GDPR compliance

Overview and commitment

We align our platform and practices with GDPR principles, emphasizing transparency, security, and data minimization. We provide documentation and controls to help customers meet their obligations.

Roles

We act as a processor when handling personal data on behalf of customers and as a controller for our own website and marketing operations.

Data Processing Addendum

A DPA with standard contractual clauses is available for customers and includes security measures and subprocessors references.

Subprocessors

We maintain a current list of subprocessors used for hosting, communications, and analytics. Customers are notified of material changes.

Lawful bases

We rely on contract, legitimate interests, consent (when required), and legal obligation depending on the processing activity.

Data subject rights and processes

DSAR handling: verify identity, assess scope, respond within statutory timelines
Minimization & pseudonymization: collect only necessary data; pseudonymize where feasible
Portability & erasure: export machine-readable data; erase on valid request
Retention: defined schedules with periodic reviews and secure disposal
Breach notification: assess incidents, notify controllers without undue delay, cooperate with authorities

Contact the DPO

Email: [email protected]

Postal address: Level 12, 345 George Street, Sydney NSW 2000, Australia

To raise a rights request, contact us via email with GDPR request in the subject.