GDPR Compliance

Last updated: January 2024

Our Commitment to GDPR

violet-root is committed to protecting the privacy and personal data of all individuals, including those located in the European Economic Area (EEA). Although we are an Australian company, we recognise the importance of the General Data Protection Regulation (GDPR) and apply its principles to our data handling practices.

Data Controller

For the purposes of data protection legislation, violet-root acts as the data controller for personal information collected through our website and services. Our contact details are:

violet-root
Level 12, Waterfront Place
1 Eagle Street
Brisbane QLD 4000, Australia
Email: [email protected]

Legal Basis for Processing

We process personal data on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for specific purposes
• Contract: Where processing is necessary for the performance of a rental agreement
• Legal Obligation: Where we need to comply with legal requirements
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or where we are processing based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.

International Data Transfers

As an Australian company, your data may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements when transferring data outside the EEA.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. The retention period depends on the nature of the data and our legal obligations. When data is no longer required, it is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These measures are regularly reviewed and updated to maintain security standards.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.

Changes to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.