Home / GDPR

GDPR Compliance

Your rights under the General Data Protection Regulation

blossom-tern is committed to protecting and respecting your privacy in compliance with the EU General Data Protection Regulation (GDPR). This page outlines how we handle personal data of individuals in the European Economic Area (EEA) and the United Kingdom.

Data Controller

For the purposes of the GDPR, blossom-tern is the data controller responsible for your personal data. Our contact details are:

blossom-tern
Level 14, 225 George Street
Sydney NSW 2000
Australia
Email: [email protected]

Legal Bases for Processing

We process personal data under the following legal bases as defined by the GDPR:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
  • Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject
  • Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete data completed.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

International Data Transfers

As we are based in Australia, any personal data we collect from individuals in the EEA or UK will be transferred to Australia. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission where applicable.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws. When determining retention periods, we consider:

  • The nature and sensitivity of the data
  • The purposes for which we process the data
  • Applicable legal requirements
  • Our legitimate business interests

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Access controls and authentication procedures
  • Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with GDPR requirements.

Exercising Your Rights

To exercise any of your rights under the GDPR, please contact us at [email protected]. We will respond to your request within one month, although this may be extended by two further months where necessary, taking into account the complexity and number of requests.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Complaints

If you have concerns about our processing of your personal data, we encourage you to contact us first so we can try to resolve your concerns. However, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Updates to This Notice

We may update this GDPR notice from time to time. We will notify you of any significant changes by posting the new notice on this page and updating the effective date.

Effective Date: January 2024

We use cookies to enhance your experience on our website. By continuing to browse, you agree to our Cookies Policy.