Legal

GDPR Compliance

Last updated: May 2025

Overview

The General Data Protection Regulation (GDPR) is an EU data protection law that applies to organisations processing personal data of individuals located in the European Economic Area (EEA). Although Verixsoft Inc. is based in Pakistan, we respect and comply with GDPR principles when we process personal data of EU residents.

Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Contractual necessity — to deliver services agreed with a client.
  • Legitimate interests — to respond to enquiries, improve our website, and maintain business records.
  • Consent — for marketing communications and optional analytics cookies (consent can be withdrawn at any time).
  • Legal obligation — where required by applicable law.

Your Rights Under GDPR

If you are an EU/EEA resident, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — have inaccurate data corrected.
  • Erasure — request deletion of your data where we have no legal obligation to retain it.
  • Restriction — ask us to stop processing your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time where consent was the legal basis.

International Transfers

Personal data may be transferred outside the EEA when we work with cloud infrastructure providers (e.g., AWS, Vercel). We ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) where required — for all such transfers.

Data Retention

We retain personal data only for as long as necessary to fulfil the purpose it was collected for, or as required by law. Contact and project data is reviewed annually; data no longer required is securely deleted.

How to Exercise Your Rights

Submit a written request to contact@verixsoft.com with the subject line "GDPR Request". We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe your rights have not been respected.