Confidentiality policy

Processing of personal data by Wellio

We are pleased to welcome you to our area dedicated to policy governing the processing of personal data.

Whether you are a customer, partner, supplier or more generally a contact of Wellio, you will find here the answers to your main questions. If your questions remain unanswered, please feel free to contact our Data Protection Officer (DPO) at the following address: dpo@covivio.fr

General policy on the processing of personal data by Wellio

Below you will find our general policy on the processing of your personal data. Regarding the data collected specifically via this website (contact form and cookies) please move down to the bottom of the page.

1.           Who is the Data Controller?

Wellio, headquartered at 30 avenue Kléber, 75116 Paris, France, acting jointly with the companies of the Covivio group (Covivio S.A. whose head office is at 18, Avenue François Mitterrand, 57 000 Metz (France) and its controlled subsidiaries).

The Data Protection Officer may be contacted at: dpo@covivio.fr

2.           Why do we process your data?

The reasons for processing your data depend on the relationship you have with Wellio. The legal basis may be:

•             your consent, particularly in your capacity as prospect or contact in the wider vision of Wellio.

•             the fulfilment of a contract which links you to Wellio; this is notably the case if you are a customer, resident, supplier or a counterpart in any other transaction engaged by Wellio.

•             respect for our legal or regulatory obligations: formalities which we need to implement as part of the fight against money-laundering and the financing of terrorism…

•             our legitimate interest, particularly as part of the protection of our premises and their occupants (video surveillance).

3.           Which Personal Data do we process?

The data we process depends on our relationship with you. Generally, this is data connected to your identity, contact details, job and, where applicable, Personal Data needed to invoice our clients, residents or for the payment of our suppliers.

3.1 You have a contractual link with Wellio

We strive to provide you with ongoing communication, as part of contracts involving the processing of your Personal Data, informing you of the exact nature of this data and of your rights related thereto. Generally, this data has been collected from you directly. For any additional information, please feel free to contact our DPO at: dpo@covivio.fr.

3.2 You are a contact, in the wider sphere of Wellio or the Covivio Group

When we process your Personal Data it is essentially so that we can send you information about our activity, manage our relationship with you, invite you to events and carry out satisfaction surveys, competitions etc. The data may be your first name, surname, employer, your professional sector and contact details (email and postal address, telephone number). You can, at any time, ask to be removed from our mailing lists (using the dedicated area or by contacting our DPO). If you have no other link with our Group, we will permanently delete your Personal Data from our databases.

3.2.1 Information on our CRM tool

3.2.1.1 Management of contacts

In order to facilitate the management of its contacts, Wellio uses a CRM (Client Relationship Management) tool put in place by Covivio.

As an internal or external “contact”, in the wider sphere of our Group, we process your Personal Data using software developed by Sales Force, which works as a subcontractor on your Personal Data.

When this processing is based on your consent alone, you may at any time ask for the data in this tool to be kept anonymous (dpo@covivio.fr).

We may process the following data:

Your surname(s), given name(s), marital status, business and or personal address, business and or personal telephone number, business and or personal email, job, job grade, sector of activity, nature of your (or your company’s) relationship with Covivio (client, tenant, supplier, administrator, shareholder, prospect, employee, other), your wishes regarding invitation to events organised by Covivio, data regarding appointments you have had with our employees, membership of a professional association or organisation, and any information of a strictly professional nature concerning your relationship with our Group.

This data has usually been collected from you directly, or is already in the public domain.

Your Personal Data is processed:

•             with a view to ensuring effective and targeted communication between employees of the Covivio Group on the one hand and you or your business on the other

•             to streamline the management of group contacts within our teams.

This data is used exclusively by Groupe Covivio. Recipients of data are:

•             the authorised employees of Covivio and its subsidiaries in France and abroad (Groupe Covivio)

•             as the case may be, certain authorised employees of the Sales Force company, acting as Personal Data Processor for Covivio. Your Personal Data may be transferred outside the European Union using methods that fully comply with current applicable Regulations. Under no circumstances is personal data subject to commercial transactions with third parties.

Data retention policy in the CRM:

•             in the tool we use, your data is rendered anonymous within no more than 15 days as from your request

•             we conduct annual campaigns to upgrade the reliability of your data

3.2.1.2 Management of our client invoicing

Our CRM tool also helps us to manage client invoicing. Consequently, the legal basis for the processing of your Personal Data will be your contract with Wellio. For more information, please refer to paragraph 3.1.

3.3 You reserve an event room

When it comes to reserving event rooms, Wellio may subcontract this work to the Bird Office company.

Consequently, approved staff at Bird Office may receive your data.

The data received by Bird Office may relate to surnames, given names, business addresses, business emails, business telephone numbers, employers, invoices, recordings of telephone conversations, specific menu requests, or any request in connection with a reservation.

In its capacity as a Personal Data Processor, Bird Office commits to deleting or anonymising, or getting any subsequent subcontractors to delete or anonymise, all Personal Data from the Contract fulfilment, and to destroying (or getting another party to destroy) existing copies:

•             within twelve months for recordings of telephone conversations; and

•             for all other Personal Data, within three months of the closure of the account by the User and, otherwise, within a maximum period which does not exceed the data’s statutory expiry period (five years) for data likely to be used as proof in the event of disputes.

3.4 You use our internet services

Wellio can offer you access to Wifi services.

