Winklix LLC – Privacy Policy

Effective Date: [Insert Date]

This Privacy Policy describes how Winklix LLC (“Winklix,” “we,” “our,” or “us”) collects, processes, stores, transfers, and protects personal data in compliance with:

General Data Protection Regulation (GDPR) – European Union
UK GDPR
California Consumer Privacy Act (CCPA) / CPRA – United States
UAE Federal Decree Law No. 45 of 2021 on Personal Data Protection (PDPL)
Applicable data protection laws across the MENA region

Winklix is committed to protecting personal data and ensuring lawful, fair, and transparent processing practices.

1. Policy Statement

Winklix ensures that personal data relating to:

Employees (current and former)
Clients and customers
Vendors and partners
Website users
Job applicants

is collected and processed fairly, lawfully, and in accordance with applicable data protection regulations.

We respect individual privacy rights and are committed to responsible data governance and information security.

2. Data Collection, Processing & Onward Transfer

Winklix may collect, store, use, and disclose personal data (including sensitive personal data where applicable) for lawful, explicit, and legitimate business purposes, including:

Providing AI, digital transformation, cloud, Salesforce, ERP, and enterprise services
Recruitment and HR administration
Marketing communications (with consent where required)
Website analytics and performance
Legal and regulatory compliance

Lawful Basis for Processing (GDPR)

We process personal data based on:

Consent
Contractual necessity
Legal obligations
Legitimate interests
Vital interests (where applicable)

Where consent is required, it is obtained prior to processing and may be withdrawn at any time.

Onward Transfers & Third Parties

Personal data may be shared with:

Winklix affiliates
Authorized service providers and vendors
Legal or regulatory authorities (where required by law)

We ensure that all third parties:

Enter into appropriate Data Processing Agreements (DPAs)
Implement adequate data protection safeguards
Comply with GDPR, US, and MENA regulations

For international transfers (including transfers outside the EU or MENA region), we implement:

Standard Contractual Clauses (SCCs)
Adequacy decisions
Approved safeguards under applicable law

3. Confidentiality & Security

Winklix classifies personal data as confidential information and implements:

Administrative safeguards (policies, compliance frameworks)
Technical safeguards (encryption, firewalls, secure servers)
Organizational safeguards (access control, role-based permissions)
Vendor compliance audits

We maintain strict security controls to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

4. Data Subject Rights

Depending on your jurisdiction (EU, UK, California, UAE, MENA), you may have the following rights:

Under GDPR & UK GDPR:

Right to Access
Right to Rectification
Right to Erasure (“Right to be Forgotten”)
Right to Restrict Processing
Right to Object
Right to Data Portability
Right to Withdraw Consent
Right not to be subject to solely automated decision-making

Under CCPA / CPRA (California Residents):

Right to Know what personal data we collect
Right to Request Deletion
Right to Correct inaccurate information
Right to Opt-Out of Sale or Sharing
Right to Non-Discrimination

Winklix does not sell personal information for monetary value.

Under UAE & MENA Data Protection Laws:

Right to Access
Right to Correction
Right to Erasure
Right to Restrict Processing
Right to Data Portability (where applicable)

To exercise any of your rights, please contact:

📧 info@winklix.com

We will respond within legally mandated timelines.

5. Data Retention

Winklix retains personal data only for as long as necessary to:

Fulfill the purposes outlined in this Policy
Comply with legal, regulatory, or contractual obligations
Resolve disputes
Enforce agreements

After retention requirements are met, personal data is securely deleted or anonymized.

6. Monitoring & Communications

To the extent permitted by law, Winklix may monitor electronic communications (including email or system usage) for:

Security
Compliance
Fraud prevention
Regulatory obligations

Such monitoring is conducted in accordance with applicable data protection laws.

7. Definitions

Personal Data means any information relating to an identified or identifiable natural person, including but not limited to:

Name
Identification number
Email address
Phone number
Location data
IP address
Employment details
Financial information
Educational background
Health-related data (where lawfully processed)
Demographic information
Photographs

Sensitive Personal Data includes data relating to race, religion, health, biometrics, criminal records, or other protected categories under applicable law.

Lawful Processing means processing conducted in accordance with applicable data protection regulations.

8. Third-Party Websites

Our website may contain links to external websites.

Winklix is not responsible for the content, privacy practices, or reliability of third-party sites. Users are encouraged to review external privacy policies before submitting personal information.

