GDPR Compliance Statement

This GDPR Compliance Statement explains how SiteReady24 ("we," "us," or "our") complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland.

1. Introduction

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to the processing of personal data of individuals who are in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims to give control to individuals over their personal data and to simplify the regulatory environment for international business.

At SiteReady24, we are committed to ensuring the protection and security of personal data we process in accordance with the GDPR and other applicable data protection laws.

2. Data Controller and Data Protection Officer

SiteReady24 acts as a data controller for the personal data we collect and process in the context of providing our website development services. This means we determine the purposes and means of processing personal data.

Our Data Protection Officer (DPO) can be contacted at:

Email: dpo@siteready24.com
Address: SCO 123, Sector 17, Chandigarh 160017, India

3. Legal Basis for Processing

Under the GDPR, we must have a valid legal basis for processing personal data. We rely on the following legal bases for processing personal data:

3.1 Consent

We process certain personal data based on your explicit consent, such as when you opt-in to receive marketing communications or when you provide preference information for website customization.

3.2 Contractual Necessity

We process personal data as necessary to fulfill our contractual obligations to you, such as when you register for an account, purchase our services, or use our website development platform.

3.3 Legitimate Interests

We process personal data based on our legitimate interests, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include:

• Improving and developing our services
• Ensuring the security of our services
• Marketing our services to existing customers
• Analyzing usage patterns to enhance user experience

3.4 Legal Obligation

We process personal data to comply with legal obligations to which we are subject.

4. Your Rights Under GDPR

The GDPR provides you with certain rights regarding your personal data. These rights include:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.

4.2 Right to Rectification

You have the right to request that we correct any incomplete or inaccurate personal data we hold about you.

4.3 Right to Erasure (Right to Be Forgotten)

You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it.

4.4 Right to Restrict Processing

You have the right to request that we suspend the processing of your personal data in certain scenarios.

4.5 Right to Data Portability

You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.

4.6 Right to Object

You have the right to object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

4.7 Rights Related to Automated Decision Making and Profiling

You have rights related to automated decision-making and profiling. Our website development process uses automated systems to process your requirements and generate website designs. However, these automated processes do not make decisions that have significant effects on you without human intervention.

5. How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@siteready24.com or write to us at SCO 123, Sector 17, Chandigarh 160017, India.

We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

6. Automated Website Development

Our Services utilize automated systems to streamline and expedite the website development process. These systems process the information you provide to generate website designs, layout, and functionality based on your requirements. This processing is necessary for the performance of our contract with you.

While automated technologies power our development process, the specific designs and functionality are determined based on the requirements you provide, and all websites are reviewed for quality and compliance with our standards before delivery. This automated processing is not intended to evaluate personal aspects of data subjects or to make decisions that have significant effects on you without human intervention.

7. International Data Transfers

We may transfer your personal data to countries outside the EEA, UK, or Switzerland. When we do so, we ensure a similar degree of protection is afforded to your personal data by implementing at least one of the following safeguards:

• Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
• Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses)
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, UK, or Switzerland.

8. Data Security

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include:

• Encryption of personal data where appropriate
• Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

9. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

10. Websites Created for Clients

When we create websites for our clients, we may process personal data on behalf of our clients as a data processor. In such cases, our clients are the data controllers, and the processing of personal data through those websites is subject to the client's privacy policy and GDPR compliance measures. We are not responsible for our clients' compliance with the GDPR for personal data processed through websites we create for them.

As a data processor, we:

• Process personal data only on documented instructions from the data controller (our client)
• Ensure that persons authorized to process personal data have committed themselves to confidentiality
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
• Assist the data controller in ensuring compliance with their obligations under the GDPR
• Delete or return all personal data to the data controller after the end of the provision of services relating to processing
• Make available to the data controller all information necessary to demonstrate compliance with the GDPR

11. Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time. If we make significant changes, we will notify you by email or by posting a notice on our website. Your continued use of our Services after any changes to this GDPR Compliance Statement constitutes acceptance of those changes.

12. Contact Us