In short
We only collect what we need to answer your enquiry, run your account, keep the site working and — with your consent — understand how it's used. We never sell your data. You can ask us to show, correct or delete what we hold at any time by emailing privacy@well.run.
1. Who is responsible for your data
The "data controller" — the party that decides how and why your personal data is processed — is the sole proprietorship behind Well Run:
Data controller
- Trading name
- Well Run
- Operated by
- Kostiantyn Moseichenko (sole trader)
- Registered address
- Laagland 13/bus 1001, 2930 Brasschaat, Belgium
- Enterprise & VAT no.
- BE 1012.851.234
- For privacy matters
- privacy@well.run
- General contact
- info@well.run · +32 472 39 09 68
We have not appointed a Data Protection Officer, as we are not legally required to. For any question about this policy or your data, the privacy contact above reaches the person responsible directly.
2. The data we collect
We collect personal data in a few clearly-defined situations. We do not ask for special-category data (health, beliefs, etc.) and ask you not to send it to us.
a. When you contact us
Through the contact form, by email or by phone you may give us your name, organisation, email address, phone number, the type and scale of your project, and anything you write in your message.
b. When you have a client account
If you use the client area, we process the email address and credentials you sign in with, plus the project, delivery and billing information connected to the work we do for you.
c. Automatically, when you browse
Like any website, our host records technical data such as your IP address, browser type, the pages you view and the time of your visit, in server logs used for security and reliability. With your consent we also collect aggregated usage statistics (see section 8).
3. Why we use it, and our legal basis
Under the GDPR we may only process personal data where we have a lawful basis. Ours are:
| What we do | Why | Legal basis (GDPR Art. 6) |
|---|---|---|
| Respond to your enquiry & prepare a proposal | To answer you and take steps before a possible contract | Steps prior to a contract (6(1)(b)) / legitimate interest (6(1)(f)) |
| Provide our services & run your account | To deliver and administer the work you've engaged us for | Performance of a contract (6(1)(b)) |
| Keep the site secure & operational | To prevent abuse, debug and maintain reliability | Legitimate interest (6(1)(f)) |
| Measure how the site is used | To improve content and structure | Your consent (6(1)(a)) |
| Keep accounting & tax records | To meet Belgian bookkeeping obligations | Legal obligation (6(1)(c)) |
Where we rely on your consent, you can withdraw it at any time — that won't affect processing already carried out. Where we rely on legitimate interest, you can object (see section 7).
4. Who we share it with
We do not sell or rent personal data. We share it only with the service providers ("processors") that help us run the business, each bound by a data-processing agreement to use it only on our instructions:
| Provider | Role | Where |
|---|---|---|
| Supabase | Database behind the client account area | EU / United States (per project configuration) |
| Hostinger | Website & email hosting, server logs | European Union |
| Google Analytics | Aggregated usage statistics — only with your consent | United States |
We may also disclose data to professional advisers (e.g. our accountant) or to authorities where the law requires it.
5. International data transfers
Some of the providers above are based in the United States, which means your data may be transferred outside the European Economic Area. Where that happens, the transfer is protected by appropriate safeguards under the GDPR — typically the European Commission's Standard Contractual Clauses and/or the provider's certification under the EU–US Data Privacy Framework. You can ask us for a copy of the safeguards in place by emailing privacy@well.run.
6. How long we keep it
We keep personal data only for as long as we need it for the purpose it was collected:
- Enquiries that don't become projects — up to 24 months after our last contact, then deleted.
- Client & project records — for the duration of our relationship and a reasonable period afterwards.
- Invoices & accounting data — retained for 7 years, as required by Belgian law.
- Server logs — kept short-term for security, then rotated.
- Your cookie choice — stored for up to 12 months so we don't keep asking.
7. Your rights
Under the GDPR you have the following rights over your personal data. To exercise any of them, email privacy@well.run — we'll respond within one month and won't charge you.
Access
Ask for a copy of the data we hold about you.
Rectification
Have inaccurate or incomplete data corrected.
Erasure
Ask us to delete your data ("right to be forgotten").
Restriction
Ask us to pause processing while a concern is resolved.
Portability
Receive your data in a portable, machine-readable format.
Objection
Object to processing based on our legitimate interests.
Withdraw consent
Withdraw analytics/marketing consent any time, with no penalty.
Complain
Lodge a complaint with the supervisory authority below.
Supervisory authority
- Authority
- Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données)
- Address
- Rue de la Presse 35 / Drukpersstraat 35, 1000 Brussels, Belgium
- Contact
- contact@apd-gba.be · +32 (0)2 274 48 00
- Online
- dataprotectionauthority.be
9. How we protect it
We apply appropriate technical and organisational measures to keep personal data safe — encrypted connections (HTTPS), access limited to those who need it, and reputable providers who maintain their own security standards. No method of transmission is perfectly secure, but we take reasonable steps to protect your data and to notify you and the authority if a breach ever affects your rights.
We do not use your data for automated decision-making or profiling that produces legal effects, and our services are not directed at children under 16.
10. Changes & how to reach us
We may update this policy as our services or the law evolve. When we do, we'll change the "last updated" date above and, for significant changes, ask for your consent again where required. The current version always lives at this page.
Questions, requests or concerns about your data? Email privacy@well.run or write to the registered address in section 1.
This Privacy Policy is governed by Belgian law and the EU GDPR. It is provided in English; the Dutch and French versions, once published, will carry equal weight.