GDPR Compliance Statement

Last Updated: May 13, 2026

Chip Flash is committed to compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA). This statement outlines how we process personal data in accordance with GDPR requirements.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to our processing of your data
• Contractual Necessity: When processing is necessary to fulfill our service agreements
• Legitimate Interests: When we have a legitimate business interest that doesn't override your rights
• Legal Obligation: When required by applicable laws and regulations

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to Access: Request access to your personal data and information about how we process it
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restriction: Request limitation of processing in specific situations
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority

Data Protection Principles

We adhere to the following data protection principles:

• Processing personal data lawfully, fairly, and transparently
• Collecting data only for specified, explicit, and legitimate purposes
• Ensuring data adequacy, relevance, and limitation to what is necessary
• Maintaining data accuracy and keeping it up to date
• Storing personal data only for as long as necessary
• Processing data securely with appropriate technical and organizational measures

Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent protection levels
• Binding Corporate Rules where applicable

Data Security Measures

We implement comprehensive security measures to protect personal data:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Incident response and breach notification procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach presents a high risk, we will also inform affected individuals without undue delay.

Data Protection Officer

For questions regarding GDPR compliance or to exercise your rights, you may contact our data protection team at:

Email: [email protected]
Subject Line: GDPR Inquiry

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Children's Data

We do not knowingly process personal data of children under 16 years of age. If we become aware that we have collected such data, we will take steps to delete it promptly.

Exercising Your Rights

To exercise any of your GDPR rights, please submit a request to [email protected] with "GDPR Request" in the subject line. We will respond to verified requests within one month, with possible extensions in complex cases.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements. A list of supervisory authorities is available at the European Data Protection Board website.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or directly to affected individuals.

Contact Information

For any questions or concerns regarding our GDPR compliance:

Chip Flash
Level 12, 250 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]