GDPR and Data Protection

Last Updated: June 4, 2026

Introduction

While reef-leap is based in Australia and primarily serves Australian residents, we respect the data protection rights of all individuals, including those protected under the General Data Protection Regulation (GDPR) of the European Union.

This page outlines how we handle personal data in compliance with both Australian privacy law and GDPR principles.

Legal Basis for Processing

We process personal data only when we have a legal basis to do so. Our legal bases for processing include:

• Consent: You have given explicit consent for us to process your personal data for specific purposes.
• Contract: Processing is necessary to fulfill a contract we have with you or to take steps at your request before entering into a contract.
• Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests.

Your Rights Under GDPR

If you are a resident of the European Union or your data is otherwise protected by GDPR, you have the following rights:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to our processing of your personal data based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates data protection law.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month, though this period may be extended by two additional months if your request is complex or we receive multiple requests.

We may need to verify your identity before processing your request to ensure the security of your personal data.

Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
• Data Minimization: We collect only the personal data that is adequate, relevant, and necessary for our purposes.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
• Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected.
• Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

International Data Transfers

As an Australian-based company, personal data you provide to us may be transferred to and stored in Australia. We ensure that any international transfers of personal data are conducted in accordance with applicable data protection laws and with appropriate safeguards in place.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When determining retention periods, we consider the nature and sensitivity of the data, the purposes for which it was collected, and applicable legal requirements.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

Contact Information

If you have questions about our data protection practices or wish to exercise your rights, please contact us at:

reef-leap
142 Albert Street
Brisbane QLD 4000
Australia
Email: [email protected]

Updates to This Page

We may update this page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated information on our website with a new effective date.