GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR

Twinkle Fusion is committed to protecting the privacy and personal data of all individuals, including those in the European Economic Area (EEA). Although we are based in Australia, we recognise and respect the rights granted under the General Data Protection Regulation (GDPR) and extend these protections to all our users.

Data Controller

For the purposes of the GDPR, Twinkle Fusion acts as the data controller for personal information collected through our website and services. Our contact details are:

Twinkle Fusion
Suite 412, 180 Flinders Street
Melbourne VIC 3000
Australia
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases as defined by the GDPR:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications.
  • Contract: Where processing is necessary to perform a contract with you, such as providing our culinary services after you make a booking.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.
  • Legal Obligation: Where processing is necessary to comply with legal requirements.

Your Rights Under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information free of charge within one month of receiving your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we limit how we use your personal information in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing.

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to have that information transmitted to another data controller where technically feasible.

Right to Object

You have the right to object to the processing of your personal information for direct marketing purposes or where processing is based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not currently engage in automated decision-making.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with a supervisory authority in your country of residence.

International Data Transfers

As we are based in Australia, your personal information may be transferred to and processed in Australia. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Processing in countries deemed to have adequate data protection by the European Commission
  • Other appropriate safeguards as permitted by GDPR

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods depend on:

  • The nature of the information and our relationship with you
  • Legal requirements and obligations
  • Legitimate business needs

When personal information is no longer needed, we securely delete or anonymise it.

Data Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest where appropriate
  • Access controls limiting who can view personal information
  • Regular security assessments and updates
  • Staff training on data protection

Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without appropriate parental consent, we will delete that information.

Updates to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated effective date.

Contact Us

For any questions about this GDPR notice or how we handle your personal data, please contact us at:

Email: [email protected]
Address: Suite 412, 180 Flinders Street, Melbourne VIC 3000, Australia

We use cookies to enhance your experience. By continuing to visit this site, you agree to our use of cookies. Learn more