GDPR Compliance

General Data Protection Regulation (GDPR) Compliance Statement

Although Clean Pane is based in Australia and primarily serves Australian clients, we recognize that some of our website visitors may be located in the European Economic Area (EEA). This statement outlines how we comply with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the EEA.

Data Controller

Clean Pane is the data controller responsible for your personal data. Our contact details are:

Clean Pane
Level 3, 127 Creek Street
Brisbane QLD 4000, Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities.
• Contract Performance: When processing is necessary to perform our services under a contract with you.
• Legal Obligation: When we must process data to comply with legal requirements.
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the member state where you reside, work, or where an alleged infringement occurred.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two additional months in complex cases.

Data Transfers

Your personal data may be transferred to and processed in Australia, which is not subject to a European Commission adequacy decision. When transferring data from the EEA to Australia, we implement appropriate safeguards to protect your personal data, including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring data is processed only for the purposes outlined in our Privacy Policy
• Implementing appropriate technical and organizational security measures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Service delivery and client relationship management
• Compliance with legal and regulatory obligations
• Resolution of disputes and enforcement of agreements

Typically, we retain client records for seven years after the completion of services, in accordance with Australian legal requirements.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last Updated" date.

Contact Information

For questions or concerns about GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: Level 3, 127 Creek Street, Brisbane QLD 4000, Australia