Last Updated:
Shexlyondhol is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our approach to data protection and our compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other applicable data protection regulations.
This policy applies to all personal data we collect, process, store, and share in the course of our business operations. It applies to all employees, contractors, partners, and third parties who process personal data on our behalf.
For the purposes of this policy:
We adhere to the following data protection principles in all our data processing activities:
We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how we collect and use personal data through our privacy notices and policies.
We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes. We clearly communicate the purposes for which we collect data at the time of collection.
We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We regularly review the data we hold and delete data that is no longer needed.
We take reasonable steps to ensure that personal data is accurate, complete, and up to date. We provide mechanisms for individuals to update their personal data and correct inaccuracies.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. We have established retention schedules for different categories of data.
We implement appropriate technical and organizational measures to ensure the security of personal data, protecting it against unauthorized or unlawful processing, accidental loss, destruction, or damage.
We are responsible for and can demonstrate compliance with data protection principles. We maintain records of our processing activities and regularly review our data protection practices.
We process personal data only when we have a lawful basis to do so. The legal bases we rely on include:
We may process personal data based on the explicit consent of the data subject. Consent must be freely given, specific, informed, and unambiguous. Individuals have the right to withdraw consent at any time.
We process personal data when necessary to perform a contract with the data subject or to take steps at their request before entering into a contract.
We process personal data when necessary to comply with legal obligations to which we are subject, such as tax reporting or record-keeping requirements.
We may process personal data when necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by the data subject's rights and freedoms.
We respect and facilitate the exercise of data subject rights under applicable data protection laws. These rights include:
Individuals have the right to request access to their personal data and obtain information about how we process it. We will provide a copy of the personal data undergoing processing, free of charge, within 30 days of the request.
Individuals have the right to request correction of inaccurate personal data and completion of incomplete personal data. We will respond to rectification requests within 30 days.
In certain circumstances, individuals have the right to request deletion of their personal data. This right applies when the data is no longer necessary for the purposes for which it was collected, consent is withdrawn, or the processing is unlawful.
Individuals have the right to request restriction of processing in certain circumstances, such as when the accuracy of the data is contested or the processing is unlawful.
Where technically feasible, individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Individuals have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override the individual's interests.
Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect them.
We implement comprehensive security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:
We implement strict access controls to ensure that personal data is only accessible to authorized personnel who need it to perform their job functions. Access rights are regularly reviewed and updated.
We have established procedures to detect, report, and investigate data breaches:
We monitor our systems and processes to detect potential data breaches. All staff are trained to recognize and report potential breaches immediately.
When a potential breach is detected, we assess the nature and severity of the breach, including the type and volume of data affected, the number of individuals impacted, and the potential consequences.
If a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.
We take immediate steps to contain and remediate breaches, including implementing additional security measures, conducting forensic analysis, and updating our security practices to prevent future breaches.
We primarily process personal data within Australia. If we transfer personal data internationally, we ensure appropriate safeguards are in place:
We use approved transfer mechanisms such as standard contractual clauses, binding corporate rules, or adequacy decisions to ensure data transferred internationally receives adequate protection.
When we engage third-party processors located outside Australia, we ensure they provide adequate data protection through contractual obligations and regular audits.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
When personal data reaches the end of its retention period, we securely delete or anonymize it using industry-standard methods.
We may share personal data with third parties in limited circumstances:
We engage third-party service providers to perform functions on our behalf, such as hosting, payment processing, or analytics. These providers are contractually obligated to protect personal data and use it only for the specified purposes.
We may disclose personal data when required by law, court order, or government regulation, or when necessary to protect our rights or the safety of others.
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same data protection obligations.
Our services are not directed to children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
We maintain comprehensive records of our data processing activities and regularly review our compliance with data protection laws:
We have designated a Data Protection Officer responsible for overseeing our data protection strategy and ensuring compliance with applicable laws.
We conduct regular internal audits of our data protection practices and engage external auditors to assess our compliance.
All staff receive regular training on data protection principles, policies, and procedures to ensure they understand their responsibilities.
If you have questions about this Data Protection Policy or wish to exercise your data subject rights, please contact us:
Shexlyondhol
Data Protection Officer
16-18 Cronulla St, Cronulla NSW 2230
Sydney, Australia
Phone: (02) 9544 3200
Email: callme@shexlyondhol.world
We may update this Data Protection Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.