GDPR Compliance Statement

Last Updated: May 11, 2026

1. Applicability

While sleek-profile primarily serves Australian residents and operates under Australian Privacy Principles, we recognize that some clients may have connections to the European Union. This statement outlines our compliance with the General Data Protection Regulation (GDPR) for EU residents or citizens using our services.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide social benefits advisory services you've requested
• Legal Obligation: Compliance with Australian taxation, anti-money laundering, and record-keeping requirements
• Legitimate Interest: Fraud prevention, service improvement, and business operations
• Consent: Marketing communications and optional data processing activities

3. Data Controller Information

sleek-profile acts as the data controller for personal information collected through our services.

Contact Details:
sleek-profile
Level 14, 123 Eagle Street
Brisbane QLD 4000, Australia
Email: [email protected]

4. Your GDPR Rights

If you are an EU resident or citizen, you have the following rights:

Right to Access

You may request a copy of all personal data we hold about you, delivered in a structured, machine-readable format.

Right to Rectification

You can request correction of inaccurate or incomplete personal data at any time.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data, subject to our legal obligations to retain certain records for tax and regulatory purposes.

Right to Restriction of Processing

You can request that we limit how we use your data while you contest its accuracy or lawfulness.

Right to Data Portability

You may request transfer of your data to another service provider in a commonly used electronic format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

5. Data Processing Activities

We process the following categories of personal data:

• Identity data (name, date of birth, government identifiers)
• Contact data (address, email, postal code)
• Financial data (income, assets, payment information)
• Health data (medical information relevant to benefit eligibility)
• Technical data (IP address, browser type, device information)

6. International Data Transfers

Your personal data is primarily stored and processed in Australia. When we use third-party services with international operations, we ensure appropriate safeguards are in place through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Vendor certifications demonstrating GDPR compliance

7. Data Retention Periods

We retain personal data for:

• Active client files: Duration of service engagement plus seven years (Australian legal requirement)
• Marketing communications: Until you withdraw consent
• Website analytics: 26 months maximum
• Cookie data: As specified in our Cookies Policy

8. Data Security Measures

We implement technical and organizational measures including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Staff training on data protection principles
• Access controls and authentication requirements
• Incident response and breach notification procedures

9. Data Breach Notification

In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, in compliance with GDPR requirements.

10. Third-Party Data Sharing

We share personal data with:

• Australian government agencies (Services Australia) for benefit application purposes
• Service providers operating under data processing agreements
• Legal and regulatory authorities when required by law

We do not sell personal data to third parties.

11. Exercising Your Rights

To exercise any GDPR rights:

1. Submit a request to [email protected]
2. Include verification information (full name, service dates, email address)
3. Specify which right you wish to exercise

We will respond to valid requests within one month. Complex requests may require up to two additional months, and we will inform you of any extension.

12. Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection supervisory authority if they believe we have not complied with GDPR requirements.

13. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children without parental consent. If we become aware of such collection, we will delete the information promptly.

14. Updates to This Statement

We may update this GDPR compliance statement to reflect changes in regulations or our practices. Material changes will be communicated via email to affected individuals.

15. Contact Information

For GDPR-related inquiries or to exercise your rights:

Data Protection Officer
Email: [email protected]
Mail: sleek-profile, Level 14, 123 Eagle Street, Brisbane QLD 4000, Australia