Effective Date: June 2026
01 Who We Are
Rock Web Solutions PVT LTD is a web design, development, and digital marketing company registered in Sialkot, Punjab, Pakistan. We provide website design and development, website maintenance plans, SEO services, Google Ads management, and consulting services to clients in Pakistan and internationally.
For the purposes of this Privacy Policy, Rock Web Solutions PVT LTD is the data controller — meaning we determine how and why your personal data is processed.
| Company name | Rock Web Solutions PVT LTD |
| Registered city | Sialkot, Punjab, Pakistan |
| Website | rockweb.best |
| Contact email | care@rockweb.best |
| +92 309 3574223 (sales enquiries only) | |
| Client support | clients.rockweb.best |
02 What Information We Collect
We collect two categories of information: information you give us directly, and information collected automatically when you use our website or services.
2.1 Information You Provide Directly
| Contact details | Name, email address, phone number, WhatsApp number, company name, country — collected when you fill in a contact form, book a discovery call, or message us. |
| Account information | Username, email, and password when you register on our client portal. |
| Project information | Business details, website URLs, login credentials, brand assets, content, and any other information you provide as part of a project engagement. |
| Payment information | Billing details, payment method information. Note: we do not store card numbers directly. Payments are processed via third-party providers (Paddle, Lemon Squeezy, Payoneer, Wise, or bank transfer). |
| Communications | Emails, CRM portal messages, WhatsApp messages, call notes, and any other communications between you and our team. |
| Lead magnet opt-ins | Email address and name when you download a free resource, checklist, or subscribe to our newsletter. |
| Consultation details | Information shared during discovery calls, strategy sessions, or consulting engagements, including notes and recordings where consent has been given. |
2.2 Information Collected Automatically
| Usage data | Pages visited, time spent on pages, links clicked, referring website, and navigation patterns on rockweb.best. |
| Device data | IP address, browser type and version, operating system, screen size, and device type. |
| Cookie data | Data stored via cookies and similar tracking technologies. See Section 10 for full cookie details. |
| Analytics data | Aggregated and anonymised website performance data collected via Google Analytics or similar tools. |
| Form metadata | Time and date of form submissions, form completion data. |
2.3 Information from Third Parties
| Fiverr/Upwork | When you engage us via Fiverr/Upwork, Fiverr/Upwork shares your username, order details, and any messages sent through their platform. |
| Referral partners | If a partner refers you to us, we may receive your name and contact details from that partner. |
| Social media | If you contact us via LinkedIn, Instagram, X (Twitter), or Facebook, we receive the information you share through those platforms, subject to their own privacy policies. |
03 How We Collect Your Information
We collect your information through the following channels:
- Contact forms on rockweb.best
- Discovery call booking forms (Calendly or equivalent)
- Our client portal at rockweb.best/portal
- Email communications to care@rockweb.best
- WhatsApp messages to our business number
- Fiverr and other freelance platforms
- Social media direct messages and comments
- Lead magnet and newsletter opt-in forms
- Automatically via cookies and analytics tools when you visit our website
- Referrals from partners, accountants, or business coaches
- Video calls (Zoom, Google Meet) — notes and recordings where consent is given
04 Why We Collect Your Information (Legal Basis)
We collect and process your personal information on the following legal bases:
| Contract performance | We need your information to provide the services you have engaged us for — including building your website, managing your care plan, or running your ad campaigns. Without this information, we cannot deliver the services. |
| Legitimate interests | We process certain data — such as analytics and usage data — to improve our services, understand how our website is used, and run our business effectively. We do this only where our interests are not overridden by your rights. |
| Consent | Where you have opted in to receive our newsletter, free resources, or marketing communications, we process your data based on your consent. You may withdraw consent at any time. |
| Legal obligation | We may retain certain financial records and communications to comply with applicable laws, including Pakistani tax and commercial laws. |
| Vital interests | In rare circumstances we may process data where necessary to protect someone’s safety. |
05 How We Use Your Information
We use your information for the following purposes:
5.1 Service Delivery
- To deliver, manage, and improve the services you have engaged us for
- To communicate with you about your project, tasks, milestones, and deliverables
- To send invoices, payment reminders, and receipts
- To provide client portal access and support
- To onboard you as a new client and collect required project materials
5.2 Communication
- To respond to your enquiries, messages, and support requests
- To send project updates and progress reports
- To send care plan reports, SEO reports, and other agreed deliverables
- To send important service notifications, such as maintenance hold alerts or invoice reminders
5.3 Marketing (with consent)
- To send our newsletter and educational content to subscribers who have opted in
- To deliver free resources you have requested (e.g. Website Audit Checklist)
- To send promotional offers and service announcements to contacts who have consented
- To follow up on enquiries from prospective clients
5.4 Business Operations
- To maintain accurate business and financial records
- To comply with our legal and regulatory obligations
- To detect, investigate, and prevent fraud or misuse of our services
- To improve our services based on feedback and usage patterns
- To prepare anonymised case studies and portfolio entries (with client consent)
5.5 Website Analytics
- To understand how visitors use our website and which pages are most useful
- To identify and fix technical issues on our website
- To measure the effectiveness of our content and marketing
We do not sell, rent, or trade your personal information to any third party for their own marketing purposes. Ever.
