GDPR Compliance
Last Updated: [DATE]
Overview
Files Hub is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains your rights under GDPR and how we protect your information.
The GDPR applies to individuals in the European Union (EU) and European Economic Area (EEA). Even if you're outside these regions, we apply these same high standards of data protection to all our users.
Your GDPR Rights
Under GDPR, you have the following rights:
1. Right to be Informed
You have the right to know how we collect, use, and process your personal data.
How we comply: Our Privacy Policy clearly explains our data practices.
2. Right of Access
You have the right to access your personal data and information about how it's processed.
How to exercise:
- Log in to your account to view your personal information
- Request a data export by contacting us
- We will provide your data within 30 days
3. Right to Rectification
You have the right to correct inaccurate or incomplete personal data.
How to exercise:
- Update your information in account settings
- Contact us to correct any information you cannot edit yourself
- We will update your data within 30 days
4. Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data.
How to exercise:
- Use our data deletion or account deletion process
- We will delete your data within 30 days
- Some data may be retained for legal compliance (see below)
5. Right to Restrict Processing
You have the right to limit how we use your personal data in certain circumstances.
How to exercise:
- Contact us with your restriction request
- We will evaluate and implement appropriate restrictions
- We will inform you if we must refuse your request
6. Right to Data Portability
You have the right to receive your personal data in a structured, machine-readable format.
How to exercise:
- Request a data export through your account settings
- Download your files using our API or dashboard
- We provide data in JSON, CSV, or other standard formats
7. Right to Object
You have the right to object to certain types of data processing, including marketing.
How to exercise:
- Opt-out of marketing emails using the unsubscribe link
- Contact us to object to other processing activities
- We will stop processing unless we have compelling legitimate grounds
8. Rights Related to Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing.
Our practice: We do not make significant decisions based solely on automated processing without human involvement.
Lawful Basis for Processing
We process your personal data based on the following lawful grounds:
| Processing Activity | Lawful Basis |
|---|---|
| Providing file storage services | Contract performance |
| Account creation and management | Contract performance |
| Processing payments | Contract performance |
| Security and fraud prevention | Legitimate interest |
| Service improvements and analytics | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance (tax, accounting) | Legal obligation |
Data Protection Measures
We implement the following measures to protect your data:
Technical Measures
- Encryption in transit (HTTPS/TLS)
- Secure API authentication
- Regular security audits
- Access controls and logging
- Firewall and intrusion detection
Organizational Measures
- Staff training on data protection
- Data minimization practices
- Privacy by design approach
- Incident response procedures
- Regular policy reviews
Data Transfers
Your data may be transferred to and processed in countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for certain countries
- Additional security measures for data transfers
Data Retention
We retain your personal data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account data | While account is active |
| File data | Until deletion or account closure + 30 days |
| Transaction records | 7 years (legal requirement) |
| Security logs | 90 days |
| Marketing consent | Until withdrawn + 30 days |
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours
- We will notify affected individuals without undue delay
- We will provide information about the breach and remediation steps
- We will document all breaches and our response
How to Exercise Your Rights
To exercise any of your GDPR rights, contact us:
Email: aoneahsan@gmail.com
Phone: +923046619706
Subject Line: "GDPR Rights Request - Files Hub"
Please include in your request:
- Your full name and email address
- Which right you wish to exercise
- Any specific information or details
- Proof of identity (to prevent unauthorized access)
Response time: We will respond to your request within 30 days. If we need more time, we will inform you and explain why.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR. You can contact:
- The supervisory authority in your EU member state
- The supervisory authority where we are established
- The supervisory authority where an alleged infringement occurred
Find your local data protection authority: European Data Protection Board
Children's Data
We do not knowingly process personal data of children under 16 without parental consent, as required by GDPR. If we discover we have collected such data, we will delete it immediately.
Updates to This Policy
We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will notify you of significant changes.
Contact Information
For GDPR-related questions or concerns:
- Data Controller: Ahsan Mahmood
- Email: aoneahsan@gmail.com
- Phone: +923046619706