Back to Home

GDPR Compliance

Last Updated: 22nd December 2025

AhmadAI is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains how we meet our obligations under GDPR and how you can exercise your data protection rights.

1. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: Processing necessary to fulfill our services agreement
  • Consent: Where you have given explicit consent (e.g., marketing)
  • Legitimate Interest: For fraud prevention, security, and service improvement
  • Legal Obligation: To comply with legal requirements

2. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Article 18): Limit how we process your data
  • Right to Data Portability (Article 20): Receive your data in a portable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making (Article 22): Not be subject to solely automated decisions

3. Exercising Your Rights

To exercise your GDPR rights:

  • 1.Email gdpr@ahmadai.ai with your request
  • 2.Provide sufficient information to verify your identity
  • 3.Specify which right(s) you wish to exercise
  • 4.We will respond within 30 days (extendable by 60 days for complex requests)

There is no fee for most requests, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

4. Data Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption of personal data at rest and in transit
  • Pseudonymization where appropriate
  • Regular security testing and vulnerability assessments
  • Access controls and authentication mechanisms
  • Incident response and recovery procedures

5. International Transfers

When we transfer personal data outside the EEA, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable
  • Supplementary measures as required by Schrems II

6. Data Processing Agreements

When we act as a data processor, we:

  • Enter into Data Processing Agreements (DPAs) with all customers
  • Process data only on documented customer instructions
  • Ensure confidentiality of processing personnel
  • Assist with data subject requests and security obligations

7. Data Breach Notification

In the event of a personal data breach:

  • We notify relevant supervisory authorities within 72 hours
  • Affected individuals are notified when there is high risk to their rights
  • Documentation of all breaches is maintained
  • Remediation measures are implemented promptly

8. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for:

  • Monitoring GDPR compliance
  • Advising on data protection matters
  • Cooperating with supervisory authorities
  • Handling data subject inquiries

9. Policy Updates

We regularly review and update our GDPR compliance practices. Any significant changes will be communicated to affected individuals.

10. Contact Us

For GDPR-related inquiries or to exercise your rights:

gdpr@ahmadai.ai

You also have the right to lodge a complaint with a supervisory authority in your country of residence.