We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies.

mighty-mist
Home About Services Contact

GDPR Compliance Statement

Last Updated: May 17, 2026

Introduction

While mighty-mist operates primarily within Australia and is subject to Australian privacy law (Privacy Act 1988), we recognize that some of our website visitors may be located in the European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) for EEA residents.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfill our services to you
  • Legal Obligation: When required by Australian or international law
  • Legitimate Interests: When necessary for our business operations, provided your rights are not overridden

Your GDPR Rights

If you are an EEA resident, you have the following rights under GDPR:

Right to Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when:

  • It is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

Note: We may be required to retain certain data to comply with Australian legal obligations.

Right to Restriction of Processing

You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the member state where you reside, work, or where an alleged infringement occurred.

Data Transfers

As we are based in Australia, personal data provided by EEA residents will be transferred outside the EEA. Australia is recognized by the European Commission as providing adequate protection for personal data, facilitating lawful data transfers.

Data Protection Officer

For GDPR-related inquiries, you can contact our data protection representative:

Email: [email protected]
Subject Line: GDPR Inquiry

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal, accounting, or reporting requirements. Typically, client records are retained for seven years following service completion.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Staff training on data protection principles
  • Incident response and breach notification procedures

Third-Party Processing

When we engage third-party service providers who process personal data on our behalf, we ensure they provide sufficient guarantees to implement appropriate technical and organizational measures that meet GDPR requirements.

Children's Data

Our services are not directed to children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children without appropriate parental consent.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject: GDPR Rights Request
Address: Level 12, 447 Collins Street, Melbourne VIC 3000, Australia

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of such extension.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised date.

mighty-mist

Professional assistance with Australian government benefits and social security claims.

Quick Links

  • About Us
  • Services
  • Contact

Legal

  • Privacy Policy
  • GDPR
  • Cookies Policy
  • Terms of Use

© 2026 mighty-mist. All rights reserved.