GDPR Compliance

Last updated: January 2024

Introduction

Clever Heron Travel Agency is committed to protecting the personal data of all our customers, including those located in the European Economic Area (EEA) and the United Kingdom. This page outlines how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation.

Data Controller

Clever Heron Travel Agency acts as the data controller for personal data collected through our website and services. Our contact details are:

Clever Heron Travel Agency
Level 12, 45 Macquarie Street
Sydney NSW 2000
Australia

Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Contract: Processing necessary to perform our contract with you (e.g., booking travel services)
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications)
• Legitimate Interests: Processing necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Processing necessary to comply with legal requirements

Your GDPR Rights

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not engage in automated decision-making for travel services.

International Data Transfers

As an Australian company, transferring data outside the EEA requires appropriate safeguards. We protect your data through:

• Standard Contractual Clauses approved by the European Commission
• Ensuring recipients in third countries provide adequate data protection
• Obtaining your explicit consent where appropriate

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when processing activities are likely to result in high risk to individuals' rights and freedoms.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in high risk to your rights, we will also notify you directly.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, this may be extended by a further two months, and we will inform you of any extension.

Supervisory Authority

If you are not satisfied with how we handle your data or your rights request, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this will be the data protection authority in your country of residence. For UK residents, this is the Information Commissioner's Office (ICO).

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.