Privacy notice

Last Updated: 9 January 2026

  1. General

Welcome at our website at https://whitelark.io/ (the “Website”). This Privacy Notice (the “Notice”) is designed to provide you with clear and transparent information about how WHITELARK LTD, registration number ΗΕ 478736, legal address: 6 Agia Zoni Street, 3027, Limassol, Cyprus (hereinafter “we” or “Whitelark”) collect, use, and protect your data in line with data protection laws, including the Regulation (EU) 2016/679 (GDPR), Cyprus Law 125(I) of 2018 and other applicable laws and regulations.

We encourage you to read this Notice carefully to understand our practices and how they affect you, before you begin using our Website.

This Notice is intended for individuals (hereinafter also “you”) who interact with us in various capacities, including but not limited to users of our Website, individuals seeking our services, employee candidates, referrers, and other stakeholders. This Notice is without prejudice to any separate data processing agreements, as applicable, entered into by and between Whitelark and our clients, employees, contractors, advisors or other counteragents.

Welcome at our website at https://whitelark.io/ (the “Website”). This Privacy Notice (the “Notice”) is designed to provide you with clear and transparent information about how WHITELARK LTD, registration number ΗΕ 478736, legal address: 6 Agia Zoni Street, 3027, Limassol, Cyprus (hereinafter “we” or “Whitelark”) collect, use, and protect your data in line with data protection laws, including the Regulation (EU) 2016/679 (GDPR), Cyprus Law 125(I) of 2018 and other applicable laws and regulations.
We encourage you to read this Notice carefully to understand our practices and how they affect you, before you begin using our Website.
This Notice is intended for individuals (hereinafter also “you”) who interact with us in various capacities, including but not limited to users of our Website, individuals seeking our services, employee candidates, referrers, and other stakeholders. This Notice is without prejudice to any separate data processing agreements, as applicable, entered into by and between Whitelark and our clients, employees, contractors, advisors or other counteragents.

  1. Updates to the Notice

2.1. We may update this Notice from time to time to reflect changes in data protection laws, guidance from regulators, and how we provide our services. We encourage you to check this Notice occasionally so you understand how we process your personal data.

2.2. If we make material changes, we will take reasonable steps to inform you - for example, by posting a prominent notice on our Website and/or contacting you using the details we have, where appropriate and depending on the nature of the change.

2.1. We may update this Notice from time to time to reflect changes in data protection laws, guidance from regulators, and how we provide our services. We encourage you to check this Notice occasionally so you understand how we process your personal data.

2.2. If we make material changes, we will take reasonable steps to inform you - for example, by posting a prominent notice on our Website and/or contacting you using the details we have, where appropriate and depending on the nature of the change.

  1. Your Data Controller

Whitelark is the controller of personal data, as referred to in this Notice. As the controller, we determine the purposes and means of processing your personal data. This means that we are responsible for deciding why and how your information is processed in the course of our business operations.

For matters related to the protection of your personal data and to facilitate communication regarding privacy concerns, or in case if you have any questions or concerns about any aspect of our privacy practices, please do not hesitate to contact us using the following details email: info@whitelark.io.

  1. Our Principles of Data Processing

We are committed to the following principles when processing your personal data:

  1. Lawfulness, Fairness, and Transparency: We process your personal data in accordance with applicable laws and regulations. We act transparently and aim to communicate clearly about how your data is used and, where required, by identifying the relevant legal basis for processing;

  2. Purpose Limitation: We collect your personal data for specified, explicit, and legitimate purposes. We do not use your information in a way that is incompatible with those purposes, and we will update you if we plan to use your data for a new purpose where required by law;

  3. Data Minimization: We only collect and process personal data that is necessary for the stated purposes. We limit access to your data to those who need it for their work and avoid collecting more data than we reasonably need;

  4. Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date;

