GDPR Compliance

Last updated: June 2026

Our Commitment to GDPR

Cedar Ferret is committed to protecting the privacy and personal data of all individuals, including those residing in the European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and have implemented appropriate measures to ensure the lawful processing of personal data.

Data Controller

Cedar Ferret acts as the data controller for personal information collected through our website and services. Our contact details are:

Cedar Ferret
247 Harbour Street
Kensington, VIC 3031
Australia
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. Our processing activities are based on:

• Contract: Processing necessary to fulfil our service agreements with you
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Where processing is required to comply with applicable laws

Your Rights Under GDPR

If you are a resident of the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on your consent for processing, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

International Data Transfers

As we are based in Australia, personal data collected from EEA residents may be transferred outside the EEA. When such transfers occur, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data Protection Measures

We have implemented appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorised personnel
• Regular security assessments and updates
• Staff training on data protection practices
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to your request within 30 days.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EEA residents, you may contact the supervisory authority in your country of residence.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.