The short version. We collect only the data we need to run our marketing services and the CRManager platform. We never sell your data. We use industry-standard security. You have rights under GDPR and equivalent laws, and you can exercise them at any time by emailing admin@widelink-media.com.
01Who we are
This Privacy Policy is issued by Wide Link Limited ("Wide Link", "we", "us", "our"), a company incorporated in Hong Kong under company number 3172441, with its registered office at Unit SD, 10/F, 8 Hart Avenue, Tsim Sha Tsui, Kowloon, Hong Kong.
We operate the website widelink-media.com and the CRManager platform (including the Nova analytics module), and we provide digital marketing services to business clients worldwide.
For the purposes of GDPR and equivalent legislation, Wide Link is generally the controller of personal data collected through our website and direct marketing activities, and a processor of personal data we handle on behalf of our business clients through the CRManager platform.
02Scope of this policy
This policy applies to personal data we process in connection with:
Visitors to widelink-media.com and any subdomains we operate;
Business clients and prospects who contact us or sign up for our services;
Users of the CRManager platform and related modules;
Recipients of our marketing communications.
It does not apply to third-party websites or services we link to or integrate with — those have their own privacy policies, which we encourage you to read.
Account data: login credentials, profile information, billing details if you become a paying client.
Communications: messages you send through our contact form, email, chat widget, or AI assistant.
Service data: any campaign briefs, brand assets, access credentials, or business information you share to enable us to perform services.
3.2 Data we collect automatically
Technical data: IP address, browser type and version, operating system, device identifiers, referring URLs.
Usage data: pages visited, time spent, click paths, scroll behaviour, conversion events, interactions with the CRManager platform.
Cookies and similar technologies: see Section 6.
3.3 Data from third parties
Ad and analytics platforms: aggregated performance data from Meta, Google, TikTok, LinkedIn, GA4, and similar.
Lead-generation partners: where authorised, lead data routed to CRManager from affiliate networks or partner integrations.
Public sources: publicly available business information used for prospecting or enrichment.
3.4 Sensitive data
We do not knowingly collect special categories of personal data (such as health, religious beliefs, or political opinions). Please do not share such data with us unless explicitly requested and necessary.
04How we use your data
We use personal data for the following purposes:
Purpose
What it involves
Service delivery
Performing the services agreed in your SOW; operating the CRManager platform; running campaigns; lead management; reporting.
Account management
Creating and maintaining client accounts, billing, customer support, dispute resolution.
Communication
Responding to enquiries, sending service updates, scheduling meetings, providing AI-assisted answers via our chat widget.
Marketing
Sending marketing emails (with consent or where permitted by law), promoting our services, retargeting on advertising platforms.
Analytics & improvement
Understanding how the website and platform are used, identifying improvements, measuring campaign performance.
Security & fraud prevention
Detecting bots, fraudulent leads, unauthorised access, and abuse; protecting our systems and our clients' data.
Legal & compliance
Complying with applicable laws, tax obligations, court orders, and regulatory requests.
05Legal bases (GDPR)
Where GDPR or UK GDPR applies, we rely on the following legal bases:
Contract — to perform a contract with you or take pre-contractual steps at your request (e.g., delivering services, providing platform access).
Legitimate interests — to run and grow our business, secure our systems, and conduct B2B marketing in a proportionate way (we balance this against your rights).
Consent — for non-essential cookies, marketing communications to individuals where required, and any other processing that requires explicit consent. You may withdraw consent at any time.
Legal obligation — to comply with applicable laws, including tax, accounting, and anti-money-laundering rules.
06Cookies & tracking
We use cookies and similar technologies (pixels, local storage, server-side tracking) to operate the website, measure performance, and run marketing campaigns. Categories include:
Strictly necessary — required for the website and platform to function (e.g., session, authentication).
Analytics — to understand traffic and usage patterns (e.g., GA4, server-side analytics).
Marketing — to measure campaign performance and serve relevant ads (e.g., Meta Pixel, Google Ads tags, LinkedIn Insight Tag).
Where required by law, non-essential cookies are only set after you give consent through our cookie banner. You can change your preferences at any time via your browser settings or by clearing cookies for this site.
