ChronoFlow logo
Log in Sign up
Legal Documentation

GDPR Compliance

At ChronoFlow, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This document outlines our approach to GDPR compliance and explains how we process and protect your personal data.

Our Commitment to GDPR Compliance

We have implemented various measures to ensure compliance with GDPR principles, including:

  • Transparent data collection and processing practices
  • Lawful basis for all data processing activities
  • Data minimization and purpose limitation
  • Implementation of appropriate security measures
  • Regular review and updating of our privacy practices
  • Ensuring data subject rights are respected and fulfilled

Data Protection Officer (DPO)

We have appointed a Data Protection Officer who is responsible for overseeing our data protection strategy and implementation. You can contact our DPO at info@chronoflow.com.au for any GDPR-related inquiries.

Lawful Basis for Processing

We process personal data based on one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Information

You have the right to be informed about how we collect and use your personal data, including the purpose of processing, retention periods, and who it will be shared with. This information is provided in our Privacy Policy.

Right to Access

You have the right to request a copy of the personal data we hold about you and supplementary information about how we process it.

Right to Rectification

You have the right to have inaccurate personal data rectified, or completed if it is incomplete.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.

Right to Restrict Processing

You have the right to request that we restrict or suppress the processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services, allowing you to move, copy or transfer personal data easily from one IT environment to another.

Right to Object

You have the right to object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes or processing based on legitimate interests.

Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@chronoflow.com.au or through our Data Protection Officer at dpo@chronoflow.com.au.

We will respond to your request within 30 days. If we need more time, we will inform you of the reason for the delay and when you can expect a response.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and within 72 hours after becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Transfers to countries with an adequacy decision from the European Commission
  • Explicit consent (in specific circumstances)

Data Protection Impact Assessments (DPIA)

We conduct Data Protection Impact Assessments when implementing major system or business changes involving the processing of personal data, particularly when using new technologies.

Data Protection by Design and Default

We implement appropriate technical and organizational measures to integrate data protection into our processing activities from the design stage and by default. This includes:

  • Data minimization
  • Pseudonymization
  • Transparency
  • Security features
  • Regular security testing and evaluation

Record of Processing Activities

We maintain records of our data processing activities, including:

  • The purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • International transfers
  • Retention schedules
  • Security measures

Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or regulatory requirements. We will notify you of any significant changes by posting the new statement on our website and updating the "Last updated" date at the top of this page.

Contact Us

If you have any questions or concerns about our GDPR compliance or how we handle your personal data, please contact us at:

Email: info@chronoflow.com.au

Data Protection Officer: dpo@chronoflow.com.au

We use cookies

ChronoFlow uses essential cookies to keep things running and analytics cookies to improve the product. You can learn more in our cookie policy.