Hosting Data Protection Compliance FAQs
At Afrihost we care deeply about the security of the data you store on our servers, as well as the protection of your personal data you provide to us to manage your Afrihost account.
We support the new data protection law (POPIA) that have recently come into effect, as they raise the bar for data protection, security, and compliance in the industry.
The Protection of Personal Information Act (POPIA) is a new South African privacy law which became enforceable on 01 July 2021. It aims to strengthen the security and protection of personal data in South Africa.
The law determines how entities must process, protect and notify users regarding their personal data. This includes all aspects of collecting, storing, transferring or using that data.
“Personal data” as defined by data protection law is broad and includes:
- Direct personal information e.g. names and contact details, as well as
- Indirect identifiers such as email addresses and IP addresses.
Two main roles are identified in the legislation:
- The Controller (or responsible party) of Personal Data: the entity which determines why and how the data is processed.
- The Processor (or operator) of Personal Data: the entity which processes personal data on behalf of the controller.Examples of Processing are storage, recording, organisation or retrieval. In the context of different activities, Afrihost is both a Data Processor and a Data Controller.
Controller: We act as a data controller for the client information we collect from you when you order products and services from us. This personal data includes details such as names and contact information.
Processor: We act as the data processor and you are the controller of data that is uploaded to your hosting account or server, as we store this data on your behalf.
Your website may capture the personal information of your clients e.g. placing orders, email or newsletter subscriptions, processing payment or online bookings. You control this data and how it gets collected and used, and Afrihost processes this data by storing it on our servers.
Read our How to request the removal of your information via ClientZone article to find out more.
The “right to erasure” or “right to be forgotten” means that you have the right to update or have your personal information deleted when it is no longer needed, such as if you cancel your Afrihost services.
You can update any contact details via ClientZone. If you no longer have services with us and want to delete your entire Afrihost account, contact email@example.com.
Note that historic invoices, which contain name and contact details, can not be deleted for legal reasons.
- We have conducted an audit of business processes that deal with personal data of individuals and other subjects, including how we collect, process and store this data securely.
- We have received and implemented qualified legal advice from experts in the field of Privacy and Data Protection.
- We have audited our “Right to be Forgotten” process to ensure that clients leaving Afrihost can have their personal information deleted.