GDPR Compliance

Introduction

The General Data Protection Regulation (GDPR) is a European Union regulation that provides data protection and privacy rights for individuals within the EU and European Economic Area. While melodic-travel is based in Australia, we are committed to protecting the privacy of all our visitors and customers, including those from the EU.

This page outlines how we comply with GDPR requirements and explains your rights under this regulation.

Data Controller

melodic-travel is the data controller for personal information collected through our website and services. Our contact details are:

melodic-travel
Level 8, 123 Pitt Street
Sydney NSW 2000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications or accepting cookies.

Contract

Where processing is necessary for the performance of a contract with you, such as providing solar installation services.

Legitimate Interests

Where processing is necessary for our legitimate interests, provided these interests do not override your fundamental rights. This includes improving our services and website functionality.

Legal Obligation

Where processing is necessary to comply with legal or regulatory obligations.

Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You have the right to request that we correct any inaccurate personal data or complete any incomplete personal data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects you.

Exercising Your Rights

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month. In complex cases, this may be extended by a further two months, and we will notify you if this is the case.

We may need to verify your identity before processing your request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

Data Transfers

As an Australian company, any transfer of your personal data to us involves a transfer outside the EU/EEA. We ensure that such transfers are protected by appropriate safeguards, including:

• Your explicit consent to the transfer
• Standard contractual clauses approved by the European Commission
• Other legally recognised mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal data is no longer needed, we securely delete or anonymise it.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you are not satisfied with how we handle your personal data or your request to exercise your rights, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would typically be the data protection authority in your country of residence.

Changes to This Policy

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

For any questions about GDPR compliance or to exercise your rights, please contact:

melodic-travel - Data Protection
Email: [email protected]
Level 8, 123 Pitt Street
Sydney NSW 2000
Australia