GDPA MEMBER PRIVACY COMPLIANCE PORTAL
GLOBAL DATA PROTECTION AGENCY PTY LTD
HEREIN REFERRED TO AS THE (ENTITY)
SINCE 1ST JULY 2019 CERTIFICATION NUMBER: 000002
We are 100% committed to protecting your data, the same way we wish our own personal data to be protected by others. If you have any concern, please reach out to us. Our policy herein is designed to meet our local Data Privacy Regulation, including regulations of other jurisdictions where applicable. Should you find any aspect which does not meet our obligation towards you, please feel free to let us know via the Communication Options provided at the end of this page and we will address the matter accordingly.
We request your consent to use the personal data you enter below. This permits us to fulfill our obligations to you. At anytime you can exercise your RIGHTS regarding your personal data that we may have in our possession. We never request excessive personal data/information just for the sake of it and are able upon request to justify the reason as to why we are requesting such data/information and its purpose.
If you are under our minimum age of consent which is 16 years of age, your details will be permanently deleted within 5 working days if it has not been forwarded by your Guardian.
website 1 – public: https://trustgdpa.com/
website 2 – members only: https://audits.trustgdpa.com/
website 3 – members only: https://policy.trustgdpa.com/
website 4 – members only: https://knowledge.trustgdpa.com/
website 5 – members only: https://support.trustgdpa.com/
website 6 – members only: https://training.trustgdpa.com/
website 7 – members only: https://webinar.trustgdpa.com/
website 8 – administration only: https://admin.trustgdpa.com/
facebook – public: https://facebook.com/trustgdpa/
linkedin – public: https://linkedin.com/company/trustgdpa/
vimeo – public: https://vimeo.com/trustgdpa/
This policy also incorporates our obligations to comply with privacy regulations on how we collect and process your personal data via offline methods including in person, when sending physical hard copy data/information via postal services/courier (air/sea/road) and all other applicable offline methods.
By providing us with your data, you warrant that you are over the minimum age of consent. If you are not over the minimum age of consent, please provide parental, carer or guardian consent.
We the ENTITY are the data controller and are responsible for your personal data (referred to as “we”, “us” or “our” in this policy).
HOW CAN YOU CONTACT US?
If you have any questions or concerns about your privacy, you can contact us using the “Communication Options” found below. Should you have any complaints, we would be grateful if you contact us first.
HOW DO WE COLLECT YOUR PERSONAL DATA?
By providing us with your information data, you warrant to us that you are over the age of consent as defined in the Consent Form above.
We collect data about you through a variety of different methods.
Direct interactions: For example, when you fill in forms on our website (or otherwise) or by communicating with us in person, by post, phone, email or otherwise, including when you:
• Order our products or services.
• Create an account on our site.
• Subscribe to our services or publications.
• Request resources or marketing be sent to you.
• Enter a competition, prize draw, promotion or survey.
• Give us feedback.
Automated technologies or interactions: As you use our sites, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. For further details regarding cookies, please see cookies tab below.
Third Party or publicly available sources: Sometimes we will collect personal information from a third party or a publicly available source. When this occurs, we rely on the person providing us with that personal information having the right to do so. We don’t guarantee website links or policy of authorised third parties.
WHAT INFORMATION DO WE COLLECT?
We may collect personal information from you in the course of our business, including through your use of our Site, when you contact or request information from us, when you engage our services, or as a result of your relationship with one or more of our staff or clients.
To manage the different aspects of our relationship with you, we may collect the following personal information:
• Name and job title.
• Contact information including the company you work for, email address and social media account where appropriate.
• Demographic information such as your address, preferences and interests.
• Other information relevant to the provision of Services.
• Payment information.
• Information that you provide to us as part of us providing the Services to you
• Other information relevant to the provision of Services.
• Curriculum vitae, including your age and/or gender if you provide it to us, your education, employment history and similar matters and similar information that you may provide to us.
• Other information relevant to potential recruitment by us.
We collect this information to help us:
• Verify your identity.
• Deliver our services.
• Improve, develop and market new services.
