Data Protection Policy


WellPlace is committed to protecting the privacy and confidentiality of personal data in compliance with the requirements of the relevant Irish legislation, namely the General Data Protection Regulation (GDPR) 2018, the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003).

This Data Protection Policy outlines our commitment to safeguarding personal data and provides guidelines for its collection, storage, use, and disclosure.


Data Collection and Processing

2.1. Lawful Basis: WellPlace will only collect and process personal data when there is a lawful basis for doing so, such as the necessity for the performance of a contract, compliance with a legal obligation, or consent from the data subject.


2.2. Data Minimisation: WellPlace will collect and process only the minimum amount of personal data necessary to provide our workplace wellbeing services and fulfil our contractual obligations.


2.3. Data Accuracy: WellPlace will take reasonable steps to ensure that personal data collected is accurate, up-to-date, and relevant for the intended purposes. Data subjects are encouraged to inform us promptly of any changes or inaccuracies in their personal data.


2.4. Consent: WellPlace will obtain explicit and informed consent from data subjects for the collection, processing, and disclosure of their personal data. Consent will be sought separately for different purposes and can be withdrawn at any time.


Data Security

3.1. Security Measures: WellPlace will implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction. These measures include encryption, access controls, regular system updates, and staff training on data protection and security.

3.2. Confidentiality: WellPlace will ensure that all of the team and third-party service providers handling personal data are bound by confidentiality obligations.


Data Retention

4.1. Retention Period: WellPlace will retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Retention periods will be determined based on the nature of the data and legal requirements.

4.2. Data Disposal: WellPlace will securely dispose of personal data when it is no longer needed, using methods such as secure deletion or destruction.


Data Subject Rights

5.1. Access and Rectification: Data subjects have the right to access and rectify their personal data held by WellPlace. Requests for access or rectification should be made in writing to the designated contact person.

5.2. Erasure and Objection: Data subjects have the right to request the erasure of their personal data or to object to its processing. WellPlace will review such requests in accordance with applicable legal requirements.


Data Transfers

6.1. Cross-Border Transfers: WellPlace may transfer personal data to countries outside the European Economic Area (EEA) if adequate safeguards are in place to ensure an adequate level of data protection, such as the use of Standard Contractual Clauses or relying on the Privacy Shield framework.


Data Breach Notification

In the event of a data breach involving personal data, WellPlace will promptly assess the impact, take necessary actions to mitigate the breach, and notify the affected individuals and the Irish Data Protection Commission as required by law.


Policy Review

This Data Protection Policy will be reviewed periodically to ensure its continued relevance and compliance with applicable data protection laws. Any updates or changes will be communicated to the team and made available to data subjects as necessary.


For any questions, concerns, or requests related to data protection, please contact our designated Data Protection Officer at