1. Introduction

VEQTOR Africa is based in South Africa, but may offer products and services to customers in multiple jurisdictions. Where VEQTOR Africa offers goods or services to individuals in the European Union, European Economic Area, or the United Kingdom, or otherwise carries out processing activities that fall within the territorial scope of the EU GDPR or UK GDPR, VEQTOR Africa aims to process personal data in a manner consistent with those legal requirements.

This notice should be read together with VEQTOR Africa’s Privacy Policy, POPIA Statement, Terms and Conditions, Acceptable Use Policy, Security Statement, and any service-specific terms or data-processing documents that apply to the relevant service.

2. What This Notice Covers

This page explains, at a high level:

• when VEQTOR Africa may process personal data subject to the EU GDPR or UK GDPR;
• the roles VEQTOR Africa may play as a controller or processor;
• the categories of personal data we may process;
• the lawful bases we may rely on;
• how international transfers may occur;
• the rights that individuals may have under applicable data-protection law; and
• how to contact VEQTOR Africa about GDPR-related matters.

3. Territorial Scope

The EU GDPR may apply to organisations outside the EU where they offer goods or services to individuals in the EU or monitor their behaviour within the EU. The UK GDPR may apply similarly in relation to individuals in the United Kingdom.

VEQTOR Africa does not claim that every single processing activity automatically falls within these laws. Applicability depends on the facts, the service being provided, the persons affected, and the specific processing activity in question.

4. Controller and Processor Roles

Depending on the context, VEQTOR Africa may act as:

• a controller when deciding why and how personal data is processed for its own business purposes, such as account creation, billing, customer communications, fraud prevention, security operations, support, and service administration; or
• a processor when providing hosting, infrastructure, email, domain, cloud, backup, VPS, dedicated or related services on behalf of a customer that determines the purposes and means of processing.

Where VEQTOR Africa acts as a processor, the customer may remain responsible for ensuring that its own use of the services and processing of personal data is lawful.

5. Categories of Personal Data

Depending on the service and the relationship, VEQTOR Africa may process categories of personal data such as:

• identity and contact information, including names, email addresses, phone numbers and addresses;
• account and billing information;
• company and registrant details where services are ordered for a business or domain registration;
• technical data, including IP addresses, access logs, device and browser information;
• support communications, ticket history and service records;
• payment-related metadata and transaction references;
• security, abuse-prevention and fraud-prevention records;
• data stored, transmitted or processed through services where VEQTOR Africa acts as a processor.

6. Lawful Bases for Processing

Where the EU GDPR or UK GDPR applies, VEQTOR Africa may rely on one or more lawful bases for processing, depending on the circumstances. These may include:

• contract, where processing is necessary to take steps before entering into a contract or to perform a contract;
• legal obligation, where processing is necessary to comply with legal or regulatory duties;
• legitimate interests, where processing is reasonably necessary for VEQTOR Africa’s legitimate business, security, fraud-prevention, service-delivery or administrative interests, provided such interests are not overridden by the rights and freedoms of the individual;
• consent, where consent is required or appropriately relied upon;
• vital interests, where necessary in rare cases to protect life or physical safety;
• legal claims, where processing is necessary to establish, exercise or defend legal rights.

7. Why VEQTOR Africa Processes Personal Data

VEQTOR Africa may process personal data for purposes including:

• account registration and customer onboarding;
• service provisioning, domain management and technical operations;
• billing, invoicing, renewals, refunds and payment administration;
• support, customer communications and incident handling;
• fraud prevention, abuse mitigation, network security and access control;
• service monitoring, troubleshooting and platform improvement;
• compliance with legal, contractual and regulatory obligations;
• backup, disaster recovery and continuity operations;
• dispute handling, evidence preservation and legal enforcement;
• marketing or promotional communications where lawfully permitted.

8. Special Category Data and Sensitive Data

VEQTOR Africa does not ordinarily seek to collect or process special category personal data for its standard hosting and infrastructure services unless such processing is necessary, instructed by a customer in a lawful processor relationship, or otherwise justified under applicable law.

Customers should avoid uploading or transmitting special category personal data through VEQTOR Africa services unless they have a lawful basis and have implemented suitable safeguards. Where VEQTOR Africa acts as a processor, the customer remains responsible for the lawfulness of its instructions and data use.

