Our Commitment to Data Protection
cozy-fern is committed to protecting the personal data of all our customers, including those residing in the European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and this page outlines your rights and our obligations under this regulation.
Data Controller
cozy-fern acts as the data controller for personal information collected through our website and services. As the data controller, we determine the purposes and means of processing your personal data.
Contact details:
cozy-fern
42 Parkside Avenue
Richmond, VIC 3121
Australia
Email: [email protected]
Legal Basis for Processing
We process personal data based on the following legal grounds:
- Contract: Processing necessary for the performance of a contract with you (e.g., providing pet care services)
- Consent: Where you have given explicit consent for processing (e.g., marketing communications)
- Legitimate Interests: Processing necessary for our legitimate business interests, provided these do not override your fundamental rights
- Legal Obligation: Processing necessary to comply with legal requirements
Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request, free of charge for the first request.
Right to Rectification
If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will make the necessary changes within 30 days.
Right to Erasure (Right to be Forgotten)
You have the right to request that we delete your personal data in certain circumstances, including:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent was the basis for processing)
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restriction of Processing
You may request that we restrict processing of your data in certain situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.
Exercising Your Rights
To exercise any of these rights, please contact us at [email protected] with your request. We may need to verify your identity before processing your request.
We will respond to your request within 30 days. If your request is complex or we have received multiple requests, we may extend this period by an additional 60 days, in which case we will notify you.
Data Transfers
As an Australian company, your personal data may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place to protect your data when transferred outside the EEA, including the use of Standard Contractual Clauses approved by the European Commission.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods vary depending on the type of data:
- Customer records: 7 years after last service
- Marketing consent: Until consent is withdrawn
- Website analytics: 26 months
Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Staff training on data protection
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk, we will also notify you directly.
Complaints
If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.
Updates to This Information
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.