GDPR Compliance Statement

Effective Date: May 10, 2026

1. Introduction

While dusk-maiden is based in Australia, we recognize that some of our website visitors and potential clients may be located in the European Union. This statement outlines our commitment to complying with the General Data Protection Regulation (GDPR) when processing personal data of EU residents.

2. Legal Basis for Processing

We process personal data only when we have a legal basis to do so under GDPR Article 6:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfill our service agreement with you
• Legal Obligation: When we must process data to comply with legal or regulatory requirements
• Legitimate Interest: When processing serves our legitimate business interests and does not override your rights

3. Data Subject Rights

If you are an EU resident, you have the following rights under GDPR:

3.1 Right to Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

3.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

3.3 Right to Erasure

You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal retention requirements.

3.4 Right to Restrict Processing

You can request limitation of how we process your data in certain circumstances.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

3.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

3.7 Right to Withdraw Consent

When processing is based on consent, you may withdraw that consent at any time.

3.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR.

4. Data Protection Principles

We adhere to the following GDPR data protection principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
• Purpose Limitation: We collect data for specified, explicit, legitimate purposes
• Data Minimization: We collect only data that is adequate, relevant, and necessary
• Accuracy: We maintain accurate and up-to-date personal data
• Storage Limitation: We retain data only as long as necessary
• Integrity and Confidentiality: We implement appropriate security measures
• Accountability: We demonstrate compliance with these principles

5. Data Transfers Outside the EU

When we transfer personal data of EU residents to Australia or other countries outside the EU, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

6. Data Security

We implement technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

8. Data Protection Officer

While we are not required to appoint a Data Protection Officer, we have designated a privacy contact for GDPR-related inquiries:

Privacy Officer
Email: [email protected]

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

10. Children's Data

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

11. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

dusk-maiden
Level 14, 127 Creek Street
Brisbane QLD 4000
Australia
Email: [email protected]

We will respond to your request within one month of receipt. In complex cases, this period may be extended by two additional months with notification.

12. Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.

13. Supervisory Authority

If you are located in the EU and have concerns about our data processing practices, you may contact your local data protection authority. A list of EU supervisory authorities is available at: https://dusk-maiden.com/about-edpb/board/members_en