Effective Date: May 22, 2026
Although glossy raft is an Australian-based company primarily serving Australian clients, we recognize that the General Data Protection Regulation (GDPR) sets important standards for data protection and privacy. We are committed to respecting the rights of all individuals, including those in the European Economic Area (EEA), whose personal data we may process.
When we process personal data of individuals in the EEA, we rely on the following legal bases:
If you are located in the EEA, you have the following rights regarding your personal data:
You have the right to request access to the personal data we hold about you and receive a copy of that data.
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
You have the right to lodge a complaint with a supervisory authority, particularly in the EEA member state where you reside, work, or where an alleged infringement of data protection law occurred.
As an Australian company, personal data collected from EEA residents may be transferred to and processed in Australia. Australia has been recognized by the European Commission as providing adequate protection for personal data under its Privacy Act 1988. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or internal policy requirements. When personal data is no longer needed, we will securely delete or anonymize it.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR requirements. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
To exercise any of your GDPR rights or if you have questions about our data processing practices, please contact us:
Email: [email protected]
Address: Level 7, 142 Albert Street, Brisbane QLD 4000, Australia
We will respond to your request within one month of receipt. In complex cases, this period may be extended by two additional months, and we will inform you of any such extension.
We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated statement on our website.