9. Cookies & Tracking Technologies

By continuing to use our website, you consent to our use of cookies in accordance with our Cookie Policy (GDPR & CCPA Compliant).

You may manage or withdraw cookie consent at any time via browser settings or our cookie consent banner.

10. Changes to This Policy

Winklix reserves the right to update or modify this Privacy Policy at any time.

Changes will be posted on this page with an updated effective date. Continued use of our services constitutes acceptance of revised terms.

11. Contact Information

Winklix LLC
📧 info@winklix.com
🌐 www.winklix.com

12. Data Protection Officer (DPO)

In accordance with the General Data Protection Regulation (GDPR), UK GDPR, and applicable international data protection laws, Winklix LLC has appointed a Data Protection Officer (DPO) responsible for overseeing data protection strategy, compliance, and governance.

The DPO is responsible for:

Monitoring compliance with data protection laws
Advising on Data Protection Impact Assessments (DPIAs)
Acting as the contact point for supervisory authorities
Addressing data subject rights requests
Ensuring cross-border transfer safeguards

For DPO-related inquiries, please contact:

📧 info@winklix.com

Subject Line: Data Protection Officer Request

13. “Do Not Sell or Share My Personal Information” (CPRA Compliance)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the “sale” or “sharing” of personal information.

Winklix LLC does not sell personal information for monetary consideration.

However, certain advertising or analytics tools may be considered “sharing” under CPRA definitions where data is used for cross-context behavioral advertising.

California residents may:

Request to opt out of sale or sharing
Limit use of sensitive personal information
Request disclosure of categories of data collected
Request deletion or correction

To exercise your rights, please email:

📧 info@winklix.com

Subject Line: California Privacy Request

We will verify your request and respond within the timeframe required by applicable law. We will not discriminate against you for exercising your privacy rights.

14. Data Processing Addendum (DPA) – Enterprise Clients

14.1 Roles & Responsibilities

Client acts as the Data Controller / Business
Winklix acts as the Data Processor / Service Provider

14.2 Processing Scope

Winklix processes personal data solely:

Under documented instructions from the Controller
For the purpose of delivering contracted services
In compliance with applicable data protection laws

14.3 Subprocessors

Winklix may engage subprocessors (e.g., cloud providers, hosting vendors, analytics tools) under written agreements that:

Impose equivalent data protection obligations
Ensure confidentiality and security safeguards
Comply with cross-border transfer laws

14.4 Security Measures

Encryption in transit and at rest
Access control and authentication protocols
Secure infrastructure environments
Incident response procedures
Regular security assessments

14.5 Data Breach Notification

In the event of a personal data breach, Winklix shall:

Notify the Controller without undue delay
Provide relevant information required for regulatory reporting
Cooperate in mitigation and remediation

14.6 International Transfers

Where personal data is transferred outside the EU/UK/MENA region, Winklix relies on:

Standard Contractual Clauses (SCCs)
Adequacy decisions
Approved safeguards

Enterprise clients may request a signed DPA by contacting:

📧 info@winklix.com

Subject Line: DPA Request

15. Responsible AI & Automated Decision-Making Disclosure

As a provider of AI-driven, cloud, enterprise, and digital transformation services, Winklix may develop, deploy, or manage Artificial Intelligence systems on behalf of clients.

We are committed to Responsible AI principles including:

Transparency
Fairness
Accountability
Human oversight
Data minimization
Security by design

15.1 Automated Decision-Making

Where AI systems involve automated processing that may significantly affect individuals:

Processing will have a lawful basis
Individuals may request human review
Individuals may object to automated decision-making where required by law
Impact assessments may be conducted where necessary

15.2 AI Data Usage

Winklix:

Processes AI-related data strictly under client instructions
Does not use client data to train generalized models unless contractually agreed
Implements safeguards to prevent bias, discrimination, and misuse
Applies data anonymization where possible

15.3 AI Governance

We maintain internal governance frameworks to ensure AI systems:

Comply with GDPR Article 22
Align with emerging AI regulations (EU AI Act, US AI guidelines, UAE AI governance frameworks)
Meet enterprise ethical standards

For AI governance inquiries:

📧 info@winklix.com

Subject Line: Responsible AI Inquiry

Winklix

United States

London UK

UAE

Australia

India

Winklixsalesforce