Last updated: January 2024
Although deft-voyage is an Australian company, we are committed to protecting the privacy rights of individuals in the European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements when processing personal data of EEA residents.
deft-voyage Pty Ltd acts as the data controller for personal data collected through this website and our services. Our contact details are:
deft-voyage Pty Ltd
42 Eucalyptus Drive
Brisbane QLD 4000
Australia
Email: [email protected]
We process personal data under the following legal bases:
As an EEA resident, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month.
You have the right to request correction of any inaccurate personal data we hold about you.
You have the right to request deletion of your personal data where there is no compelling reason for continued processing. This right is subject to certain exceptions, such as where we need to retain data for legal compliance.
You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.
As an Australian company, when we transfer personal data from the EEA to Australia, we ensure appropriate safeguards are in place. Australia has been recognised by the European Commission as providing adequate protection for personal data under certain conditions.
Where we engage service providers outside the EEA, we ensure appropriate safeguards through:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods are determined based on:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
To exercise any of your rights under GDPR, please contact us at:
Email: [email protected]
We will respond to your request within one month. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of alleged infringement.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.