GDPR Compliance

The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy. Although Glittering Summit operates in Australia, we are committed to protecting the privacy of all visitors to our website, including those from the European Economic Area (EEA).

This page outlines how we comply with GDPR principles and explains your rights as a data subject.

Data Controller

Glittering Summit is the data controller responsible for your personal data. Our contact details are:

Glittering Summit
142 Greenway Parade
Ryde NSW 2112
Australia

Email: [email protected]

Legal Basis for Processing

Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following bases:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or accepting cookies.

Contract

Where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract (such as providing a quote for services).

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided these are not overridden by your rights. This includes improving our services, website functionality, and business operations.

Legal Obligation

Where processing is necessary for compliance with a legal obligation to which we are subject, such as tax reporting or responding to lawful requests from authorities.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restriction

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests, including profiling. You also have the right to object to direct marketing at any time.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not currently use automated decision-making in our services.

Data Transfers

As we operate in Australia, personal data collected from EEA visitors may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place to protect your data, including compliance with the Australian Privacy Principles which provide similar protections to GDPR.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:

• Enquiry data: 2 years from last contact
• Client service records: 7 years after end of relationship
• Marketing preferences: Until you unsubscribe or request deletion
• Website analytics: 26 months

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit using SSL/TLS
• Regular security assessments of our systems
• Access controls limiting who can access personal data
• Staff training on data protection responsibilities

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the details above. We may need to verify your identity before processing your request. We will respond to your request within one month, though this may be extended by up to two months for complex requests.

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.