Hosting Data Protection Compliance FAQs

At Afrihost we care deeply about the security of the data you store on our servers, as well as the protection of your personal data you provide to us to manage your Afrihost account.

We support the new data protection law (POPIA) that have recently come into effect, as they raise the bar for data protection, security, and compliance in the industry.

The Protection of Personal Information Act (POPIA) is a new South African privacy law which became enforceable on 01 July 2021. It aims to strengthen the security and protection of personal data in South Africa.

The law determines how entities must process, protect and notify users regarding their personal data. This includes all aspects of collecting, storing, transferring or using that data.

“Personal data” as defined by data protection law is broad and includes:

• Direct personal information e.g. names and contact details, as well as
• Indirect identifiers such as email addresses and IP addresses.

Two main roles are identified in the legislation:

1. The Controller (or responsible party) of Personal Data: the entity which determines why and how the data is processed.
2. The Processor (or operator) of Personal Data: the entity which processes personal data on behalf of the controller after entering into a written contract between the Controller and Processor. Examples of Processing are storage, recording, organisation or retrieval. In the context of different activities, Afrihost is both a Data Processor and a Data Controller.

Controller: We act as a data controller for the client information we collect from you when you order products and services from us. This personal data includes details such as names and contact information.

Processor: Upon concluding a written contract to act as the Processor, we act as the data processor and you are the controller of data that is uploaded to your hosting account or server.

If your website captures the personal information of your clients e.g. placing orders, email or newsletter subscriptions, processing payment or online bookings, you must notify us and enter into a written contract for us to act as a Processor. If the contract is concluded, you will control this data and how it gets collected and used, and Afrihost will process the data by storing it on our servers.

The “right to erasure” or “right to be forgotten” means that you have the right to update or have your personal information deleted when it is no longer needed, such as if you cancel your Afrihost services.

You can update any contact details via ClientZone. If you no longer have services with us and want to delete your entire Afrihost account, contact support@afrihost.com.

Note that historic invoices, which contain name and contact details, can not be deleted for legal reasons.

• We have conducted an audit of business processes that deal with personal data of individuals and other subjects, including how we collect, process and store this data securely.
• We have received and implemented qualified legal advice from experts in the field of Privacy and Data Protection.
• We have updated our Privacy Policy.
• We have audited our “Right to be Forgotten” process to ensure that clients leaving Afrihost can have their personal information deleted.