NaamX Solutions is committed to protecting the privacy and fundamental rights of individuals. This GDPR Policy explains how we collect, process, store, and protect your personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation).

We act as a Data Controller for customer account information and as a Data Processor for content hosted on our services (websites, files, databases). This policy applies to all users within the European Economic Area (EEA), the United Kingdom, Switzerland, and any jurisdiction requiring GDPR compliance.

Under the GDPR, you have the following rights regarding your personal data. NaamX Solutions will respond to all legitimate requests within 30 days (free of charge):

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data, subject to legal obligations (e.g., tax records, fraud prevention).
• Right to Data Portability: Request export of your stored data in a structured, machine-readable format (JSON, CSV).
• Right to Restrict Processing: Request that we stop processing your data under certain circumstances.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw any previously given consent at any time.

We only collect information necessary for providing services and support. The personal data we collect includes:

Lawful bases for processing (Article 6 GDPR):

• Contractual necessity: To provide hosting, domains, cloud services, and customer support.
• Legal obligation: To comply with tax, anti-fraud, and regulatory requirements.
• Legitimate interests: To secure our infrastructure, prevent abuse, and improve services (weighing your rights).
• Consent: For optional marketing communications (you may opt out anytime).

Reasonable technical and organizational security measures are implemented to protect user data. Our security framework includes:

• Encryption: TLS 1.3 for data in transit; AES-256 for sensitive data at rest (where applicable).
• Access Controls: Role-based access, multi-factor authentication for internal systems, least privilege principle.
• Regular Audits: Vulnerability scans, penetration testing, and security patch management.
• Incident Response: Dedicated team to handle data breaches with 72-hour notification to authorities and affected users (if required).
• Employee Training: All staff receive mandatory data protection and privacy training annually.

Limited sharing may occur with the following categories of recipients, strictly required for service delivery:

• Payment Processors: Stripe, PayPal, bank partners (transaction data only).
• Technical Infrastructure: Data center providers, CDN services, cloud platform hosts.
• Domain Registrars: For domain registration (WHOIS information as required by ICANN).
• Customer Support Tools: Helpdesk and chat platforms (ticket data).

All third-party processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance and data protection. We conduct due diligence before engaging any vendor.

We retain personal data only as long as necessary for the purposes outlined in this policy, plus any legal retention requirements:

• Account data: Retained while your account is active, plus 30 days after cancellation (grace period).
• Billing records: 7 years (tax and accounting obligations under Pakistani and international law).
• Log files: Retained for 6 months for security and fraud prevention.
• Support tickets: 3 years for service improvement and dispute resolution.

After retention periods expire, data is anonymized or securely deleted. You may request earlier deletion via privacy@naamx.net, subject to legal holds.

In compliance with GDPR and the ePrivacy Directive, we use cookies only with explicit consent for non-essential purposes:

• Strictly necessary cookies: Always active (login sessions, security, shopping cart).
• Analytics cookies: Only with your consent (Google Analytics anonymized).
• Functional cookies: Only with consent (preferences, language).

You can manage cookie preferences via our cookie banner or browser settings. Withdrawing consent does not affect lawful processing before withdrawal.

NaamX Solutions has appointed a Data Protection Officer to oversee GDPR compliance and act as a point of contact for supervisory authorities and data subjects.

Contact our DPO:
📧 dpo@naamx.net
📬 Office # 11, 2nd Floor Makkah Plaza, Sargodha Road, 50700, Gujrat, Punjab, Pakistan

For any GDPR-related concerns, including complaints about how your data is handled, please contact our DPO first. You also have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France).

NaamX Solutions
Office # 11 2nd Floor Makkah Plaza, Sargodha Road, 50700, Gujrat, Punjab, Pakistan

Privacy & GDPR inquiries: privacy@naamx.net (primary)
Data Protection Officer: dpo@naamx.net
Data breach reporting: security@naamx.net

NaamX Solutions may update this GDPR Policy from time to time to reflect changes in legal requirements, technology, or our business practices. Material changes will be communicated via:

• Email notification to registered users (30 days advance notice for significant changes)
• Updated "Last updated" date at the top of this policy
• Notice on our client area dashboard

By using NaamX Solutions services, you acknowledge that you have read, understood, and agree to this GDPR Policy. If you are subject to GDPR and do not agree, you must discontinue use of our services and request account deletion.