Last Updated: June 26, 2026
While oak-marmot is based in Australia, we recognize the importance of the European Union's General Data Protection Regulation (GDPR) and are committed to protecting the privacy rights of individuals in the European Economic Area (EEA) who use our services.
We process your personal data based on one or more of the following legal grounds:
If you are a resident of the EEA, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
You have the right to request that we erase your personal data, under certain conditions.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions.
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by two further months, in which case we will notify you.
For GDPR-related inquiries, you may contact our designated data protection representative:
Email: [email protected]
Address: 127 Rundle Street, Adelaide SA 5000, Australia
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.
Your personal data may be transferred to and processed in Australia or other countries outside the EEA. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by law.
Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If you believe we have collected information from a child, please contact us immediately.
We may use third-party service providers to process your personal data on our behalf. These providers are contractually bound to protect your data and use it only for the purposes we specify.
We may update this GDPR compliance statement from time to time. We will notify you of any material changes by posting the new statement on our website and updating the "Last Updated" date.
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement of data protection law occurred.
For any questions or concerns regarding GDPR compliance or our data practices, please contact us:
Email: [email protected]
Address: 127 Rundle Street, Adelaide SA 5000, Australia