GDPR Compliance

General Data Protection Regulation Information

GDPR and Australian Operations

While Cascade Ibex operates primarily in Australia, we recognize that the European Union's General Data Protection Regulation (GDPR) may apply when we process personal data of individuals located in the European Economic Area (EEA).

This page outlines our GDPR compliance measures and your rights under GDPR if you are an EEA resident.

Legal Basis for Processing

When we process personal data of EEA residents, we rely on the following legal bases:

  • Consent: When you have explicitly agreed to our processing of your personal data for specific purposes.
  • Contract Performance: When processing is necessary to fulfill our contractual obligations to you.
  • Legal Obligation: When processing is required to comply with legal requirements.
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to request transfer of your personal data to another organization or directly to you in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis for processing.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this period by an additional two months, and we will inform you of any such extension.

Data Protection Officer

For questions specifically related to GDPR compliance or data protection, you may contact our data protection contact at [email protected].

International Data Transfers

As an Australian company, personal data collected from EEA residents may be transferred to and processed in Australia. Australia is recognized by the European Commission as providing adequate protection for personal data transferred from the EEA.

When we engage service providers in other jurisdictions, we ensure appropriate safeguards are in place through standard contractual clauses or other approved mechanisms.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Duration of our business relationship
  • Periods required by professional liability obligations
  • Applicable legal retention requirements
  • Time necessary to establish, exercise, or defend legal claims

Typically, client data is retained for seven years following project completion.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Access controls limiting data access to authorized personnel
  • Staff training on data protection obligations
  • Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Cookies and Tracking

Our use of cookies and similar technologies is described in detail in our Cookies Policy. We obtain your consent before placing non-essential cookies on your device when you are located in the EEA.

Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

You can find your supervisory authority contact details at: https://edpb.europa.eu/about-edpb/board/members_en

Changes to This Policy

We may update this GDPR compliance information periodically. We will notify you of significant changes by posting the updated information on our website.

Contact Information

For questions about GDPR compliance or to exercise your rights:

Cascade Ibex
Email: [email protected]
Address: 127 Botanical Circuit, Acton ACT 2601, Australia