GDPR Compliance

Our commitment to European data protection standards

Overview

While keen-brick primarily operates in Australia, we recognize the importance of the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA) who may interact with our services.

This page outlines how we comply with GDPR requirements when processing personal data of EEA residents.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you explicitly agree to our processing of your data for specific purposes
  • Contract: When processing is necessary to fulfill our service agreement with you
  • Legal Obligation: When required by Australian or international law
  • Legitimate Interest: When necessary for our business operations, provided your rights are not overridden

Your GDPR Rights

If you are an EEA resident, you have the following rights regarding your personal data:

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes collected.

Right to Restriction

You can request limitation of processing in specific situations, such as when you contest the accuracy of data.

Right to Data Portability

You can request your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

Data Transfers

As an Australian-based organization, personal data may be transferred outside the EEA. We ensure appropriate safeguards are in place:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Explicit consent for specific transfers when required

Data Protection Officer

For GDPR-related inquiries or to exercise your rights, contact our Data Protection Officer:

Email: [email protected]
Address: keen-brick, Level 3, 182 Grenfell Street, Adelaide SA 5000, Australia

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and legal obligations.

Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and audits
  • Staff training on data protection
  • Incident response procedures

Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

Cookies and Tracking

We use cookies with your consent. You can manage cookie preferences at any time. For detailed information, see our Cookies Policy.

Third-Party Processors

We work with third-party service providers who process data on our behalf. All processors are required to:

  • Process data only according to our instructions
  • Maintain appropriate security measures
  • Comply with GDPR requirements
  • Enter into data processing agreements with us

Exercising Your Rights

To exercise any of your GDPR rights, submit a request to [email protected]. We will respond within one month of receipt, though this may be extended by two months for complex requests.

We may request additional information to verify your identity before processing your request.

Complaints

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority in the EEA, particularly in your country of residence, place of work, or where the alleged infringement occurred.

Updates to This Notice

We may update this GDPR compliance notice periodically. Significant changes will be communicated through our website or direct notification.