our business and this App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

(a) Identity

(b) Contact

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

(b) Necessary to comply with a legal obligation.

To a) deliver relevant content to you;

b) communicate App engagement information by email

(a) Identity

(b) Contact

(d) Technical

(a)Necessary for our legitimate interests (to study how users engage with our services, to develop them, to grow our business and to inform our business strategy).

b) Consent where communication constitutes marketing.

To use data analytics, crash reporting and push messaging and linking tools to improve our website, products/services.

(a) Technical

(b) Usage

(a) Necessary for our legitimate interests (to define types of users for our services, to keep our website updated and relevant, to develop our business and to inform our business strategy).

b) Consent (where applicable to the particular method of collection (e.g. cookies and similar technologies).

De-identification of data to understand at an aggregated level, health trends, identify research priorities and to improve our services.

(a) Identity

(b) Health

(a) Necessary for our legitimate interests (to inform our services and wider business strategy).

b) Consent.