GDPR Compliance

Last Updated: May 22, 2026

Introduction

While CanberavordProX is an Australian-based company primarily serving Australian residents, we respect the data protection rights of all individuals, including those protected under the European Union's General Data Protection Regulation (GDPR).

This document outlines how we comply with GDPR principles when processing personal data of EU residents.

Data Controller

For the purposes of GDPR, CanberavordProX is the data controller responsible for your personal information.

CanberavordProX
Level 12, 340 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for a contract we have with you, or to take steps at your request before entering into a contract
  • Legal Obligation: Processing is necessary to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party (unless your rights and interests override those interests)

Your Rights Under GDPR

If you are an EU resident, you have the following rights:

1. Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

2. Right to Rectification

You have the right to request correction of inaccurate personal data and completion of incomplete personal data.

3. Right to Erasure

You have the right to request deletion of your personal data under certain conditions, including:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal ground for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

4. Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain conditions.

5. Right to Data Portability

You have the right to request transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.

6. Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with:

  • Your full name and contact information
  • The specific right you wish to exercise
  • Any relevant details to help us locate your information

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will notify you.

Data Processing Activities

Personal Data We Collect

  • Identity data (name, date of birth)
  • Contact data (email, postal address)
  • Financial data (income, assets, liabilities)
  • Technical data (IP address, browser type, device information)
  • Usage data (how you use our website and services)
  • Marketing and communications data (preferences for receiving communications)

How We Use Your Data

  • To provide financial advisory services
  • To communicate with you
  • To improve our website and services
  • To comply with legal obligations
  • For marketing purposes (with your consent)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • To satisfy legal, accounting, or reporting requirements
  • To maintain records of our transactions and services
  • To defend potential legal claims

Financial records are typically retained for 7 years in accordance with Australian law.

International Data Transfers

As an Australian company, your data is primarily processed in Australia. Australia is recognized by the European Commission as providing adequate data protection.

If we transfer data to other countries, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Your explicit consent

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

Third-Party Service Providers

We may share your data with third-party service providers who process data on our behalf, including:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Analytics providers

All third-party processors are required to respect the security of your data and process it only according to our instructions.

Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, see our Cookies Policy.

You can manage your cookie preferences through our cookie banner or your browser settings.

Children's Data

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16 without parental consent.

Supervisory Authority

If you are an EU resident and believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Updates to This Policy

We may update this GDPR compliance statement from time to time. We will notify you of any material changes by posting the updated policy on our website.

Contact Us

For questions about GDPR compliance or to exercise your rights, contact us:

Email: [email protected]
Address: Level 12, 340 Collins Street, Melbourne VIC 3000, Australia