GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Introduction

Although vine-signal is based in Australia, we respect the data protection rights of all individuals, including those in the European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) principles.

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for a contract we have with you (e.g., program enrollment)
  • Legal Obligation: Processing is necessary to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests

Your GDPR Rights

If you are located in the EEA, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies.

Right to Rectification

You have the right to request that we correct information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, including when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal ground for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject Line: GDPR Rights Request

We will respond to your request within one month. In some cases, we may extend this period by two additional months where necessary, taking into account the complexity and number of requests.

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at [email protected].

International Data Transfers

As we are based in Australia, your personal data may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Program enrollment and delivery: Duration of program plus 3 years
  • Marketing communications: Until you unsubscribe or request deletion
  • Financial records: 7 years for tax and accounting purposes
  • General inquiries: 2 years from last contact

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Third-Party Data Processors

We work with third-party service providers who process data on our behalf. We ensure these processors comply with GDPR through:

  • Written data processing agreements
  • Regular compliance audits
  • Verification of appropriate security measures

Cookies and Tracking

We use cookies only with your explicit consent. You can manage your cookie preferences at any time. For more information, see our Cookies Policy.

Children's Data

We do not knowingly collect or process personal data from individuals under 16 years of age without parental consent.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the member state where you reside, work, or where an alleged infringement occurred.

Updates to This Policy

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Contact Information

For GDPR-related questions or to exercise your rights:

Email: [email protected]
Address: 127 Reservoir Street, Surry Hills, NSW 2010, Australia

← Back to Home