GDPR Information
Your data protection rights under European Union regulation
About This Notice
This page provides information specifically for individuals located in the European Economic Area (EEA) regarding the processing of personal data under the General Data Protection Regulation (GDPR). This notice supplements our main Privacy Policy.
Data Controller
bright-lotus acts as the data controller for personal information collected through this website. Our contact details are:
bright-lotus
Level 8, 120 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]
Legal Basis for Processing
Under the GDPR, we must have a lawful basis for processing your personal data. Depending on the circumstances, we rely on the following legal bases:
Consent
Where you have given explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications or the use of non-essential cookies.
Contractual Necessity
Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract, such as when you enquire about our consulting services.
Legitimate Interests
Where processing is necessary for our legitimate interests or those of a third party, provided these are not overridden by your rights. This may include improving our services, website security, and administrative purposes.
Legal Obligation
Where processing is necessary to comply with a legal obligation to which we are subject.
Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
Right of Access
You have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.
Right to Restriction of Processing
You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of your data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object
You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis, including for direct marketing purposes.
Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Exercising Your Rights
To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month, though this period may be extended by two further months where necessary, taking into account the complexity and number of requests.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or exercise other rights.
International Data Transfers
As we are based in Australia, personal data collected from EEA residents may be transferred to and processed in Australia. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the European Commission where applicable.
Complaints
If you are not satisfied with how we handle your personal data or believe we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement.
Updates
We may update this GDPR notice from time to time to reflect changes in our practices or applicable law. Any updates will be posted on this page.