GDPR Compliance

Introduction

Bright Lintel is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and beyond.

Data Controller

Bright Lintel acts as the data controller for personal information collected through our website and services.

Bright Lintel
Level 12, 15 William Street
Melbourne VIC 3000
Australia
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so:

Consent

When you provide explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications.

Contract Performance

When processing is necessary to perform a contract with you, such as delivering the services you've booked.

Legitimate Interests

When processing is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests.

Legal Obligation

When processing is necessary to comply with legal obligations.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain circumstances.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you.

Right to Object

You have the right to object to processing of your personal data under certain circumstances.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of such extension.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Incident response procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. When data is no longer needed, it is securely deleted or anonymized.

International Data Transfers

As we are based in Australia, your data may be transferred outside the EEA. We ensure appropriate safeguards are in place for such transfers.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Complaints

If you believe we have not complied with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Updates to This Policy

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page.

Contact Us

For any questions about our GDPR compliance or to exercise your rights, contact us at:

Email: [email protected]