  5. Storage Limitation: We keep your personal data only for as long as necessary for the purposes for which it was collected. We have defined retention periods for different types of data, and we regularly review and securely delete or anonymize data that is no longer needed, unless we are required or permitted to keep it for legal, regulatory, tax, accounting, or dispute-resolution purposes;

  6. Integrity and Confidentiality (Security): We implement appropriate technical and organizational measures to protect the security, integrity, and confidentiality of your personal data, taking into account the nature of the data and the risks of processing;

  7. Accountability: We are responsible for complying with these principles. We regularly review our processing activities to meet our compliance obligations. Where appropriate, this includes maintaining records of processing activities, completing data protection impact assessments, using appropriate contracts with service providers acting as processors, and managing personal data breaches in line with legal requirements.

We are committed to the following principles when processing your personal data:

  1. Lawfulness, Fairness, and Transparency: We process your personal data in accordance with applicable laws and regulations. We act transparently and aim to communicate clearly about how your data is used and, where required, by identifying the relevant legal basis for processing;

  2. Purpose Limitation: We collect your personal data for specified, explicit, and legitimate purposes. We do not use your information in a way that is incompatible with those purposes, and we will update you if we plan to use your data for a new purpose where required by law;

  3. Data Minimization: We only collect and process personal data that is necessary for the stated purposes. We limit access to your data to those who need it for their work and avoid collecting more data than we reasonably need;

  4. Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date;

  5. Storage Limitation: We keep your personal data only for as long as necessary for the purposes for which it was collected. We have defined retention periods for different types of data, and we regularly review and securely delete or anonymize data that is no longer needed, unless we are required or permitted to keep it for legal, regulatory, tax, accounting, or dispute-resolution purposes;

  6. Integrity and Confidentiality (Security): We implement appropriate technical and organizational measures to protect the security, integrity, and confidentiality of your personal data, taking into account the nature of the data and the risks of processing;

  7. Accountability: We are responsible for complying with these principles. We regularly review our processing activities to meet our compliance obligations. Where appropriate, this includes maintaining records of processing activities, completing data protection impact assessments, using appropriate contracts with service providers acting as processors, and managing personal data breaches in line with legal requirements.

  1. Information we process

5.1. For the purposes outlined in this Notice, we may collect and otherwise process the following categories of personal data (the exact data we process depends on how you interact with us):

  1. Contact Information: for example email address, phone number, and postal address;

  2. Professional Information: for example job title, company name, professional qualifications, and industry expertise;

  3. Identification Information: for example your name, date of birth, and (where required) details from a government-issued identification document (such as an ID/passport number) or other information needed to verify your identity;

  4. Compliance Data: for example information we need to meet legal and regulatory obligations, such as anti-money laundering (AML) and know-your-customer (KYC) checks, politically exposed person (PEP) screening, sanctions and watchlist screening, and related risk/compliance assessments;

  5. Legal and Reporting Data: for example information needed to comply with legal obligations under applicable laws, including accounting, tax, and statutory or statistical reporting requirements;

  6. Contract Data: for example information needed to negotiate, enter into, and perform a contract with you, and to manage our ongoing relationship;

  7. Risk Management Data: for example information about business relationships and affiliations that may impact risk assessment, and information used for fraud detection and prevention;

  8. Technical Information: for example information about your device and how you use our Website (such as IP address, device identifiers, browser type, log data, pages viewed, and cookies or similar technologies). For more information about cookies and similar technologies, please see our Cookie Notice;

  9. Information Related to Employee Candidates and Referrals: for example resumes, employment history, educational background, and professional references;

  10. Video Surveillance and Audio Call Recordings: records of video surveillance at our office premises, and records of incoming and outgoing calls with the Company (where permitted by law and where you are informed that a call may be recorded);

  11. Information related to Claims and Disputes: for example correspondence and communications, internal records of assessments, decisions, and actions taken to address the matter, factual and evidentiary materials.