• Carry out requests made by you on the site or in relation to our services.
• Investigate or settle enquiries or disputes.
• Comply with any applicable law, court order, other judicial processes, or the requirements of a regulator.
• Enforce our agreements with you.
• Protect the rights, property, or safety of us or third parties, including our other clients and users of the Site or our Services with recruitment purposes.
• Use as otherwise required or permitted by law.
HOW DO WE USE YOUR INFORMATION?
We may use your information for the following purposes:
Fulfilment of Services: We collect and maintain personal information that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services. Please note also that our Terms of Business apply when we provide the Services.
What is our legal basis? It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you. It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
Client Services: Our Site uses various user interfaces to allow you to request information about our Services including electronic enquiry forms and conference call service. Contact information may be requested in each case, together with details of other personal information that is relevant to your Service enquiry. This information is used to enable us to respond to your requests.
What is our legal basis? It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
Business Administration and Legal Compliance: We use your personal information for the following business administration and legal compliance purposes:
• To comply with our legal obligations.
• To enforce our legal rights.
• To protect the rights of third parties.
• In connection with a business transaction such as a merger, or a restructuring, or sale.
What is our legal basis? Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
Recruitment: We use your personal information to assess your suitability for any of our available positions for which you may apply, whether such application has been received by us online, via email or by hard copy or an in-person application.
What is our legal basis? Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for our company. We will not process any special category data except where we are able to do so under applicable legislation or with your explicit consent.
Marketing communications: We may carry out the following marketing activities using your personal information:
• Postal marketing.
• Email marketing.
We may use information that we observe about you from your interactions with our Site, our email communications to you and/or with Services to send you marketing communications.
We will only send you marketing communications where you have consented to receive such marketing communications, or where we have a lawful right to do so.
What is our legal basis? It is in our legitimate interest to use your personal information for marketing purposes.
• An IP address to monitor Site traffic and volume.
• A session ID to track usage statistics on our Site.
• Information regarding your personal or professional interests, demographics, experiences with our products and contact preferences.
Please see our Cookie section below for further information.
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of offers our registered users like to see.
We also use this information for marketing purposes (see the marketing section above for further details).
What is our legal basis? Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.
Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details, where available.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?
Depending upon the specific context in which we collect your personal data, our legal basis for processing will be one or more of the following:
• We have obtained your consent.
• To perform our obligations in accordance with any contract that we may have with you.
• It is in our legitimate interest to use your personal information in such a way to ensure that we provide the Services in the best way that we can.
• It is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
If you have questions about the legal basis on which we collect and use your Information, please contact us using the details provided in the Contact Us section below.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
We may share personal information with a variety of the following categories of third parties as necessary:
• Our professional advisers such as lawyers and accountants.
• Government or regulatory authorities.
• Regulators/tax authorities/corporate registries.
• Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers.
• Third parties engaged in the course of the services we provide to clients,
• Third party service providers to assist us with client insight analytics, such as Google Analytics.
• Third party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter.
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.
WHERE DO WE TRANSFER YOUR DATA?
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of indefinitely years.
HOW DO WE KEEP YOUR PERSONAL INFORMATION CONFIDENTIAL AND SECURE?
We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
DO WE ADHERE TO THIRD PARTY PRIVACY POLICIES?
Find below links to the privacy policies provided by the social media platforms we are or may become members of and to other social media platforms you may find useful.
You may find it beneficial and/or of interest in reading them, so you can understand on how they protect your data and where applicable any provisions they place upon us the Entity in protecting your data.
HOW DO WE RESPOND TO A DATA BREACH?
In the event of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will take the following steps:
• Immediately log the breach.
• Assess the risk to people’s rights and freedoms.
• Where required, report this breach to the affected individual(s) and the appropriate supervisory authority(ies).
• Conduct a Full Audit and based on the findings, update the security procedures and security measures to mitigate the chances of a similar breach reoccurring.
WHAT SHOULD YOU DO IF YOU FALL VICTIM TO A DATA BREACH?
If you believe you have been the victim of a data breach through one of our mediums, either online or offline, report the breach using the Data Breach Register below. We will respond in line with GDPR regulations, and keep you posted on the outcome of our investigation into the breach.
