Back to home
Legal Document

GDPR Compliance

Last updated: January 15, 2026 · Effective: January 15, 2026

Onyx Media is committed to full compliance with the General Data Protection Regulation (GDPR) — EU Regulation 2016/679. This page explains our obligations under GDPR, your rights as a data subject, and the technical and organizational measures we have implemented to protect your personal data. We treat GDPR not as a checkbox, but as a foundation for how we do business.

Data Controller

Organization
Onyx Media
Country
India
Email
onyxmediaforyou@gmail.com
Response Time
Within 30 days of request
Lawful Basis for Processing

Why We Process Your Data

Contract

Processing necessary to perform a contract with you (e.g., delivering project work).

Consent

Processing where you have given explicit, freely-given, informed consent (e.g., newsletter subscription).

Legitimate Interest

Processing for our legitimate business interests that do not override your rights (e.g., fraud prevention, website security).

Legal Obligation

Processing required by law (e.g., retaining financial records for regulatory compliance).

Data Subject Rights

Your Rights Under GDPR

Right to Access

Art. 15

You have the right to obtain confirmation of whether we process your personal data, and if so, to receive a copy of that data along with supplementary information about how and why it is processed.

Email us with subject line "GDPR Access Request" and we will respond within 30 days.

Right to Rectification

Art. 16

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay.

Contact us with the specific data to be corrected and the accurate replacement information.

Right to Erasure

Art. 17

Also known as the "right to be forgotten." Under certain conditions, you have the right to request deletion of your personal data — for example, if the data is no longer necessary for the purpose it was collected.

Submit a deletion request via email. We will process it within 30 days and confirm completion.

Right to Restrict Processing

Art. 18

You may request that we restrict the processing of your data — for example, while a rectification or objection request is under review. Restricted data may still be stored but not processed.

Contact us specifying what data and processing activities should be restricted.

Right to Data Portability

Art. 20

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Request your data export and we will provide it in JSON or CSV format within 30 days.

Right to Object

Art. 21

You have the right to object to processing of your personal data for direct marketing purposes or processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.

Contact us with your objection. Processing will cease immediately for marketing purposes.

Technical & Organizational Measures

How We Protect Your Data

End-to-End Encryption

All data transmission uses TLS 1.3. Data at rest is encrypted with AES-256.

Data Minimization

We collect only what is strictly necessary for the stated purpose. No excessive data collection.

Access Controls

Role-based access with MFA. Regular permission audits. Immediate revocation on role change.

Regular Audits

Quarterly security reviews and annual comprehensive data protection impact assessments.

Incident Response

72-hour breach notification to affected parties and supervisory authority as required by GDPR Art. 33.

Data Processing Agreements

All third-party processors are bound by GDPR-compliant DPAs before receiving any personal data.

International Data Transfers

Onyx Media is based in India. When we process data of individuals located in the European Economic Area (EEA), we ensure appropriate safeguards are in place. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission when transferring personal data outside the EEA.

All our third-party processors that handle EEA personal data are either located in countries with an EU adequacy decision or are bound by SCCs. We maintain a complete register of all data transfers and safeguards, available upon request.

Need a Data Processing Agreement?

If your organization requires a formal DPA before engaging our services, we are happy to provide and sign one. Contact us to receive our standard DPA template.

Request DPA

Exercise Your Rights or File a Complaint

To exercise any GDPR right or raise a data protection concern, contact us. You also have the right to lodge a complaint with your national supervisory authority.

onyxmediaforyou@gmail.comIndia