Privacy Policy

Last Updated: 27 August 2025

Welcome to WellNewMe. Building your trust is a core objective of our service. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services. We are committed to safeguarding your privacy in compliance with the UK General Data Protection Regulation (GDPR) and NHS data security standards.



1. Information We Collect

We collect information to provide and improve our services for our stakeholders: Employees, Employers, and Brokers.

  • For Employees: We collect health-related information through our Health Risk Assessments, which you provide with explicit consent. If you connect a wearable device (e.g., Fitbit, Apple Watch) or the NHS App, we collect data such as activity, sleep, and heart rate with your permission.
  • For Brokers and Employers: We collect business contact details when you request a demo or make an inquiry through our contact forms.
  • Website Usage Data: We use tools like Google Analytics 4 and Hotjar to collect information about how you interact with our website to improve user experience.

2. How We Use Your Information

Your data is used to deliver our health benefits automation services:

  • To Provide Personalized Health Plans: Employee health data is used by our AI systems to generate personalized recommendations and health plans. Our AI/ML models are trained exclusively on anonymized health data.
  • To Generate Reports: We provide employers with anonymized reports on workforce health trends and risk profiles. For brokers, we provide aggregated client data and underwriting insights. Your personal, identifiable health data is never shared with your employer or broker.
  • To Communicate With You: We use broker and employer contact information to follow up on demo requests and inquiries, managed through our CRM system.

3. Data Security

We take the security of your data very seriously and have implemented robust technical and organisational measures.

  • Encryption: All data transmitted to and from our platform is protected with end-to-end encryption (TLS 1.3).
  • Secure Access: User accounts are protected by multi-factor authentication (MFA). Access to data is strictly controlled based on user roles (e.g., an employer cannot see individual employee data).
  • Compliance and Testing: Our systems are hosted on Microsoft Azure and comply with ISO 27001 and the NHS Data Security and Protection Toolkit. We conduct regular penetration testing and vulnerability scans to ensure our defences are strong.

4. Your Data Rights under GDPR

As a user, you have specific rights concerning your personal data:

  • Right to Consent: We only collect your health data with your explicit consent, which you can withdraw at any time.
  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to be Forgotten: You have the right to request the deletion of your personal data from our systems.

5. Third-Party Services

Our platform integrates with third-party services to enhance functionality. This includes API connections for wearables via OAuth 2.0 and interoperability with the NHS App and insurer platforms using standards like HL7 FHIR UK Core. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies.


6. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of any significant changes by posting the new policy on this page. We encourage you to review this Privacy Policy periodically.


7. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@wellnewme.co.uk.