GDPR Compliance

Our Commitment to GDPR

blossom-raven is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding this program to meet the requirements of the General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data.

Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose
• Contract: Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• Legal Obligation: Where processing is necessary for us to comply with the law
• Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests

Your Rights Under GDPR

Under the GDPR, you have several rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

Data Protection Officer

Although not required by law for our organisation size and type of processing, we have appointed a data protection lead who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details below.

International Data Transfers

We are based in Australia and primarily serve Australian customers. However, if we transfer personal data outside of Australia or the EU/EEA, we will ensure appropriate safeguards are in place to protect your personal data in accordance with this privacy policy and applicable data protection laws.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay.

Exercising Your Rights

If you wish to exercise any of the rights set out above, please contact us at:

blossom-raven
47 Harbour Street
Sydney NSW 2000
Australia
[email protected]

We will respond to your request within one month of receipt. We may need to verify your identity before processing your request.