GDPR Compliance

Controller and processor roles

Depending on the service, we may act as a data processor on behalf of customers (controllers) or as a controller for our own website and communications. Contracts and DPAs define these roles.

Data Processing Addendum (DPA)

Our DPA includes subject matter, duration, nature, and purpose of processing; types of data; categories of data subjects; and obligations of each party, including confidentiality and security standards.

Subprocessors

We maintain a list of approved subprocessors used for hosting, analytics, and support. Each is vetted for security and privacy posture and bound by written agreements.

Data subject requests (DSR)

We support access, rectification, erasure, restriction, objection, and portability requests. Contact [email protected].

Breach notification

We maintain incident response procedures and will notify customers and authorities of personal data breaches without undue delay, consistent with GDPR timelines.

Data protection by design and by default

We implement privacy principles in architecture decisions, minimize data collection, and ensure RBAC, encryption, and auditability from the outset.

Records of processing

We keep records of processing activities and conduct risk assessments where required.

Contact the DPO

For GDPR questions, email [email protected] or write to: Level 8, 65 York Street, Sydney NSW 2000, Australia.