GDPR Compliance

Our Commitment to GDPR

spark-assistant Pty Ltd recognises the importance of data protection for all individuals, including those located in the European Economic Area (EEA) and the United Kingdom. Although we are an Australian company, we are committed to respecting the principles established by the General Data Protection Regulation (GDPR) for any data subjects whose information we may process.

This page outlines how we handle personal data in accordance with GDPR requirements and explains your rights as a data subject.

Data Controller Information

For the purposes of GDPR, spark-assistant Pty Ltd acts as the data controller for personal information collected through our website and services.

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

Contractual Necessity

When you engage our services, we process data necessary to fulfil our contractual obligations. This includes contact information, device details, and service records required to complete repairs or provide IT support.

Legitimate Interests

We may process data when we have a legitimate business interest that does not override your rights. This includes improving our services, maintaining security, and communicating with existing clients about service updates.

Consent

For certain processing activities, such as sending marketing communications or placing non-essential cookies, we obtain your explicit consent. You may withdraw consent at any time.

Legal Obligations

We process data when required to comply with applicable laws, such as tax regulations and consumer protection requirements.

Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Right of Access

You may request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request, along with details about how the data is being used.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will update the information promptly upon verification.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the original purpose or when you withdraw consent.

Right to Restrict Processing

You may request that we limit how we use your data while we verify its accuracy or assess a complaint you have made.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you. We do not currently use automated decision-making processes.

Exercising Your Rights

To exercise any of the rights described above, please submit a request by email to [email protected]. Include sufficient information to verify your identity and specify which right you wish to exercise.

We will respond to your request within one month. In complex cases, this period may be extended by two additional months, but we will inform you of any delay and the reasons for it.

There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests, where we may charge a reasonable administrative fee.

International Data Transfers

As an Australian company, your data may be stored and processed in Australia. Australia is recognised by the European Commission as providing an adequate level of data protection.

If we transfer data to other countries, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Binding corporate rules for intra-group transfers

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in our Privacy Policy. Specific retention periods include:

• Service records: Duration of the business relationship plus 3 years
• Financial records: 7 years as required by Australian tax law
• Marketing data: Until consent is withdrawn or data becomes stale
• Website analytics: Maximum 26 months in aggregated form

Upon expiry of retention periods, data is securely deleted or anonymised.

Data Security Measures

We implement technical and organisational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorised personnel
• Regular security assessments and penetration testing
• Staff training on data protection and security awareness
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in high risk to you, we will also notify you directly without undue delay.

Third-Party Processors

We engage third-party service providers who process data on our behalf. These processors are bound by data processing agreements that require them to:

• Process data only on our documented instructions
• Maintain confidentiality of personal data
• Implement appropriate security measures
• Assist us in responding to data subject requests
• Delete or return data upon termination of services

Supervisory Authority

If you are dissatisfied with how we handle your personal data or believe we have not addressed your concerns adequately, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence. For UK residents, the relevant authority is the Information Commissioner's Office (ICO).

We encourage you to contact us first so we can attempt to resolve your concerns directly.

Updates to This Information

We may update this GDPR compliance information periodically. Changes will be posted on this page with an updated revision date. We recommend reviewing this page regularly to stay informed about our data protection practices.

Last updated: April 2026

Contact Us

For questions about GDPR compliance or to exercise your data protection rights, please contact: