Effective Date: June 3, 2026
Last Updated: June 3, 2026
1. Our Commitment to GDPR
Valley Condor is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and beyond. This document outlines how we comply with GDPR requirements and how you can exercise your data protection rights.
2. Legal Basis for Processing
We process your personal data based on one or more of the following legal bases:
- Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., when you submit a contact form).
- Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
- Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, provided these interests do not override your fundamental rights and freedoms.
3. Your Rights Under GDPR
If you are a resident of the EEA, you have the following rights regarding your personal data:
3.1 Right of Access
You have the right to request confirmation of whether we are processing your personal data and to receive a copy of that data in a commonly used electronic format.
3.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
3.3 Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data in certain circumstances, such as when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
3.4 Right to Restriction of Processing
You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
3.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
3.6 Right to Object
You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis for processing.
3.7 Right to Withdraw Consent
Where we are processing your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
3.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of data protection law occurred.
4. How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
Subject: GDPR Data Request
We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.
5. Data Protection Officer
For questions specifically related to data protection and GDPR compliance, you may contact our Data Protection Officer at:
Email: [email protected]
6. Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular security assessments and audits
- Access controls and authentication mechanisms
- Staff training on data protection and security
- Incident response and breach notification procedures
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.
8. International Data Transfers
When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions recognizing equivalent data protection in the recipient country
- Other legally recognized transfer mechanisms
9. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you without human intervention.
10. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where required, report the breach to the relevant supervisory authority within 72 hours of becoming aware of it.
11. Changes to This GDPR Statement
We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated "Last Updated" date.
12. Contact Information
For any questions, concerns, or requests related to GDPR compliance, please contact us:
Valley Condor
Level 7, 142 Albert Street
Brisbane QLD 4000
Australia
Email: [email protected]