GDPR Compliance

1. Overview

phantom-flush is committed to compliance with data protection regulations, including the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA). This page outlines your rights under these regulations and how we handle your personal data.

2. Data Controller

phantom-flush acts as the data controller for personal information collected through our website and services. For data protection enquiries, contact:

Data Protection Officer
Email: [email protected]
Address: 42 Greenway Avenue, Richmond VIC 3121, Australia

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to data processing (e.g., newsletter subscriptions)
• Contract: When processing is necessary to fulfil our service agreements
• Legal Obligation: When required to comply with applicable laws
• Legitimate Interests: For business operations, provided this does not override your rights

4. Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

4.1 Right of Access

You may request a copy of the personal data we hold about you, free of charge, along with information about how it is processed.

4.2 Right to Rectification

You may request that we correct any inaccurate personal data or complete any incomplete data.

4.3 Right to Erasure

You may request deletion of your personal data where there is no compelling reason for continued processing. This right may be limited by legal obligations.

4.4 Right to Restrict Processing

You may request that we limit the processing of your personal data under certain circumstances.

4.5 Right to Data Portability

You may request to receive your personal data in a structured, commonly used format and have it transferred to another controller.

4.6 Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects. We do not currently engage in such automated decision-making.

5. Data Transfers

As an Australian company, transfers of personal data from the EEA to Australia are protected by the European Commission's adequacy decision recognising Australia's appropriate level of data protection. Where data is transferred to other jurisdictions, we ensure appropriate safeguards are in place.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods vary based on the type of data and our legal obligations.

7. Security Measures

We implement technical and organisational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in high risk, we will also notify affected individuals directly.

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, this may be extended by two additional months, and we will inform you of any such extension.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.

11. Updates to This Notice

This GDPR notice may be updated periodically. We encourage you to review this page regularly for any changes.