GDPR Compliance
Last updated: January 2024
blazing-balance is committed to protecting your personal data and respecting your privacy rights. This page explains how we comply with the General Data Protection Regulation (GDPR) and outlines your rights under this regulation.
Our Commitment to Data Protection
Although blazing-balance is based in Australia, we recognise the importance of GDPR compliance for visitors from the European Economic Area (EEA). We have implemented measures to ensure that personal data from all visitors is handled with care and in accordance with applicable data protection laws.
Data Controller Information
For the purposes of data protection law, the data controller is:
blazing-balance
45 Harbour View Road
Brisbane, QLD 4000
Australia
Email: [email protected]
Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of receiving your request, unless the request is manifestly unfounded or excessive.
Right to Rectification
You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete data completed.
Right to Erasure
You have the right to request that we delete your personal data in certain circumstances, including when:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
Right to Object
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you. We do not currently engage in automated decision-making of this nature.
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose
- Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
- Legal Obligation: Where processing is necessary to comply with a legal obligation
- Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your rights
Data Transfers
As we are based in Australia, your data may be transferred outside the EEA. Australia has been recognised by the European Commission as providing an adequate level of data protection. We also implement appropriate safeguards for any other international transfers.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period varies depending on the type of data and the purposes for which it is used.
Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit and at rest where appropriate
- Access controls and authentication measures
- Regular security assessments
- Staff training on data protection
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly.
Exercising Your Rights
To exercise any of your rights under GDPR, please contact us using the details provided above. We may need to verify your identity before processing your request. We will respond to your request within one month, though this period may be extended by two further months for complex requests.
Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.
Changes to This Information
We may update this GDPR compliance information periodically. Any changes will be posted on this page with an updated revision date.
Contact Us
For any questions about GDPR compliance or to exercise your rights, please contact us at:
blazing-balance
45 Harbour View Road
Brisbane, QLD 4000
Australia
Email: [email protected]