GDPR Compliance

Zephyra Wind is committed to protecting your personal data and respecting your privacy. This document outlines how we comply with the General Data Protection Regulation (GDPR) for users within the European Economic Area.

Data Controller

Zephyra Wind acts as the data controller for personal information collected through our website and services. Our contact details are:

• Business Name: Zephyra Wind
• Address: 147 King Street, Newtown NSW 2042, Australia
• Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications or submitting booking enquiries.

Contract Performance

Processing necessary for the performance of a contract with you, such as providing cooking classes, meal preparation services, or catering services you have requested.

Legitimate Interests

Processing necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms. This includes improving our services, analysing website usage, and preventing fraud.

Legal Obligation

Processing necessary for compliance with legal obligations, such as maintaining business records for tax purposes.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service if requests are unfounded or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions. This is also known as the "right to be forgotten."

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

International Data Transfers

As we are based in Australia, your data may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place for any international transfers of personal data:

• We use standard contractual clauses approved by relevant data protection authorities
• We ensure receiving countries have adequate data protection standards
• We implement technical and organisational security measures

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Booking and service records: 7 years (legal requirement)
• Marketing consent records: Until consent is withdrawn
• Website analytics: 26 months
• Enquiry correspondence: 3 years

Data Security

We implement appropriate technical and organisational measures to protect personal data against:

• Unauthorised access
• Accidental loss, destruction, or damage
• Unlawful processing

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Communicate the breach to affected individuals without undue delay
• Document all breaches and remedial actions taken

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us:

• Email: [email protected]
• Mail: 147 King Street, Newtown NSW 2042, Australia

We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by a further two months, but we will notify you of any extension within the first month.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the data protection authority in your country of residence.

Updates to This Notice

We may update this GDPR compliance notice from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically for the latest information on our GDPR compliance.