Introduction
clever-aurora is committed to protecting the personal data of all individuals, including those residing in the European Union (EU) and European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation.
The GDPR provides individuals with greater control over their personal data and places certain obligations on organisations that process personal data.
Data Controller
For the purposes of the GDPR, clever-aurora acts as the Data Controller for personal data collected through our website and services. This means we determine the purposes and means of processing your personal data.
Contact details:
clever-aurora
Level 12, 180 George Street
Sydney NSW 2000
Australia
Email: [email protected]
Legal Basis for Processing
We process personal data under the following legal bases as defined by the GDPR:
Contractual Necessity
We process data necessary to fulfil our contractual obligations, such as processing bookings, managing vehicle hire agreements, and providing customer support.
Consent
Where required, we obtain your explicit consent before processing your data. This includes consent for marketing communications and the use of non-essential cookies.
Legitimate Interests
We may process data based on our legitimate business interests, provided these do not override your fundamental rights. This includes fraud prevention, network security, and improving our services.
Legal Obligations
We process data as required to comply with legal and regulatory obligations, such as tax reporting and responding to lawful requests from authorities.
Your Rights Under GDPR
If you are located in the EU or EEA, you have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.
Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure
You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to Restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object
You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.
Exercising Your Rights
To exercise any of these rights, please contact us using the details below. We may need to verify your identity before processing your request. We will respond to your request within 30 days, or inform you if an extension is required.
Email: [email protected]
Subject line: GDPR Request - [Your Name]
International Data Transfers
clever-aurora is based in Australia. If you are located in the EU or EEA, your data may be transferred to and processed in Australia. We ensure appropriate safeguards are in place to protect your data during such transfers, including reliance on standard contractual clauses approved by the European Commission.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Specific retention periods include:
- Booking records: 7 years (legal and tax requirements)
- Marketing consent records: Until consent is withdrawn
- Website analytics data: 26 months
- Customer enquiries: 3 years from last contact
Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit and at rest
- Regular security assessments
- Access controls and authentication measures
- Staff training on data protection
- Incident response procedures
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
Complaints
If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. For EU residents, you may contact your local data protection authority. A list of EU data protection authorities can be found on the European Commission website.
We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us in the first instance.
Updates to This Information
We may update this GDPR information page from time to time. Any changes will be posted on this page with an updated revision date.
Contact Us
For any questions or concerns regarding GDPR compliance or data protection, please contact:
clever-aurora
Level 12, 180 George Street
Sydney NSW 2000
Australia
Email: [email protected]