Home About Services Contact

GDPR Compliance

Your data protection rights under the General Data Protection Regulation.

Last updated: January 2024

1. Introduction

Although BuckbridjxProAI is based in Australia, we are committed to protecting the privacy rights of all our users, including those in the European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) for our European visitors and customers.

2. Data Controller

BuckbridjxProAI acts as the data controller for the personal information we collect. Our contact details are:

BuckbridjxProAI
Level 12, 345 George Street
Sydney NSW 2000
Australia
Email: [email protected]

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.
  • Contract: Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests.

4. Your GDPR Rights

If you are located in the EEA, you have the following rights under GDPR:

Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information free of charge within one month of receiving your request.

Right to Rectification

You have the right to request that we correct any inaccurate personal information about you without undue delay.

Right to Erasure

You have the right to request that we delete your personal information in certain circumstances, including:

  • When the data is no longer necessary for the purpose it was collected
  • When you withdraw consent (if consent was the legal basis)
  • When you object to processing and there are no overriding legitimate grounds
  • When the data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or direct marketing at any time. We must stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently engage in such automated decision-making.

5. International Data Transfers

As an Australian company, any data transferred to us from the EEA will be transferred internationally. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Compliance with the Australian Privacy Principles, which the European Commission has recognised as providing adequate protection

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When determining retention periods, we consider:

  • The nature and sensitivity of the data
  • The purposes for which we process your data
  • Applicable legal requirements

7. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Notify affected individuals without undue delay if the breach is likely to result in high risk

9. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the details below. We will respond to your request within one month. This period may be extended by two further months where necessary, depending on the complexity and number of requests.

We may need to verify your identity before processing your request. If we cannot verify your identity, we may request additional information.

10. Complaints

If you are not satisfied with how we handle your request or believe we are not processing your data lawfully, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.

11. Contact Information

For all GDPR-related enquiries, please contact us:

Email: [email protected]
Address: Level 12, 345 George Street, Sydney NSW 2000, Australia

Please include "GDPR Request" in the subject line of any email communication.