GDPR Compliance

Our Commitment to Data Protection

Twinkling Meadow is committed to protecting the privacy and security of personal data. Although we are an Australian company, we recognise the importance of the General Data Protection Regulation (GDPR) and extend its protections to all our customers, including those located in the European Economic Area (EEA).

Data Controller Information

For the purposes of data protection law, the data controller is:

Twinkling Meadow Pty Ltd
142 Greenway Parade
Richmond, VIC 3121
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications.
• Contract: Where processing is necessary for the performance of a contract with you, such as providing garden care services.
• Legal obligation: Where processing is necessary to comply with applicable laws.
• Legitimate interests: Where processing is necessary for our legitimate interests, provided these do not override your fundamental rights and freedoms.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another data controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision making.

International Data Transfers

As an Australian company, any data transferred from the EEA to our systems involves an international transfer. We implement appropriate safeguards for such transfers, including:

• Standard contractual clauses approved by the European Commission
• Encryption of data in transit and at rest
• Access controls and security measures compliant with industry standards

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are:

• Service enquiries: 2 years from last contact
• Customer records: 7 years from end of service relationship (for tax and legal compliance)
• Marketing consent records: Until consent is withdrawn
• Website analytics: 26 months

Data Security Measures

We implement technical and organisational measures to protect personal data, including:

• SSL/TLS encryption for data in transit
• Encrypted storage for sensitive data
• Access controls and authentication requirements
• Regular security assessments
• Staff training on data protection

Data Breach Procedures

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours where feasible
• Notify affected individuals without undue delay if the breach is likely to result in high risk
• Document the breach and remedial actions taken

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: GDPR Request

We will respond to your request within one month. If your request is complex, we may extend this period by a further two months, in which case we will inform you of the extension.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC).

Updates to This Notice

We may update this GDPR notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated notice on our website.