GDPR Compliance Statement

Last Updated: May 11, 2026

1. Introduction

purity-flux is committed to protecting the privacy and personal data of all individuals, including those in the European Union (EU) and European Economic Area (EEA). This GDPR Compliance Statement explains how we comply with the General Data Protection Regulation (GDPR) when processing personal data of EU/EEA residents.

This statement should be read in conjunction with our Privacy Policy.

2. Data Controller

For the purposes of GDPR, purity-flux is the data controller responsible for your personal data.

Contact Details:
purity-flux
Level 12, 385 Bourke Street
Melbourne VIC 3000
Australia
Email: [email protected]

3. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).
  • Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: When we need to process your data to comply with legal obligations.
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.

4. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

4.1 Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

4.2 Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

4.3 Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

4.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

4.5 Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

4.6 Right to Object

You have the right to object to our processing of your personal data, under certain conditions.

4.7 Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by up to two additional months, and we will inform you of any such extension.

6. Data We Collect

We collect and process the following categories of personal data:

  • Identity data (name, title)
  • Contact data (email address, telephone number, business address)
  • Professional data (company name, job title, business requirements)
  • Technical data (IP address, browser type, device information)
  • Usage data (how you use our website and services)
  • Marketing and communications data (preferences for receiving communications)

7. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and deliver our consulting services
  • To respond to inquiries and communicate with you
  • To improve our website and services
  • To send you marketing communications (where you have consented)
  • To comply with legal and regulatory obligations
  • To protect our business and your data from fraud and security threats

8. Data Sharing and International Transfers

We may share your personal data with:

  • Service providers who assist us in operating our business (e.g., email service providers, analytics providers)
  • Professional advisers (lawyers, accountants, auditors)
  • Regulatory authorities when required by law

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as permitted by GDPR

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • For the duration of our business relationship with you
  • To comply with legal, accounting, or reporting requirements
  • To establish, exercise, or defend legal claims
  • For legitimate business purposes such as fraud prevention

When we no longer need your personal data, we will securely delete or anonymize it.

10. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls and authentication requirements
  • Staff training on data protection and security
  • Incident response procedures

11. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Document all data breaches and the actions taken in response

12. Cookies and Tracking

We use cookies and similar tracking technologies on our website. You can control cookie settings through our cookie banner and your browser settings. For more information, please see our Cookies Policy.

13. Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

14. Withdrawal of Consent

Where we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. To withdraw consent, please contact us at [email protected].

Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data in violation of GDPR. The lead supervisory authority for purity-flux is the Australian Information Commissioner, but you may also contact your local EU/EEA data protection authority.

EU/EEA residents can find their local supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

16. Changes to This Statement

We may update this GDPR Compliance Statement from time to time. We will notify you of any material changes by posting the new statement on this page and updating the "Last Updated" date.

17. Contact Us

If you have any questions about this GDPR Compliance Statement or how we process your personal data, please contact us:

Email: [email protected]
Address: Level 12, 385 Bourke Street, Melbourne VIC 3000, Australia