GDPR Policy

Introduction

This GDPR Policy explains how echoslumen.com complies with the General Data Protection Regulation (GDPR) and protects the rights of individuals in the European Union. This policy supplements our Privacy Policy and provides additional information for EU residents.

echoslumen.com is committed to protecting your personal data and respecting your privacy rights under GDPR.

Data Controller Information

The data controller responsible for your personal information is:

• Company Name: echoslumen.com company
• Address: 10 Wellington Street, Fairfield NSW 2165, Australia
• Email: support@echoslumen.com
• Data Protection Contact: info@echoslumen.com

Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR:

Consent (Article 6(1)(a))

We process data based on your explicit consent when you:

• Accept our cookie policy
• Subscribe to our newsletter
• Submit contact forms
• Opt in to marketing communications

You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Contract Performance (Article 6(1)(b))

We process data necessary to provide our services and fulfill our obligations to you.

Legitimate Interests (Article 6(1)(f))

We process data for our legitimate interests in:

• Operating and improving our website
• Analysing website usage and performance
• Preventing fraud and ensuring security
• Internal administration and record-keeping

Legal Obligation (Article 6(1)(c))

We process data when required to comply with legal obligations under EU or member state law.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access (Article 15)

You have the right to obtain confirmation about whether we process your personal data and to access that data. You can request:

• A copy of your personal data
• Information about how we use your data
• Details about data recipients
• Information about data retention periods
• Your rights regarding your data

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. Contact us to update your information.

3. Right to Erasure (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent and there is no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required to comply with a legal obligation

Note that we may retain certain data if required by law or for legitimate business purposes.

4. Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data when:

• You contest the accuracy of the data
• Processing is unlawful but you oppose erasure
• We no longer need the data but you need it for legal claims
• You object to processing pending verification of legitimate grounds

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format. You can request that we transmit this data directly to another controller where technically feasible.

6. Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

7. Right Not to Be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects. We do not engage in such automated decision-making.

8. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

• Email: support@echoslumen.com
• Subject line: "GDPR Rights Request"
• Include: Your full name, email address, and specific request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons.

We may request additional information to verify your identity before processing your request.

Data We Collect

We collect and process the following categories of personal data:

Identity Data

• Name
• Email address

Technical Data

• IP address
• Browser type and version
• Device type
• Operating system
• Cookie identifiers

Usage Data

• Pages visited
• Time spent on pages
• Click patterns
• Referring URLs

Communication Data

• Contact form submissions
• Email correspondence
• Newsletter preferences

How We Use Your Data

We use your personal data for the following purposes:

• Providing and maintaining our services
• Responding to your enquiries and support requests
• Sending newsletters and updates (with consent)
• Improving our website and user experience
• Analysing website performance and usage patterns
• Ensuring security and preventing fraud
• Complying with legal obligations
• Internal record-keeping and administration

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact information: 3 years from last contact or until deletion requested
• Newsletter subscriptions: Until you unsubscribe
• Analytics data: 26 months maximum
• Cookie data: As specified in cookie settings (maximum 12 months)
• Legal records: As required by applicable law (typically 7 years)

After the retention period expires, we will securely delete or anonymise your data.

Data Sharing and Transfers

Third-Party Recipients

We may share your data with:

• Service providers who help operate our website (hosting, analytics)
• Professional advisers (lawyers, accountants, auditors)
• Law enforcement or regulatory authorities when required

All third parties are required to maintain appropriate security measures and process data only as instructed.

International Transfers

As we are based in Australia, your data may be transferred outside the EU. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other appropriate safeguards under GDPR Article 46

You can request a copy of the safeguards we have in place by contacting support@echoslumen.com.

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• SSL/TLS encryption for data in transit
• Encrypted storage for sensitive data
• Access controls and authentication
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures
• Regular backups with encryption

In the event of a data breach, we will notify affected individuals and relevant supervisory authorities within 72 hours as required by GDPR Article 33.

Cookies and Tracking

We use cookies and similar tracking technologies. You can manage your cookie preferences through our cookie consent banner.

Types of Cookies We Use

• Essential cookies: Required for website functionality
• Analytics cookies: Help us understand website usage (requires consent)
• Marketing cookies: Used for targeted advertising (requires consent)

Managing Cookies

You can:

• Accept or decline cookies through our consent banner
• Change preferences in cookie settings
• Delete cookies through your browser settings
• Use browser privacy modes

Note that disabling essential cookies may affect website functionality.

Children's Privacy

Our services are not directed at children under 13. We do not knowingly collect personal data from children under 13.

For users aged 13-16, we require parental consent where required by applicable member state law.

If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

Automated Processing and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects concerning you.

Any automated processing we conduct (such as analytics) does not result in decisions that affect your rights or create legal obligations.

Data Protection Officer

While we are not required to appoint a Data Protection Officer under GDPR, you can contact our data protection team at:

• Email: info@echoslumen.com
• Subject: Data Protection Enquiry

Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority.

You can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

Changes to This Policy

We may update this GDPR Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending email notification to registered users

We encourage you to review this policy regularly.

Contact Us

For any questions about this GDPR Policy or to exercise your rights, please contact us:

• Email: support@echoslumen.com (24-hour support)
• Email: info@echoslumen.com (data protection enquiries)
• Email: contact@echoslumen.com (general enquiries)
• Address: 10 Wellington Street, Fairfield NSW 2165, Australia

We aim to respond to all GDPR-related requests within one month.

Additional Resources

For more information about GDPR and your rights:

• European Commission GDPR Portal: ec.europa.eu/gdpr
• European Data Protection Board: edpb.europa.eu
• Your local data protection authority

Commitment to Compliance

echoslumen.com is committed to full compliance with GDPR. We regularly review our data protection practices and update our policies and procedures to ensure ongoing compliance.

We respect your privacy rights and take our responsibilities as a data controller seriously.