5.1. For the purposes outlined in this Notice, we may collect and otherwise process the following categories of personal data (the exact data we process depends on how you interact with us):

  1. Contact Information: for example email address, phone number, and postal address;

  2. Professional Information: for example job title, company name, professional qualifications, and industry expertise;

  3. Identification Information: for example your name, date of birth, and (where required) details from a government-issued identification document (such as an ID/passport number) or other information needed to verify your identity;

  4. Compliance Data: for example information we need to meet legal and regulatory obligations, such as anti-money laundering (AML) and know-your-customer (KYC) checks, politically exposed person (PEP) screening, sanctions and watchlist screening, and related risk/compliance assessments;

  5. Legal and Reporting Data: for example information needed to comply with legal obligations under applicable laws, including accounting, tax, and statutory or statistical reporting requirements;

  6. Contract Data: for example information needed to negotiate, enter into, and perform a contract with you, and to manage our ongoing relationship;

  7. Risk Management Data: for example information about business relationships and affiliations that may impact risk assessment, and information used for fraud detection and prevention;

  8. Technical Information: for example information about your device and how you use our Website (such as IP address, device identifiers, browser type, log data, pages viewed, and cookies or similar technologies). For more information about cookies and similar technologies, please see our Cookie Notice;

  9. Information Related to Employee Candidates and Referrals: for example resumes, employment history, educational background, and professional references;

  10. Video Surveillance and Audio Call Recordings: records of video surveillance at our office premises, and records of incoming and outgoing calls with the Company (where permitted by law and where you are informed that a call may be recorded);

  11. Information related to Claims and Disputes: for example correspondence and communications, internal records of assessments, decisions, and actions taken to address the matter, factual and evidentiary materials.

  1. Sources of Information

We may collect personal data from various sources to fulfill the purposes described in this Notice. These sources include:

  1. Direct Collection: for example, we collect data directly from you when you contact us, submit forms, apply for a role, or otherwise interact with us (including via our Website);

  2. Indirect Collection: for example, we may receive information from: (i) service providers we use to support our business (such as IT, hosting, analytics, security, and compliance providers); (ii) publicly available sources (such as public registers and professional networking sites, where permitted); and (iii) employee referrals or other business partners (where relevant to our relationship);

  3. Automated technologies (cookies and similar technologies): we may collect certain information automatically when you use our Website, including through cookies and similar technologies (such as device identifiers, log data, and usage data). Where required by law, we will use cookies only with your consent. For more information, please see our Cookie Notice.

We may collect personal data from various sources to fulfill the purposes described in this Notice. These sources include:

  1. Direct Collection: for example, we collect data directly from you when you contact us, submit forms, apply for a role, or otherwise interact with us (including via our Website);

  2. Indirect Collection: for example, we may receive information from: (i) service providers we use to support our business (such as IT, hosting, analytics, security, and compliance providers); (ii) publicly available sources (such as public registers and professional networking sites, where permitted); and (iii) employee referrals or other business partners (where relevant to our relationship);

  3. Automated technologies (cookies and similar technologies): we may collect certain information automatically when you use our Website, including through cookies and similar technologies (such as device identifiers, log data, and usage data). Where required by law, we will use cookies only with your consent. For more information, please see our Cookie Notice.

  1. Sources of Information

8.1. Whitelark may collect personal data from various sources to fulfill the purposes described in this Notice. These sources include:

  • Direct Collection: for instance, we collect data directly from you when you engage with our services, communicate with us, interact with our Website, etc.

  • Indirect Collection: for instance, we may obtain information from third-party service providers, publicly available sources, employee referrals or other business partners.

  • Third-party sources: we may receive information from third parties and from publicly available sources.

