Afghanistan’s #1 Web Hosting Company Since 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006

THE GDPR POLICY

At PAMIRWEBHOST LLC, we are committed to protecting the privacy and personal data of individuals in compliance with the General Data Protection Regulation (GDPR). Below is a summary of key GDPR principles, requirements, and measures we adhere to in order to ensure your data is processed responsibly, securely, and transparently.

1. Key Applications of GDPR

The GDPR applies if:
The company is in the EU and processes personal data, regardless of where data processing takes place.
The company, outside the EU, processes personal data in relation to the offering of goods or services or monitors behavior within the EU.

It does not apply if:
The data subject is deceased or a legal entity.
Data processing is conducted by individuals for non-business purposes.

2. What Constitutes Personal Data?

Personal Data includes identifiable information about an individual such as:
Name, address, ID number, income, IP address, or health data.

Special Categories of Data (processing typically restricted) include:
Racial or ethnic origin, sexual orientation, political opinions, religious beliefs, genetic, biometric, or health data, among others.

3. Data Controllers, Processors, and the Role of the Data Protection Officer (DPO)

Data Controller: Decides why and how personal data is processed.
Data Processor: Manages and processes data on behalf of the controller.
DPO: Monitors data processing, advises employees, and coordinates with the Data Protection Authority (DPA).

A DPO is required if:
The company processes data on a large scale or deals with special data categories.
Core activities involve monitoring individuals.

4. Processing Data for Third Parties and Data Transfers Outside the EU

A data controller may engage a data processor with appropriate safeguards and a written contract.

Data transferred outside the EU must meet one of the following:
The destination country’s protections are EU-compliant.
Specific safeguards in a contract with the data importer.
Derogations like the individual’s consent are obtained.

5. Lawful Data Processing

Data processing is lawful if:

1. Obtain explicit consent from the individual.
2. Fulfill a contractual obligation.
3. Satisfy a legal obligation.
4. Protect an individual’s vital interests.
5. Carry out a public interest task.
6. Legitimate interests of the company (unless overridden by individual rights).

6. Consent for Data Processing

Consent must be:

Freely given, specific, informed, and unambiguous.
The individual should understand what they’re consenting to and have the right to withdraw it.

7. Information Transparency

PAMIRWEBHOST LLC provides individuals with clear information regarding:

Who is processing the data and why.
The legal basis for processing.
Contact details of our DPO.
Data storage periods and rights to withdraw consent.

8. Individual Rights Under GDPR

Individuals have the right to:

Access their data and receive a copy (Right to Access & Data Portability).
Correct inaccuracies (Right to Rectification).
Object to data processing on certain grounds (Right to Object).
Have data deleted under certain conditions (Right to Erasure/Right to be Forgotten).

For automated decision-making, individuals have the right to request human review and contest the decision.

9. Specific Rules for Children

Parental consent is required for processing data of children, with age limits varying between 13 and 16 years in different EU countries.

10. Data Breaches and Notifications

In case of a data breach posing risks to individual rights, we notify the DPA within 72 hours. High-risk breaches may also require informing affected individuals.

11. Responding to Requests

We respond to requests related to personal data rights within one month, with a possible extension for complex cases. Denied requests include the reason and information on the right to file a complaint.

12. Record-Keeping and Compliance

To prove GDPR compliance, we maintain records of our processing activities, including:

Purposes and descriptions of processing.
Data retention periods. Details of data recipients and security measures.

13. Impact Assessments and High-Risk Processing

When new technologies or high-risk processing are involved, we conduct Data Protection Impact Assessments (DPIA) to evaluate risks and collaborate with DPAs when necessary.

14. Data Protection by Design and by Default

Our approach includes data protection by design, implementing necessary safeguards from the start. Data protection by default means that only essential data is processed, stored securely, and accessible only to authorized individuals.
PAMIRWEBHOST LLC takes GDPR compliance seriously and has implemented all required measures to ensure full compliance with the regulation. Your privacy and data security are at the core of our services, and we are committed to maintaining GDPR-compliant practices for the safety and protection of all personal data.