GDPR Compliance

While we are based in Australia, we recognize and respect the data protection rights of individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

Applicability

This GDPR compliance statement applies to:

• Individuals located in the EEA who use our services
• EEA citizens or residents accessing our website from any location
• Processing of personal data of EEA individuals regardless of processing location

Your Rights Under GDPR

If you are an EEA resident, you have the following rights regarding your personal data:

Right to Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about the processing.

Right to Rectification

You have the right to request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances, including:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and no other legal ground exists for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Legal obligations require erasure

Right to Restriction of Processing

You have the right to request restriction of processing in the following situations:

• You contest the accuracy of personal data
• Processing is unlawful but you oppose erasure
• We no longer need the data but you require it for legal claims
• You have objected to processing pending verification

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not engage in such automated decision-making.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Lawful Basis for Processing

We process your personal data under the following legal bases:

Consent

You provide explicit consent for us to process your personal data for specific purposes related to benefit claim assistance.

Contract Performance

Processing is necessary to perform our contractual obligations in providing services you have engaged us for.

Legal Obligation

We process data to comply with legal obligations under Australian law, including record-keeping requirements.

Legitimate Interests

We process data for legitimate interests such as improving our services, provided these interests do not override your fundamental rights and freedoms.

Data Protection Principles

We adhere to GDPR's core data protection principles:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. You are informed about data collection and processing activities.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law.

Integrity and Confidentiality

We process data securely using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability

We are responsible for and can demonstrate compliance with GDPR principles.

International Data Transfers

Your personal data may be transferred to and processed in Australia. While Australia is not currently covered by an EU adequacy decision, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by the European Commission
• Technical and organizational security measures meeting GDPR standards
• Regular assessments of data protection compliance

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the appropriate supervisory authority within 72 hours of becoming aware of the breach
• Inform you without undue delay if the breach is likely to result in high risk to your rights and freedoms
• Provide information about the nature of the breach, likely consequences, and measures taken or proposed

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

For EEA residents, you may contact your local data protection authority. A list of authorities is available at the European Data Protection Board website.

You may also contact our data protection representative or the Office of the Australian Information Commissioner.

Data Protection Officer Contact

For GDPR-related inquiries or to exercise your rights:

Data Protection Officer
airy-foam
Level 8, 142 Elizabeth Street
Melbourne VIC 3000
Australia
Email: [email protected]

Exercising Your Rights

To exercise any GDPR rights:

1. Send a written request to our Data Protection Officer at the email address above
2. Include sufficient information to verify your identity
3. Specify which right(s) you wish to exercise
4. We will respond within one month (extendable by two months for complex requests)

We do not charge fees for processing requests unless they are manifestly unfounded, excessive, or repetitive.

Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to ensure continued adherence to data protection standards. Changes will be reflected in this statement with updated dates.