These services are made available by the Naitways company, acting as a duly authorised Wellio subcontractor.

The data collected by Wellio and Naitways for this purpose will consist of your identification data and contact data which you supply when you connect and the data linked to the use of said Wi-Fi service: Internet Protocol (IP) address and information regarding the configuration (type of machine, browser, etc.) and the browsing session (date, time, pages viewed, errors, etc.)

•             If you tick the box “I agree to be re-contacted by Wellio and to receive the newsletter”, you will become a Wellio contact; we will process your data using the methods described in paragraph 3.2 et seq.

•             If you do not tick the box, “I agree to be re-contacted by Wellio and to receive the newsletter”, your data will be deleted within 30 days of your connection 

•             In every case, Naitways will not retain your data linked to your connection beyond a period of 30 days after said connection.

3.5. You reserve a Wellio meeting room via this website

 You are directed to the site of our subcontractor partner Mon Building. You will find all of the information regarding the processing of your data on said site.

4.           Who receives your data? 

The following receive your personal data:

•             authorised personnel of the Data Controller

•             its service providers who act, where applicable, in their capacity as Personal Data Processors; the Data Controller ensures that these employees have a confidentiality and security policy which conforms to Regulations. If this data has to be transferred outside the EU or CEE, we would ensure that these transfers comply with Regulations and conclude agreements committing our subcontractors to adopt a policy similar to our own.

•             Where applicable, and at their request, any administrative or legally competent authority

5.           What are the retention periods?

Your Personal Data will not be retained in a form conducive to identification beyond the duration necessary for the purposes for which it is processed and within the period dictated by our contractual, legal and regulatory obligations. Our subcontractors who process your Personal Data are contractually bound by clauses which guarantee a limited retention period for your data. Do not hesitate to contact our DPO for further information: dpo@covivio.fr.

6.           What are your rights? 

Under the conditions governed by regulations pertaining to personal data protection, and by writing to dpo@covivio.fr:         

•             You may request additional information on the processing of your Personal Data at any time.

•             You have the right to access and rectify your data, and the right to data portability.

•             You have the right to request the erasure of your data or the restriction of the processing thereof, and the right to oppose the processing of said data.

•             You have the right to withdraw your consent at any time.

•             You can file a claim via a supervisory authority.

•             We suggest that you submit any request to the Data Protection Officer: dpo@covivio.fr.

7.           Ensuring the security of your data is important to us

Covivio endeavours to implement the technical and organisational measures needed for the security of your Personal Data designed to protect against any intentional or involuntary manipulation, loss, destruction or unauthorised access. The prevention of cyber threats is one of our priorities. Groupe Covivio employees need authorisations to access your data; this clearance is strictly regulated and differentiated depending on the functions of the employees, who, like our external service providers, are bound by confidentiality clauses.

8.           Upgrading of our processing policy

This policy reflects our current standards, which are subject to modification. Any change will take effect as from the publication of the latest updated version of this policy.

Specific policy for processing personal data by Wellio

The information below sets out the conditions under which your personal data, collected on www.wellio.fr, is processed. Information relating to cookies is covered later.

Who is the data controller?

The data controller is Wellio, headquartered at 30, avenue Kléber, 75116 Paris (France), jointly with Covivio SA (whose head office is at 18, Avenue François Mitterrand, 57 000 Metz, France and its affiliates, hereafter called “the Covivio Group”.

Why do we process your data?

End-purpose

Depending on your options, we are then able to:

•             re-contact you as proposed on our contact form

•             and, as the case may be, send you commercial offers and newsletters

After this initial contact, your data may be incorporated into our CRM (Client Relationship Management) tool. You will be informed of this by e-mail and will be able to oppose it at any time. The methods of managing these contacts via the CRM are described in paragraph 3.2.

Legal basis

The legal basis for the processing of your personal data is your consent which you may withdraw at any time by writing to dpo@covivio.fr.

Which data do we process?

Data you have given on the contact form.

Data transfer and subcontracting

This data is used exclusively by Groupe Covivio.

Recipients of data are:

•             the authorised employees of Covivio and its subsidiaries in France and abroad

•             as the case may be, certain authorised employees of the company responsible for the hosting of this site who may act as processors of personal data on behalf of Wellio and of any subcontractors.

Your personal data may be sent outside the European Union under conditions that fully comply with current applicable regulations. Under no circumstances is personal data subject to commercial transactions with third parties.

For how long is data retained?

Once your Personal Data has been collected on www.wellio.fr, it may be retained:

•             By our service providers and/or subcontractors for a period not exceeding 30 days following the end of their contract with Wellio

•             By the employees of Wellio or of Groupe Covivio whom you contacted for a period which will depend on the business relationship we are likely to maintain. You may at any time ask for the data to be deleted by writing to dpo@covivio.fr if there is no contractual bond obliging us to retain it.

What are your rights? 

Under the conditions governed by regulations pertaining to personal data protection, and by writing to dpo@covivio.fr:

•             You may ask for additional information on the processing of your personal data at any time.

•             You have the right to access and rectify your data, and the right to data portability.

•             You have the right to request the erasure of your data or the restriction of the processing thereof, and the right to oppose the processing of said data.

•             Insofar as the processing has your consent as its legal basis, you have the right to withdraw it at any time.

•             You can file a claim via a supervisory authority. •             We suggest that you submit any request to the