GDPR Compliance

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. Although we are based in Australia, we respect and uphold GDPR principles for all our visitors and customers.

Data Controller

willow-otter is the data controller responsible for your personal data collected through this website. Our contact details are:

willow-otter
47 Harbour Street
Sydney, NSW 2000
Australia

Email: [email protected]

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: Where you have given us clear consent to process your personal data for a specific purpose
• Contract: Where processing is necessary for the performance of a contract with you
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Where processing is necessary to comply with a legal requirement

Your Rights Under GDPR

Under the GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

Exercising Your Rights

If you wish to exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month of receiving it. If your request is complex or you have made multiple requests, we may extend this period by up to two months, but we will inform you of any extension within the first month.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

International Transfers

Your information may be transferred to and processed in countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to require that your personal data will remain protected in accordance with this policy.

Complaints

If you have any concerns about our use of your personal data, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the data protection authority in your country of residence.

Changes to This Policy

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.