GDPR Compliance

General Data Protection Regulation (GDPR)

prism-harbor is committed to ensuring that our data processing practices comply with the General Data Protection Regulation (GDPR), which governs the processing of personal data of individuals within the European Economic Area (EEA).

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal Obligation: Processing is necessary for compliance with a legal obligation
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request copies of your personal data.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time.

Data Protection Officer

For any questions regarding our GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: Level 7, 142 Collins Street, Melbourne VIC 3000, Australia

How to Exercise Your Rights

To exercise any of your rights under GDPR, please submit a written request to [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and where feasible, within 72 hours of becoming aware of the breach.