Protecting your Data

How we handle your sensitive data is one of the things that makes us unique. Unlike other e-commerce and corporate gifting companies, creating software for enterprise-level companies is part of our DNA.

We’re in a unique position to maintain the security and privacy of your data when processing your order.

Once you place an order you’ll be given a secure link to provide your sensitive information such as recipient addresses and contact information. This happens on our own dedicated secure server (based in Manchester, England) at a PCI-compliant data centre maintained by ANS.   

Your sensitive data never leaves the UK and is stored electronically with 256-bit SSL encryption.  

Collecting Personal Data

We collect personal data at two points during your order:

  1. When you place the order via our ecommerce partner Shopify. This is the server where you choose products, create an order and make payment. At this stage, we collect:
    • Details about the items on your order and their quantities
    • The name and/or company name of the person placing the order
    • The billing address that the payment card is registered to
    • Contact details for the person placing the order – typically, phone number and email address

  2. When you complete your order setup on our secure UK server at https://app.wellboxes.co.uk or https://claim.wellboxes.co.uk. At this stage, we collect

Sharing Data and Third-Party Processors

Data collected on wellboxes.co.uk will be processed and shared in accordance with our privacy policy that can be found here - https://wellboxes.co.uk/policies/privacy-policy

Raw data collected on secure server (claim.wellboxes.co.uk, app.wellboxes.co.uk) is never shared, with the exception of using supplied address data to create shipping orders.

This data is sent to our shipping partner Royal Mail electronically, and used to create electronic files from which shipping labels are printed.

Recipient address data is erased 30 days after dispatch. For tracking and reporting purposes, we retain

  1. The recipient’s postcode
  2. Details about the product the recipient was sent
  3. Dates and times when the delivery was completed

Rights of Access

The order contact or a designated representative from your organisation can request the deletion of any remaining data points. In doing this, they accept that we would no longer be able to provide tracking or delivery information. 

Data Retention Policies

Even before GDPR, our policy has always been to never retain information longer than is needed. In the case of Wellbox recipient data, data is only ever stored long enough to generate shipping manifests and labels for the boxes. Once the boxes have been dispatched, most data points are deleted in 30 days.

User data for inactive (company) accounts can be set to auto-delete after 60 days of inactivity.

Data Processing Locations

Data collected on wellboxes.co.uk (data on the individual placing the order) is securely processed by our ecommerce partner Shopify in the UK and on servers located in the US. 

Data collected on app.wellboxes.co.uk or claim.wellboxes.co.uk (data on your recipients and their preferences) is securely processed on our own servers based in Manchester, UK. These servers are maintained in a PCI compliant data facility by ANS. 

Data Security Processes

Our processes can be broken down into technical and people processes.

People Processes

Technical Processes

Data Centre Accreditations

Our server data centre is ISO 27001 certified, PCI-compliant and secured to UK government IL4 standards.