GDPR Compliance

Information for European Union Residents

Overview

Although TasmanvordProTech is based in Australia, we are committed to complying with the General Data Protection Regulation (GDPR) for any visitors or users from the European Economic Area (EEA). This page outlines how we handle personal data in accordance with GDPR requirements.

Data Controller

TasmanvordProTech acts as the data controller for personal information collected through our website and services. Our contact details are:

TasmanvordProTech
Level 2, 45 Market Street
Fremantle WA 6160
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data on the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes.
  • Contract: Where processing is necessary for the performance of a contract with you (e.g., providing educational services).
  • Legitimate Interests: Where processing is necessary for our legitimate interests, provided these are not overridden by your rights and interests.
  • Legal Obligation: Where processing is necessary to comply with legal requirements.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You have the right to request correction of inaccurate personal data and to have incomplete data completed.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests, including for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. We do not engage in such automated decision-making.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. We will respond within one month of receiving your request. If your request is complex or we receive a high volume of requests, we may extend this period by two months, but we will inform you of any extension within the first month.

We may need to verify your identity before processing your request. If we cannot verify your identity, we may not be able to fulfil your request.

International Data Transfers

As we are based in Australia, any personal data you provide to us will be transferred to and stored in Australia. Australia is not subject to an EU adequacy decision; however, we implement appropriate safeguards to protect your data, including:

  • Using service providers who have implemented appropriate data protection measures
  • Implementing technical security measures to protect data during transfer and storage
  • Limiting access to personal data to authorised personnel only

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are based on:

  • The ongoing need for the data to provide services
  • Legal requirements to retain data
  • The need to resolve disputes or enforce agreements

When data is no longer needed, we securely delete or anonymise it.

Children's Data

Our services are designed for teenagers aged 13-18, with parental or guardian involvement in the enrolment process. We collect limited data about minor participants only with appropriate parental consent. Parents and guardians may exercise GDPR rights on behalf of their children.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay.

Complaints

If you believe that we have not complied with GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.

We would appreciate the opportunity to address your concerns directly, so please contact us first at [email protected].

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated effective date.