Our commitment to protecting your personal data under the General Data Protection Regulation.
Last Updated: January 2024
ruby-tundra is committed to ensuring that your privacy is protected and that we comply with the General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988. This page outlines how we handle personal data and your rights under these regulations.
ruby-tundra acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.
Contact details:
ruby-tundra
47 Harbour Street
Sydney, NSW 2000
Australia
Email: [email protected]
We process your personal data based on the following legal grounds:
As a data subject, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of receiving your request.
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond to rectification requests within one month.
You have the right to request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.
You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests.
Where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
As an Australian company, we primarily store and process data within Australia. If we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.
We implement appropriate technical and organisational measures to protect personal data, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.
To exercise any of your rights under GDPR, please contact us using the details provided above. We will respond to your request within one month. In complex cases, we may extend this period by two additional months, in which case we will inform you of the extension.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In Australia, this is the Office of the Australian Information Commissioner (OAIC). For EU residents, you may contact your local data protection authority.
We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.