Schedule Discovery Call

Privacy Policy

Privacy Policy

This privacy policy explains how Wellmarkit collects, uses, stores, and protects your personal data when you use our website (wellmarkit.com), book a session or audit, join the Therapist Business Club, register for the Practice Launch Bootcamp, make a payment, or communicate with us by email, form, or video call.

Wellmarkit is committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR), the Irish Data Protection Acts 2018, and the guidance of the Irish Data Protection Commission (DPC). For UK-based clients, we also align with the requirements of the UK Information Commissioner’s Office (ICO).

We have written this policy in plain English. If anything is unclear, contact us at hello@wellmarkit.com and we will explain it.

1. Who We Are

Wellmarkit is a healthcare-focused business advisory and implementation firm.

Data controller: Wellmarkit (David Callanan)

Registered address: Birch House, Ganty, Craughwell, Co. Galway, Ireland

🛠️ DEVELOPER: David to provide registered business address for this section.

Email: hello@wellmarkit.com

Website: https://www.wellmarkit.com

David Callanan is the data controller responsible for your personal data. There is no separate Data Protection Officer — all data protection queries should be directed to hello@wellmarkit.com.

2. What Personal Data We Collect

We collect only the data we need to deliver our services, communicate with you, and meet our legal obligations. We do not collect data speculatively or for resale.

Data you provide directly:

  • Name and email address (when you book a call, send an enquiry, or join the Therapist Business Club)
  • Practice type and profession (from the contact form dropdown or during a session)
  • Phone number (if you provide it voluntarily)
  • Business information you share during Discovery Calls, Audits, Mentoring Sessions, or implementation engagements (practice details, financial information, operational data)
  • Payment information (processed by Stripe and Kartra — Wellmarkit does not store card details)
  • Calendar booking details (when you book via Google Calendar)
  • Communications (emails, form submissions, video call recordings if applicable)

Data collected automatically:

  • IP address and approximate location
  • Browser type and device information
  • Pages visited, time on site, and referral source (via Google Analytics)
  • Cookie data (see Section 8 below)
3. Why We Collect Your Data (Legal Basis)

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Contract performance (Article 6(1)(b)): To deliver services you have booked or purchased — including Discovery Calls, Audits, Mentoring Sessions, the Performance Sprint, the Therapist Business Club, the Practice Launch Bootcamp, and implementation engagements. To process payments. To send you session confirmations, deliverables, and follow-up materials.

Legitimate interest (Article 6(1)(f)): To respond to enquiries. To send you relevant information about Wellmarkit services where you have an existing relationship with us. To improve our website and services based on usage data. To protect against fraud and misuse.

Consent (Article 6(1)(a)): To send marketing communications where you have opted in. To use cookies for analytics and functionality purposes. You can withdraw consent at any time by contacting hello@wellmarkit.com or using the cookie consent tool on the website.

Legal obligation (Article 6(1)(c)): To retain financial records as required by Irish tax and company law (typically six years).

4. How We Use Your Data

We use your personal data for the following purposes:

  • To deliver the services you have booked or purchased
  • To send session confirmations, calendar invitations, and deliverables (scorecards, roadmaps, action plans)
  • To process payments via Stripe and Kartra
  • To respond to enquiries submitted via the contact form or email
  • To manage your membership of the Therapist Business Club (hosted on Circle)
  • To send you relevant communications about Wellmarkit services (where you have consented or where we have a legitimate interest based on an existing relationship)
  • To analyse website usage and improve our services (via Google Analytics)
  • To meet our legal and financial record-keeping obligations

We do not use your data for automated decision-making or profiling.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share data only with the third-party service providers necessary to deliver our services. Each provider is listed below with its purpose and data processing location.

Stripe (payment processing). Processes card payments securely. Wellmarkit does not see or store your full card details. Stripe is PCI DSS Level 1 certified. Data is processed in the EU/EEA and the US under Standard Contractual Clauses. Privacy policy: stripe.com/privacy.

Kartra (email marketing, course delivery, payment processing for some products). Manages email communications, Bootcamp delivery, and some payment flows. Data is processed in the US under Standard Contractual Clauses. Privacy policy: kartra.com/privacy.

Google Workspace (email, calendar, video calls, file storage). We use Gmail for email, Google Calendar for booking, Google Meet for video sessions, and Google Drive for document sharing. Data is processed by Google under their Cloud Data Processing Addendum in compliance with GDPR. Privacy policy: policies.google.com/privacy.

Google Analytics (website analytics). Collects anonymised usage data about how visitors interact with wellmarkit.com. We use Google Analytics 4, which does not store full IP addresses. Data is processed in the EU/EEA where available, and in the US under Standard Contractual Clauses. Privacy policy: policies.google.com/privacy.

