GDPR Compliance Statement

Last Updated: May 11, 2026

Overview

While firm-hinges is based in Australia and primarily serves Australian clients, we recognize that some of our website visitors may be located in the European Union. This page outlines our commitment to General Data Protection Regulation (GDPR) compliance for EU residents.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to our processing of your personal data
• Contract: When processing is necessary to fulfill our service agreement with you
• Legitimate Interests: When processing serves our legitimate business interests and doesn't override your rights
• Legal Obligation: When required by Australian or international law

Your GDPR Rights

If you are an EU resident, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.

Right to Erasure

You can request deletion of your personal data when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and no other legal basis exists
• You object to processing and no overriding legitimate grounds exist
• The data was unlawfully processed

Right to Restriction of Processing

You can request that we limit how we use your data when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You object to processing pending verification of legitimate grounds

Right to Data Portability

You can receive your personal data in a structured, commonly used format and transmit it to another controller when processing is based on consent or contract and is carried out by automated means.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time. Withdrawal doesn't affect the lawfulness of processing prior to withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

Email: [email protected]
Address: Level 14, 127 Creek Street, Brisbane QLD 4000, Australia

International Data Transfers

Your personal data is primarily stored and processed in Australia. When data is transferred outside the EU, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Specific retention periods include:

• Service-related data: Duration of service plus seven years
• Marketing communications: Until consent is withdrawn
• Website analytics: 26 months maximum

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Pseudonymization and encryption of personal data
• Ensuring ongoing confidentiality, integrity, availability, and resilience of systems
• Regular testing and evaluation of security effectiveness
• Procedures for restoring availability and access to data after incidents

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]

We will respond to your request within 30 days. In complex cases, this period may be extended by two additional months, and we will inform you of such extension.

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, by email.