Transparency and data subject rights
We follow GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.
Last updated: 2025-09-11
Our approach to GDPR
Lawful bases
We rely on legitimate interests to operate our services, contract performance for service delivery, and consent for certain communications.
Data subject rights
We support access, rectification, erasure, restriction, portability, and objection. Responses are provided without undue delay and typically within one month.
Data Processing Agreements and subprocessors
We execute DPAs with customers and maintain contracts with subprocessors that include confidentiality, security, and data protection obligations.
Data location and transfers
Where transfers occur outside the EEA/UK, we implement safeguards such as standard contractual clauses and layered access controls.
Retention
We retain personal data only as long as necessary for stated purposes or legal obligations, then delete or anonymize it securely.
Breach notification
We operate an incident response process that assesses reportability. We notify customers and regulators as required by law and by contract.
Security controls
Access management, encryption in transit, monitoring, secure development practices, and regular reviews of control effectiveness.
Contact for EU/UK residents
Email: [email protected] | Phone: +61 2 7205 9364. Please include your country and the nature of your request.
Make a GDPR request
Describe your request, include verification details, and we will guide you through the next steps. We may request additional information to confirm identity.
[email protected]
+61 2 7205 9364
See our Privacy Policy for more detail on processing activities.