  1. Purpose and Legal Basis of Data Processing; Data Retention

7.1. General information

Whitelark processes your personal information for specific purposes and only where a lawful basis applies under data protection law. We process your data transparently, fairly, and only for the purposes for which it was collected. Depending on the purpose, we rely on one or more of the following legal bases:

  1. Performance of a Contract (Contractual Necessity): we process your data to perform a contract with you or to take steps at your request before entering into a contract;

  2. Legal Obligation: we process your data to comply with the law (for example, tax, accounting, anti-money laundering (AML), or other regulatory requirements);

  3. Legitimate Interests: we process data where it is necessary for our (or a third party’s) legitimate interests, unless your interests or fundamental rights and freedoms override those interests;

  4. Consent: we process your data based on your consent for certain features or services (for example, certain cookies or marketing, where required), and you may withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before you withdrew it;

  5. Vital Interests: we process your data where necessary to protect your vital interests or those of another person;

  6. Public Task: we process your data where necessary to perform a task in the public interest or in the exercise of official authority (this basis is rarely used by private companies, but may apply in limited circumstances).

7.2. Specifics

To provide you with a comprehensive understanding of how we process your personal data, we have outlined the various purposes and their corresponding legal bases in the table below. This table details the specific reasons for which we collect and process your data, along with the legal foundations that guide these practices and retention period.

7.1. General information

Whitelark processes your personal information for specific purposes and only where a lawful basis applies under data protection law. We process your data transparently, fairly, and only for the purposes for which it was collected. Depending on the purpose, we rely on one or more of the following legal bases:

  1. Performance of a Contract (Contractual Necessity): we process your data to perform a contract with you or to take steps at your request before entering into a contract;

  2. Legal Obligation: we process your data to comply with the law (for example, tax, accounting, anti-money laundering (AML), or other regulatory requirements);

  3. Legitimate Interests: we process data where it is necessary for our (or a third party’s) legitimate interests, unless your interests or fundamental rights and freedoms override those interests;

  4. Consent: we process your data based on your consent for certain features or services (for example, certain cookies or marketing, where required), and you may withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before you withdrew it;

  5. Vital Interests: we process your data where necessary to protect your vital interests or those of another person;

  6. Public Task: we process your data where necessary to perform a task in the public interest or in the exercise of official authority (this basis is rarely used by private companies, but may apply in limited circumstances).

7.2. Specifics

To provide you with a comprehensive understanding of how we process your personal data, we have outlined the various purposes and their corresponding legal bases in the table below. This table details the specific reasons for which we collect and process your data, along with the legal foundations that guide these practices and retention period.

Purpose of processing

Type of Data

Legal Basis

Retention Period

Provision of Services

Contact Information; Identification Information; Contract Data

Performance of a Contract (Contractual Necessity)

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Communication and Responding to Inquiries

Contact Information; Identification Information

Performance of a Contract (Contractual Necessity); Legitimate Interests

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Legal and Regulatory Compliance

Compliance Data; Identification Information

Legal Obligation

Retained for 5 (five) years from the date of the transaction to comply with tax, accounting or other laws. This period may be extended if required by law

Contractual Compliance

Contract Data; Risk Management Data

Performance of a Contract (Contractual Necessity); Legitimate Interests

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Physical, Information and Cyber Security

Risk Management Data; Technical Information; Video Surveillance and Audio Call Recordings

Legitimate Interests

For the term of duration of the agreement, employment or expiration of the specific security cookie’s lifespan

Advertising and Marketing

Technical Information

Legitimate Interests; Consent

For the term of duration of the agreement or until opt out by user or expiration of cookie’s lifespan

Improvement of Services and Business Operations

Technical Information; Risk Management Data

Performance of a Contract (Contractual Necessity); Legitimate Interests

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Legal Claims and Defense

Information related to Claims and Disputes

Legitimate Interests

For the term of duration of the agreement/ employment and up to 5 (five) years after termination or expiration of the agreement/employment

Recruitment and Establishing Employment Relations

Information Related to Employee Candidates and Referrals

Legal Obligation; Legitimate Interests

Retained for period necessary to perform recruitment, or establishing, fulfillment and performance of employment obligations until the termination/ completion of the employment/ recruitment process, unless further retention is required to comply with legal obligations or to resolve disputes

Purpose of processing

Type of Data

Legal Basis

Retention Period

Provision of Services

Contact Information; Identification Information; Contract Data

Performance of a Contract (Contractual Necessity)

