GDPR Compliance

Last updated: January 2024

Our Commitment to GDPR

Brave Dive is committed to protecting the privacy and security of individuals whose personal data we process. Although we are based in Australia, we extend GDPR-equivalent protections to all our customers, including those in the European Economic Area (EEA).

Data Controller

Brave Dive acts as the data controller for personal information collected through our website and services. Our contact details are:

Brave Dive
42 Brunswick Street
Fitzroy VIC 3065
Australia
Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: To provide you with our culinary services and process your bookings
• Legitimate interests: To improve our services, ensure security, and communicate with you about relevant offerings
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with applicable laws and regulations

Your Rights Under GDPR

If you are located in the EEA or we are processing your data under GDPR-equivalent standards, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making.

Data Transfers

As we are based in Australia, your data may be transferred to and processed in Australia. Australia is recognised as providing adequate data protection under GDPR. We ensure all data transfers comply with applicable data protection requirements.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods vary depending on the type of data and our legal obligations.

Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within 30 days. If we need additional time, we will inform you of the reason for the delay.

You will not be charged a fee for exercising your rights unless your request is clearly unfounded or excessive.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be your local data protection authority. For Australian residents, complaints can be made to the Office of the Australian Information Commissioner.

Changes to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.