Privacy Policy
Last updated: 10 July 2026
1. Who are we? (Data controller)
Welln3st is a wellness marketplace under development that connects wellness practitioners and clients in the Netherlands.
The controller for the processing described in this policy is:
- Controller: Welln3st
- Privacy contact: hello@welln3st.com
- Address: provided upon request
Welln3st is not yet registered with the Dutch Chamber of Commerce (KvK). A KvK number is not required in this privacy policy; the controller is reachable via the contact address above.
2. What data do we collect?
- Name and email address: submitted via the waitlist sign-up form.
- Analytics data: device type, browser and page views. Collected via PostHog, only if you accept analytics cookies.
- Cookie preference: a functional cookie (
welln3st_consent) that stores your choice.
Providing your name and email is voluntary. Without it, however, we cannot add you to the waitlist or notify you about the launch.
3. Why do we use this data?
- Name and email: to notify you about the Welln3st launch and occasional product news (waitlist communications).
- Analytics data: to understand how visitors use the site and improve the experience.
We do not make automated decisions producing legal effects and do not carry out profiling.
4. Legal basis
Processing of your name and email is based on consent (Art. 6(1)(a) GDPR). You give consent by ticking the checkbox in the sign-up form. Analytics cookies are placed only after explicit consent via the cookie banner (Art. 6(1)(a) GDPR in conjunction with Art. 11.7a of the Dutch Telecommunications Act).
5. Retention
Your data is retained until no later than 12 months after the product launch, and in any event no longer than 24 months after sign-up, or earlier if you unsubscribe. Upon withdrawal of consent, your data is removed from our waitlist.
6. Processors (third parties)
- Resend (Resend, Inc., US): for sending transactional emails (waitlist confirmation and unsubscribe links). Resend processes our outbound mail on EU servers (Ireland region,
eu-west-1); the underlying controller is US-based, so data transfer relies on Standard Contractual Clauses (SCCs) (Art. 46 GDPR). Resend rewrites links in our emails throughlinks.send.welln3st.comby default, logging timestamp, recipient and clicked link before forwarding. No marketing profiling. Privacy policy: resend.com/legal/privacy-policy. - PostHog (EU Cloud, Frankfurt): for page-level analytics, only after consent. Data is processed on EU servers (no US transfer). Privacy policy: posthog.com/privacy.
In all other cases we do not disclose your data to third parties unless legally required.
7. Security
We take appropriate technical and organisational measures to protect your data (Art. 32 GDPR), including encrypted connections and access restricted to authorised persons. In the event of a data breach posing a risk to your rights and freedoms, we notify the Dutch DPA within 72 hours.
8. Your rights
Under the GDPR you have the right to:
- access your personal data (Art. 15);
- rectify inaccurate data (Art. 16);
- erase your data ('right to be forgotten', Art. 17);
- restrict processing (Art. 18);
- data portability (Art. 20);
- object to processing, where applicable (Art. 21);
- withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7(3));
- lodge a complaint with the Autoriteit Persoonsgegevens (the Dutch DPA).
To exercise your rights or withdraw consent, email hello@welln3st.com. We respond within 30 days.
9. Cookies
We set one functional cookie (welln3st_consent) to store your cookie preference; no consent is required for this. Analytics cookies from PostHog are only placed after your explicit consent. You can update your preference at any time via the "Cookie settings" link in the footer.
10. Changes and expansion of this policy
This policy covers the waitlist phase. Once Welln3st launches the marketplace and begins processing practitioner and client data, potentially including health-related data (special category data, Art. 9 GDPR), this policy will be expanded to include the additional legal basis, retention periods and security measures. We will inform you of changes in good time.