Your data protection rights under the General Data Protection Regulation
Last updated: January 2024
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organisations collect, process, and store personal data of individuals within the European Union and European Economic Area. Although velvet-kestrel is based in Australia, we are committed to protecting the privacy of all our website visitors and customers, including those from the EU/EEA.
For the purposes of data protection legislation, velvet-kestrel is the data controller for personal information collected through this website. Our contact details are:
velvet-kestrel
142 Greenwood Avenue
Richmond VIC 3121
Australia
Email: [email protected]
We process personal data based on one or more of the following legal grounds:
If you are located in the EU/EEA, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
You have the right to request that we correct any personal data that is inaccurate or incomplete.
You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purpose for which it was collected or if you withdraw your consent.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing of it.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. In certain circumstances, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.
We may need to verify your identity before processing your request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.
As we are based in Australia, any personal data you provide may be transferred to and stored in Australia. Australia has been recognised by the European Commission as providing an adequate level of protection for personal data. Where data is transferred to other countries outside the EU/EEA, we ensure appropriate safeguards are in place to protect your personal data.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements. The retention period may vary depending on the context of the data and our obligations.
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include encryption, access controls, and regular security assessments.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Australia, you may contact the Office of the Australian Information Commissioner. If you are in the EU/EEA, you may contact your local data protection authority.
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.