Our Commitment to GDPR
Wise Harbor is committed to complying with the General Data Protection Regulation (GDPR) for all individuals whose personal data we process, regardless of their location. This page outlines your rights under GDPR and how we fulfil our obligations as a data controller.
Data Controller Information
Wise Harbor acts as the data controller for personal information collected through our website and services. Our contact details are:
Wise Harbor
147 Harbour Street, Level 3
Sydney NSW 2000, Australia
Email: [email protected]
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.
- Contract: Where processing is necessary for the performance of a contract with you, such as providing booked services.
- Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests.
- Legal Obligation: Where processing is necessary to comply with our legal obligations.
Your Rights Under GDPR
Under GDPR, you have the following rights:
Right to Access: You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure: You have the right to request that we erase your personal data, under certain conditions. This is also known as the "right to be forgotten."
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions, particularly where we are relying on legitimate interests.
Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month of receiving it. If your request is complex or we receive a high volume of requests, we may extend this period by up to two months, but we will inform you of any such extension.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are based on business needs, legal requirements, and the nature of the data. When personal data is no longer needed, we securely delete or anonymise it.
International Data Transfers
As an Australian business, some data transfers may occur outside the European Economic Area (EEA). Where this happens, we ensure appropriate safeguards are in place to protect your data, including standard contractual clauses approved by the European Commission.
Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption of data in transit, access controls, and regular security assessments.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the data protection authority in your country of residence. For Australian residents, you may contact the Office of the Australian Information Commissioner (OAIC).
Updates to This Policy
We may update this GDPR compliance information from time to time. We encourage you to periodically review this page for the latest information on our data protection practices.