GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Effective: May 25, 2018 | Last updated: August 20, 2025

Our Commitment to GDPR

QurexTech is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and how you can exercise your data protection rights.

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of EU residents, regardless of where the organization is located. GDPR gives individuals greater control over their personal data and imposes strict obligations on organizations handling such data.

2. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

2.1 Contract Performance

We process your personal data to fulfill our hosting service contracts, including:

  • • Providing hosting services and technical support
  • • Processing payments and managing your account
  • • Communicating about service-related matters

2.2 Legitimate Interests

We may process your data for our legitimate business interests, such as:

  • • Improving our services and user experience
  • • Ensuring network and information security
  • • Preventing fraud and abuse
  • • Analytics and performance monitoring

2.3 Consent

For certain activities, we rely on your explicit consent, including:

  • • Marketing communications and newsletters
  • • Non-essential cookies and tracking
  • • Promotional offers and surveys

2.4 Legal Compliance

We process personal data to comply with legal obligations, such as tax requirements, anti-money laundering regulations, and law enforcement requests.

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

Request information about what personal data we hold about you and how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data in certain circumstances ("right to be forgotten").

Right to Data Portability

Receive your personal data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data for direct marketing or other purposes.

Right to Restrict Processing

Request limitation of processing in certain circumstances.

4. How to Exercise Your Rights

Making a Request

To exercise any of your GDPR rights, please contact our Data Protection Officer using the information provided at the bottom of this page. Please include:

  • • Your full name and contact information
  • • Account details or customer ID (if applicable)
  • • Specific right you wish to exercise
  • • Details of your request
  • • Proof of identity (copy of ID document)

Response Timeline

We will respond to your request within 30 days of receipt. In complex cases, we may extend this period by an additional 60 days and will inform you of any delay.

5. Data Processing Activities

Activity Data Types Legal Basis Retention
Service Provision Contact info, billing data, technical data Contract Duration + 7 years
Customer Support Contact info, support tickets, communications Contract 3 years
Marketing Contact info, preferences Consent Until withdrawn
Security Monitoring IP addresses, access logs, security events Legitimate Interest 12 months

6. Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequacy decisions from the European Commission
  • Standard Contractual Clauses: Use of EU-approved standard contractual clauses
  • Binding Corporate Rules: Internal policies ensuring adequate protection
  • Certification Schemes: Transfers under approved certification mechanisms

7. Data Security Measures

Technical Measures

  • • Encryption in transit and at rest
  • • Access controls and authentication
  • • Regular security assessments
  • • Intrusion detection systems
  • • Secure backup procedures

Organizational Measures

  • • Staff training and awareness
  • • Data protection policies
  • • Incident response procedures
  • • Privacy by design principles
  • • Third-party agreements

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority as required by GDPR.

9. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can contact your local data protection authority or the authority in the country where you believe the violation occurred.

10. Contact Our Data Protection Officer

For any GDPR-related inquiries or to exercise your rights, please contact our Data Protection Officer:

  • Email: dpo@qurextech.com
  • Subject Line: "GDPR Request - [Your Request Type]"
  • Response Time: Within 30 days
  • Postal Address: QurexTech Data Protection Officer

Stay updated with our latest offers

Get exclusive hosting deals, tips, and updates delivered straight to your inbox.

We care about your privacy. Read our Privacy Policy.