HOW CAN YOU ACCESS YOUR INFORMATION AND WHAT ARE YOUR OTHER RIGHTS?
You have the following rights in relation to the personal information we hold about you:
Your right of access: If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification: If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
Your right to erasure: You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable).
Your right to restrict processing: You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us.
Your right to data portability: You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object: You can ask us to stop processing your personal information, and we will do so, if we are:
• Relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing.
• Processing your personal information for direct marketing purposes.
Your right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the relevant Supervisory Authority.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
If you wish to exercise any of these rights, you can do so via the Data Subjects Access Requests portal below.
You will not have to pay a fee. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request, to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex, or if you have made a number of requests. In this case, we will notify you and keep you updated.
HOW DO WE HANDLE CHILDREN’S DATA?
Should we handle children’s personal data, we endeavour to do so by following the GDPR key standards:
BEST INTERESTS OF THE CHILD: We account for the best interests of any child as a primary consideration where any conflict arises, keeping children safe from exploitation risks and protecting their health and well-being.
DATA PROTECTION IMPACT ASSESSMENTS (DPIA): We undertake DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access our service and/or come in contact with our products, which may arise from the data processing.
AGE-APPROPRIATE APPLICATION: We undertake a risk-based approach to recognizing the age of individual users. This applies to the standards in the code of all users. Where we rely on consent for any aspects of our services, we obtain parental authorization for under aged individuals.
TRANSPARENCY: Under Article 5(1) of the GDPR we process personal data lawfully, fairly and in a transparent manner in relation to data subjects including children.
DETRIMENTAL USE OF DATA: We do not use children’s personal data in ways that show to be detrimental to their well-being, or that go against industry codes of practice, other regulatory provisions or Government advice.
POLICIES AND COMMUNITY STANDARDS: We uphold our own published terms, policies and community standards (including privacy policies, age restriction, behavior rules and content policies) herein and beyond. It’s our way of saying that we say what we do and we do what we say.
DEFAULT SETTINGS: Our operational settings are set to ‘high privacy’ by default, unless a compelling reason for a different default setting can be shown, taking into account the best interests of the child.
DATA MINIMIZATION: We collect and retain only the minimum amount of children’s personal data where needed to provide the elements of the service in which a child is actively and knowingly engaged. Where applicable children are also given separate choices over which elements they wish to activate.
DATA SHARING: Data relating to children is not disclosed unless a compelling reason to do so is shown, taking into account the best interests of the child.
GEOLOCATION: Geolocation tracking features are switched off by default, unless a compelling reason to switch it on is shown. In such case, an obvious sign for children is shown when location tracking is active. Options which make a child’s location visible to others default back to off at the end of each session.
PARENTAL CONTROLS: Children are provided with age-appropriate information about parental controls. If any of our online service allows a parent or a guardian to monitor a child’s online activity or track their location, then our service will provide an obvious sign to the child when they are being monitored.
PROFILING: Any profiling options are turned off by default. The off by default setting does not mean that profiling is not possible or not permitted. Whenever possible, children are offered control over whether and how their personal data is used. Profiling is subject to a privacy setting and only occurs when there are appropriate measures in place to protect the child from any harmful effects, such as content that is detrimental to their health or well-being.
NUDGE TECHNIQUES: We do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protection.
CONNECTED TOYS AND DEVICES: Should we provide connected toys or devices e.g. a fitness band that records the child’s level of physical activity and then transmits this back to servers, or a home hub interactive speaker device,) it will include effective tools to enable conformance to the code. This includes being clear about who is processing the child’s personal data and what their responsibilities are, anticipating and providing for use by multiple users of different ages, providing clear information about our use of personal data at point of purchase and on set-up, finding ways to communicate just in time information and avoiding passive collection of personal data.
ONLINE TOOLS: Where applicable, prominent and accessible tools are provided to help children exercise their data protection rights and report concerns.
WHAT ARE COOKIES?
