Legal

Privacy Policy

Last updated Version 1.0 Applies to well.run and all sub-pages

This policy explains what personal data Well Run collects when you use this website or contact us, why we use it, who helps us process it, and the rights you have under the EU General Data Protection Regulation (GDPR).

In short

We only collect what we need to answer your enquiry, run your account, keep the site working and — with your consent — understand how it's used. We never sell your data. You can ask us to show, correct or delete what we hold at any time by emailing privacy@well.run.

1. Who is responsible for your data

The "data controller" — the party that decides how and why your personal data is processed — is the sole proprietorship behind Well Run:

Data controller

Trading name
Well Run
Operated by
Kostiantyn Moseichenko (sole trader)
Registered address
Laagland 13/bus 1001, 2930 Brasschaat, Belgium
Enterprise & VAT no.
BE 1012.851.234
For privacy matters
privacy@well.run
General contact
info@well.run · +32 472 39 09 68

We have not appointed a Data Protection Officer, as we are not legally required to. For any question about this policy or your data, the privacy contact above reaches the person responsible directly.

2. The data we collect

We collect personal data in a few clearly-defined situations. We do not ask for special-category data (health, beliefs, etc.) and ask you not to send it to us.

a. When you contact us

Through the contact form, by email or by phone you may give us your name, organisation, email address, phone number, the type and scale of your project, and anything you write in your message.

b. When you have a client account

If you use the client area, we process the email address and credentials you sign in with, plus the project, delivery and billing information connected to the work we do for you.

c. Automatically, when you browse

Like any website, our host records technical data such as your IP address, browser type, the pages you view and the time of your visit, in server logs used for security and reliability. With your consent we also collect aggregated usage statistics (see section 8).

3. Why we use it, and our legal basis

Under the GDPR we may only process personal data where we have a lawful basis. Ours are:

What we doWhyLegal basis (GDPR Art. 6)
Respond to your enquiry & prepare a proposalTo answer you and take steps before a possible contractSteps prior to a contract (6(1)(b)) / legitimate interest (6(1)(f))
Provide our services & run your accountTo deliver and administer the work you've engaged us forPerformance of a contract (6(1)(b))
Keep the site secure & operationalTo prevent abuse, debug and maintain reliabilityLegitimate interest (6(1)(f))
Measure how the site is usedTo improve content and structureYour consent (6(1)(a))
Keep accounting & tax recordsTo meet Belgian bookkeeping obligationsLegal obligation (6(1)(c))

Where we rely on your consent, you can withdraw it at any time — that won't affect processing already carried out. Where we rely on legitimate interest, you can object (see section 7).

4. Who we share it with

We do not sell or rent personal data. We share it only with the service providers ("processors") that help us run the business, each bound by a data-processing agreement to use it only on our instructions:

ProviderRoleWhere
SupabaseDatabase behind the client account areaEU / United States (per project configuration)
HostingerWebsite & email hosting, server logsEuropean Union
Google AnalyticsAggregated usage statistics — only with your consentUnited States

We may also disclose data to professional advisers (e.g. our accountant) or to authorities where the law requires it.

5. International data transfers

Some of the providers above are based in the United States, which means your data may be transferred outside the European Economic Area. Where that happens, the transfer is protected by appropriate safeguards under the GDPR — typically the European Commission's Standard Contractual Clauses and/or the provider's certification under the EU–US Data Privacy Framework. You can ask us for a copy of the safeguards in place by emailing privacy@well.run.

6. How long we keep it

We keep personal data only for as long as we need it for the purpose it was collected:

  • Enquiries that don't become projects — up to 24 months after our last contact, then deleted.
  • Client & project records — for the duration of our relationship and a reasonable period afterwards.
  • Invoices & accounting data — retained for 7 years, as required by Belgian law.
  • Server logs — kept short-term for security, then rotated.
  • Your cookie choice — stored for up to 12 months so we don't keep asking.

7. Your rights

Under the GDPR you have the following rights over your personal data. To exercise any of them, email privacy@well.run — we'll respond within one month and won't charge you.

Access

Ask for a copy of the data we hold about you.

Rectification

Have inaccurate or incomplete data corrected.

Erasure

Ask us to delete your data ("right to be forgotten").

Restriction

Ask us to pause processing while a concern is resolved.

Portability

Receive your data in a portable, machine-readable format.

Objection

Object to processing based on our legitimate interests.

Withdraw consent

Withdraw analytics/marketing consent any time, with no penalty.

Complain

Lodge a complaint with the supervisory authority below.

Supervisory authority

Authority
Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données)
Address
Rue de la Presse 35 / Drukpersstraat 35, 1000 Brussels, Belgium
Contact
contact@apd-gba.be · +32 (0)2 274 48 00
Online
dataprotectionauthority.be

8. Cookies & analytics

We use a small number of cookies and similar technologies. Strictly necessary ones keep the site working and remember your cookie choice. Analytics and any future marketing technologies run only after you opt in through our consent banner.

You can review the full list and change your choice any time:

For the detail — every cookie, its purpose and its lifetime — see our Cookie Policy.

9. How we protect it

We apply appropriate technical and organisational measures to keep personal data safe — encrypted connections (HTTPS), access limited to those who need it, and reputable providers who maintain their own security standards. No method of transmission is perfectly secure, but we take reasonable steps to protect your data and to notify you and the authority if a breach ever affects your rights.

We do not use your data for automated decision-making or profiling that produces legal effects, and our services are not directed at children under 16.

10. Changes & how to reach us

We may update this policy as our services or the law evolve. When we do, we'll change the "last updated" date above and, for significant changes, ask for your consent again where required. The current version always lives at this page.

Questions, requests or concerns about your data? Email privacy@well.run or write to the registered address in section 1.

This Privacy Policy is governed by Belgian law and the EU GDPR. It is provided in English; the Dutch and French versions, once published, will carry equal weight.