Privacy Policy Page
Mela Privacy Policy
This privacy policy describes how Mela collects, uses, stores, and protects the personal data of its users, in accordance with the EU General Data Protection Regulation (GDPR) and Maltese law.
1. GDPR Compliance: Lawfulness, Fairness, and Transparency
Mela is committed to processing personal data **lawfully, fairly, and transparently**. Our Privacy Policy is designed to be clear and concise, avoiding legal jargon, and is easily accessible from the website footer and during the checkout process. We regularly update this policy to reflect any changes in our data processing practices or GDPR regulations.
We ensure that our technical infrastructure (e.g., user registration, payment processing, analytics) is built with data protection in mind. This includes **data minimization** (only collecting necessary data), robust security measures (encryption, access controls), and mechanisms for users to easily exercise their rights. Our Privacy Policy not only describes what Mela does with data but implicitly conveys our commitment to "Privacy by Design." This means the policy is backed by actual technical and organizational measures that ensure data protection is a core feature of the Mela platform, enhancing your trust and demonstrating our proactive compliance.
2. Data Collection: Types, Purposes, and Legal Basis
Our Privacy Policy clearly specifies the types of data we collect, such as names, email addresses, IP addresses, payment information, and shipping addresses. Mela's operations, including user accounts, seller zone, and delivery management, involve the collection of various data points.
The purposes of data collection are explained, including order processing, account management, transaction facilitation, customer service, marketing, platform improvement, and security. We also state the **lawful basis for each processing activity**:
- Consent: For marketing communications or non-essential cookies.
- Contractual Necessity: For order fulfillment, account creation, or service provision.
- Legal Obligation: For tax records or fraud prevention.
- Legitimate Interests: For platform security or analytics (with a balancing test).
**Data Minimization** is a key principle, ensuring that processing is "adequate, relevant and limited to what is necessary." The retention period for data for each purpose is also specified within our policy.
3. Obtaining and Managing User Consent (Explicit, Granular)
Your consent must be **explicit, informed, and unambiguous**. This means we do not use pre-ticked checkboxes; you must actively opt-in. The language used is clear and easy to understand, avoiding jargon. If data is collected for multiple purposes (e.g., marketing and analytics), granular consent is required for each. You also have the ability to withdraw your consent easily at any time.
4. User Rights: Access, Rectification, Erasure ("Right to be Forgotten"), Data Portability
GDPR grants extensive rights to data subjects (you, the user): access, rectification, erasure, and portability. Mela has implemented mechanisms for efficiently tracking and managing data access requests. We have robust internal processes and platform features to handle your requests related to your data rights. This includes secure authentication for access requests, efficient data retrieval and formatting, and a clear, auditable process for data erasure. Our Privacy Policy reflects Mela's operational capability to fulfill these rights.
Your specific rights include:
- Right to Access: You can request a copy of your personal data, typically within one month and free of charge.
- Right to Rectification: You can request correction of inaccurate data.
- Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data. Mela is committed to fulfilling this right, and our platform is designed to facilitate secure and timely data deletion upon request.
- Right to Data Portability: You can receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
- Right to Object: You can object to processing based on legitimate interests or for direct marketing.
- Right to Restriction of Processing: You can request restriction of processing under certain conditions.
5. Data Security Measures and Breach Notification
Mela implements "appropriate security of those data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage." Data security is a cornerstone of GDPR compliance, and we employ encryption, access controls, secure payment gateways, and intrusion detection systems to protect your information.
In the unlikely event of a data breach, Mela will notify the relevant supervisory authority (the Information and Data Protection Commissioner - IDPC in Malta) within 72 hours. Furthermore, we will inform affected customers without undue delay if the breach poses a high risk to their rights and freedoms.
6. Role of the Data Protection Officer (DPO)
Depending on the size and nature of our operations, the designation of a Data Protection Officer (DPO) may be a legal requirement for Mela. Our DPO is responsible for overseeing GDPR compliance and training staff. Additionally, the DPO is registered with the IDPC as required by law.
7. Key Table: Overview of Mela's Data Processing Activities
| Personal Data Category | Specific Data Points | Purpose of Processing | Legal Basis for Processing | Data Recipients (Third Parties) | Retention Period |
|---|---|---|---|---|---|
| Identity Data | Name, Surname, Username | Account creation and management, Identity verification | Contractual necessity, Legitimate interest | Authentication service providers | While account is active + X years (as per legal obligation/legitimate interest) |
| Contact Data | Email, Phone number, Postal address | Order management, Customer communication, Notifications | Contractual necessity, Consent | Shipping carriers, Email service providers | While account is active + X years (as per legal obligation/legitimate interest) |
| Financial Data | Payment card details, Bank account information | Payment processing, Refund management | Contractual necessity, Legal obligation | Payment processors (e.g., Shopify Payments), Banks | As per legal and financial requirements |
| Transaction Data | Order history, Purchase details, Product preferences | Order fulfillment, Customer service, Sales analytics | Contractual necessity, Legitimate interest | Sellers, Delivery personnel, Analytics providers | While account is active + X years (as per legal obligation/legitimate interest) |
| Technical & Usage Data | IP address, Device information, Browse data, Cookies | Platform security, User experience improvement, Analytics | Legitimate interest, Consent (for non-essential cookies) | Analytics providers, Security services | As per cookie policy and security requirements |
| Marketing Data | Marketing preferences, Campaign interactions | Sending marketing communications, Personalizing offers | Consent, Legitimate interest | Marketing platforms | Until consent is withdrawn or opt-out |
This policy aims to provide a clear understanding of Mela's data privacy practices and your rights as a user. If you have any questions about this policy or your data, please don't hesitate to contact us.
MELA APP MARKETPLACE – Malta’s Trusted Online Marketplace
Subscribe to our newsletter for regular updates about Offers, Coupons & more
Follow Us
Mobile Apps