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Communication and Responding to Inquiries

Contact Information; Identification Information

Performance of a Contract (Contractual Necessity); Legitimate Interests

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Legal and Regulatory Compliance

Compliance Data; Identification Information

Legal Obligation

Retained for 5 (five) years from the date of the transaction to comply with tax, accounting or other laws. This period may be extended if required by law

Contractual Compliance

Contract Data; Risk Management Data

Performance of a Contract (Contractual Necessity); Legitimate Interests

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Physical, Information and Cyber Security

Risk Management Data; Technical Information; Video Surveillance and Audio Call Recordings

Legitimate Interests

For the term of duration of the agreement, employment or expiration of the specific security cookie’s lifespan

Advertising and Marketing

Technical Information

Legitimate Interests; Consent

For the term of duration of the agreement or until opt out by user or expiration of cookie’s lifespan

Improvement of Services and Business Operations

Technical Information; Risk Management Data

Performance of a Contract (Contractual Necessity); Legitimate Interests

Retained for period necessary to fulfill contract obligations until the deletion or termination of the agreement, unless further retention is required to comply with legal obligations or to resolve disputes

Legal Claims and Defense

Information related to Claims and Disputes

Legitimate Interests

For the term of duration of the agreement/ employment and up to 5 (five) years after termination or expiration of the agreement/employment

Recruitment and Establishing Employment Relations

Information Related to Employee Candidates and Referrals

Legal Obligation; Legitimate Interests

Retained for period necessary to perform recruitment, or establishing, fulfillment and performance of employment obligations until the termination/ completion of the employment/ recruitment process, unless further retention is required to comply with legal obligations or to resolve disputes

  1. Purpose and Legal Basis of Data Processing; Data Retention

9.1. Retention Obligation

After the relevant retention period has passed, we securely delete or anonymize your data to protect your privacy. If you have any questions about our data retention practices, please do not hesitate to contact us via info@whitelark.io.We are committed to transparency and to ensuring that your privacy is fully safeguarded.

10. Your Consent

10.1. If we rely on your consent for certain processing activities (for example, marketing communications), you have the right to withdraw your consent at any time (and it will be as easy to withdraw consent as it is to give it). You can usually manage your preferences or withdraw consent using the opt-out mechanisms we provide (for example, the “unsubscribe” link in an email) or by contacting us directly using the contact details in this Notice. Withdrawing consent will not affect the lawfulness of processing carried out before you withdrew it.

11. Data Sharing

11.1. Purpose of Sharing. To operate our business and provide the services, Whitelark may share personal data with carefully selected recipients that perform services on our behalf (for example, processors). We only share what is necessary for the relevant purpose, under enforceable contracts that require confidentiality, security, assistance with data subject rights where required, and compliance with applicable data protection laws.

11.2. Categories of Recipients. We may share personal data with:

  1. Service Providers, for instance, recrutments services providers, risk management providers, business partners, contractors etc.;

  2. IT, hosting, that host, maintain, secure, back up, and support our Website and related infrastructure;

  3. IT, Hosting, and Support Providers that host, maintain, secure, back up, and support our Website, System, and related infrastructure;

  4. Analytics Providers to help us understand Website and software usage, improve performance, and diagnose issues;

  5. Marketing and Customer Engagement Partners to deliver marketing communications, measure campaign effectiveness, and provide targeted content strictly within our Website or our services. We do not permit third parties to use your personal data for their own marketing without your consent;

  6. Professional Advisors, Auditors where necessary for governance, audit, legal advice, insurance coverage, or the establishment, exercise, or defense of legal claims;

  7. Corporate Transactions. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and data protection safeguards and, where required, notice to you.

11.3. Disclosures Required by Law. We may disclose personal data to courts, regulators, tax authorities, law enforcement, or other public bodies when required to do so by applicable law, regulation, subpoena, or court order, or when we believe disclosure is necessary to protect our rights, users, or the public.

