GDPR Compliance

zen-cedar is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements for visitors from the European Economic Area (EEA).

Data Controller

zen-cedar acts as the data controller for personal information collected through our website and services. Our contact details are:

zen-cedar
142 Flinders Lane
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities, such as marketing communications.
• Contractual Necessity: When processing is necessary to fulfil a contract with you, such as processing a workshop booking.
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights.
• Legal Obligation: When we are required by law to process your data.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

International Data Transfers

As we are based in Australia, your personal data may be transferred outside the EEA. We ensure appropriate safeguards are in place to protect your data, including:

• Standard contractual clauses approved by the European Commission
• Ensuring recipients are in countries with adequate data protection laws

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods are determined based on:

• The nature and sensitivity of the data
• Legal requirements and obligations
• The purposes for which we process the data

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular testing and evaluation of security measures
• Procedures to ensure ongoing confidentiality, integrity, and availability of systems

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, in which case we will inform you of the extension.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Updates to This Policy

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.