GDPR Compliance

Introduction

While Plateau Condor is an Australian company primarily serving Australian clients, we recognize that the General Data Protection Regulation (GDPR) may apply when we process personal data of individuals in the European Economic Area (EEA).

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for specific purposes
• Contract Performance: When processing is necessary to fulfill our consulting services
• Legal Obligation: When required to comply with legal requirements
• Legitimate Interests: When necessary for our business operations, provided your rights are not overridden

Your Rights Under GDPR

If you are an EEA resident, you have the following rights:

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes collected or if you withdraw consent.

Right to Restrict Processing

You can request limitation of processing in specific situations, such as when you contest data accuracy.

Right to Data Portability

You can request your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

When processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You can file a complaint with your local supervisory authority if you believe your rights have been violated.

Data Protection Officer

For GDPR-related inquiries, contact our data protection representative:

Email: [email protected]

Data Transfers

As an Australian company, your personal data will be stored and processed in Australia. We ensure appropriate safeguards are in place for any international data transfers in accordance with GDPR requirements.

Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law. Retention periods vary depending on:

• The nature of the services provided
• Legal and regulatory requirements
• The need to resolve disputes
• The need to enforce our agreements

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children.

Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we ensure they:

• Provide sufficient guarantees of compliance
• Process data only on our instructions
• Implement appropriate security measures
• Assist with data subject rights requests

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Address: Level 4, 127 Creek Street, Brisbane QLD 4000, Australia

We will respond to your request within one month. This period may be extended by two additional months where necessary, considering the complexity and number of requests.

Updates to This Policy

We may update this GDPR information from time to time. Material changes will be communicated through our website or directly to affected individuals.