Our Commitment to GDPR
twinkle-slip is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). Although we are based in Australia, we extend GDPR rights to all our customers regardless of their location.
Data Controller
twinkle-slip Pty Ltd acts as the data controller for personal information collected through our website and services. Our contact details are:
twinkle-slip Pty Ltd
47 Parramatta Road
Annandale NSW 2038
Australia
Email: [email protected]
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: When you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.
- Contract: When processing is necessary for the performance of a contract with you, such as providing pet care services.
- Legal Obligation: When we need to comply with a legal requirement.
- Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.
Your Rights Under GDPR
If you are located in the European Economic Area (EEA) or we are otherwise processing your data under GDPR principles, you have the following rights:
Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.
Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure
Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
Right to Restrict Processing
You have the right to request that we limit how we use your personal data in certain circumstances, such as while we are verifying the accuracy of data you have challenged.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object
You have the right to object to processing of your personal data for direct marketing purposes. You may also object to processing based on legitimate interests.
Rights Related to Automated Decision Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not currently use automated decision-making in our services.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex, we may extend this period by two months, but we will notify you of any extension and explain the reasons.
We may need to verify your identity before processing your request. If we cannot verify your identity, we may ask for additional information.
Data Transfers
As we are based in Australia, your personal data may be transferred to and processed in Australia. Australia is recognised by the European Commission as providing an adequate level of data protection. Where we use service providers in other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods vary based on the type of data and the purpose of processing. When data is no longer needed, it is securely deleted or anonymised.
Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly.
Complaints
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.
However, we encourage you to contact us first at [email protected] so that we can address your concerns directly.
Updates to This Notice
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.