9. Data Sharing

VEQTOR Africa may share personal data with third parties where reasonably necessary to provide services or where required by law. This may include sharing with:

• payment processors and payment gateways;
• domain registries, registrars and registry operators;
• datacentre, cloud, backup, security and software providers;
• communications, ticketing, monitoring and fraud-prevention providers;
• professional advisers, auditors, insurers and recovery agents where appropriate;
• courts, regulators, law enforcement or competent authorities where required.

VEQTOR Africa aims to ensure that service providers acting on its behalf are subject to appropriate confidentiality and data-protection obligations consistent with the nature of the service and the applicable legal context.

10. International Transfers

VEQTOR Africa operates from South Africa and may use infrastructure, suppliers, support tools, registries, cloud services, payment systems and technical partners located in different jurisdictions. As a result, personal data may be transferred internationally.

Where the EU GDPR or UK GDPR applies, VEQTOR Africa aims to ensure that international transfers take place on an appropriate legal basis and with suitable safeguards where required. Depending on the circumstances, these safeguards may include adequacy decisions, contractual protections, processor terms, or another lawful transfer mechanism recognised under the applicable law.

11. Retention

VEQTOR Africa retains personal data only for as long as reasonably necessary for the relevant purpose, for as long as required by law, as long as contractually necessary, or as long as justified by legitimate operational, accounting, tax, fraud-prevention, evidentiary, backup, dispute or security interests.

When data is no longer required, VEQTOR Africa will take reasonable steps to delete, destroy, anonymise or de-identify it, subject to technical, legal and backup limitations.

12. Security Measures

VEQTOR Africa applies reasonable technical and organisational measures intended to protect personal data against unauthorised access, misuse, accidental loss, unlawful destruction, disclosure or compromise. These may include access controls, firewalling, monitoring, encryption in transit where appropriate, credential restrictions, malware protection, logging, abuse mitigation and supplier security controls.

No system is perfect. VEQTOR Africa therefore cannot guarantee that a security incident will never occur, but it does take reasonable steps to reduce risk and respond where an incident arises.

13. Data Subject Rights

Where the EU GDPR or UK GDPR applies, individuals may have rights including:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure in certain circumstances;
• the right to restrict processing in certain circumstances;
• the right to data portability where legally applicable;
• the right to object to certain processing, including some processing based on legitimate interests or direct marketing;
• rights relating to automated decision-making and profiling, where applicable.

These rights are not absolute and may be limited by law, technical necessity, security requirements, competing rights, contract requirements, or VEQTOR Africa’s lawful grounds to continue processing.

14. Exercising Rights

Individuals who wish to exercise applicable data-protection rights may contact VEQTOR Africa using the contact details below. VEQTOR Africa may require reasonable proof of identity and enough information to locate the relevant records before acting on a request.

Where VEQTOR Africa acts purely as a processor on behalf of a customer, it may direct the request to the relevant customer or ask that the request be submitted to the customer as controller, unless VEQTOR Africa is legally required to act otherwise.

15. Complaints

If an individual believes that VEQTOR Africa has processed personal data unlawfully or has not responded properly to a data-protection concern, that individual may contact VEQTOR Africa first so that the matter can be reviewed. Where applicable, individuals may also have the right to complain to a competent supervisory authority or regulator in the EU or UK.

16. Data Protection Representative

Under certain circumstances, a non-EU or non-UK organisation that falls within the scope of the EU GDPR or UK GDPR may be required to appoint a representative in the EU or UK. Whether such an appointment is legally required depends on the nature, scale and risk profile of the processing activity and the applicable law.

VEQTOR Africa may appoint such a representative where legally required or commercially appropriate. If appointed, those details may be published here or in a related notice.

17. Relationship with Other Policies

This notice is not a substitute for VEQTOR Africa’s wider legal and privacy documentation. It should be read together with:

• Privacy Policy;
• POPIA Statement;
• Terms and Conditions;
• Security Statement;
• Acceptable Use Policy;
• any Data Processing Addendum or service-specific terms where applicable.

18. Changes to this Notice

VEQTOR Africa may amend or update this GDPR and UK GDPR Notice from time to time. The updated version may be published on the VEQTOR Africa website, client area or another official channel. Continued use of VEQTOR Africa services after the revised version takes effect may constitute acceptance of the updated notice where permitted by law.

19. Contact Details

If you have any GDPR or UK GDPR-related questions, data-rights requests, privacy concerns, or compliance enquiries, you may contact VEQTOR Africa using the official channels below.

Email: privacy@veqtor.africa
Info: info@veqtor.africa
Website: https://veqtor.africa