While glimmer-zenith is an Australian-based organization primarily serving Australian residents, we recognize that some individuals accessing our website may be located in the European Union or European Economic Area. This page outlines our compliance with the General Data Protection Regulation (GDPR).
Legal Basis for Processing Personal Data
We process personal data only where we have a legal basis to do so. The legal bases we rely on include:
Consent
Where you have given explicit consent for us to process your personal data for specific purposes, such as subscribing to communications or submitting an enquiry through our website.
Contractual Necessity
Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as when you engage our services to assist with social benefits applications.
Legal Obligation
Where we are required to process your data to comply with legal obligations, such as tax requirements or responding to lawful requests from authorities.
Legitimate Interests
Where processing is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. For example, improving our services or preventing fraud.
Your Rights Under GDPR
If you are located in the EU/EEA, you have the following rights regarding your personal data:
Right to Access
You have the right to request confirmation of whether we process your personal data and to access that data. We will provide you with a copy of your personal data in a commonly used electronic format.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, such as when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restriction of Processing
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.
Data Transfers
As an Australian organization, your personal data is primarily stored and processed in Australia. If we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:
- Adequacy decisions by the European Commission
- Standard contractual clauses approved by the European Commission
- Binding corporate rules
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.
Retention periods vary depending on the type of data and the purpose of processing. For clients who engage our services, we typically retain records for seven years to comply with professional standards and legal obligations.
Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular security assessments and testing
- Staff training on data protection
- Access controls and authentication measures
- Secure data storage and backup systems
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.
Supervisory Authority
If you are located in the EU/EEA and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority.
You can find contact details for EU data protection authorities at:
https://edpb.europa.eu/about-edpb/board/members_en
Data Protection Officer
For questions specifically related to GDPR compliance or data protection, you may contact our data protection representative at:
Email: [email protected]
Updates to This Policy
We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically.
Last updated: May 11, 2026