GDPR Compliance

General Data Protection Regulation

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data in accordance with GDPR requirements.

Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal obligation: Processing is necessary to comply with legal requirements
• Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided these do not override your rights

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.

Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain circumstances.

Right to Data Portability

You have the right to request transfer of your personal data to another organization or directly to you in a commonly used, machine-readable format.

Right to Object

You have the right to object to processing of your personal data in certain situations, including processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have rights related to automated decision-making and profiling. We do not currently use automated decision-making processes that produce legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

You will not have to pay a fee to access your personal data or to exercise any other rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive, or excessive.

Data Protection Officer

For questions about how we process your personal data or to exercise your rights, you can contact our data protection team at:

Email: [email protected]
Address: 142 Henderson Street, Brisbane QLD 4000, Australia

Data Transfers

We primarily process data within Australia. If we transfer personal data outside Australia, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, typically within 72 hours of becoming aware of the breach.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC).

Changes to This Statement

We may update this GDPR compliance statement from time to time. Material changes will be communicated through our website with an updated revision date.