A cookie is a small file of letters and numbers that is stored on your browser or the hard drive of your computer. When you visit our site, strictly necessary cookies will be placed on your device.
Cookies enable sites to:
• Keep you signed in
• Remember your site preferences
• Give you locally relevant content
You can change cookie settings, by changing the settings on your browser. To do so, find your chosen browser below and follow the instructions provided. Please note that disabling cookies may interrupt the flow of your information to us and not permit us to meet our obligations to you.
• how to disable cookies on chrome
• how to disable cookies on firefox
• how to disable cookies on edge
• how to disable cookies on mac
• how to disable cookies on ipad
• how to disable cookies on iphone
• how to disable cookies on phone
• how to disable cookies on opera
• how to disable cookies on internet explorer
• how to disable cookies on safari
OUR COOKIE LIST
Below is the list of cookies we use. All Cookies are leveraged to provide site functionality, analytics, advertising and profiling (if applicable) to ensure you get the best experience possible.
COOKIE LIST: GDPA
|Strictly Necessary||_GRECAPTCHA||www.google.com||Third-party||6 months||Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.||2|
|Strictly Necessary||__cf_bm||.vimeo.com||Third-party||30 minutes||This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.||3|
|Functionality||__stripe_mid||.audits.trustgdpa.com||First-party||1 year||This cookie is associated with Calendly, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website.||4|
|Functionality||__stripe_sid||.audits.trustgdpa.com||First-party||30 minutes||This cookie is associated with Calendly, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website.||5|
|Unclassified||m||m.stripe.com||Third-party||2 years||NOT AVAILABLE||6|
STILL HAVE CONCERNS ABOUT COOKIES?
If you are still not comfortable with the cookies we use then reach out to us via the COMMUNICATION OPTIONS below and we will do our best to put any concern you may have to rest.
WHAT IS PRIVACY BY DESIGN?
Privacy by Design (PbD) is a data privacy concept that calls for the incorporation of data privacy protections into the design of information systems, products, and services.
When designing our website(s), or any new personal data information gathering activity, we endeavour to implement “PRIVACY BY DESIGN”, as outlined by the 12 GDPR Principles:
1. Implementing data protection issues as part of the design and implementation of systems, services, products and business practices.
2. Making data protection an essential component of the core functionality of our processing systems and services.
3. Anticipating risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
4. Processing only the personal data that we need for our purposes(s), and that we only use the data for those purposes.
5. Ensuring that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
6. Providing the appropriate communication channels where our members can dialogue with us.
7. Adopting a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
8. Providing individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
9. Offering strong privacy defaults, user-friendly options and controls, and respect user preferences.
10. Using only data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
11. When using other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
12. Using privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.
Rest assured, we are not perfect and have no doubt that we may have not taken certain aspects into account, not because we have ignored them but because they have slipped our radar. Tell us, this is the only way we can improve our service and obligation to YOU via the COMMUNICATION OPTIONS below.
To us, Trust is Everything!
WHAT IS OUR COMMITMENT TO COMPLIANCE?
We are committed to uphold the highest standards when it comes to protecting your personal data and doing the right thing by YOU, as we would expect others to do the right thing by US.
Perfection is something we strive for and is part of our culture. In saying that, we are also human and no doubt will make mistakes. When we do, you will be able to view them via our recorded breaches in the COMMUNICATIONS OPTIONS provided below.
Being a member of GDPA provides us with the knowledge and tools to continually work towards being compliant with the protection you would expect from us.
If you identify any shortfalls we may have, we invite you to contact us directly via the COMMUNICATIONS OPTIONS provided below, and we will come back to you within the shortest possible time-frame during our business hours and work towards correcting the matter and/or clarifying any doubts you may have.
You can contact us via traditional post directly to our appointed GDPR Registrar acting on our behalf as our registered European GDPR Secretariat.
Our GDPR Secretariats duties are to view your submission and submit them to us, where we will take the necessary steps in answering you accordingly in-line with the GDPR Regulations and the protection of your personal data.
