GDPR Compliance Statement

Gloomstone Haven is committed to compliance with the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA).

1. Legal Basis for Processing

We process personal data based on consent, contract fulfillment, legal obligation, and legitimate interests.

2. Your Rights Under GDPR

As an EEA resident, you have rights to access, rectification, erasure, restrict processing, data portability, object to processing, withdraw consent, and lodge complaints with supervisory authorities.

3. Data Collection

We collect identity data, contact data, business data, technical data, usage data, and marketing preferences for service delivery, CRM, marketing, website improvement, and legal compliance.

4. Data Sharing

We share data only when necessary with GDPR-compliant service providers, legal advisers, and law enforcement when required.

5. International Transfers

Data may be transferred outside the EEA using Standard Contractual Clauses and other appropriate safeguards.

6. Data Retention

Active client data retained for business relationship duration plus 7 years. Marketing data until consent withdrawal or 2 years of inactivity.

7. Data Security

We implement encryption, access controls, regular assessments, staff training, and incident response procedures.

8. Data Protection Officer

Contact our DPO: [email protected]

9. Contact

Email: [email protected]

Address: Level 12, 367 Collins Street, Melbourne VIC 3000, Australia