GDPR and Data Rights

For our own website, enquiries, sales, billing, and business administration, MegaDev Ltd operating the Doxelio Digital Agency brand is usually the controller.

For client websites, hosting, maintenance, security, automation, or analytics work, we may act as a processor or service provider where we handle personal data on the client's instructions.

Depending on the law that applies to you, you may have the right to request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or review of certain automated decisions.

• Send requests to privacy@doxelio.com.
• We may ask for identity verification and details needed to locate the data.
• If we process data only as a processor for a client, we may refer your request to that client.

• Contract: to provide services or respond before entering a contract.
• Legitimate interests: to secure websites, prevent abuse, improve services, and communicate with business contacts.
• Consent: for optional cookies, optional marketing, and specific permission-based processing.
• Legal obligation: for tax, accounting, lawful requests, and compliance duties.

If data moves outside the EEA, UK, Switzerland, or your local region, we aim to use appropriate safeguards such as data processing agreements, contractual clauses, adequacy decisions, vendor review, minimisation, encryption, and access control.

• Access controls and least-privilege account access.
• Reasonable encryption, password management, and secure communication practices.
• Backups, monitoring, logging, and incident review where applicable.
• Vendor selection based on reliability, security, and service need.

We prefer to resolve privacy concerns directly. You may also have the right to complain to your local data protection authority.