GDPR Compliance
Aquila ICT Solution is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains your rights and how we handle your personal data.
Your Data Rights
Right to Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
You can request limitation of how we process your data.
Right to Data Portability
You can request your data in a machine-readable format.
Right to Object
You can object to processing based on legitimate interests or direct marketing.
Our Commitment to GDPR
As a technology company serving clients globally, Aquila ICT Solution takes data protection seriously. We have implemented comprehensive measures to ensure GDPR compliance:
- Appointed a Data Protection Officer (DPO)
- Conducted data protection impact assessments
- Implemented privacy by design principles
- Established data breach notification procedures
- Trained all employees on data protection
- Reviewed and updated all data processing activities
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so:
Consent
When you explicitly agree to data processing (e.g., newsletter signup)
Contract
When processing is necessary to fulfill a contract with you
Legal Obligation
When we are legally required to process data
Legitimate Interest
When we have a legitimate business interest that does not override your rights
Data Protection Measures
We implement robust technical and organizational measures to protect your data:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with principle of least privilege
- Monitoring: 24/7 security monitoring and intrusion detection
- Regular Audits: Annual third-party security audits
- Employee Training: Mandatory security and privacy training
- Incident Response: Documented breach response procedures
Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) and supplementary measures where necessary. We do not transfer data to countries without adequate data protection unless appropriate safeguards are implemented.
Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Account Information | Duration of account + 2 years |
| Transaction Records | 7 years (legal requirement) |
| Support Communications | 3 years after resolution |
| Marketing Preferences | Until consent withdrawn |
| Analytics Data | 26 months (anonymized) |
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
Exercising Your Rights
To exercise any of your data protection rights, please contact our Data Protection Officer:
Data Protection Officer
We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days, in which case we will inform you.
Complaints
If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. For EU residents, this is typically the data protection authority in your country of residence. We encourage you to contact us first so we can address your concerns directly.
Have Questions About Your Data?
Our Data Protection Officer is here to help you understand and exercise your rights.
Contact DPO