GDPR & Data Safety

Mellocity follows strict security and data-handling practices for every European engagement — PSEB-registered and fully aligned with EU GDPR requirements.

Contact Us

1. Our GDPR Commitment

Mellocity is a software development agency registered with the Pakistan Software Export Board (PSEB). We operate in full alignment with EU GDPR requirements for all European client engagements.

  • We sign Standard Contractual Clauses (EU SCCs 2021) with every European client or partner that engages us on a project basis.
  • We execute Data Processing Agreements (DPAs) with all European partners, clearly defining our role as a data processor.
  • Contact form submissions are only processed after obtaining explicit consent (GDPR Art. 6(1)(a)).

2. Our Security Practices

Secure Staging Environments

Our team uses strictly anonymised dummy data for all testing. Real production databases are never downloaded or stored on local machines.

Full-Disk Encryption & 2FA

All Mellocity developer workstations use full-disk encryption (BitLocker/FileVault) and mandatory two-factor authentication for all cloud repositories.

Access Controls

Access to personal or client data is strictly limited to authorised team members on a need-to-know basis. Role-based access is enforced.

HTTPS & Transport Encryption

All pages on this site are served over HTTPS with a valid SSL certificate. Form data is transmitted only over encrypted connections.

CSRF Protection

All contact form submissions are protected with WordPress nonces (CSRF tokens) to prevent cross-site request forgery attacks.

Minimal Data Collection

We collect only the data strictly necessary to respond to enquiries. No analytics or marketing scripts fire without your explicit consent.

3. International Data Transfers

Where EU/EEA personal data is shared with Mellocity, we rely on the following safeguards:

Standard Contractual Clauses (SCCs)

We use the 2021 EU SCCs for all data transfers from European clients, providing a legally binding framework approved by the European Commission.

Data Processing Agreements (DPAs)

Every European project engagement is covered by a signed DPA, clearly defining the roles, responsibilities, and obligations of both parties.

Explicit Consent

Website visitors in the EU/EEA explicitly consent to data transfer to Pakistan before submitting any personal data through our contact form.

4. Your Data Rights

As an EU/EEA or UK data subject, you have the following rights over any personal data we hold about you:

Access (Art. 15)

Request a copy of all personal data we hold about you.

Rectification (Art. 16)

Ask us to correct inaccurate or incomplete data.

Erasure (Art. 17)

Request deletion of your data where no legal basis remains.

Restrict Processing (Art. 18)

Ask us to limit how we use your data during a dispute.

Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Object (Art. 21)

Object to processing based on legitimate interest.

Withdraw Consent (Art. 7(3))

Withdraw consent at any time, without affecting prior processing.

Lodge a Complaint

File a complaint with your national DPA (e.g. ICO, UODO).

To exercise any right, email us at [email protected]. We respond within 30 days. All requests are free of charge.

5. Full Privacy Policy

For complete details on what data we collect, how we use it, and all applicable legal bases, please read our full Privacy Policy.

Read Privacy Policy Email Us