GDPR Compliance

Lucent Forest Pty Ltd is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA) and the United Kingdom.

Our Commitment

Although Lucent Forest is an Australian company primarily serving Australian clients, we recognise and respect the rights of individuals protected by the GDPR. This page outlines how we comply with GDPR requirements for any EEA or UK residents who interact with our services.

Data Controller

For the purposes of GDPR, the data controller is:

Lucent Forest Pty Ltd
42 Greenway Drive, Level 3
North Sydney NSW 2060
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal bases we rely on include:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation.
• Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless overridden by your data protection rights.

Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by two months, in which case we will inform you of the extension and the reasons for it.

We may request specific information from you to help us confirm your identity and ensure your right to access the information or exercise other rights.

International Data Transfers

As an Australian company, any personal data you provide may be transferred to and processed in Australia. Australia has been recognised by the European Commission as providing adequate protection for personal data.

Where we transfer data to third parties outside Australia, we ensure appropriate safeguards are in place, such as standard contractual clauses or binding corporate rules.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The criteria used to determine retention periods include:

• The duration of our relationship with you
• Legal obligations that require us to retain data
• Statutes of limitation for potential legal claims
• Guidelines issued by relevant data protection authorities

Data Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication procedures
• Regular security assessments
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your member state. For UK residents, this would be the Information Commissioner's Office (ICO).

However, we encourage you to contact us first at [email protected] so that we can try to resolve your concerns directly.

Changes to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.

Contact

For any questions regarding GDPR compliance or to exercise your data protection rights, please contact:

Data Protection Contact
Lucent Forest Pty Ltd
Email: [email protected]