GDPR Compliance Statement

Last updated: May 10, 2026

Introduction

While lumin-echo is primarily based in Australia and serves Australian residents, we recognize that some visitors to our website may be located in the European Economic Area (EEA). This statement explains how we comply with the General Data Protection Regulation (GDPR) for those individuals.

Legal Basis for Processing

When we process personal data of individuals in the EEA, we do so on the following legal bases:

  • Consent: When you have given explicit consent for us to process your personal data for specific purposes (such as receiving marketing communications).
  • Contract Performance: When processing is necessary to fulfill a contract with you (such as delivering the services you've purchased).
  • Legitimate Interests: When we have a legitimate business interest in processing your data (such as improving our services or preventing fraud), provided your rights and interests do not override those interests.
  • Legal Obligation: When we need to process your data to comply with legal requirements.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to the processing of your personal data where we are relying on legitimate interests as the legal basis for processing.

Right to Withdraw Consent

Where we are processing your personal data based on consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the member state where you reside, work, or where an alleged infringement occurred.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: GDPR Request

We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

Data Transfers

Your personal data may be transferred to and processed in Australia, which may not have the same data protection laws as the EEA. When we transfer personal data from the EEA to other countries, we implement appropriate safeguards to ensure your data remains protected, including:

  • Standard Contractual Clauses approved by the European Commission
  • Ensuring the recipient is covered by an adequacy decision
  • Other legally recognized transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period varies depending on the type of data and the purposes for processing.

When determining retention periods, we consider:

  • The amount, nature, and sensitivity of the data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Applicable legal requirements

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Data Protection Officer

For questions specifically about GDPR compliance or data protection matters, you can contact our data protection team at:

Email: [email protected]
Subject line: Data Protection Inquiry

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately so we can delete the information.

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this statement periodically.

Contact Information

For any questions about this GDPR statement or our data practices:

Email: [email protected]
Address: Level 8, 442 St Kilda Road, Melbourne VIC 3004, Australia