GDPR Compliance Statement

1. Legal Basis for Processing

We process personal data under the following legal bases: contractual necessity (to fulfill bookings), legitimate interests (to improve services), legal compliance, and consent (for marketing communications).

2. Your GDPR Rights

EEA residents have the right to: access your data, rectify inaccurate information, request erasure, restrict processing, data portability, object to processing, and withdraw consent at any time.

3. Data Processing Activities

We process data for: booking management, customer service, payment processing, marketing communications (with consent), service improvement, and legal compliance. Processing is limited to stated purposes.

4. International Data Transfers

As an Australian company, we transfer EEA personal data to Australia. We ensure appropriate safeguards through standard contractual clauses and secure data handling practices meeting GDPR requirements.

5. Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law. Booking data is retained for 7 years for legal compliance; marketing data until consent is withdrawn.

6. Right to Object

You may object to data processing based on legitimate interests or for direct marketing purposes at any time by contacting [email protected]. We will cease processing unless we have compelling legitimate grounds.

7. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

8. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your GDPR rights have been violated. We encourage contacting us first to resolve concerns.

9. Data Protection Officer Contact

For GDPR-related inquiries or to exercise your rights:

Email: [email protected]
Address: Level 3, 142 Flinders Street, Melbourne VIC 3000, Australia

We will respond to requests within 30 days as required by GDPR.