1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive privacy and data protection law that came into effect on May 25, 2018. It regulates how companies collect, store, process, and protect the personal data of European Union (EU) residents.

The GDPR applies to any company operating globally that markets products or services to EU residents or monitors the behaviour of EU residents — regardless of where the company is based. WileLink Inc is committed to GDPR compliance as a baseline standard for all our operations worldwide.

2. Does GDPR apply to me?

The GDPR applies to you if you are an EU resident using WileLink, or if your business sells products or services to EU customers through WileLink. Specifically GDPR applies to:

1. Any business that markets products or services to people in the EU
2. Any business that monitors the behaviour of people in the EU
3. Any business that processes the personal data of EU residents regardless of where the business is located

WileLink is committed to making it easier for all users to comply with the GDPR.

3. What are the main responsibilities under GDPR?

GDPR requires that personal data be:

1. Processed lawfully, fairly, and in a transparent manner
2. Collected for specified, explicit, and legitimate purposes only
3. Adequate, relevant, and limited to what is necessary
4. Accurate and kept up to date
5. Stored no longer than necessary
6. Properly secured against accidental loss, destruction, or damage

GDPR also requires companies to:

1. Document their data processing activities and demonstrate compliance
2. Apply data protection by design and by default
3. Ensure appropriate contracts are in place with any service providers who process personal data
4. Only transfer EU personal data to countries with adequate data protection regulations or with appropriate safeguards such as Standard Contractual Clauses (SCCs)

4. What is the definition of personal data under GDPR?

Personal data means any data that relates to an identified or identifiable natural person. This is a broad definition that includes:

1. Name, email address, phone number, and date of birth
2. Location data and IP addresses
3. Device identifiers and online identifiers
4. Financial information including payment details
5. Any other information that can be used to identify a person directly or indirectly

WileLink collects only the personal data necessary to operate the platform. We never sell your personal data to third parties.

5. Who is the Controller and who is the Processor?

Under GDPR:

1. WileLink Inc acts as the Data Controller for the personal data of buyers and registered users on the platform. As Controller WileLink determines the purposes and means of processing your personal data.
2. WileLink acts as a Data Processor on behalf of vendors who use the platform to manage their customer relationships and sales.
3. Stripe Inc acts as an independent Data Controller for all payment processing data in accordance with their own GDPR-compliant privacy policy.

6. What are the key rights under GDPR?

GDPR gives EU residents the following rights regarding their personal data:

1. Right to Access: You can request a copy of the personal data WileLink holds about you at any time.
2. Right to Rectification: You can request correction of inaccurate or incomplete personal data.
3. Right to Erasure (Right to be Forgotten): You can request deletion of your personal data subject to legal obligations.
4. Right to Restrict Processing: You can request that we limit how we use your personal data in certain circumstances.
5. Right to Data Portability: You can request a copy of your personal data in a structured machine-readable format.
6. Right to Object: You can object to the processing of your personal data for direct marketing purposes.
7. Right to Withdraw Consent: Where processing is based on your consent you can withdraw that consent at any time.

To exercise any of these rights contact us at support@wilelink.com. We will respond within 30 days.

7. What steps has WileLink taken to be GDPR compliant?

WileLink has taken the following steps to ensure GDPR compliance:

1. Conducted a full review of all data collection, storage, and processing practices across the platform.
2. Updated our Privacy Policy to reflect GDPR requirements including lawful basis for processing, data retention periods, and user rights.
3. Implemented Standard Contractual Clauses (SCCs) as approved by the European Commission for all cross-border data transfers from the EU to the United States under GDPR Article 46.
4. Applied data protection by design and by default in our platform development.
5. All payment data is processed by Stripe which is PCI DSS Level 1 compliant.
6. Implemented SSL/TLS encryption for all data transmitted between users and the platform.
7. Cleaned up our database to ensure only accurate and necessary data is retained.
8. Designated a Data Protection contact responsible for overseeing GDPR compliance.

8. How does WileLink handle data breaches?

1. WileLink will notify affected users of a data breach without undue delay and within 72 hours of becoming aware of it as required by GDPR.
2. For general incidents affecting multiple users we will notify users through our website and the user dashboard.
3. For incidents specific to an individual user we will notify the affected person directly by email using their primary email address.
4. We will notify the relevant supervisory authority where required by applicable law.

9. Cross-Border Data Transfers

WileLink is operated from the United States. If you are an EU resident your personal data may be transferred to and processed in the United States.

For cross-border data transfers from the EU to the United States WileLink relies on Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Article 46 as a valid and lawful data transfer mechanism.

WileLink does not rely on the EU-US Privacy Shield framework which was invalidated by the Court of Justice of the European Union in July 2020.

10. Contact Us

If you have any questions about GDPR compliance, want to exercise your data rights, or have privacy concerns please contact us: