GDPR Compliance Statement

Last Updated: May 11, 2026

1. Introduction

While gentle-vision is an Australian-based company, we recognize that some of our website visitors may be residents of the European Economic Area (EEA). This page outlines our commitment to the General Data Protection Regulation (GDPR) and how we handle personal data of EEA residents.

2. Data Controller

For the purposes of GDPR, gentle-vision acts as the data controller for personal information collected through our website and services.

Data Controller Contact:
gentle-vision
Level 12, 485 La Trobe Street
Melbourne VIC 3000, Australia
Email: [email protected]

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contractual Necessity: When processing is necessary to fulfill our service agreement with you
  • Legitimate Interests: When processing serves our legitimate business interests and does not override your rights
  • Legal Obligation: When required to comply with applicable laws and regulations

4. Your Rights Under GDPR

If you are an EEA resident, you have the following rights:

4.1 Right to Access

You can request a copy of the personal data we hold about you.

4.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

4.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances.

4.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

4.5 Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format.

4.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

4.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

4.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

5. How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with the subject line "GDPR Request".

We will respond to your request within 30 days. In some cases, we may require additional information to verify your identity before fulfilling your request.

6. Data Collection and Use

We collect and process the following categories of personal data:

  • Identity data (name, contact details)
  • Financial information relevant to requested services
  • Technical data (IP address, browser information, cookies)
  • Communication data (correspondence with us)

For detailed information about how we collect and use data, please refer to our Privacy Policy.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Providing requested services
  • Complying with legal, accounting, or reporting requirements
  • Resolving disputes or enforcing agreements

When personal data is no longer needed, we securely delete or anonymize it.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Staff training on data protection principles

9. International Data Transfers

As an Australian company, your personal data may be transferred to and processed in Australia. Australia is recognized by the European Commission as providing adequate data protection under GDPR.

If we transfer data to other countries not deemed adequate by the European Commission, we ensure appropriate safeguards are in place, such as standard contractual clauses.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

11. Third-Party Data Sharing

We do not sell personal data. We may share data with:

  • Service providers who assist in operating our business (under strict data processing agreements)
  • Legal and regulatory authorities when required by law
  • Professional advisers (lawyers, accountants) under confidentiality obligations

12. Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, please see our Cookies Policy.

You can control cookie preferences through our cookie banner or your browser settings.

13. Changes to This Statement

We may update this GDPR Compliance Statement periodically. Material changes will be communicated through our website, and we will update the "Last Updated" date.

14. Contact and Complaints

For questions about GDPR compliance or to exercise your rights:

Email: [email protected]
Subject: GDPR Request

If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.