Sunlit Quest Logo

GDPR Compliance

Your data rights and our commitment to protection

Last Updated: December 2024

GDPR Overview

The General Data Protection Regulation (GDPR) is a European Union regulation that protects personal data. While Sunlit Quest is based in Australia, we respect and uphold GDPR principles for all clients, including those in the EU/EEA.

Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to certain types of processing
  • Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling

We process your data based on:

  • Consent: When you provide explicit consent (e.g., newsletter signup)
  • Contract Performance: To deliver services you've engaged us for
  • Legitimate Interests: For business operations and service improvement
  • Legal Obligations: To comply with applicable laws

International Data Transfers

As an Australian company, your data is primarily stored in Australia. When data is transferred internationally, we ensure:

  • Transfers are to countries with adequate protection levels
  • Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
  • Your rights remain protected regardless of location

Data Retention

We retain personal data only as long as necessary:

  • Client Data: Duration of engagement plus 7 years (legal requirements)
  • Marketing Data: Until you unsubscribe or request deletion
  • Website Analytics: 26 months

How to Exercise Your Rights

To exercise any GDPR rights:

Email: [email protected]
Subject Line: "GDPR Data Request"

We will respond within 30 days and verify your identity before processing requests.

Data Protection Authority

You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we've violated GDPR.