06 Who We Share Your Information With
We share your information only where necessary and only with the following categories of recipients:
| Payment processors | Paddle, Lemon Squeezy, Payoneer, Wise, or other agreed payment platforms to process invoices and payments. These providers have their own privacy policies and are responsible for securing payment data. |
| Hosting & infrastructure | Where we manage hosting on your behalf, we share necessary access credentials with the hosting provider (e.g. SiteGround, Cloudways, DigitalOcean). These are used solely to deliver your service. |
| Project tools | We use tools including Perfex CRM, n8n, and similar project management and automation tools. Your project data may be stored within these platforms. All tools are selected for their data security standards. |
| Email & communication | Tools such as FluentCRM or similar for sending invoices, reports, and newsletters. Your email address is stored within these systems for communication purposes only. |
| Analytics providers | Google Analytics (and/or similar) collects anonymised usage data from our website. This data does not personally identify you in its collected form. |
| Professional advisors | Our accountants, legal advisors, or other professional service providers, where strictly necessary and under confidentiality obligations. |
| Legal authorities | Where required by Pakistani law, court order, or other legal obligation, we may disclose your information to regulatory or law enforcement bodies. |
| Business transfers | If Rock Web Solutions PVT LTD is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections. |
We do not share your information with any other third parties without your explicit written consent.
07 International Data Transfers
Rock Web Solutions PVT LTD is based in Pakistan. However, because we serve clients internationally and use cloud-based tools, your information may be transferred to, stored in, and processed in countries other than Pakistan — including the United States, European Union member states, the United Kingdom, and the UAE.
Where such transfers occur, we take steps to ensure your information is protected to a standard equivalent to or greater than that required by Pakistani law. This includes:
- Using third-party service providers who operate under recognised data protection frameworks (e.g. EU-US Data Privacy Framework, UK GDPR adequacy decisions)
- Ensuring data processing agreements are in place with all third-party processors where applicable
- Using encrypted connections (SSL/TLS) for all data transmission
For clients in the European Union or United Kingdom, we acknowledge that your data protection rights under the GDPR and UK GDPR apply to you regardless of where your data is processed, and we are committed to upholding those rights as set out in Section 11.
08 How Long We Keep Your Information
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:
| Active client data | Retained for the duration of the engagement and for 5 years after the last transaction, in accordance with Pakistani commercial and tax record-keeping requirements. |
| Financial records | Invoices, payment records, and financial correspondence retained for 7 years to comply with tax and accounting obligations. |
| Project files & assets | Retained for 1 year after project completion, after which files are deleted unless the client has purchased a care plan or ongoing service. |
| Marketing opt-in data | Retained until you unsubscribe. Upon unsubscribe, your data is removed from active marketing lists within 30 days. |
| Enquiry data (no project) | If an enquiry does not result in a project, contact data is retained for 12 months for follow-up purposes, then deleted. |
| Website analytics data | Anonymised analytics data retained for up to 26 months in line with Google Analytics default settings. |
| Call recordings | Retained for 3 months after the call, then permanently deleted, unless required as part of an active dispute. |
| Cookie data | As per individual cookie expiry periods — see Section 10. |
After the applicable retention period, personal data is securely deleted or anonymised. You may request early deletion of your data in accordance with your rights in Section 11.
09 How We Protect Your Information
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, destruction, or disclosure. These measures include:
- SSL/TLS encryption on all data transmissions between your browser and our website
- Secure, password-protected client portal with individual login credentials
- Access controls — your data is accessible only to team members who need it to deliver your services
- Use of reputable, security-audited third-party platforms for project management, invoicing, and communications
- Regular security updates and monitoring on all Company-managed systems
- No storage of card payment details on our own systems — all payments handled by PCI-compliant third-party processors
- Secure deletion of data upon expiry of retention periods
While we take all reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach that affects your personal information, in accordance with applicable law.
If you believe your account or data has been compromised, contact us immediately at care@rockweb.best or via the client portal.
10 Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your experience, analyse how the site is used, and support our marketing activities. This section explains what we use and how you can control it.
10.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to remember your preferences and understand how you interact with the site.