Please address the mail as follows:
BUSINESS PHONE NUMBER GLOBAL
☎ International: +61 1300 464372
☎ National: 1300 GOGDPA or 1300 464372
BUSINESS PHONE NUMBER EUROPE
☎ International: +30 21 0300 4376
☎ National: 21 0300 4376
★ Monday to Friday
★ 9am to 5pm
★ Excluding Public Holidays
Title: Co-Founder / DPO
Name: Emin Hasic
We have declared ourselves to the applicable Supervisory Authorities.
Following is a detailed list of all Supervisory Authorities:
|1||Austria||Österreichische Datenschutzbehörde||Hohenstaufengasse 3
|+43 1 531 15 202525||+43 1 531 15 firstname.lastname@example.org||http://www.dsb.gv.at/|
|2||Australia||Office of the Australian Information Commissioner||Level 3, 175 Pitt Street
Sydney NSW 2000
|+1300 363 992||+61 2 9284 email@example.com||https://www.oaic.gov.au/|
|3||Belgium||Commission de la protection de la vie privée||Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35
1000 Bruxelles / 1000 Brussel
|+32 2 274 48 00||+32 2 274 48 firstname.lastname@example.org||http://www.privacycommission.be/|
|4||Bulgaria||Commission for Personal Data Protection||2, Prof. Tsvetan Lazarov blvd.
|+359 2 915 3580||+359 2 915 email@example.com||http://www.cpdp.bg/|
|5||Croatia||Croatian Personal Data Protection Agency||Martićeva 14
|+385 1 4609 000||+385 1 4609 firstname.lastname@example.org , email@example.com||http://www.azop.hr/|
|6||Cyprus||Commissioner for Personal Data Protection||1 Iasonos Street,
P.O. Box 23378, CY-1682 Nicosia
|+357 22 818 456||+357 22 304 firstname.lastname@example.org||http://www.dataprotection.gov.cy/|
|7||Czech Republic||The Office for Personal Data Protection||Urad pro ochranu osobnich udaju
Pplk. Sochora 27
170 00 Prague 7
|+420 234 665 111||+420 234 665 email@example.com||http://www.uoou.cz/|
|8||Denmark||Datatilsynet||Borgergade 28, 5
1300 Copenhagen K
|+45 33 1932 00||+45 33 19 32 firstname.lastname@example.org||http://www.datatilsynet.dk/|
|9||Estonia||Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)||Väike-Ameerika 19
|+372 6274 135||+372 6274 email@example.com||http://www.aki.ee/en|
|10||Finland||Office of the Data Protection Ombudsman||P.O. Box 315
|+358 10 3666 700||+358 10 3666 firstname.lastname@example.org||http://www.tietosuoja.fi/en/|
|11||France||Commission Nationale de l’Informatique et des Libertés||8 rue Vivienne, CS 30223
F-75002 Paris, Cedex 02
|+33 1 53 73 22 22||+33 1 53 73 22 00||not available||http://www.cnil.fr/|
|12||Germany||Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit||Husarenstraße 30
|+49 228 997799 0 , 49 228 81995 0||+49 228 997799 550 , +49 228 81995 email@example.com||http://www.bfdi.bund.de/|
|13||Greece||Hellenic Data Protection Authority||Kifisias Av. 1-3, PC 11523
|+30 210 6475 600||+30 210 6475 firstname.lastname@example.org||http://www.dpa.gr/|
|14||Hungary||National Authority for Data Protection and Freedom of Information||Szilágyi Erzsébet fasor 22/C
|+36 1 3911 400||not email@example.com||http://www.naih.hu/|
|15||Iceland||Icelandic Data Protection Agency||Rauðarárstíg 10
|+354 510 9600||+354 510 firstname.lastname@example.org||https://www.personuvernd.is/|
|16||Ireland||Data Protection Commissioner||Canal House
|Local call: 1890 25 22 31 , Phone:+353 57 868 4800||+353 57 868 email@example.com||http://www.dataprotection.ie/|
|17||Italy||Garante per la protezione dei dati personali||Piazza di Monte Citorio, 121
|+39 06 69677 1||+39 06 69677 firstname.lastname@example.org||http://www.garanteprivacy.it/|
|18||Latvia||Data State Inspectorate||Blaumana str. 11/13-15
|+371 6722 3131||+371 6722 email@example.com||http://www.dvi.gov.lv/|
