GDPR Compliance

General Data Protection Regulation

Our Commitment to GDPR

While opal-moor is an Australian company primarily serving Australian residents, we recognize the importance of the European Union's General Data Protection Regulation (GDPR) and apply similar privacy standards to all individuals whose data we process.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you explicitly agree to our processing of your data for specific purposes
  • Contractual Necessity: When processing is necessary to fulfill our service agreement with you
  • Legal Obligation: When we must process data to comply with Australian law
  • Legitimate Interests: When processing is necessary for our legitimate business interests and does not override your rights

Your GDPR Rights

If you are an EU resident, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling

Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer:

Email: [email protected]
Address: Level 8, 147 Pitt Street, Sydney NSW 2000, Australia

International Data Transfers

Your data is stored and processed in Australia. If you are located in the EU, please be aware that Australia has not received an adequacy decision from the European Commission. We rely on appropriate safeguards and your explicit consent for any data transfers.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

Supervisory Authority

If you are an EU resident and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by Australian law, typically seven years for financial and application records.

Withdrawal of Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. However, this does not affect the lawfulness of processing before withdrawal, and we may still need to retain certain information to comply with legal obligations.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If processing data of minors is necessary (e.g., for family benefit applications), we obtain appropriate parental consent.

Updates to This Statement

We may update this GDPR compliance statement periodically. Changes will be posted on this page with an updated revision date.