Circle (Therapist Business Club community platform). Hosts the Club membership, training content, and community discussions. Data is processed in the US under Standard Contractual Clauses. Privacy policy: circle.so/privacy.

SiteGround (website hosting). Hosts wellmarkit.com. Data is processed in the EU (data centre location: EU). Privacy policy: siteground.com/privacy.

Elementor (website builder). Used to build and manage pages on wellmarkit.com. Data is processed in accordance with Elementor’s DPA. Privacy policy: elementor.com/about/privacy.

We may also share data with professional advisors (accountants, legal advisors) where necessary for legal, tax, or compliance purposes, and with law enforcement or regulatory bodies where required by law.

6. International Data Transfers

Some of the third-party services we use process data outside the European Economic Area (EEA) — principally in the United States. Where this occurs, data transfers are protected by one or more of the following mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-US Data Privacy Framework (where the provider is certified)
  • Adequacy decisions by the European Commission for the relevant country

If you have questions about a specific transfer, contact hello@wellmarkit.com.

7. How Long We Keep Your Data

We retain your data only for as long as necessary for the purpose it was collected, or as required by law.

Enquiry and contact data: Retained for 24 months after your last interaction, then deleted unless there is an ongoing service relationship.

Client service data (session notes, scorecards, roadmaps, action plans): Retained for the duration of the engagement plus 24 months, then deleted unless you request earlier deletion.

Financial and payment records: Retained for six years as required by Irish Revenue and tax law.

Therapist Business Club membership data: Retained for the duration of membership plus 12 months after cancellation, then deleted.

Email marketing data: Retained until you unsubscribe. You can unsubscribe at any time via the link in any email or by contacting hello@wellmarkit.com.

Website analytics data: Google Analytics data is retained for 14 months (the default GA4 setting).

Cookie data: See Section 8 below.

8. Cookies

Wellmarkit.com uses cookies — small text files stored on your device — to make the website function properly and to understand how visitors use it.

Strictly necessary cookies:

These are required for the website to function. They cannot be switched off. They include cookies that manage cookie consent preferences and basic website functionality.

Analytics cookies (Google Analytics 4):

These help us understand how visitors use the website — which pages are visited, how long visitors stay, and where they come from. Google Analytics 4 does not store full IP addresses. These cookies are only set if you consent via the cookie banner.

Functional cookies:

These enable features like embedded booking calendars (Google Calendar) and video content. They are only set if you consent.

Marketing cookies:

If you interact with Wellmarkit through Kartra (email sequences, landing pages, or course content), Kartra may set cookies to track engagement and conversions. These are only set if you consent.

You can manage your cookie preferences at any time via the cookie consent banner on the website, or by adjusting your browser settings. Refusing non-essential cookies does not affect access to the website or our services.

9. Your Rights Under GDPR

Under GDPR, you have the following rights in relation to your personal data:

Right of access: You can request a copy of the personal data we hold about you.

Right to rectification: You can ask us to correct any inaccurate or incomplete data.

Right to erasure (“right to be forgotten”): You can ask us to delete your personal data where there is no compelling reason to continue processing it. This does not apply where we are required to retain data for legal or tax purposes.

Right to restrict processing: You can ask us to temporarily stop processing your data while a concern is resolved.

Right to data portability: You can request your data in a structured, commonly used, machine-readable format.

Right to object: You can object to processing based on legitimate interest. You can object to direct marketing at any time.

Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, email hello@wellmarkit.com. We will respond within 30 days.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with your supervisory authority:

Ireland: Data Protection Commission (DPC) — dataprotection.ie

United Kingdom: Information Commissioner’s Office (ICO) — ico.org.uk

10. Children’s Data

Wellmarkit’s services are designed for healthcare practice owners and professionals. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, contact hello@wellmarkit.com and we will delete it immediately.

11. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

  • Encrypted connections (HTTPS/SSL) across all Wellmarkit web properties
  • Two-factor authentication on all accounts that hold personal data
  • Access limited to David Callanan and authorised team members only — no data is shared with third parties beyond those listed in Section 5
  • Regular review of third-party processor security practices
  • Secure deletion of data when retention periods expire

No system is completely secure. If we become aware of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

12. Marketing Communications

We may send you emails about Wellmarkit services, resources, and events where you have opted in to receive them, or where we have a legitimate interest based on an existing service relationship.

Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing hello@wellmarkit.com.

We do not share your email address with third parties for their marketing purposes.

13. Links to Other Websites

Wellmarkit.com may contain links to third-party websites (including professional body websites, tool providers, and external resources). We are not responsible for the privacy practices of those websites. We recommend reading their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, tools, or legal requirements. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.

If a change materially affects how we use your personal data, we will notify you by email where possible.

15. How to Contact Us

If you have any questions about this privacy policy, your personal data, or your rights, contact us:

Email: hello@wellmarkit.com