11.4. Aggregated and DeIdentified Data. We may share aggregated or deidentified statistics with third parties, including other businesses and the public, to describe how and when users use our Website and services. This data does not identify you and cannot reasonably be used to reidentify you. We will not attempt to reidentify such data.

12. International Transfers

12.1. While most processing occurs in the European Economic Area (EEA), your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not offer the same level of data protection as your home jurisdiction.

12.2. Where we transfer personal data internationally, we do so in compliance with applicable data protection laws and implement appropriate safeguards, such as: (a) an adequacy decision by the European Commission or other competent authority recognizing the destination country as providing an adequate level of protection; (b) Standard Contractual Clauses adopted by the European Commission with recipients, including subprocessors and affiliates; and/or (c) other lawful transfer mechanisms permitted by applicable law. Where required, we implement supplementary technical and organizational measures to ensure a level of protection essentially equivalent to that required under applicable law.

12.3. Transfers may involve our affiliates, cloud hosting and IT service providers, payment and acquiring partners, risk and fraud prevention providers, professional advisors, and support vendors located in jurisdictions in which we or our providers operate.

12.4. All recipients are bound by enforceable contractual obligations to protect personal data, including confidentiality, security, limited purpose use, onward transfer restrictions, and audit/assurance rights. We conduct transfer risk assessments and vendor due diligence and review safeguards periodically.

13. Data Security

13.1. We maintain a comprehensive information security program designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our controls are riskbased, documented, and regularly reviewed for effectiveness. Furthermore, we continuously evaluate and update our security practices to align with industry standards and evolving technological advancements.

14. Your Data Protection Rights

14.1. Overview. Subject to applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access. You may request confirmation of whether we process your personal data and obtain a copy, along with related information (e.g., purposes, categories, recipients, retention periods, and your rights).

  • Right to Rectification. You may request correction of inaccurate personal data and completion of incomplete data, taking into account the purposes of processing. 

  • Right to Erasure (“Right to Be Forgotten”). You may request deletion of personal data where one of the grounds in law applies (e.g., data no longer needed, consent withdrawn, successful objection), subject to legal obligations and overriding legitimate grounds. We may retain certain records (e.g., transaction data) to comply with legal and regulatory requirements.

  • Right to Restrict Processing. You may request that we restrict processing where you contest accuracy, processing is unlawful and you prefer restriction over deletion, we no longer need the data but you require it for legal claims, or you have objected and verification is pending.

  • Right to Object. You may object at any time to processing based on our legitimate interests, including profiling on that basis. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests or the processing is needed for legal claims. You may also object at any time to processing for direct marketing; we will then stop marketing to you.

  • Right to Data Portability. Where processing is based on consent or contract and carried out by automated means, you may receive your personal data in a structured, commonly used, machinereadable format and, where technically feasible, request transmission to another controller. 

  • Right to Withdraw Consent. Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. We will honor your updated preferences promptly.

  • Automated DecisionMaking and Profiling. Whitelark does not make decisions producing legal or similarly significant effects based solely on automated processing (including profiling). If this changes, we will notify you and provide a way to exercise your rights, including the right to obtain human intervention, to express your view, and to contest a decision.

14.2. How to Exercise Your Rights:

  1. Submit requests at info@whitelark.io;

  2. We may request information necessary to verify your identity and to locate the data (for security and fraud prevention);

  3. We will explain any exemptions or limitations that apply (e.g., where honoring a request would adversely affect the rights and freedoms of others, conflict with legal obligations, or undermine fraud prevention or security);

  4. We will respond within the period required by law and inform you if additional time is needed due to request complexity or volume;

  5. Requests are typically free of charge. We may charge a reasonable fee or refuse manifestly unfounded or excessive requests as permitted by law.

14.3. Local Rights. Depending on your location, you may have additional rights under local law. You also have the right to lodge a complaint with your data protection authority. 

