Feya LogoFeya

GDPR Compliance

Last Updated: May 8, 2024

Introduction

At Feya, we are committed to protecting the privacy and security of your personal data. This GDPR Compliance statement explains how we comply with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

Data Controller

For the purposes of the GDPR, Feya is the data controller of your personal data. This means that we determine the purposes and means of processing your personal data.

Our contact details are:

Name: Muneeb Akram
Email: manha.corporate.service@gmail.com
Location: Pakistan

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to request that we transfer your personal data to another organization or directly to you.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How We Process Your Data

We process your personal data in accordance with the principles set out in the GDPR:

  • Lawfulness, Fairness, and Transparency: We process your data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect your data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
  • Data Minimization: We collect and process only the personal data that is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure that your personal data is accurate and kept up to date.
  • Storage Limitation: We keep your personal data for no longer than is necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We process your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability: We are responsible for and can demonstrate compliance with the GDPR.

Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure that appropriate safeguards are in place to protect your data, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Adequacy decisions by the European Commission

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

Data Protection Impact Assessment

Where a type of processing, in particular using new technologies, is likely to result in a high risk to your rights and freedoms, we will, prior to the processing, carry out a Data Protection Impact Assessment (DPIA) to assess the impact of the envisaged processing operations on the protection of your personal data.

How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us at:

manha.corporate.service@gmail.com

We will respond to your request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Complaints

If you have a complaint about how we handle your personal data, please contact us at manha.corporate.service@gmail.com. We will investigate your complaint and respond to you as soon as possible.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.