GDPR Compliance Statement

Our Commitment to GDPR

Crystal Pebble is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area (EEA), even though we are based in Australia.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you voluntarily provide information through forms or communications
• Contractual necessity: To perform services you have requested
• Legitimate interests: To improve our services and communicate relevant business information
• Legal obligation: To comply with applicable laws and regulations

Your GDPR Rights

If you are located in the EEA, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format.

Right to Object

You can object to processing of your personal data based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EEA.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection practices
• Incident response and breach notification procedures

International Data Transfers

As we are based in Australia, personal data from the EEA may be transferred to and processed in Australia. We ensure appropriate safeguards are in place for such transfers.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods depend on the type of data and the purpose of processing.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Third-Party Processors

We work with carefully selected third-party service providers who process personal data on our behalf. We ensure these processors comply with GDPR requirements through contractual agreements.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. The updated version will be indicated by the "Last Updated" date.

Contact Information

For questions about our GDPR compliance or to exercise your rights, please contact:

Email: [email protected]
Address: Level 12, 180 Lonsdale Street, Melbourne VIC 3000, Australia