Information on this site is advertising in nature.

GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last updated: June 2026

verdant-iris is committed to protecting the privacy and personal data of all individuals, including those residing in the European Economic Area (EEA). This page outlines our compliance with the General Data Protection Regulation (GDPR) and explains the rights available to you.

About GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside these areas. While verdant-iris is based in Australia, we respect and uphold the principles of GDPR for all our users and clients.

Data Controller

For the purposes of GDPR, verdant-iris acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact details:
verdant-iris
Level 12, 345 Queen Street
Brisbane QLD 4000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications or submitting enquiry forms.

Contract

Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract for our financial management services.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Legal Obligation

Where processing is necessary for compliance with a legal obligation to which we are subject.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions. This right is not absolute and only applies in specific circumstances.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions, particularly where we process data based on legitimate interests.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month of receiving it. In some cases, we may need to verify your identity before processing your request.

Please note that we may need to retain certain information for legal or legitimate business purposes, even after you request deletion.

Data Transfers

As an Australian-based organisation, your data may be transferred to and processed in Australia. We ensure that any such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your personal data.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the context of the services we provide and our legal obligations.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Procedures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
  • Ability to restore availability and access to personal data in a timely manner following an incident

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you believe that we have not handled your personal data properly or have infringed your rights, you have the right to lodge a complaint with a supervisory authority. For residents of the EEA, this would be the data protection authority in your country of residence. For Australian residents, you may contact the Office of the Australian Information Commissioner (OAIC).

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

If you have any questions about GDPR or how we handle your personal data, please contact us at:

verdant-iris
Level 12, 345 Queen Street
Brisbane QLD 4000
Australia

Email: [email protected]