Compliance & Certifications

How we approach data protection and security, including where EU GDPR, UK GDPR, and other laws apply.

EU GDPR

Where the EU General Data Protection Regulation applies, we design our processing to support compliance and to help you exercise applicable privacy rights.

Right to access your personal data
Right to rectify inaccurate data
Right to erasure (right to be forgotten)
Right to data portability
Right to object to processing

UK GDPR & Data Protection Act 2018

WHIKS Ltd is incorporated in England and Wales. Where the UK GDPR and the Data Protection Act 2018 apply, we process personal data in line with those requirements. You may lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your rights have been infringed.

CCPA/CPRA (California)

Where the California Consumer Privacy Act and CPRA apply, we provide mechanisms to exercise applicable consumer rights as described in our Privacy Policy.

Right to know what personal information is collected
Right to delete personal information
זכות לסרב למכירה או לשיתוף של מידע אישי
Right to non-discrimination for exercising privacy rights

SOC 2 Compliance Roadmap

We maintain a roadmap toward SOC 2 Type II attestation to demonstrate our commitment to security, availability, confidentiality, and integrity.

Implementing SOC 2-aligned controls; independent attestation is planned as the programme matures

Timeline depends on scope and auditor engagement; we will update this page as our assurance programme progresses.

Security

Protection against unauthorized access

Availability

System availability and performance

Confidentiality

Protection of confidential information

Integrity

Data accuracy and completeness

Security Best Practices

We follow widely recognised security practices and implement layered controls designed to protect customer data.

Data Encryption

We use strong encryption for data in transit (TLS) and protect stored data with industry-standard encryption and key management practices.

Access Controls

Role-based access controls and multi-factor authentication for administrative access

Security Monitoring

Continuous monitoring of our systems for security threats and vulnerabilities

Data Backup

Regular automated backups with secure offsite storage and disaster recovery procedures

Certification Roadmap

We are progressing toward independent assurance (such as SOC 2 Type II) and continue to evaluate ISO 27001 alignment as our security programme matures.

Middle East Compliance

We aim to align our practices with applicable data protection laws in the Middle East where our services are used:

UAE Personal Data Protection Law (PDPL)

Where relevant, we take into account the UAE Personal Data Protection Law (Federal Law No. 45 of 2021), which governs the processing of personal data in the United Arab Emirates.

UAE residents have rights including access, correction, deletion, and objection to processing of their personal data.

For UAE-specific data protection inquiries, contact us at privacy@whiks.com

Saudi Arabia Personal Data Protection Law (PDPR)

Where relevant, we take into account the Saudi Arabia Personal Data Protection Law (Royal Decree No. M/19 of 2022), which regulates personal data processing in the Kingdom of Saudi Arabia.

Saudi residents have rights including access, correction, deletion, and restriction of processing of their personal data.

For Saudi-specific data protection inquiries, contact us at privacy@whiks.com

Regional Compliance

We monitor developments in regional data protection law and adapt our practices as regulations evolve.

Our services are localized for Arabic-speaking users with proper RTL support and cultural considerations.

Contact Compliance Team

For compliance-related inquiries or to exercise your rights:

Email: compliance@whiks.com

Address:

WHIKS Ltd

128 City Road

לונדון, EC1V 2NX

הממלכה המאוחדת

רשומה באנגליה ובוויילס · מספר חברה 17189817

טל: ‎+44 7988580234

Compliance & Certifications

How we approach data protection and security, including where EU GDPR, UK GDPR, and other laws apply.

EU GDPR

Where the EU General Data Protection Regulation applies, we design our processing to support compliance and to help you exercise applicable privacy rights.

Right to access your personal data
Right to rectify inaccurate data
Right to erasure (right to be forgotten)
Right to data portability
Right to object to processing

UK GDPR & Data Protection Act 2018

CCPA/CPRA (California)

Where the California Consumer Privacy Act and CPRA apply, we provide mechanisms to exercise applicable consumer rights as described in our Privacy Policy.

Right to know what personal information is collected
Right to delete personal information
זכות לסרב למכירה או לשיתוף של מידע אישי
Right to non-discrimination for exercising privacy rights

SOC 2 Compliance Roadmap

We maintain a roadmap toward SOC 2 Type II attestation to demonstrate our commitment to security, availability, confidentiality, and integrity.

Implementing SOC 2-aligned controls; independent attestation is planned as the programme matures

Timeline depends on scope and auditor engagement; we will update this page as our assurance programme progresses.

Security

Protection against unauthorized access

Availability

System availability and performance

Confidentiality

Protection of confidential information

Integrity

Data accuracy and completeness

Security Best Practices

We follow widely recognised security practices and implement layered controls designed to protect customer data.

Data Encryption

We use strong encryption for data in transit (TLS) and protect stored data with industry-standard encryption and key management practices.

Access Controls

Role-based access controls and multi-factor authentication for administrative access

Security Monitoring

Continuous monitoring of our systems for security threats and vulnerabilities

Data Backup

Regular automated backups with secure offsite storage and disaster recovery procedures

Certification Roadmap

We are progressing toward independent assurance (such as SOC 2 Type II) and continue to evaluate ISO 27001 alignment as our security programme matures.

Middle East Compliance

We aim to align our practices with applicable data protection laws in the Middle East where our services are used:

UAE Personal Data Protection Law (PDPL)

Where relevant, we take into account the UAE Personal Data Protection Law (Federal Law No. 45 of 2021), which governs the processing of personal data in the United Arab Emirates.

UAE residents have rights including access, correction, deletion, and objection to processing of their personal data.

For UAE-specific data protection inquiries, contact us at privacy@whiks.com

Saudi Arabia Personal Data Protection Law (PDPR)

Where relevant, we take into account the Saudi Arabia Personal Data Protection Law (Royal Decree No. M/19 of 2022), which regulates personal data processing in the Kingdom of Saudi Arabia.

Saudi residents have rights including access, correction, deletion, and restriction of processing of their personal data.

For Saudi-specific data protection inquiries, contact us at privacy@whiks.com

Regional Compliance

We monitor developments in regional data protection law and adapt our practices as regulations evolve.

Our services are localized for Arabic-speaking users with proper RTL support and cultural considerations.

Contact Compliance Team

For compliance-related inquiries or to exercise your rights:

Email: compliance@whiks.com

Address:

WHIKS Ltd

128 City Road

לונדון, EC1V 2NX

הממלכה המאוחדת

רשומה באנגליה ובוויילס · מספר חברה 17189817

טל: ‎+44 7988580234

Compliance & Certifications