Advertising Content Committed to Australia's sustainable future

GDPR Compliance

Our commitment to data protection

Introduction

Although mellow-heron is based in Australia, we are committed to protecting the privacy of all individuals, including those in the European Union and European Economic Area. This page outlines our approach to GDPR compliance for visitors from these regions.

The General Data Protection Regulation (GDPR) provides enhanced data protection rights to individuals in the EU/EEA. We respect these rights and have implemented measures to ensure compliance.

Data Controller

For the purposes of GDPR, mellow-heron acts as the data controller for personal information collected through this website. This means we determine the purposes and means of processing your personal data.

Contact details for data protection enquiries:
Email: [email protected]
Address: Level 4, 127 Kent Street, Sydney NSW 2000, Australia

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal bases we rely on include:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights do not override these interests.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation.

Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you, along with information about how we use it.

Right to Rectification

You have the right to request that we correct any inaccurate personal information or complete any incomplete information.

Right to Erasure

You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to the processing of your personal information where we are relying on legitimate interests as the legal basis.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

There is no fee for exercising your rights, although we may charge a reasonable fee if your request is clearly unfounded or excessive.

International Data Transfers

As we are based in Australia, any personal data you provide may be transferred to and processed in Australia. Australia has been recognised by the European Commission as providing an adequate level of data protection.

Where we transfer data to other countries, we ensure appropriate safeguards are in place to protect your information.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The specific retention period depends on the nature of the data and the purposes for which it was collected.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit using TLS
  • Access controls and authentication measures
  • Regular security assessments and updates
  • Staff training on data protection

Complaints

If you are not satisfied with how we handle your personal data or your request, you have the right to lodge a complaint with a supervisory authority. For EU/EEA residents, this would be the data protection authority in your country of residence.

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page.

Contact Us

For any questions or concerns about our GDPR compliance or data protection practices, please contact:

Email: [email protected]
Address: Level 4, 127 Kent Street, Sydney NSW 2000, Australia

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use this site, you consent to our use of cookies. Learn more