GDPR Compliance

Introduction

Although silent-cylinder is an Australian-based organization, we recognize and respect the data protection rights of individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

This page outlines how we comply with GDPR requirements when processing personal data of EEA residents.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our educational services and program delivery
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications)
• Legitimate Interests: Processing necessary for our business operations, provided your rights are not overridden
• Legal Obligation: Processing required to comply with applicable laws

Your Rights Under GDPR

If you are an EEA resident, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you, including information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restriction

You can request that we restrict processing of your personal data in certain situations.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to processing of your personal data for direct marketing purposes or based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Data Protection Officer

For GDPR-related inquiries, you can contact our data protection representative at:

Email: [email protected]
Subject Line: GDPR Request

International Data Transfers

Your personal data is primarily stored and processed in Australia. If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Transfers to countries recognized as providing adequate protection
• Other legally approved mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Program participant data: 7 years after program completion
• Marketing communications: Until you withdraw consent
• Website usage data: 24 months
• Financial records: As required by Australian tax law (typically 7 years)

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Third-Party Processors

We work with third-party service providers who process personal data on our behalf. All processors are carefully selected and bound by data processing agreements that comply with GDPR requirements.

Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with "GDPR Request" in the subject line. We will respond to your request within 30 days.

We may need to verify your identity before processing your request. This is a security measure to ensure personal data is not disclosed to unauthorized persons.

Updates to This Information

We may update this GDPR information from time to time. Significant changes will be communicated to affected individuals.