GDPR Compliance Statement

Last Updated: June 3, 2026

Our Commitment to GDPR

Olive Tide is committed to protecting the personal data and privacy rights of all individuals, including those in the European Union. We comply with the General Data Protection Regulation (GDPR) and ensure that your personal information is processed lawfully, fairly, and transparently.

Data Controller Information

For the purposes of GDPR, the data controller is:

Olive Tide
Level 3, 147 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill our service agreement with you
• Legitimate Interest: Processing necessary for our business operations, provided your rights do not override these interests
• Legal Obligation: Processing required to comply with legal requirements
• Consent: Processing based on your explicit consent, which you may withdraw at any time

Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restriction of Processing

You can request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

We may require proof of identity before processing your request to ensure data security.

Data Processing Activities

Personal Data We Collect

• Identity data (name)
• Contact data (email address)
• Transaction data (booking details, payment information)
• Technical data (IP address, browser information)
• Usage data (how you interact with our website)
• Marketing and communications data (your preferences for receiving communications)

Purpose of Processing

• Managing bookings and delivering services
• Customer relationship management
• Processing payments
• Website functionality and improvement
• Marketing communications (with consent)
• Legal compliance

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Booking and transaction data: 7 years (for legal and accounting purposes)
• Marketing consent data: Until consent is withdrawn
• Website analytics data: 26 months
• Correspondence: 3 years from last contact

International Data Transfers

As we are based in Australia, your personal data may be transferred outside the European Economic Area. We ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Processing by organizations with adequate data protection certifications
• Compliance with GDPR requirements for international transfers

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Incident response procedures

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Third-Party Processors

We work with third-party service providers who process data on our behalf. All processors are contractually required to:

• Process data only on our instructions
• Implement appropriate security measures
• Assist with GDPR compliance
• Delete or return data upon request

Children's Data

We do not knowingly process personal data of children under 16 without parental consent. If you believe we have collected such data, please contact us immediately.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will notify you of significant changes and update the "Last Updated" date.

Contact and Complaints

For questions about our GDPR compliance or to exercise your rights:

Email: [email protected]
Address: Level 3, 147 Collins Street, Melbourne VIC 3000, Australia

If you are not satisfied with our response, you may lodge a complaint with your local supervisory authority.