|19||Liechtenstein||Data Protection Office||Kirchstrasse 8, P.O. Box 684
Principality of Liechtenstein
|+423 236 6090||not firstname.lastname@example.org||http://www.sds.llv.li/|
|20||Lithuania||State Data Protection||Žygimantų str. 11-6a
|+ 370 5 279 14 45||+370 5 261 94 email@example.com||http://www.ada.lt/|
|21||Luxembourg||Commission Nationale pour la Protection des Données||1, avenue du Rock’n’Roll
|+352 2610 60 1||+352 2610 60 firstname.lastname@example.org||http://www.cnpd.lu/|
|22||Malta||Office of the Data Protection Commissioner||2, Airways House
High Street, Sliema SLM 1549
|+356 2328 7100||+356 2328 email@example.com||http://www.dataprotection.gov.mt/|
|23||Netherlands||Autoriteit Persoonsgegevens||Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague
|+31 70 888 8500||+31 70 888 firstname.lastname@example.org||https://autoriteitpersoonsgegevens.nl/nl|
|24||New Zealand||Privacy Commissioner||Auckland
51 – 53 Shortland Street
|+64 9 302 8680||+64 4 474 email@example.com||https://privacy.org.nz/|
|25||Norway||Datatilsynet||The Data Inspectorate
P.O. Box 8177 Dep
|+47 22 39 69 00||+47 22 42 23 firstname.lastname@example.org||https://www.datatilsynet.no/en/|
|26||Poland||The Bureau of the Inspector General for the Protection of Personal Data||ul. Stawki 2
|+48 22 53 10 440||+48 22 53 10 email@example.com , firstname.lastname@example.org||http://www.giodo.gov.pl/|
|27||Portugal||Comissão Nacional de Protecção de Dados||R. de São. Bento, 148-3°
|+351 21 392 84 00||+351 21 397 68 email@example.com||http://www.cnpd.pt/|
|28||Romania||The National Supervisory Authority for Personal Data Processing||B-dul Magheru 28-30
Sector 1, BUCUREŞTI
|+40 21 252 5599||+40 21 252 firstname.lastname@example.org||http://www.dataprotection.ro/|
|29||Slovakia||Office for Personal Data Protection of the Slovak Republic||Hraničná 12
820 07 Bratislava 27
|+ 421 2 32 31 32 14||+ 421 2 32 31 32 email@example.com||http://www.dataprotection.gov.sk/|
|30||Slovenia||Information Commissioner||Zaloška 59
|+386 1 230 9730||+386 1 230 firstname.lastname@example.org||https://www.ip-rs.si/|
|31||Spain||Agencia de Protección de Datos||C/Jorge Juan, 6
|+34 91399 6200||+34 91455 email@example.com||https://www.agpd.es/|
104 20 Stockholm
|+46 8 657 6100||+46 8 652 firstname.lastname@example.org||http://www.datainspektionen.se/|
|33||Switzerland||Data Protection and Information Commissioner of Switzerland||Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Mr Adrian Lobsiger
|+41 58 462 43 95||+41 58 462 99 email@example.com||https://www.edoeb.admin.ch/edoeb/en/home.html|
|34||United Kingdom||The Information Commissioner’s Office||Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
|+44 1625 545 745||not firstname.lastname@example.org||https://ico.org.uk/|
As an international organization we are required to comply with the Australian Privacy Principles (APPs).
The APPs are the cornerstone of the privacy protection framework in the Australian Privacy Act 1988 (Privacy Act). They apply to any organisation or agency the Privacy Act covers.
The Australian Privacy Principles are principles-based law. This gives an organisation or agency flexibility to tailor their personal information handling practices to their business models and the diverse needs of individuals. They are also technology neutral, which allows them to adapt to changing technologies.
A breach of an Australian Privacy Principle is an ‘interference with the privacy of an individual’ and can lead to regulatory action and penalties.