We are committed to protecting your personal data and upholding your rights under the General Data Protection Regulation. This page explains how we comply and what you can expect from us.
Last updated: June 9, 2026
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018 across the European Union (EU) and European Economic Area (EEA). It also applies to organisations outside the EU that process the personal data of EU and UK residents.
GDPR replaces the 1995 EU Data Protection Directive and introduces stronger rules around how businesses collect, store, and use personal data — giving individuals greater control over their information.
Mitra Media Labs is fully committed to GDPR compliance. We collect only the minimum data necessary, process it lawfully, and give you clear control over your information at all times.
Mitra Media Labs acts as the Data Controller for personal data collected through our website and services. As the Data Controller, we determine the purposes and means of processing your personal data and are responsible for ensuring it is handled lawfully, fairly, and transparently.
Organisation: Mitra Media Labs
Address: 803, Silver Trade Center, Digital Valley, Mota Varachha, Surat, Gujarat 394101, India
Privacy Contact: hello@mimelabs.net
Website: www.mimelabs.net
Under GDPR Article 6, we must have a lawful basis for every processing activity. The table below sets out what we do, what data we use, and why we are legally permitted to do so.
| Processing Activity | Data Used | Lawful Basis |
|---|---|---|
| Respond to contact form enquiries | Name, email, phone, message | Legitimate interest / Contract |
| Send project proposals & follow-ups | Name, email | Consent / Legitimate interest |
| Website analytics & performance | Usage data, session recordings | Consent (analytics cookies) |
| Security & fraud prevention | IP address, usage patterns | Legitimate interest |
| Legal compliance & record-keeping | All applicable data | Legal obligation |
As a data subject, you have the following rights. These apply to EU/UK residents under GDPR and UK GDPR respectively. We will respond to all valid requests within 30 days.
Request a copy of the personal data we hold about you, free of charge.
Ask us to correct any inaccurate or incomplete personal data.
Request deletion of your personal data where no legal obligation requires us to retain it.
Ask us to pause the processing of your data while a dispute is resolved.
Receive your data in a structured, machine-readable format to transfer to another provider.
Object to processing based on our legitimate interests. We will stop unless we can demonstrate compelling grounds.
We only retain personal data for as long as necessary to fulfil the purpose it was collected for, or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form submissions | 12 months | Follow-up on business enquiries |
| Analytics data (Microsoft Clarity) | 13 months | Website performance analysis |
| Server logs (Firebase Hosting) | 30 days | Security monitoring & debugging |
We do not maintain a marketing database or mailing list. Once your enquiry is resolved, we have no ongoing reason to retain your data beyond the periods stated above.
Our website is hosted on Google Firebase with servers located in the United States. When personal data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
We use EmailJS to deliver contact form submissions to our team's inbox. EmailJS processes data in accordance with GDPR and maintains appropriate technical safeguards. Microsoft Clarity (analytics, with consent only) stores data in Microsoft Azure datacentres and is governed by Microsoft's Data Processing Agreement.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction:
To exercise any of your GDPR rights, please contact us at the details below. We will verify your identity and respond within 30 days of receiving your request.
Requests are free of charge. If your request is complex or you submit multiple requests, we may extend the response period by a further 60 days and will notify you accordingly.