cerulean-branch

GDPR Compliance Statement

Last updated: June 19, 2026

While cerulean-branch operates primarily in Australia and is subject to the Australian Privacy Principles under the Privacy Act 1988, we recognize that some of our website visitors and clients may be located in the European Union. This statement outlines our commitment to protecting the personal data of EU residents in accordance with the General Data Protection Regulation (GDPR).

Legal Basis for Processing

When we process personal data of EU residents, we do so based on one or more of the following legal grounds:

  • Consent: You have given explicit consent for us to process your personal data for specific purposes.
  • Contract Performance: Processing is necessary to fulfill a service agreement with you.
  • Legal Obligation: Processing is required to comply with applicable laws.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms.

Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

  • Right of Access: You can request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request deletion of your personal data under certain circumstances.
  • Right to Restriction: You can request limitation of processing of your personal data in specific situations.
  • Right to Data Portability: You can request transfer of your data to another service provider in a structured, commonly used format.
  • Right to Object: You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time.
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority if you believe we have violated GDPR.

Data Protection Officer

For questions or requests related to GDPR compliance and your data protection rights, please contact us at [email protected]. We will respond to all requests within one month, as required by GDPR.

International Data Transfers

Your personal data may be transferred to and processed in Australia, which may not have data protection laws equivalent to those in the EU. When we transfer personal data outside the EU, we implement appropriate safeguards to protect your information, including contractual commitments and security measures that meet GDPR standards.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. Client engagement records are typically retained for seven years following service completion.

Security Measures

We implement technical and organizational security measures designed to protect personal data against unauthorized access, accidental loss, destruction, or damage. These measures include encryption, access controls, and regular security assessments.

Automated Decision-Making

We do not use automated decision-making processes or profiling that would produce legal effects concerning you or similarly significantly affect you.

Changes to This Statement

We may update this GDPR compliance statement periodically. The updated version will be indicated by the "Last updated" date at the top of this page.

Contact Information

To exercise your GDPR rights or for questions about data protection:

Email: [email protected]
Location: Perth, Western Australia