Privacy Notice and Service Description
Updated May 18, 2018
W2E services are produced and owned by Wellness Warehouse Engine Oy.
Users have a variety of health and wellness tracking services that provide or use variable types of personal data, according to user preferences and choices. Services can be related, for example, to users' personal health accounts, tracking of physical activity, or the collection of self-tracked wellness data. W2E is integrated with various such services and allows the storage, control and brokering of such data as a service.
For business customers, W2E is a broker service which aims to consolidate well-being information, such as activity measurements, exercise data, weight data or other self-measured health or wellness data collected by end-users of our customers, and provide them to the customer for secondary use. The brokering and transfer of data is always made under explicit consent of our customers end-users, given in the customer’s own service. Consent enables authorisation at the source service and active data transfer via W2E.
The brokering service forms a data warehouse containing unidentifiable (pseudonymised) data that our partners and clients use to provide and develop health and well-being based services and personalised or mass data based analytics.
If a Personal Data Store ("PDS Service") of W2E is used by the user, she is provided with a long-term data storage for her measurement data provided by different devices. You decide what data to bring onto W2E or let flow out from it. The user may authorise stored data to be sent to other data using services, when such services are available (separately registered for the W2E service). In this case, the PDS Service describes the target service, its service description and processing purposes information, and requests the user's explicit consent. The consent and related active service can be canceled through our user interface at any time.
The purposes of processing personal data are:
For each registered W2E service user, the following information is stored at registration:
In addition, the user may store the following voluntary data to the basic user information on the PDS Service:
For W2E organisation customer’s main user, business and technical contacts the registrant may store for each respective role:
Some of the information may be collected via an identification service provider used at the registration.
The PDS Service allows user to check their information at any time by signing in to their account (https://w2e.fi) and checking their personal settings view.
Usually the data brokering service is provided to the end users by the W2E's client (an organisation). Here W2E acts in the role of a data processor and not as a data controller. Typically, no W2E user ID will be generated as part of the service and thus W2E cannot identify or link the processed data to a person.
Measurement data of a user is collected into the W2E data store only if she has actively linked one or more of the available services to the PDS via our interface. The core purpose of storing of data to W2E under user’s authorisation and control is covered in the contract (terms of service) between W2E and the user.
When reuse of the information brokered by W2E happens within the service of our organisation customer, the responsibility for acquiring the explicit consent for the transfer of data and controllership of resulting personal data is at our customer. Data aggregation and transfer taking place is always subject to bilateral processing agreement between W2E and its customer. W2E is unable to identify individual users, as we only process pseudonymised information and don’t create and hold personally identifiable user account for brokering use.
Representing a consent proposal describing valid processing purposes and acquiring consent is responsibility of our organisation customer, and is linked as a contract clause to their use of the authorisation service W2E offers. Measurement data may be disclosed in unidentifiable form for statistical, research and other similar processing purposes via mass data transfers, subject to the applicable regulations over our customers.
Data is transferred from the W2E data store to the data using services only with the user’s explicit consent, managed by the user at our service based on the consent notice provided by the PDS Service. Consent can be withdrawn at any time.
Mandatory and legally required data transfers: It is possible that we are obliged to provide personal information to authorities based on applicable laws by request. Transfer or data may also be necessary if Wellness Warehouse Engine Ltd is to defend its rights in civil, business or criminal law.
Acquisitions: We may disclose or transfer personal information in connection with the sale of the company, the sale of shares, the merger of another company, other company related transaction or bankruptcy.
For other third parties involved in the provision of our PDS or brokerage services, such as cloud computing providers, data stored by W2E will be handed over or handled only with discretionary data processing agreements.
W2E may also use external service providers to analyze the cookies (third-party cookies).
If you turn off cookies in your browser, some sections of the service may not work properly. For more information about cookies and how to delete them, visit allaboutcookies.org.
Customer and measurement data are stored in separate W2E databases.
For organisation customers, measurement data is available when customer relationship is active (during free trial and paid subscription license). The measurement data accumulated by the end of a customer relationship will be destroyed after a retention period agreed separately with the customer.
The collected measurement data is available to the end user via the PDS Service while the user account is active. When the user account and the customer relationship is terminated, all information will be deleted 30 days from the withdrawal date, unless the user indicates back a written request to continue use of the service.
Data stored on the service will not be transferred outside the EU or EEA.
W2E data stored in the databases is handled confidentially.
The databases are adequately protected by external firewalls and other privacy enhancing technologies (PET), subject to up-to-date guidelines and data protection practices over hosting special categories of personal data.
W2E's production environment is isolated from development and testing environments. The customer register or parts thereof are not stored as paper printouts.
The use of the register is tracked by use of internal trace logs.
The service is always used over a secure connection (SSL).
Registers are accessible only to persons whose job description includes database operation and maintenance. Each person has a personal username and password and they are bound by a confidentiality requirement.
Each user with an account for the PDS Service can at any time:
User of our PDS Service can at any time do the above-mentioned actions through the settings view or as a written request. You can always contact us on any privacy issues by e-mail to: firstname.lastname@example.org
The data controller of your data is
Wellness Warehouse Engine Oy (Business ID 2733411-5) Pohjanmaantie 7, FIN-33270 Tampere, FINLAND
If you have any questions about privacy or data protection, please don’t hesitate to contact us (the data controller details above). The quickest way to connect is by sending an email to