GDPR Compliance

Last Updated: 1 January 2024

Our Commitment to GDPR

vale-serval is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). While we are based in Australia, we recognise that some of our website visitors may be located in the European Economic Area (EEA), and we are committed to providing appropriate protections for all users.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

vale-serval
42 Harbour View Road
Sydney, NSW 2000
Australia

Email: [email protected]

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of receiving your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will make the corrections within one month of your request.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. We do not currently use automated decision-making processes.

Legal Basis for Processing

We process personal data on the following legal bases as defined by GDPR:

• Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications.
• Contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights.

International Data Transfers

As we operate from Australia, personal data may be transferred to and processed in Australia. When transferring data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Other legally recognised transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods are determined based on:

• The nature of the data and the purposes for processing
• Statutory and regulatory requirements
• Industry guidelines and best practices
• Potential disputes or claims that may arise

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular testing and evaluation of security measures
• Staff training on data protection
• Access controls and authentication procedures
• Secure disposal of data when no longer needed

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected] with your request. We will respond to all legitimate requests within one month. In some cases, we may need to verify your identity before processing your request.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would typically be the data protection authority in your country of residence.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.