GDPR Compliance

Introduction

Although bright-fabric primarily serves Australian clients, we recognize that some visitors to our website may be residents of the European Union. This page outlines how we comply with the General Data Protection Regulation (GDPR) when processing personal data of EU residents.

Legal Basis for Processing

When we process your personal data, we do so under one or more of the following legal bases:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for a contract we have with you
• Legal Obligation: Processing is necessary to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party

Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

Data Protection Officer

For questions regarding GDPR compliance or to exercise your rights, please contact our Data Protection Officer:

Email: [email protected]
Address: Level 12, 180 Lonsdale Street, Melbourne VIC 3000, Australia

Data Transfers

Your personal data may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place when transferring data outside the EU, including:

• Standard contractual clauses approved by the European Commission
• Ensuring the recipient country has adequate data protection laws
• Obtaining your explicit consent for the transfer

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. For financial services records, this is typically a minimum of seven years.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication requirements
• Staff training on data protection principles

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects EU residents.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

Cookies and Tracking

We use cookies and similar tracking technologies on our website. You can control these through your browser settings and our cookie consent banner. For more information, see our Cookies Policy.

Third-Party Processors

We may engage third-party service providers to process personal data on our behalf. We ensure that:

• Processors are bound by written contracts
• Processors provide sufficient guarantees of compliance
• We conduct due diligence on processor security measures

Supervisory Authority

If you are an EU resident and believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Updates to This Policy

We may update this GDPR compliance statement from time to time. We will notify you of any material changes by posting the updated policy on our website.

Contact Information

For any questions about our GDPR compliance or to exercise your rights:

Email: [email protected]
Address: Level 12, 180 Lonsdale Street, Melbourne VIC 3000, Australia