GDPR Compliance

Effective Date: June 16, 2026

Overview

crater-beam is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (GDPR). This document outlines how we comply with GDPR requirements and your rights as a data subject.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: When you provide explicit consent for us to process your personal data for specific purposes
• Contractual necessity: When processing is necessary for the performance of a contract or to take steps prior to entering into a contract
• Legitimate interests: When processing is necessary for our legitimate business interests, provided such interests do not override your fundamental rights and freedoms
• Legal obligations: When processing is required to comply with legal obligations

Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your personal data in a commonly used electronic format.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of such data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent on which processing is based
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: GDPR Data Subject Request

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of such extension.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication procedures
• Employee training on data protection practices
• Incident response and data breach notification procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Specific retention periods include:

• Inquiry records: 3 years from last contact
• Service agreements: 7 years from completion
• Website analytics data: 26 months

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions confirming the recipient country provides adequate protection
• Binding corporate rules for intra-group transfers

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority as required.

Third-Party Processing

When we engage third-party service providers to process personal data on our behalf, we ensure they:

• Process data only according to our documented instructions
• Implement appropriate security measures
• Assist us in meeting our GDPR obligations
• Delete or return personal data when services conclude

Changes to This Policy

We may update this GDPR compliance statement periodically. We will notify you of significant changes by posting a notice on our website or by direct communication.

Contact Information

For questions about our GDPR compliance or to exercise your rights, please contact:

Email: [email protected]
Address: 47 Eucalyptus Lane, Byron Bay, NSW 2481, Australia