Meddela (Private) Limited ("Meddela", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at meddela.net, use our services, or interact with us in a business context.
Please read this policy carefully. By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
Meddela (Private) Limited is a CCM-specialist technology company registered in Pakistan. We provide Customer Communication Management (CCM) software, implementation services, and engineering teams to regulated industries including healthcare, insurance, and government, primarily in North America and other international markets.
Meddela is certified to ISO/IEC 27001:2022 by TÜV AUSTRIA (Certificate No. 20201250014094), demonstrating our commitment to information security management at the highest international standard.
2. Information We Collect
We collect information in the following ways:
2.1 Information You Provide Directly
- Contact and enquiry forms — name, work email address, company name, job title, and the content of your message when you submit a form on our website
- Demo requests — name, email, company, and details about your use case when you request a DocAsan demonstration
- Email correspondence — information contained in emails you send to us
- Career applications — CV, cover letter, contact details, and professional history when you apply for a position
- Newsletter subscriptions — email address when you subscribe to our Insights newsletter
2.2 Information Collected Automatically
- Usage data — pages visited, time spent, referring URLs, browser type, and device information collected via standard web server logs
- Cookies and similar technologies — session cookies necessary for website functionality. We do not use third-party advertising or tracking cookies
- IP address — collected as part of standard web server operation and used for security monitoring
2.3 Information from Business Relationships
- Client contacts — names, roles, and contact details of individuals at client organisations, collected in the course of providing services
- Partner contacts — professional contact information of individuals at partner and vendor organisations
3. How We Use Your Information
We use the information we collect for the following purposes:
- Responding to enquiries — to respond to contact form submissions, demo requests, and other direct communications
- Delivering services — to perform the professional services, implementation work, and software delivery we have been engaged to provide
- Improving our website — to understand how visitors use our website and to improve its content and functionality
- Marketing communications — to send newsletters, product updates, and relevant information where you have given consent or where we have a legitimate interest based on an existing business relationship
- Career recruitment — to process and evaluate job applications
- Legal obligations — to comply with applicable laws, regulations, and lawful requests from authorities
- Security — to protect our systems, detect fraud, and maintain the integrity of our information security management system in accordance with ISO/IEC 27001:2022
4. Legal Basis for Processing
Where applicable under data protection laws (including where we process personal data of individuals in the European Economic Area, United Kingdom, or other jurisdictions with similar frameworks), we rely on the following legal bases:
- Contractual necessity — where processing is necessary to perform a contract with you or take steps at your request before entering into a contract
- Legitimate interests — where processing is necessary for our legitimate business interests, such as responding to enquiries, improving our services, and maintaining business relationships, provided those interests are not overridden by your rights
- Consent — where you have given explicit consent, such as subscribing to our newsletter. You may withdraw consent at any time
- Legal obligation — where processing is required to comply with a legal obligation
5. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties. We may share information in the following limited circumstances:
- Service providers — trusted third-party providers who assist us in operating our website and delivering services (such as cloud hosting, email delivery, and CRM tools), subject to appropriate data processing agreements
- Professional advisors — lawyers, accountants, and other professional advisors where necessary for legal or compliance purposes
- Business transfers — in connection with a merger, acquisition, or sale of all or part of our business, where personal data may be transferred as a business asset
- Legal requirements — where required by law, court order, or regulatory authority
- With your consent — in any other circumstances where you have given explicit consent
6. International Data Transfers
Meddela is headquartered in Pakistan and primarily serves clients in North America and international markets. When we process or transfer personal data across borders, we take appropriate steps to ensure adequate protection in accordance with applicable data protection laws.
For clients and contacts in jurisdictions with specific transfer requirements (such as the EEA or UK), we implement appropriate safeguards including standard contractual clauses or other approved transfer mechanisms where required.
7. Data Retention
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods are determined based on the nature of the data and the purpose of processing:
- Enquiry and contact form data — retained for up to 2 years from the date of last contact
- Client and service delivery data — retained for the duration of the engagement plus 7 years for legal and audit purposes
- Job application data — retained for 12 months from the date of application if unsuccessful; longer if an employment relationship is established
- Newsletter subscribers — retained until you unsubscribe
- Website usage logs — retained for up to 12 months
8. Information Security
Meddela implements technical and organisational measures to protect personal information against unauthorised access, loss, alteration, or disclosure. These measures are consistent with our ISO/IEC 27001:2022 certification and include:
- Encryption of data in transit (TLS) and at rest
- Role-based access controls and the principle of least privilege
- Regular security assessments and vulnerability management
- Staff training on information security and data protection
- Incident response procedures and breach notification protocols
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected parties in the event of a breach involving your personal data, where required by law.
9. Cookies
Our website uses strictly necessary cookies to ensure basic functionality. We do not use cookies for advertising, behavioural tracking, or analytics that identify individual users.
You can control cookie settings through your browser. Disabling strictly necessary cookies may affect website functionality.
10. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
- Access — the right to request a copy of the personal information we hold about you
- Rectification — the right to request correction of inaccurate or incomplete information
- Erasure — the right to request deletion of your personal information in certain circumstances
- Restriction — the right to request that we restrict processing of your information in certain circumstances
- Portability — the right to receive your personal information in a structured, machine-readable format
- Objection — the right to object to processing based on legitimate interests or for direct marketing purposes
- Withdraw consent — where processing is based on consent, the right to withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days. We may need to verify your identity before processing your request.
11. Links to Third-Party Websites
Our website may contain links to third-party websites, including DocAsan's product site at docasan.lovable.app. This Privacy Policy applies only to meddela.net. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies before providing any personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last Updated" date at the top of this page will be revised accordingly. We encourage you to review this policy periodically. Where changes are material, we will make reasonable efforts to notify you.