Some integrations may use server-side tracking and cookieless attribution methods, which still operate under the legal bases described in Section 5.
07Sharing with third parties
We do not sell personal data. We share personal data only with the following categories of recipients, and only as necessary:
Service providers (processors): cloud hosting (e.g., Vercel, AWS), database providers (e.g., Supabase), email and communications (e.g., Resend, Twilio), analytics (e.g., Google Analytics), AI model providers (e.g., Anthropic, OpenAI), payment processors, error monitoring (e.g., Sentry).
Advertising platforms: Meta, Google, TikTok, LinkedIn — for campaign measurement, retargeting, and conversion tracking, in line with their respective policies and your consent.
Business clients: where you submit a lead or enquiry through a campaign we operate for a client, your data is passed to that client as the receiving controller.
Professional advisors: accountants, auditors, lawyers, and similar, bound by confidentiality.
Authorities: where required by law, court order, or to protect rights, safety, or property.
Successor entities: in connection with a merger, acquisition, restructuring, or sale of business assets.
All processors we engage are bound by written agreements that require them to protect personal data and process it only on our instructions.
08International transfers
Wide Link is based in Hong Kong, and we work with service providers and clients globally. Personal data may therefore be transferred to and processed in countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as your local law.
Where we transfer personal data of EU, UK, or Swiss data subjects outside the EEA, UK, or Switzerland, we rely on appropriate safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission;
UK International Data Transfer Agreement or Addendum;
We retain personal data only for as long as necessary for the purposes described in this policy, subject to longer retention periods required by law or for legitimate business purposes (such as defending legal claims).
Typical retention periods:
Active client data: for the duration of the engagement, plus 7 years after termination for tax and accounting purposes.
Marketing prospects: up to 2 years from the last meaningful interaction, after which we delete or anonymise the data.
Website analytics: typically up to 14 months, depending on the provider and configuration.
Server logs: typically up to 90 days, unless retained longer for security investigation.
Backups: rolling backups that overwrite within standard retention windows.
10Security
We implement appropriate technical and organisational measures to protect personal data, including:
Encryption in transit (TLS) and at rest where supported;
Role-based access controls and the principle of least privilege;
Multi-factor authentication for administrative access;
Logging, monitoring, and intrusion detection;
Regular review of vendors and processors;
Incident response procedures.
No system is 100% secure. If we become aware of a personal-data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals without undue delay.
11Your rights
Subject to applicable law, you have the following rights regarding your personal data:
Access — request a copy of the personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion where legally permitted ("right to be forgotten").
Restriction — request that we limit how we process your data.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests, including profiling for marketing.
Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior processing.
Lodge a complaint — with your local data-protection authority (see Section 15).
To exercise any of these rights, email admin@widelink-media.com. We will respond within the timeframes required by applicable law (typically within 30 days). We may need to verify your identity before responding.
If you are a user of the CRManager platform via one of our clients (i.e., the client is the controller and we are the processor), please direct your rights requests to that client. We will assist them in responding.
12Children
Our website, platform, and services are intended for business users and are not directed to children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us so we can delete it.
13AI processing
The CRManager platform and our website chat widget use AI models (including large language models from providers such as Anthropic and OpenAI) to power features such as the AI co-pilot, automated decisioning, content suggestions, and conversational support.
When you interact with these features:
Your inputs and conversations may be processed by third-party AI providers under their respective terms;
We do not authorise AI providers to train their general models on your inputs, where such an option is available and contractually configurable;
AI outputs may be inaccurate or incomplete — you should review and verify before relying on them for material decisions;
Where automated decision-making produces legal or similarly significant effects, you have the right to human review under applicable law. Contact us to request this.
14Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. Material changes will be communicated to active clients by email or in-platform notice where appropriate. Continued use of our services after the effective date constitutes acceptance of the updated policy.
15Contact & complaints
For any questions, requests, or concerns regarding this Privacy Policy or our data practices:
If you are in the EEA, UK, or Switzerland and believe your data-protection rights have been infringed, you have the right to lodge a complaint with your local supervisory authority. A list of EU authorities is available on the EDPB website. The UK authority is the ICO. We would, however, appreciate the chance to address your concerns directly first.