Back to Home

GDPR Compliance

Effective Date: December 15, 2024
Last Updated: December 15, 2024

1. Introduction

Humanloop Australia Pty Ltd is committed to protecting the privacy and personal data of individuals in the European Union. This page outlines our compliance with the General Data Protection Regulation (GDPR) and your rights as a data subject.

2. Legal Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity

Processing necessary for the performance of our service contracts with you.

Legitimate Interests

Processing for our legitimate business interests, such as improving services and security, where not overridden by your interests or rights.

Consent

Processing based on your explicit consent, particularly for marketing communications.

Legal Compliance

Processing necessary to comply with legal obligations to which we are subject.

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to be informed about how your data is collected and used.

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Additional Rights

  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision Making: Not be subject to decisions based solely on automated processing

4. Data Transfers

International Transfers

Your personal data may be transferred to and processed in Australia and other countries outside the EEA. We ensure adequate protection through:

  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions by the European Commission
  • • Appropriate safeguards as required by GDPR

5. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

  • Customer Data: Duration of contract plus 7 years for accounting purposes
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Website Analytics: Maximum 26 months (Google Analytics default)
  • Support Tickets: 3 years from case closure

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

Technical Measures

  • • Encryption in transit and at rest
  • • Regular security assessments
  • • Access controls and authentication
  • • Secure data centers

Organizational Measures

  • • Staff training on data protection
  • • Data processing agreements
  • • Privacy by design principles
  • • Incident response procedures

7. Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the details below. We will:

  • • Respond within 30 days (extendable by 60 days for complex requests)
  • • Verify your identity before processing requests
  • • Provide responses free of charge (unless requests are manifestly unfounded or excessive)
  • • Inform you if we cannot comply with a request and explain why

8. Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with:

  • • Your local data protection authority in the EU
  • • The Irish Data Protection Commission (as our lead supervisory authority)
  • • The Office of the Australian Information Commissioner (OAIC)

9. Contact Our Data Protection Officer

For all GDPR-related inquiries and to exercise your rights, please contact:

  • Email: hello@humanloop.com.au (Subject: GDPR Request)
  • Phone: +61 416 985 899
  • Address: Data Protection Officer
    Humanloop Australia Pty Ltd
    111 Eagle Street, Brisbane, Queensland, Australia