GDPR Compliance

flickering-folio respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) for visitors from the European Economic Area (EEA).

Data Controller

flickering-folio is the data controller responsible for your personal data. Our contact details are:

flickering-folio
42 Design Quarter
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for specific purposes
• Contract: Where processing is necessary for the performance of a contract with you or to take steps prior to entering a contract
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Where processing is necessary to comply with legal requirements

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you. We do not currently use automated decision-making processes.

International Data Transfers

As we are based in Australia, your personal data may be transferred outside the EEA. When such transfers occur, we ensure appropriate safeguards are in place to protect your data, including:

• Standard contractual clauses approved by the European Commission
• Ensuring the recipient country has adequate data protection laws
• Obtaining your explicit consent where appropriate

Data Retention

We retain your personal data only for as long as necessary for the purposes set out in our Privacy Policy. The criteria used to determine retention periods include:

• The duration of our relationship with you
• Legal obligations requiring retention of certain data
• Statute of limitations for potential legal claims
• Guidelines from data protection authorities

Data Security

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest where appropriate
• Regular security assessments and updates
• Access controls limiting who can access personal data
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, this may be extended by a further two months, in which case we will inform you.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this will be the data protection authority in your country of residence.

Updates to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.