PRIVACY & AI NOTICE POLICY
This document outlines how the Twinlix platform collects and processes personal data, and utilises Artificial Intelligence (AI) technologies in strict compliance with the EU General Data Protection Regulation (GDPR) and the European Union Artificial Intelligence Act (EU AI Act).
I. Right Holder and General Information
All rights to the TwinLix trademark, platform, and software are exclusively owned by Axisway LTD (hereinafter referred to as "Twinlix", "We", "Us").
II. Compliance with the EU AI Act
The Twinlix platform provides tools for creating virtual AI assistants. We comply with the requirements of the EU AI Act as follows:
Classification of AI Systems (Risk Level): Twinlix chatbots are classified as Limited Risk AI systems. We do not develop or provide "High-Risk AI" systems (as per Annex III of the AI Act) or "Prohibited AI" systems (Article 5 of the AI Act), such as social scoring or real-time biometric identification systems.
Transparency Obligations (Article 50 of the AI Act): The law requires that natural persons are informed when they are interacting with an AI system. We obligate our Clients (who use Twinlix bots) to explicitly notify their end-users that they are communicating with an artificial intelligence and not a human operator.
Human Oversight: In accordance with the AI Act's principles, the Twinlix platform provides a "Human Takeover" feature. This allows a live human operator to intercept the dialogue at any time and pause the AI to prevent any algorithmic errors or "hallucinations".
III. GDPR Compliance: Roles and Types of Processed Data
Pursuant to Article 28 of the GDPR, we strictly separate data processing roles:
For Client Data (business owners registered on Twinlix), we act as the Data Controller.
For End-user Data (individuals messaging our Client's chatbot), we act as the Data Processor, operating exclusively on behalf of and under the instructions of the Client.
We process the following data:
Client Data: Name, email, phone number, billing details, IP address.
End-user Data: Name (if provided), phone number, message content, and any other information voluntarily shared during the conversation with the chatbot.
IV. Legal Bases for Data Processing (Article 6 GDPR)
We process personal data on the following legal bases:
Article 6(1)(b) — Performance of a Contract: To provide you with platform access, create AI bots, and ensure integrations function correctly.
Article 6(1)(f) — Legitimate Interest: To improve and secure the platform, analyze usage patterns, and prevent fraud.
Article 6(1)(a) — Consent: For marketing communications and optional analytics.
V. Automated Decision-Making (Article 22 GDPR)
Our AI assistants automate replies to frequently asked questions and collect contact details (lead generation).
However, Twinlix does not engage in automated decision-making that produces legal effects concerning the data subject (e.g., automatic rejection of a loan or employment application). All critical business decisions must be made independently by the Client.
VI. Integrations and Data Transfers (Articles 44-50 GDPR)
The Twinlix platform integrates with messaging services (WhatsApp, Facebook Messenger, Instagram) owned by Meta Platforms Inc. Conversations are processed via their official APIs.
Cross-Border Transfers: Because Axisway LTD is based in the United Kingdom (UK) and data is stored in the EU (see Section VII), data exchange between the EU and the UK is governed by the European Commission's Adequacy Decision. If data is temporarily transferred to AI providers (e.g., OpenAI) in the US to generate a response, this is done strictly on the basis of Standard Contractual Clauses (SCCs) and the Data Privacy Framework.
VII. Data Localization, Security, and Retention (Article 32 GDPR)
Physical Server Location (Data Localization): All personal data of Clients and their end-users, as well as the knowledge base documents you upload (PDF, Excel, Word), are stored on secure cloud servers physically located within the European Union (including countries such as Germany, Spain, and France). This guarantees the highest level of protection and adherence to European data sovereignty standards.
Security: We employ modern encryption, strict access controls, and regular system monitoring to protect your information.
Data Retention: Data is kept only for as long as necessary to provide the Services. If a Client deletes their account, the end-user data and AI knowledge bases are permanently erased from our European servers.
VIII. Data Subject Rights (Articles 15–22 GDPR)
At any time, you have the right to:
Request access to your data (Article 15);
Request correction or deletion of your data (Articles 16, 17);
Restrict or object to processing (Articles 18, 21).
If you are an end-user (you chatted with our Client's bot), please direct your requests directly to the Client (the Data Controller). If you are a Twinlix Client, you can exercise your rights via your dashboard or by emailing us at info@axisway.co.uk.
