GDPR Compliance

Effective Date: May 20, 2026

1. Introduction

While krystalion-storm operates primarily in Australia, we respect the data protection rights of individuals in the European Union under the General Data Protection Regulation (GDPR).

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfill service agreements
  • Legal Obligation: When required by Australian or international law
  • Legitimate Interest: For business operations that do not override your rights

3. Your GDPR Rights

If you are an EU resident, you have the following rights regarding your personal data:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain processing activities
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

4. Data Collection and Use

We collect and process the following types of personal data:

  • Contact information (name, email, address)
  • Service preferences and property details
  • Communication history
  • Website usage data

5. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Client service records are typically retained for seven years after the last service date.

6. International Data Transfers

As we are based in Australia, any data you provide will be transferred to and processed in Australia. We ensure appropriate safeguards are in place for such transfers.

7. Data Security

We implement appropriate technical and organizational security measures, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

8. Third-Party Processors

We work with carefully selected third-party service providers who process data on our behalf. All processors are contractually bound to GDPR-compliant data protection standards.

9. Cookies and Tracking

We use cookies and similar technologies. You can manage your cookie preferences through our cookie banner or browser settings. See our Cookies Policy for details.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.

11. Exercising Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]
Address: 127 Botanical Drive, Melbourne VIC 3004, Australia

We will respond to your request within one month. If your request is complex, we may extend this period by two additional months.

12. Supervisory Authority

If you are an EU resident and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this GDPR compliance statement periodically. Significant changes will be communicated through our website with an updated effective date.