GDPR Compliance Statement

Last Updated: May 11, 2026

1. Introduction

Glow Masonry is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Australian privacy laws. This statement outlines our practices regarding the collection, use, and protection of personal data for individuals in the European Economic Area (EEA).

2. Data Controller

For the purposes of GDPR, Glow Masonry acts as the data controller for personal information collected through our website and services.

Contact: [email protected]
Address: Level 12, 480 Collins Street, Melbourne VIC 3000, Australia

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfill our service obligations to you
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights
  • Legal Obligation: When we must process data to comply with legal requirements

4. Your Rights Under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

4.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

4.3 Right to Erasure

You can request deletion of your personal data in certain circumstances.

4.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

4.5 Right to Data Portability

You can request that we transfer your data to another service provider.

4.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

4.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

4.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

5. Data Processing Activities

We process personal data for the following purposes:

  • Providing financial education services
  • Responding to inquiries and communication
  • Service delivery and customer support
  • Website analytics and improvement
  • Marketing communications (with your consent)
  • Legal and regulatory compliance

6. International Data Transfers

As we are based in Australia, personal data from EEA residents may be transferred outside the EEA. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Ensuring adequate data protection measures are maintained
  • Compliance with applicable data transfer regulations

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Typical retention periods include:

  • Client data: Duration of service relationship plus 7 years for legal compliance
  • Marketing data: Until consent is withdrawn or 2 years of inactivity
  • Website analytics: 24 months

8. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection practices
  • Incident response procedures

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

11. Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject: GDPR Rights Request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

13. Updates to This Statement

We may update this GDPR compliance statement periodically. Any changes will be posted on this page with an updated revision date.