GDPR Compliance Statement

Last Updated: June 15, 2026

Our Commitment to Data Protection

While birch-myth operates primarily within Australia, we recognize the importance of data protection standards established by the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area. We are committed to protecting personal data in accordance with both Australian Privacy Principles and GDPR requirements where applicable.

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so:

• Contractual necessity: Processing required to provide advisory services you have requested
• Legitimate interests: Processing necessary for our business operations, provided your rights are not overridden
• Consent: Where you have provided explicit consent for specific processing activities
• Legal obligation: Processing required to comply with legal and regulatory requirements

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Right to Access

You may request confirmation of whether we process your personal data and obtain a copy of such data.

Right to Rectification

You may request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure

You may request deletion of personal data in certain circumstances, including when data is no longer necessary for the purposes collected or when you withdraw consent.

Right to Restriction

You may request restriction of processing in specific situations, such as when you contest data accuracy or object to processing.

Right to Data Portability

You may request transfer of personal data provided to us in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

Data Transfers

Personal data collected through our services is primarily stored within Australia. In circumstances where data transfer outside Australia becomes necessary, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant authorities
• Assessment of data protection laws in the receiving jurisdiction
• Appropriate technical and organizational security measures

Data Protection Officer

For questions regarding data protection or to exercise your GDPR rights, please contact our data protection representative:

Email: [email protected]
Address: Level 12, 47 Currie Street, Adelaide SA 5000, Australia

Supervisory Authority

If you believe our processing of personal data violates GDPR requirements, you have the right to lodge a complaint with a supervisory authority in your jurisdiction, or with the Office of the Australian Information Commissioner if you are in Australia.

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods vary based on the nature of data and legal requirements applicable to real estate advisory services.

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that personal data from a child has been collected, we will take steps to delete such information.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website with an updated effective date.