Our Commitment to GDPR
CanberavordProX is committed to complying with the General Data Protection Regulation (GDPR) for all visitors and users from the European Union (EU) and European Economic Area (EEA). This page outlines how we handle personal data in accordance with GDPR requirements.
Data Controller
For the purposes of the GDPR, CanberavordProX acts as the data controller for personal information collected through our website. Our contact details are:
CanberavordProXLevel 4, 127 Creek Street
Brisbane QLD 4000
Australia
Email: [email protected]
Legal Basis for Processing
We process personal data only when we have a lawful basis to do so. Depending on the circumstances, we rely on one or more of the following legal bases:
- Consent: You have given clear consent for us to process your personal data for a specific purpose.
- Contract: Processing is necessary for a contract we have with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary to comply with the law.
- Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests.
Your Rights Under GDPR
If you are a resident of the EU or EEA, you have the following data protection rights:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or incomplete.
Right to Erasure
You have the right to request that we delete your personal data, under certain conditions. This is also known as the "right to be forgotten."
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data, under certain conditions.
Rights Related to Automated Decision Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In certain circumstances, this period may be extended by two further months where necessary.
We may ask you to verify your identity before we can act on your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
International Data Transfers
As we are based in Australia, any personal data we collect may be transferred to and stored in Australia. When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place to protect your data, including:
- Standard Contractual Clauses approved by the European Commission
- Transfers to countries deemed adequate by the European Commission
- Other appropriate safeguards as permitted under GDPR
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. The specific retention period depends on:
- The nature of the data
- The purpose for which it was collected
- Legal and regulatory requirements
- Legitimate business needs
Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data where appropriate
- Regular security assessments
- Access controls and authentication measures
- Staff training on data protection
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.
Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. If you are in the EU or EEA, you can contact your local data protection authority.
Updates to This Policy
We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.
Contact Us
For any questions or concerns regarding GDPR or your personal data, please contact us at:
Email: [email protected]