GDPR Compliance

Last Updated: June 16, 2024

This page provides information about how sprout-tapir complies with the General Data Protection Regulation (GDPR) for visitors and clients located in the European Union.

Data Controller

For the purposes of GDPR, sprout-tapir acts as the data controller for personal information collected through our website and business operations.

sprout-tapir
Level 3, 142 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities, such as receiving marketing communications
• Contractual Necessity: When processing is necessary to fulfill our contractual obligations for renovation services
• Legitimate Interests: When processing serves our legitimate business interests, such as improving our services and website functionality
• Legal Obligations: When processing is required to comply with applicable laws and regulations

Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have violated your data protection rights.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Duration of our business relationship with you
• Compliance with legal and regulatory requirements
• Resolution of disputes and enforcement of agreements

International Data Transfers

As we are based in Australia, personal data collected from EU residents may be transferred outside the European Economic Area. When such transfers occur, we ensure appropriate safeguards are in place to protect your personal data in accordance with GDPR requirements.

Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication procedures
• Regular security assessments and updates
• Staff training on data protection principles

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Exercising Your Rights

To exercise any of your GDPR rights or if you have questions about our data processing practices, please contact us at:

Email: [email protected]

We will respond to your request within one month, or sooner if required by law. In complex cases, we may extend this period by an additional two months and will notify you of any such extension.

Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised date.