Our commitment to protecting your data under the General Data Protection Regulation
Last updated: January 2024
mesa-voyage is committed to ensuring the protection of personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. Although we are based in Australia, we respect the privacy rights of visitors from the European Union and European Economic Area and comply with GDPR requirements when processing their personal data.
For the purposes of GDPR, the data controller is:
mesa-voyage
Level 12, 100 George Street
Sydney NSW 2000
Australia
Email: [email protected]
We process personal data based on one or more of the following legal grounds:
If you are a resident of the European Union or European Economic Area, you have the following rights:
You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
You have the right to request that we erase your personal data, under certain conditions.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions.
You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or you have made multiple requests, we may extend this period by a further two months, in which case we will inform you accordingly.
As we are based in Australia, your personal data may be transferred to and processed in Australia. When we transfer personal data from the EEA, we ensure appropriate safeguards are in place to protect your data, including:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the data, potential risk of harm from unauthorised use or disclosure, and applicable legal requirements.
We have implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption, access controls, and regular security assessments.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.
For any questions regarding GDPR compliance or to exercise your data protection rights, please contact us at:
mesa-voyage
Level 12, 100 George Street
Sydney NSW 2000
Australia
Email: [email protected]