GDPR Compliance Statement

Effective Date: January 1, 2026

1. Our Commitment to GDPR

granite-treasury is committed to compliance with the General Data Protection Regulation (GDPR) and respects the data protection rights of all individuals, including those in the European Economic Area (EEA).

This document outlines how we comply with GDPR principles and how you can exercise your rights under the regulation.

2. Legal Basis for Processing

We process personal data only when we have a valid legal basis, including:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• Legal Obligation: Processing is necessary for us to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests

3. Your Rights Under GDPR

Under GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent to process your data, you have the right to withdraw that consent at any time.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject Line: GDPR Rights Request

Please include the following information in your request:

• Your full name and contact information
• Description of the right you wish to exercise
• Any relevant details to help us locate your data

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons for the delay.

5. Data Protection Principles

We adhere to the following GDPR data protection principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
• Data Minimization: We collect only the data that is adequate, relevant, and necessary
• Accuracy: We take steps to ensure personal data is accurate and up to date
• Storage Limitation: We keep data only for as long as necessary
• Integrity and Confidentiality: We process data securely and protect against unauthorized or unlawful processing
• Accountability: We are responsible for demonstrating compliance with these principles

6. International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming adequate protection in the destination country
• Binding corporate rules for transfers within multinational organizations

7. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR.

8. Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you may contact our Data Protection Officer at:

Email: [email protected]

9. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

10. Children's Data

We do not knowingly process data of children under 16 years of age without parental consent. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

12. Updates to This Statement

We may update this GDPR Compliance Statement periodically to reflect changes in our practices or legal requirements. We will notify you of any significant changes.

13. Contact Information

granite-treasury
Level 14, 367 Collins Street
Melbourne VIC 3000, Australia
Email: [email protected]

← Back to Home