GDPR Compliance Statement

Last updated: May 11, 2026

Overview

While proud-eave operates primarily in Australia, we recognize that some visitors and clients may be located in the European Union or European Economic Area. This statement outlines our compliance with the General Data Protection Regulation (GDPR) for individuals covered by this regulation.

Data Controller

proud-eave acts as the data controller for personal information collected through our website and services.

Contact details:
Email: [email protected]
Address: Level 7, 142 Elizabeth Street, Brisbane QLD 4000, Australia

Legal Basis for Processing

We process personal data under the following GDPR-compliant legal bases:

Consent

When you submit forms, request services, or accept cookies, you provide explicit consent for us to process your information for stated purposes. Consent can be withdrawn at any time.

Contractual Necessity

Processing is necessary to fulfill our service agreement when you engage us for application support, appeals, or compliance assistance.

Legal Obligation

We process data to comply with Australian law, including record-keeping requirements for professional services and obligations to government agencies.

Legitimate Interests

We process certain data based on legitimate business interests, such as website analytics, fraud prevention, and service improvement, balanced against your privacy rights.

Your Rights Under GDPR

If you are an EU/EEA resident, you have the following rights:

Right to Access

You may request confirmation of what personal data we hold about you and receive a copy in a structured, commonly used format.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You may request deletion of your personal data, subject to legal retention obligations and legitimate reasons for continued processing.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances, such as while disputing accuracy or during objection consideration.

Right to Data Portability

You may request transfer of your data to another service provider in a machine-readable format where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You may file a complaint with your local data protection authority if you believe we have not handled your data appropriately.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected] with:

  • Clear identification of which right you wish to exercise
  • Sufficient information to verify your identity
  • Specific details about your request

We will respond within one month of receiving a valid request. In complex cases, we may extend this by two additional months and will inform you of the extension and reasons.

Data Collection and Use

What We Collect

  • Contact information: name, email, address
  • Case information: medical records, financial data, employment history
  • Website data: IP address, browser information, pages visited
  • Communication records: emails, form submissions, correspondence

How We Use It

  • Providing requested services and application support
  • Communicating with you and relevant authorities
  • Maintaining legally required records
  • Improving our services and website
  • Fraud prevention and security

Data Sharing

We share personal data only as necessary:

  • Government agencies: Australian Services Australia and related bodies for application processing
  • Medical providers: Healthcare professionals involved in your case with your consent
  • Service providers: Trusted third parties for hosting, email, and secure storage (bound by confidentiality agreements)
  • Legal requirements: When required by law or valid legal process

We do not sell or rent personal data to third parties.

International Data Transfers

Personal data is stored and processed in Australia. Australian privacy law provides protections comparable to GDPR through:

  • The Privacy Act 1988 and Australian Privacy Principles
  • Strong data protection enforcement by the Office of the Australian Information Commissioner
  • Comprehensive individual rights and complaint mechanisms

If we transfer data to countries outside Australia and the EU/EEA, we ensure appropriate safeguards through:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Binding corporate rules or certification mechanisms

Data Security

We implement technical and organizational measures to protect personal data:

  • Encryption for data transmission and storage
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and updates
  • Staff training on data protection requirements
  • Incident response procedures for potential breaches

Data Retention

We retain personal data only as long as necessary:

  • Active cases: Duration of engagement plus seven years
  • Completed cases: Seven years from closure
  • Inquiries not converted: Two years
  • Marketing consent: Until withdrawn
  • Website analytics: 26 months maximum

Retention periods reflect legal obligations under Australian law and the need to respond to potential disputes or audits.

Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. All service decisions involve human review and assessment.

Cookies and Tracking

We use cookies with your consent as follows:

  • Essential cookies: Required for website functionality
  • Analytics cookies: To understand site usage (requires consent)

You can manage cookie preferences through our banner or browser settings. Detailed information is available in our Cookies Policy.

Children's Data

We do not knowingly process personal data of children under 16 without parental consent, except when necessary as part of family benefit applications where parents provide information.

Data Breach Notification

In the event of a data breach likely to result in high risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.

Changes to This Statement

We may update this GDPR compliance statement to reflect changes in regulations or our practices. Significant changes will be communicated to affected individuals via email.

Contact and Complaints

For GDPR-related inquiries or to exercise your rights:

Email: [email protected]
Address: Level 7, 142 Elizabeth Street, Brisbane QLD 4000, Australia

If you are unsatisfied with our response, you have the right to lodge a complaint with:

  • Your local EU data protection authority
  • The Office of the Australian Information Commissioner (oaic.gov.au)