10.2 Types of Cookies We Use
| Essential cookies | Required for the website to function correctly. These cannot be disabled. They include session cookies, login authentication cookies, and security cookies. |
| Analytics cookies | Help us understand how visitors use our website — pages visited, time on site, and navigation paths. We use Google Analytics for this purpose. Data is aggregated and anonymised. |
| Preference cookies | Remember your settings and preferences, such as language or region, to improve your experience on return visits. |
| Marketing cookies | Used to track the effectiveness of our marketing campaigns and to show you relevant content. These are only placed with your consent. |
| Third-party cookies | Some pages embed content from third-party services (e.g. YouTube videos, social media buttons, Calendly booking widgets) which may set their own cookies. We do not control these cookies. |
10.3 Managing Cookies
You can control and manage cookies in several ways:
- Cookie consent banner: When you first visit our website, you will be presented with a cookie consent notice where you can accept or decline non-essential cookies
- Browser settings: You can set your browser to refuse or delete cookies. Instructions vary by browser — refer to your browser’s help documentation
- Google Analytics opt-out: You can install the Google Analytics Opt-out Browser Add-on to prevent data being sent to Google Analytics
Please note that disabling certain cookies may affect the functionality of our website and your experience on it.
11 Your Rights
Depending on your location and applicable data protection law, you may have some or all of the following rights regarding your personal information. We are committed to honouring these rights regardless of where you are based.
| Right to access | You have the right to request a copy of the personal information we hold about you. We will respond within 30 days. |
| Right to rectification | If your information is inaccurate or incomplete, you have the right to request that we correct it. |
| Right to erasure | You have the right to request deletion of your personal data, subject to our legal obligations to retain certain records (e.g. financial records). |
| Right to restrict processing | You have the right to ask us to pause processing of your data in certain circumstances, for example if you contest the accuracy of the data. |
| Right to data portability | Where processing is based on your consent or a contract, you have the right to receive your data in a structured, commonly used, machine-readable format. |
| Right to object | You have the right to object to processing based on our legitimate interests, including direct marketing. We will stop processing unless we have compelling legitimate grounds. |
| Right to withdraw consent | Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. |
| Right to complain | You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your data lawfully. |
To exercise any of these rights, contact us at care@rockweb.best with the subject line “Privacy Request — [Your Name]”. We will verify your identity before processing any request and respond within 30 calendar days.
We take privacy requests seriously and will always respond promptly and honestly. If we cannot fulfil a request in full, we will explain why.
12 Children’s Privacy
Our services are directed at businesses and adults aged 18 and over. We do not knowingly collect, use, or store personal information from children under the age of 18.
If we become aware that we have inadvertently collected personal information from a child under 18 without appropriate consent, we will take immediate steps to delete that information from our records.
If you believe we have collected information from a minor, please contact us immediately at care@rockweb.best.
13 Third-Party Links & Services
Our website and communications may contain links to third-party websites, tools, and services — including payment processors, booking tools, social media platforms, and partner websites. These third parties operate independently and have their own privacy policies.
We are not responsible for the privacy practices or content of any third-party website or service. We encourage you to review the privacy policy of any third-party site you visit.
Key third-party services we use and their privacy policies:
| Google Analytics | analytics.google.com/analytics — Google’s Privacy Policy: policies.google.com/privacy |
| Google Ads | ads.google.com — Google’s Privacy Policy: policies.google.com/privacy |
| Paddle | paddle.com — Paddle’s Privacy Policy: paddle.com/legal/privacy |
| Lemon Squeezy | lemonsqueezy.com — Privacy Policy: lemonsqueezy.com/privacy |
| Payoneer | payoneer.com — Privacy Policy: payoneer.com/legal/privacy-policy |
| Wise | wise.com — Privacy Policy: wise.com/gb/legal/privacy-policy |
| Fiverr | fiverr.com — Privacy Policy: fiverr.com/privacy-policy |
| Calendly | calendly.com — Privacy Policy: calendly.com/privacy |
| WhatsApp (Meta) | whatsapp.com — Meta Privacy Policy: privacycenter.fb.com/en-gb |
14 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:
- Update the “Effective Date” at the top of this policy
- Notify active clients via email or CRM portal notification with at least 14 days’ notice before significant changes take effect
- Post the updated policy on our website at rockweb.best/privacy-policy
Your continued use of our website or services after the effective date of any updated policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue use of our services and notify us in writing.
We encourage you to review this policy periodically. The current version is always available at rockweb.best/privacy-policy.
15 Contact Us
If you have any questions about this Privacy Policy, how we handle your data, or if you wish to exercise your rights, please contact us using the details below:
| care@rockweb.best — subject line: “Privacy Request — [Your Name]” | |
| Client portal | clients.rockweb.best/ — raise a support ticket for privacy-related matters |
| Website | rockweb.best |
| Company | Rock Web Solutions PVT LTD, Sialkot, Punjab, Pakistan |
| Response time | We will acknowledge your request within 5 working days and respond fully within 30 calendar days |
For clients in the European Union or United Kingdom who are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority:
- UK: Information Commissioner’s Office (ICO) — ico.org.uk
- EU: Your national Data Protection Authority — edpb.europa.eu/about-edpb/about-edpb/members_en