GDPR Compliance

Our Commitment to Data Protection

grove-marmot is committed to protecting the personal data of all individuals who interact with our website and services. While we are an Australian-based company, we recognise the importance of the General Data Protection Regulation (GDPR) and extend equivalent protections to all users, regardless of location.

Data Controller Information

For the purposes of data protection, grove-marmot acts as the data controller for personal information collected through this website. Our contact details are:

grove-marmot
Suite 14, Level 3, 287 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you submit a contact form or sign up for communications, you consent to our processing of your data for those specific purposes.
• Contractual necessity: When you engage our services, processing is necessary for the performance of the contract between us.
• Legitimate interests: We may process data for our legitimate business interests, such as improving our services and website functionality, provided these interests do not override your rights.
• Legal obligation: We may process data when required by law, such as for tax or regulatory purposes.

Your Rights Under GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete personal data.
• Right to erasure: You can request deletion of your personal data in certain circumstances (the "right to be forgotten").
• Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
• Right to data portability: You can request your data in a structured, commonly used format for transfer to another controller.
• Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time.
• Right to lodge a complaint: You can lodge a complaint with a supervisory authority if you believe your rights have been violated.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month of receipt. In complex cases or where we receive numerous requests, this period may be extended by two further months, in which case we will inform you of the extension and the reasons for it.

We may need to verify your identity before processing your request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

International Data Transfers

As an Australian company, data you provide may be processed and stored in Australia. Australia has been assessed by the European Commission as providing an adequate level of data protection. Where data is transferred to other countries, we ensure appropriate safeguards are in place, such as standard contractual clauses.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods depend on:

• The nature of the data and the purposes for which it is processed
• Legal, regulatory, tax, and accounting requirements
• The period during which legal action may arise from our relationship

When personal data is no longer required, it is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Access controls limiting who can view personal data
• Regular review of data processing practices
• Staff training on data protection requirements

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights, we will also notify you directly.

Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

Updates to This Information

We may update this GDPR information from time to time. Significant changes will be communicated through our website or, where appropriate, by direct notification.

Contact and Complaints

If you have questions about how we handle your data or wish to exercise your rights, please contact us at [email protected].

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Australia, you can contact the Office of the Australian Information Commissioner (OAIC).