top of page
PRIVACY POLICY

This Privacy Policy explains how Helixon ("Helixon", "we", "us") collects, uses, shares, and protects personal data when you visit our website, contact us, or engage our B2B consulting services for API procurement. It also describes your data protection rights under GDPR/UK GDPR and KVKK.

Note: In some engagements we may act as a processor where we process personal data strictly on a client’s documented instructions (e.g., due diligence on a named contact). In such cases, a Data Processing Addendum (DPA) will apply.

2) What Data We Collect

  • Identity & Contact: name, business email, business phone, job title, company, country.

  • Engagement Data: RFQs, statements of work, contracts, meeting notes, correspondence.

  • KYC/AML Data (B2B): copies of licences, authorisations, IDs (where permitted by law), sanctions/PEP screening results, ultimate beneficial owner (UBO) information provided by the client.

  • Technical Data: IP address, device/browser info, pages visited, timestamps, and cookie identifiers (see Cookie Policy).

  • Marketing Preferences: newsletter opt‑in/opt‑out, communication channels.

We do not intentionally collect special categories of data (health, political opinions, etc.). Please do not include such data in RFQs or uploads unless we explicitly request it for a lawful purpose.

3) How We Collect Data

  • Directly from you: contact forms, emails, calls, bookings, RFQs.

  • From your employer/colleagues: as part of a B2B engagement.

  • From service providers: KYC/AML screening vendors, logistics or audit partners.

  • Public/professional sources: company registers, sanctions lists, regulatory databases, industry directories.

  • Automatically: via cookies and similar technologies (see Cookie Policy).

4) Why We Use Your Data (Purposes & Legal Bases)

  • To respond to enquiries and perform a contract (Art. 6(1)(b) GDPR / KVKK 5(2)(c)): proposals, statements of work, project delivery.

  • To meet legal obligations (Art. 6(1)(c) / KVKK 5(2)(ç)): KYC/AML, trade controls, tax/audit requirements, record‑keeping.

  • Legitimate interests (Art. 6(1)(f) / KVKK 5(2)(f)): securing supply chains, quality assurance, fraud prevention, business analytics, improving our services, keeping B2B contact lists.

  • Consent (Art. 6(1)(a) / KVKK 5(1)): where required for optional marketing emails or non‑essential cookies. You can withdraw consent at any time.

5) Sharing Your Data

We may share limited personal data with:

  • Suppliers and audit/logistics partners to fulfil an RFQ or project.

  • KYC/AML vendors for screening where required by law.

  • Advisers & insurers (legal, compliance, accounting, insurance).

  • IT/Cloud providers (hosting, email, project tools) under appropriate contracts.

  • Authorities/regulators where legally required (e.g., licence verification).
    We do not sell your personal data.

6) International Transfers

If data is transferred outside your country (e.g., outside the EEA/UK/Türkiye), we implement appropriate transfer safeguards, such as EU Standard Contractual Clauses (SCCs), the UK IDTA, and/or KVKK cross‑border transfer conditions. Details are available upon request.

7) Retention

We keep data only as long as needed for the purposes above:

  • Contracts & project files: typically 10 years (or longer if required by law).

  • KYC/AML records: typically 5–8 years from the end of the relationship, depending on jurisdiction.

  • Marketing lists: until you unsubscribe or we purge inactive contacts.

  • Web logs/cookies: per our Cookie Policy.

8) Security

We use administrative, technical and organisational measures to protect data (access controls, encryption in transit, least‑privilege access, vendor due diligence). No system is 100% secure; please use caution when transmitting data online.

9) Your Rights

Depending on where you are, you may have rights to access, rectify, erase (where applicable), restrict or object to processing, and data portability (GDPR/UK GDPR Arts. 15–21; KVKK Art. 11). You may also withdraw consent at any time for processing based on consent. These rights are subject to legal limits (e.g., where we must retain records for KYC/AML).

10) How to Exercise Your Rights

Email privacy@helixon.co with your request. We may need to verify your identity and confirm your relationship with us. We aim to respond within 30 days (or within statutory timeframes).

11) Complaints

If you believe your rights have been infringed, you can contact us at privacy@helixon.co You also have the right to complain to a supervisory authority:

  • Türkiye: Kişisel Verileri Koruma Kurumu (KVKK)

  • EU/EEA: Your local Data Protection Authority

  • UK: Information Commissioner’s Office (ICO)

12) Marketing

We send B2B marketing communications only with consent where required or under legitimate interests where permitted. You can unsubscribe at any time using the link in the email or by contacting us.

13) Cookies

We use cookies and similar technologies for functionality, analytics, and (where enabled) marketing. See our Cookie Policy for types, purposes, retention, and how to manage preferences via the cookie banner and your browser.

14) Changes to This Policy

We may update this policy from time to time. We will post changes on this page with a new “Last updated” date. Significant changes may also be notified via the website.

15) Contact

For any privacy questions: info@helixonapi.com

GET IN TOUCH

Let’s Collaborate

Reach out to us to explore how our compliance-first API procurement consultancy can elevate your API sourcing capabilities. We look forward to collaborating with you on your API procurement journey.

  • LinkedIn
  • Facebook
  • Twitter

© [2025] [Helixon]. All rights reserved.
 

Legal Compliance · Cookie Policy · Privacy Policy

 This website provides B2B consulting only; no retail sales. Controlled substances are evaluated strictly under valid licenses and applicable compliance.

bottom of page