GDPR Compliance

Last updated: January 2024

About GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organisations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA). Although falcon-myth is based in Australia, we are committed to protecting the privacy rights of all our website visitors and clients, including those from the EU and EEA.

Data Controller

For the purposes of applicable data protection laws, falcon-myth acts as the data controller for personal data collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact details:

falcon-myth
Level 4, 287 Collins Street
Melbourne VIC 3000
Australia

Email: [email protected]

Legal Basis for Processing

Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications.
• Contract: Where processing is necessary for the performance of a contract with you, such as providing renovation services you have requested.
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided your fundamental rights do not override those interests.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it.
• Right to Rectification: You have the right to request that we correct any inaccurate personal data we hold about you.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances, also known as the "right to be forgotten."
• Right to Restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.
• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by a further two months, but we will inform you of any extension and the reasons for it.

We may need to verify your identity before fulfilling your request. We will not charge a fee for responding to your request unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act on the request.

Data Transfers

As we are based in Australia, any personal data you provide to us may be transferred to and processed in Australia. Australia is not covered by an adequacy decision from the European Commission. However, we implement appropriate safeguards to ensure that your personal data is protected in accordance with GDPR requirements.

These safeguards may include:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules
• Your explicit consent to the transfer

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. The specific retention period depends on the type of data and the purpose of processing. When determining retention periods, we consider:

• The nature and sensitivity of the data
• The potential risk of harm from unauthorised use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• Applicable legal requirements

Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption, access controls, and regular security assessments.

Right to Lodge a Complaint

If you are located in the EU or EEA and believe that we have not complied with our obligations under GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Changes to This Notice

We may update this GDPR compliance notice from time to time. We will notify you of any material changes by posting the new notice on our website and updating the "Last updated" date.