GDPR Compliance

Last updated: June 4, 2026

Introduction

This page outlines how valley-lemur complies with the General Data Protection Regulation (GDPR) and explains your rights under this regulation. We are committed to protecting and respecting your privacy in accordance with applicable data protection laws.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for us to process your data for specific purposes
• Contract Performance: When processing is necessary to fulfill contractual obligations or take pre-contractual steps at your request
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms
• Legal Obligation: When processing is required to comply with applicable laws and regulations

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to your personal data and obtain information about how we process it. We will provide you with a copy of your data upon request.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with your request. We will respond to your request within one month, though this period may be extended by two additional months if your request is complex.

When making a request, please provide sufficient information to allow us to verify your identity and locate your data in our systems.

Data Processing Activities

Contact Forms and Inquiries

• Data Collected: Name, email address, service selection, project details
• Purpose: To respond to inquiries and provide requested services
• Legal Basis: Consent and contract performance
• Retention Period: 3 years from last contact or as required by law

Website Analytics

• Data Collected: IP address, browser information, pages visited, session duration
• Purpose: To analyze website performance and improve user experience
• Legal Basis: Legitimate interests
• Retention Period: 26 months

Cookies

• Data Collected: Cookie preferences, session data
• Purpose: To remember your preferences and enhance browsing experience
• Legal Basis: Consent (for non-essential cookies)
• Retention Period: As specified in our Cookies Policy

International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection
• Incident response and breach notification procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Third-Party Processors

When we engage third-party service providers to process data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance through appropriate contractual arrangements and data processing agreements.

Updates to This Information

We may update this GDPR compliance information from time to time. We will notify you of any material changes through our website or by other appropriate means.

Contact Information

For any questions or concerns regarding GDPR compliance or to exercise your rights, please contact us at:

valley-lemur
127 Brisbane Street
Sydney NSW 2000
Australia
Email: [email protected]