Your GDPR Rights

Last updated: February 7, 2026

1. Introduction

The General Data Protection Regulation (GDPR) provides individuals in the European Economic Area (EEA) with certain rights regarding their personal data. This page explains your rights and how to exercise them when using Mezami.

2. Data Controller

Mezami acts as the data controller for personal data collected through our platform. This means we determine the purposes and means of processing your personal data.

Contact details:

  • Email: privacy@mezamii.com
  • Website: https://mezamii.com

3. Your Rights Under GDPR

3.1 Right to Access (Article 15)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with information about:

  • The purposes of processing
  • The categories of data concerned
  • The recipients of your data
  • The retention period
  • The source of the data (if not collected directly from you)

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected without undue delay. You also have the right to have incomplete personal data completed.

3.3 Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request the deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • The data must be erased to comply with a legal obligation

3.4 Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data when:

  • You contest the accuracy of the data
  • The processing is unlawful and you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us.

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data at any time when processing is based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you, unless necessary for a contract, authorized by law, or based on explicit consent.

4. How to Exercise Your Rights

You can exercise your GDPR rights in the following ways:

4.1 Through Your Account

If you have a Mezami account, you can access and manage much of your personal data through your account settings:

  • View/Edit Profile: Update your personal information directly in Settings
  • Download Your Data: Request a copy of all your data from the Privacy settings page
  • Delete Your Account: Request permanent deletion of your account and data

4.2 By Contacting Us

You can also contact us directly to exercise any of your rights. Please provide sufficient information to verify your identity.

  • Email: privacy@mezamii.com
  • Subject line: "GDPR Request - [Type of Request]"

5. Response Time

We will respond to your request within one month of receipt. If your request is complex or we receive numerous requests, we may extend this period by up to two additional months. We will inform you of any extension within one month of receiving your request.

6. Legal Basis for Processing

We process your personal data based on the following legal bases:

  • Contract: Processing necessary to fulfill our contract with you (e.g., providing course access)
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, platform security)
  • Legal Obligation: Processing necessary to comply with legal requirements

7. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection (per EU adequacy decisions)
  • Other approved transfer mechanisms

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Factors we consider include:

  • The nature and sensitivity of the data
  • Our contractual obligations
  • Legal and regulatory requirements
  • Legitimate business purposes

9. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. You can do this in the EU member state where you:

  • Habitually reside
  • Work
  • Believe the infringement occurred

10. Updates to This Page

We may update this page from time to time. We will notify you of significant changes through email or a notice on our platform.

11. Related Policies

12. Contact Our Data Protection Officer

For GDPR-related inquiries, you can reach our data protection team at:

  • Email: dpo@mezamii.com
  • Address: Available upon request