pebble-grove

Last updated: January 2024

Introduction

Pebble Grove is committed to protecting the personal data of all our website visitors and clients, including those in the European Union (EU) and European Economic Area (EEA). This page provides specific information about how we comply with the General Data Protection Regulation (GDPR) for EU/EEA residents.

Data Controller

For the purposes of GDPR, the data controller is:

Pebble Grove
Level 4, 127 Grey Street
South Brisbane QLD 4101
Australia

Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications
Contract: Where processing is necessary for the performance of a contract with you, such as processing a travel booking
Legal obligation: Where processing is necessary for compliance with legal obligations
Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests

Your Rights Under GDPR

If you are an EU/EEA resident, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data under certain conditions, including for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer your data to another organisation, or directly to you, under certain conditions.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. We will respond to your request within one month. In some cases, we may need to extend this period by up to two months, in which case we will inform you of the extension and the reasons for it.

We may need to verify your identity before processing your request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

International Data Transfers

As an Australian business, when we process personal data of EU/EEA residents, this may involve transferring data outside the EEA. When we do so, we ensure appropriate safeguards are in place, which may include:

Standard contractual clauses approved by the European Commission
Adequacy decisions where applicable
Other legally recognised transfer mechanisms

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable laws. When determining retention periods, we consider:

The nature and sensitivity of the data
The purposes for which we process the data
Legal, regulatory, and contractual requirements
Legitimate business purposes

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Complaints

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with your local data protection supervisory authority. However, we encourage you to contact us first so that we can address your concerns directly.

Contact

For any questions regarding GDPR compliance or to exercise your rights, please contact: