GDPR Compliance

Your rights under the General Data Protection Regulation

Home / GDPR

Last updated: 22 May 2026

Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to the processing of personal data of individuals in the European Economic Area (EEA). Although AusvortaxTechAI is based in Australia, we are committed to complying with the GDPR when we process personal data of individuals located in the EEA.

Who We Are

AusvortaxTechAI is the data controller responsible for your personal data. Our contact details are:

  • Company: AusvortaxTechAI
  • Address: Level 12, 456 Collins Street, Melbourne VIC 3000, Australia
  • Email: [email protected]

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights in relation to your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data we hold about you. We will make corrections promptly upon verification of your identity and the accuracy of the correction.

Right to Erasure (Article 17)

Also known as the "right to be forgotten", you may request that we delete your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you do not want the data erased.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible.

Right to Object (Article 21)

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. We do not currently engage in such automated decision-making.

Legal Bases for Processing

We process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes.
  • Contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided these interests do not override your fundamental rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): Where we are required to process data to comply with a legal obligation.

International Data Transfers

As an Australian company, your personal data may be transferred to and processed in Australia. Australia is not currently subject to an adequacy decision by the European Commission. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules where applicable
  • Your explicit consent for the specific transfer

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods depend on the nature of the data and our legal obligations. When data is no longer needed, we securely delete or anonymise it.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Access controls limiting data access to authorised personnel
  • Staff training on data protection requirements

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us at:

  • Email: [email protected]
  • Post: GDPR Requests, Level 12, 456 Collins Street, Melbourne VIC 3000, Australia

We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

Right to Lodge a Complaint

If you believe that we have violated your rights under the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Changes to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this notice periodically.

Contact

For any questions regarding this notice or our GDPR compliance, please contact us at [email protected].

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Learn more