14.1. Overview. Subject to applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access. You may request confirmation of whether we process your personal data and obtain a copy, along with related information (e.g., purposes, categories, recipients, retention periods, and your rights).

  • Right to Rectification. You may request correction of inaccurate personal data and completion of incomplete data, taking into account the purposes of processing. 

  • Right to Erasure (“Right to Be Forgotten”). You may request deletion of personal data where one of the grounds in law applies (e.g., data no longer needed, consent withdrawn, successful objection), subject to legal obligations and overriding legitimate grounds. We may retain certain records (e.g., transaction data) to comply with legal and regulatory requirements.

  • Right to Restrict Processing. You may request that we restrict processing where you contest accuracy, processing is unlawful and you prefer restriction over deletion, we no longer need the data but you require it for legal claims, or you have objected and verification is pending.

  • Right to Object. You may object at any time to processing based on our legitimate interests, including profiling on that basis. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests or the processing is needed for legal claims. You may also object at any time to processing for direct marketing; we will then stop marketing to you.

  • Right to Data Portability. Where processing is based on consent or contract and carried out by automated means, you may receive your personal data in a structured, commonly used, machinereadable format and, where technically feasible, request transmission to another controller. 

  • Right to Withdraw Consent. Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. We will honor your updated preferences promptly.

  • Automated DecisionMaking and Profiling. Whitelark does not make decisions producing legal or similarly significant effects based solely on automated processing (including profiling). If this changes, we will notify you and provide a way to exercise your rights, including the right to obtain human intervention, to express your view, and to contest a decision.

14.2. How to Exercise Your Rights:

  1. Submit requests at info@whitelark.io;

  2. We may request information necessary to verify your identity and to locate the data (for security and fraud prevention);

  3. We will explain any exemptions or limitations that apply (e.g., where honoring a request would adversely affect the rights and freedoms of others, conflict with legal obligations, or undermine fraud prevention or security);

  4. We will respond within the period required by law and inform you if additional time is needed due to request complexity or volume;

  5. Requests are typically free of charge. We may charge a reasonable fee or refuse manifestly unfounded or excessive requests as permitted by law.

14.3. Local Rights. Depending on your location, you may have additional rights under local law. You also have the right to lodge a complaint with your data protection authority. 

15. Dispute Resolution and Complaints

15.1. Contact Us First. If you have questions or concerns about how Whitelark processes your personal data, please contact us using the details in Section 1. Our privacy team will review your inquiry and work to resolve it promptly and fairly.

15.2. Escalation. If we are unable to resolve your concern, you have the right to lodge a complaint with a competent data protection authority listed in Clause 15.3. You may do so without prejudice to any other rights or remedies available to you under applicable law.

15.3. Supervisory Authorities:

  1. Cyprus. In Cyprus you may contact Cyprus Data Protection Commissioner at Office of the Commissioner for Personal Data Protection, registered at: kypranoros 15, Nicosia 1061 , Cyprus. Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus. Tel: + +357 22818456, Fax: +357 22304565, Email: commissioner@dataprotection.gov.cy

  2. European Union/EEA. You may contact your local supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement. A directory is available at: https://edpb.europa.eu/about-edpb/board/members_en.

  3. Other Jurisdictions. If you reside outside the above regions, please contact your local data protection or privacy regulator for guidance on filing a complaint.

15.4. Response Times. We aim to acknowledge and respond to privacy inquiries without undue delay and within the time limits required by law.

15.5. Using our internal process is encouraged but not required. You may contact a supervisory authority at any time.

info@whitelark.io

Privacy Policy

Cookie Policy

© Copyright Whitelark 2025. All right reserved.

info@whitelark.io

Privacy Policy

Cookie Policy

© Copyright Whitelark 2025. All right reserved.

info@whitelark.io

Privacy Policy

Cookie Policy

© Copyright Whitelark 2025. All right reserved.

info@whitelark.io

Privacy Policy

Cookie Policy

© Copyright Whitelark 2025. All right reserved.