PRIVACY POLICY

WellPay - privacy policy
January 1, 2024

1. General background information
e.Flex Easy Pay Oy (hereinafter “WellPay”) undertakes to keep all personal data in its possession
confidential and to take care of data protection. In this privacy policy, we describe our data
collection and processing practices. Requests for further information on data processing can be
sent by e-mail to: info@wellpay.fi. This privacy policy was prepared on January 1, 2024.

2. Data controller
Company: e.Flex Easy Pay Oy
Address: Sateenkaari 3 E, 02100 Espoo, Finland
Phone number: +358 50 4443648
Business ID: 3147945-6

3. Purpose of data processing
We process the personal data of company representatives and beneficiaries of the WellPay
payment method.
Personal data is processed by the WellPay service system and it is stored on a file server managed
by WellPay’s IT partner, the Avenla Group.
WellPay processes users’ personal data to ensure data security and to prevent, detect and avoid
problems and fraud. When necessary, WellPay processes data in connection with logins to the
system, data encryption and decryption, troubleshooting, backup copies, version and problem
management, and any information technology disruptions. Data processing is necessary for
WellPay to realize its legitimate interests and to ensure the security of its services and the related
information technology system.

4. What data we collect and process
We process the following data stored in our register:
Basic information:
- First name and last name
- Company name
- E-mail address
- Service payment information (transaction history)
- Employer’s name
- Employer’s invoicing information

5. How and from where the data is collected
WellPay primarily collects the abovementioned information from employers when they provide
beneficiaries' personal data in the form of their e-mail address, and in some cases, the beneficiary
may contact WellPay’s customer service to change the username, password, or e-mail address
used for the service.

6. Legal basis and purpose of data processing
The legal basis of data processing is our legitimate interest based on the intended use of the data
specified below and the implementation of the services related to the use of our service.
The purpose of data processing is the management and maintenance of the customer or
partnership relationship between the company and the customer or service provider represented
by the data subject. Therefore, by processing your data, we can offer you better services. Data
processing does not impact you in any other way.

Intended use of data

- Management, nurturing, and development of the service relationship, quality assurance, general
provision of information, the execution of customer services, the realization of business and
service transactions, and the execution, analyses, reporting, and development of operations and
services.

- Unambiguous identification of the beneficiaries of the WellPay payment method. For the
WellPay fitness and culture benefits to be tax-free, service providers must be able to verify the
beneficiary’s identity. Pursuant to the Tax Administration’s requirements, employee benefits are
personal and beneficiaries must be able to verify their identity.
- Identification of the user registered to the WellPay mobile app and the enabling of the use of the
service.
- Prevention and investigation of misuse and problems, and the ensuring of information security.
- Fulfilment of WellPay’s sustainability obligations and obligations based on laws and regulations
issued by authorities.

7. Principles of data protection
We respect the confidentiality of your data. Data processed digitally is stored in our information
system, which is maintained and managed by WellPay’s IT partner, the Avenla Group. The data can
only be accessed by people who require it for the performance of their work duties. Such
employees are provided with personal usernames and passwords. User credentials are
determined by WellPay’s person in charge in collaboration with the information system’s
administrator. Data connections within the system are executed using a closed network. External
connections are protected with firewalls.

8. Principles of data storage
Your personal data is stored for the duration of the customer or partnership relationship. After the
termination of the relationship, as a rule, the data is stored for no more than five years. Please
note that we may have to store your data longer if it is required by applicable legislation (e.g., the
Accounting Act or the Act on Income Tax) or by binding contractual obligations to third parties.

9. Data subjects’ rights
Pursuant to data protection legislation, you have the following rights:

- the right to request information on the processing of your data
- the right to access your data and inspect the data pertaining to you that we process
- the right to request the rectification and completion of inaccurate and erroneous data
- the right to request the deletion of your data

10. Communications
Requests related to the abovementioned rights, questions on this privacy policy, and other
communications can be sent by e-mail to: info@wellpay.fi or handled over the phone by calling
WellPay’s customer services at +358 50 4443648